CompTIA Security+ SY0-601 – 4.1 Tool to assess organizational security. Part 2

  1. ipconfig, ping, tracert

In this video I’m going to be explaining three commands that you should be familiar with, maybe in your previous certification such as A Plus or Network Plus. This should probably be a refresher for you. But I’m basically going to be using both Linux and Windows as I go through these commands. So the first one we’ll take a look at is Trace route. Now this command is based typically going to be the same whether it’s trace RT in Windows or trace route in Linux. Let’s take a look at it here in Kali Linux. So let’s say trace route. And what this does is this tells me all the hops you’re going to, all the routers you’re going to be going through in order to get to a particular destination. Now this command has the same output for both, whether it’s Windows or it’s Windows or it’s going to be for Linux.

So basically this telling me it’s tracing it to Google. com and it’s telling me it’s going through. So this is the IP address of my Kali Linux box and then it starts to go through the public network and it’s telling me these are all the hops it’s going to and eventually it’ll get to Google. So this command is basically going to be the same for both Windows and Linux. The other one is of course going to be the famous ping. Now of course, I’m almost 100% sure you guys know how to use ping. You just type in ping and then put the command in Windows. So this here is going to do a ping here and it’s going to keep doing a ping and it’s going to keep doing a ping. If you want this in Windows you would do a ping t and it would just do a continuous ping over and over and over.

Notice that this is connected using an IP version six address. So I’m getting the back of version six request from Google also. OK, if you want to do the combination you would do what’s known as Path Bing. Path bing is basically a combination of a ping and a trace route in one. This is a Windows command only this generally doesn’t work on Linux. Okay, so let’s take a look at the command I do want to spend a few minutes on is IP config and ifconfig so let’s take a look at if config first. So if config has a lot of options just by running it, you would just press Enter and it has quite a lot of options when it comes to whether it can bring up interfaces, turn down interfaces, turn interfaces into monitoring mode on Linux. And when it comes to Windows, you have just your general IP configs on your Windows box.

Here’s my Windows box. I would do IP config and you can just press Enter and it’ll just give you your IP address, your local IP address on the computer. They have some additional options such as Ipconfig release to release the IP address in the DHCP server. I’m actually connected over this on Remote Desktop. So I don’t want to do that. I don’t want to release my IP address. You can although renew to get your IP address. But when it comes to security test and one command we should know is display DNS. And what this does is it shows DNS cache that I mistyped then there yeah, should be correct. And what this does is that it’s basically going to show me all of the DNS entries on a computer. So wondering what I mistyped there, I actually have IP config twice there.

Okay, so here’s my DNS cache, and it showed me all the websites I’ve been to and the IP addresses of those particular sites. So this was very useful command when it comes to troubleshooting. The other one would be flush DNS. If you ever troubleshooting a computer and you have DNS entries and you updated it, you do flush DNS. And that would completely clear the cache out. So if I rerun this command, you’ll notice there’s nothing in the cache now. Okay, so these are three easy commands that you guys should probably be familiar with. I don’t think you’re going to see them. They may not appear on this exam. It’s in the exam objectives, but just be familiar with them.

  1. Linux file manipulation, head, tail, cat

In this video we’re going to be taking a look at some file manipulation commands in Linux. Now these are pretty simple commands that a lot of people use, especially cat for concoctionate. So let’s get started. Very simple commands here to run. First of all, Head allows you to view the first ten lines of a file. Taylor allows you to view the last ten lines of a file and Concocted allows you to create files and combine data into files. So pretty simple. So what I want to show you is that on my root here I have two files. I have one called Cracked and this has some information about some wireless cracking I did so how we had cracked web earlier in the class. Here we have the WPA and WPA two. So notice WPA WPA two. So at the top you have WP, you have WPA, then WPA two.

Remember that as we try to use some commands to view the content of that file. Now I know it’s easy just to double click on it but sometimes you’re using SSH and you don’t have the option of having a graphical interface so you need to use some command line. Okay, so it’s pretty simple too. Let’s do LS. So we do notice we have the crack and the crack tool. We’ll use that later. So we’re going to go ahead and say Head and just type in the file that you want to see and notice it just displays the first ten lines. That’s all this is going to do. If you want to specify the number of lines you want to see from the top you could do maybe five lines and it will show you just the first five lines. If you want to see the first two it’ll be the same concept. You just type in two and it’ll just give you the first two.

Now if you want to see the last ten lines you can imagine if you got head that’s where Tail is going to come in. So we’ll say tail crack TXT and press Enter. These are the last ten lines if I want to see from the last two would be the same concept. So I’m going to say two and there you go with the last two. Let’s clear that screen. If I could spell clear. Okay, the last one here we want to take a look at is going to be Cat. Now Cat’s probably the most popular one. By just running cat you can just type in the file that you want to talk about, you want to see and it’s basically going to allow you to view the entire file. If you ever want to view a file just use, this is probably one of the most used commands when it comes to Linux. If you’re versatile Linux, you probably noticed command already.

Now what this also does is just doesn’t allow you to see the file but you can also view multiple files. So I want to show you what I have. So I have cracked and I have crack two. So cracked has and the crack two also has a file for WEP, but this time it’s my home. And the password is one, two, three. So we’re going to try to view that together. So it’s very simple to view two files using cat. So you type cat, crack TXT and crack two TXT. I hopefully I spell that right. Okay, so the first three web WPA, WPA two. And here’s the bottom. So this is that other file, that second file.

So I’m actually viewing two files on the screen at once. Now cat just doesn’t allow you to view two files on the screen means concocting. You can actually take data from one file and put it into another one. So to do that, what I’m going to do here is I’m going to go in here and say cat, let’s create a new file. So we’re going to put a gradient set and we’ll say new text TXT and basically creates it. And if you want to put something in, you can actually type the contents of it right now. But I don’t need that. I’m just going to see that. And let’s see here. So here we have that new text. It’s blank, right? Because I didn’t put anything. You notice when I pressed entered, it was waiting for me to type something in there. So now I can go in here and I’m going to go in here and I’m going to combine some files.

So you know what we’re going to do? We’re going to say cat and we’re going to take the data from cracked TXT and we’re going to add it to the new text. What is that new text TXT. And this basically is going to copy the contents from one file to the next. So you can imagine when manipulating different commands in Linux how very useful this is going to be. So we’re going to press Enter. Let’s go see. Now say you have your new text and now this has the contents of that file. Okay, so three very useful commands when looking at files. Head, tail, and cat. You got to love the names here. You can never forget these going forwards if you ever had an SSH terminal. And you need to view some files, manipulate some files. Now you know how.

  1. Log

In this video we’re going to be learning about a command in Linux called Logger. Now basically what this command does is that it’s going to allow you to basically add file to the syslog file in Linux. Now before I show you the logger command I want to show you the syslog file. This is the main system login file that’s built into your Linux operating system. And if you guys remember we’re going to use the tail command for this because we don’t want to view the whole thing. We’ll just say tail. You know what, this is a lot easier to view there. We’ll say tail and then we’ll actually go to it. So it’s in the VAR folder we’ll say log syslog and this is the so this year is going to give us the last ten lines of what’s in there and basically this is just the log files and Linux.

Now what you really need to know about this command here known as Logger is that it allows you to add data into your log files basically. So what you’re going to do is you’re going to just type logger and what you’re going to hit here is just put in the message so we can go in there and say this is my entry percentage and it looks like nothing has happened.But what this did is it actually add that entry into that log file. So if I rerun the tail command somewhere in here it’s logging quite a lot of stuff. Like I added mines and look at it, it’s already added a bunch more stuff into it. So this is really what this does. It basically adds data into your log files. Now I don’t have another one set up but I’ll show you guys some other commands that I found to be pretty useful when I was using when I do Linux administration you could actually do logger and you can do with a dash N.

Now this is not going to work because I don’t have a server. But you can actually add it into somebody else’s log server, say one that may add a server 250 and we can add it into their log files by putting this is not going to work because we don’t have an actual server. It’s not valid IP address. So there’s a variety of different things here you can do. You can even specify port numbers of how you want to do it. So there’s a wide variety of things here that you can do with this. But for your exam, just know that the logger command allows you to add information to log files.

  1. Cuckoo

In this video, we’re going to be taking a look at a pretty cool malware analysis tool called Cuckoo. Now, what Cuckoo is is basically a sandbox environment that you can download, you can install. And basically what it does is that it’s going to allow you to create a sandbox environment. So let’s say people receive files and they it may have you believe that it may have some kind of virus in it. You basically download Cuckoo, and what Cuckoo does, you install it, you configure it, and then it’ll give you some information about that particular potential malware that you may have.

Now, Cuckoo is a little bit difficult to install, a little bit difficult to run. I wouldn’t call it super difficult, although I do have it up and running. To go through it in this particular course would just take up two for your exam. You just need to know that it’s basically an automated malware analysis sandbox environment for when you have files that you’re not sure about. You throw it into Cuckoo, and it will tell you if there’s any particular malware on that file.

  1. thehavester

In this video I’m going to be showing you a command called the Harvester. Now The Harvester is basically a command that goes out and grabs information about domains such as their emails and subdomain. Really powerful stuff. It basically is a super searcher that goes out and searches Google and Bing and many other engines to find information about a particular domain that you’re looking for. Very simple thing to run. So we’re going to type the Harvester, and you actually got to put an H in there if you’re using a later version of Kali Linux. And basically this is what it looks like when it comes up. So to run it, it’s pretty simple. So we’ll do a dash D and I’m going to be looking at my own domain. I have an Armdale. com is my domain name. Now this actually doesn’t have any real emails to it.

It doesn’t really have any information. It actually just redirects to my LinkedIn page. So it’s DM. To do the domain Armdale. com, then we want to be able to search all the sources and then we’re going to do L and we’ll limit it to let’s say 100 results. Now, I don’t think it’s going to find anything and it’s going to go through many things. Going to search Bing, it’s going to search Google, it’s going to search many different things for results. Now this could go on for a little while and basically for your exam, you just need to know that this thing exists and this is basically what it does. This could go on a little while and then when it’s done, it’s going to show you what it found. Now I did it already here for this exact same one.

I’ve ran it already because I don’t want to wait in the video. And basically it searched search and then in the end it found really nothing. No IPS, no users, no emails were found because this domain basically has nothing in it. But this is footprint in your network. I don’t think you guys should be executing this command on domains that you don’t have authorization for. That would be pretty much pretty bad, maybe even against the law. So don’t recommend that. Again, what I’m showing you here are for educational purposes. So go ahead and give this command a shop on the domain that you have access to.

  1. Nslookup and Dig

In this video I’m going to be going over two DNS commands with you in particularly Dig and NS Lookup. So Nslookup is more of like a Windows based command that we’ll be able to use here. And let’s open up the Windows command prompt. We’ll type Nslookup. Now you’re probably familiar with this command when it comes to maybe your A plus or net plus. You probably use this command before. So you basically just type it in, you start it up and then you put the domain in that you’re trying to find information for. So what this is going to do is basically a name server. Look up, it’s going to find the name server for a particular domain name that we’re looking for is Ti. edu. So we’re looking at and this particular DNS server is what we’re using. This is the files DNS server that we have here.

This is a Verizon connection here and this is the IP address that is returned in front of me. So if you want to check what exactly IP address you have there, you would use Nslookup. Now the Linux version of this is basically Dig and you would just type Dig and just type in the actual domain name and you would just press Enter. And basically it’s basically going to give you backpack the same thing. Except this is going to give you a little bit more information. So you have Tia. edu here, you have the IP address of it and it’s telling you that this was the DNS servers. It was being hosted by HostGator. We could see that. So Dig just gives you a little bit more information about DNS. So remember for your exam Dig and NNS Lookup is about finding DNS server information.

img