See all The Cyber Mentor transcripts on Youtube

Hello everyone and welcome to this course on Linux for ethical hackers. My name is Heath Adams, and I'm going to be your instructor for this course. A little bit about me. I am an ethical hacker by trade. I am the business owner and CEO at TCM Security.

We are a dual headed organization. Part of what we do is penetration testing and ethical hacking. So clients pay us to break into their network, so their web applications and sometimes even their buildings. And we do that to find vulnerabilities before the bad people do. The other side of our organization is that we are a training organization.

We have an academy called TCM Security Academy, and we teach people how to become ethical hackers. At this point on the YouTube channel, we have well over 300, 000 subscribers. We've taught well over a million people through our academy and other platforms. And I just love to teach. So here's a little bit about me if you're interested in finding me on social media or any of our websites, you can.

And here's a little bit of the certifications that I have that are hacking related. And in this course, we're going to be covering everything that we need to know to understand Linux as an ethical hacker. So if you've never used Linux before, and you're looking into the field of ethical hacking, then this is going to be the course for you. We're going to be covering how to install and run a version of Linux called Kali Linux. We're going to cover what Kali Linux is.

And then we're going to talk through how to navigate the file system, how to use common network commands, how to create files, and view files and edit files and how to stop services, start services, how to install tools and how to write a script with bash scripting. All this is very important because as an ethical hacker, you are going to be using Linux on a daily basis. So it's important to know how to use Linux and if you've never done it before again, this is the course for you Now quickly switching over to YouTube. I have taught this course before Now I taught this course 2 years ago, and I provided that course for free to free code camp. I also actually taught a ethical hacking course for them a couple years ago and provided that to their YouTube channel.

Since then, we have launched our academy, our YouTube channel has blown up and we are self sufficient on our own channel. To the point now we're putting up updated materials such as this ethical hacking course and this open source intelligence course and now this Linux course for 2022. So if you're asking what the big differentiator is between the old courses and the new ones, is that these are incredibly up to date. In this course, we're going to be using Kali 2022.2, which is the very latest edition of Kali Linux. Last thing to mention before we jump into the course is that this course does belong as part of a larger course at our TCM Security Academy.

If you scroll down, we do have courses on all kinds of things. We've got courses on Linux. If you are interested in a full on Linux course, we've got courses on Python as well. The Linux for Ethical Hackers actually is part of the Practical Ethical Hacking course, which is a 25 hour long course on ethical hacking. So if you find that you really enjoyed this course and you want to learn more about ethical hacking, please do consider coming and checking out our practical ethical hacking course on the academy and any of our great other courses that we have here.

And please do consider subscribing to the channel. Subscriptions go a long way for us. They help with providing the free content and getting awareness out there for the ethical hacking field and helping get people into the career of cybersecurity. If you're watching 1 of our videos, all you have to do is come here and hit subscribe and then you will get notified anytime we release new content such as awesome courses like this 1. So without further ado, let's go ahead and jump right into the course.

All right, so in order to be successful in this course, we are going to be utilizing what is called a virtual machine. Now, virtual machines are known as VMs for short, and a VM is just a machine on top of a machine. And to give you an example, I'm actually running this Windows 10 instance that you see here on top of my Windows 10 instance. So here you can see if I scroll up that I have a Windows 10 machine. I also have a Linux machine sitting here.

If I were to de maximize this, you can see that I'm actually running here a Windows machine in the back. This is my wife and I and you come through here, we just blow it back up and we're back inside of our machine. So a virtual machine is just a machine inside of a machine. So what we're going to be doing is we're going to be utilizing this to build out labs. That way, we don't have to actually have a bunch of hardware, we can just use this for our course and run what we need to on top of our own machine already.

Now, this can get resource intensive. So if you are only utilizing something like 8 gigabytes of RAM, then you might have some issues with this, but you can still follow along. When we get into the Active Directory portion, you might run into issues if you do not have at least 16 gigabytes of RAM to utilize. But we'll worry about that when we get there, there are still plenty of ways to follow along throughout this whole course. So another thing to note is that I use VM every single day, this machine that you see here is actually my day to day pen testing machine.

So I run a Kali Linux instance on top of my Windows machine and utilize that to do penetration testing. So I'm going to demonstrate that to you and how we're going to build out our labs with that. And a lot of us in the industry run through VMs as opposed to running it directly on metal or on a machine. So in order to utilize virtual machines, we first need some sort of virtual machine software to play these. So there are 2 different ways that we can do this.

If you are on a Windows machine or a Linux machine, you can utilize VMware Workstation Player. Now if you type in VMware Workstation Player in Google, the first 1 here that says Download VMware Workstation Player, you just click on that. And if you are in a Mac environment, you're going to be utilizing Oracle VirtualBox. So if you type in Oracle VirtualBox, you come here and you go to downloads, you have your option there as well. So In this course, I will be using VMware Workstation Player.

I'm going to be running it on top of Windows. If you are using Mac, that is absolutely fine. You're going to be following along just the same. All you need to be able to do is follow the same instructions that I give you and you will be a okay. So if you scroll down here, you can see try workstation player for Windows or try workstation player for Linux, go ahead and just select download now, that should bring up a download and go ahead and save it.

If you're doing VirtualBox, go ahead and download for OS X, I will download the Windows version just so that we can we could see what that looks like as well so I'll save both of these. So let's view our downloads and we've got VMware Workstation Player here. I'm gonna go ahead and open this 1 and we're going to install this. And this will be very point-and-click. So next, accept the agreement, possibly give away our first child.

Yeah, we should go ahead and install the enhanced keyboard driver while we have this. And then we don't need to join any improvement programs or check for product update, that's okay. We will install desktop, start menu, you check your preferences as you like it. I'm just going to install this and this should just finish here in just a second. Okay then you'll be brought to this screen once everything's done.

It should take about a minute or 2 and we're going to go ahead and hit finish. And it's going to want a restart to take effect. You can go ahead and restart your system. I'm going to say no right now. Let's go ahead and install VirtualBox if you are a Mac user.

We'll hit next. Next here. Next. And yes, and install.

Accept. And again, very point and click with the installation. Select install and any options that do pop up. And then we can start Oracle VM if we want. Let's go ahead and just start that.

This is what Oracle VM looks like. And let's see if we can start the VMware player here, even though we need to restart. And this is what VMware Workstation Player looks like. So here you can see that we have virtual machines, we can create new virtual machines, open ones, etc. We'll get into that in the next video.

So again, if you are using Windows or Linux, this is probably what your view is going to look like for the rest of the time. If you are using Oracle on a Mac, this is what your view is going to look like. Another side pro tip here is that I am using Workstation Pro and I might utilize this in some instances throughout the course. Other instances, I'll be utilizing the Workstation Player. They are not much of a difference, especially in the beginning.

When we get into the Active Directory portion, it might actually be worth it for you all to download the VMware Pro trial because the trial is 30 days and you can utilize that to get through some sections and actually have nice little windows here to to be clean and just have a pro edition. You can do everything that I'm going to show you in the course on the player. It just is that you have to open if you want to run more than 1 machine, you'll just have to reopen the VMware Workstation player several times to run multiple machines, but that's okay. It just won't look like this nice clean layout where you can transfer between machines like I can do just here. So with that being said, let's go ahead and move on to the next video, we're going to be installing Kali Linux onto our VMware workstation player.

Now that we've installed VMware or VirtualBox, we need to install Linux. We're going to

be using a version of Linux called Kali Linux throughout this course. This version of Linux is a Debian based distribution, which is geared towards ethical hacking and penetration testing. So it's a special version of Linux that allows us to have all the tools in 1 place that will allow us to hack without having to download these tools and install them on our own custom Linux distribution. So it's all kind of nicely built into 1 package. So if you go out to Google and you type in Kali Linux download, you should see this link.

I'll put the link in the description below as well, but you should just be able to go to get Kali right here. And you're going to be presented with a couple of options here. We're going to be using a virtual machine in this course, so we're just going to go ahead and click on this virtual machine option. And that's going to take us down just a little bit here. What you're going to do is you're going to download the respective version that you need.

So if you need VMware, you download VMware. If you're using VirtualBox, go ahead and download the VirtualBox 1. Now they have a direct download, which is a 7-zip, and they also have a torrent if you know how to torrent. What you're going to do is go ahead and download the file that you need. And while you're doing that, if you do choose to download directly, you're also going to need a tool called 7-zip or a way to unzip this file.

So go ahead and start your download. While it's downloading, let's also go ahead and navigate to 7-zip. So if you go to Google and you look at 7-zip, you'll see this page here comes up. You just go to download. In here, you're going to download the file that is for your respective system.

So here, I'm using Windows on 64-bit. I would download this executable right here. Now if you're running on Linux, here's where you download Linux. If you're running on Mac OS, here's where you download from Mac OS. Very straightforward.

I've already got this installed, but what you need to do is just download this and literally click next through it. Make sure you get it installed. Go ahead and pause the video. Once that is installed, 7-zip that is, and once you have the actual Kali image downloaded, go ahead and unpause the video. I'll be here waiting for you.

Okay so your next step should look something like this. You have your 7-zip file open. You should see a folder located in there. And the easiest thing is to just drag and drop this. You can also right click and extract if you know where you want to extract it.

I created a folder called Kali. I'm just going to grab this and I'm going

to drag it over. And it's going

to take a minute here, just a few seconds honestly, to unzip. The file size of this 1, at least for the VMware version, is around 11 gigabytes or 11 gigabytes exactly unzipped. So make sure you have the space on your hard drive in order to do this. Now, once you have it unzipped, you can go ahead and just double click in here. You'll see a bunch of files.

If you have VMware installed, you can actually just double click on this VMX file and that should open things up for you. I'm just going to show you the other way around doing this as well. So with VMware Workstation Player open, what you're going to want to do is go to Open a Virtual Machine. And in the folder that you have, you should see this VMX file as well. Again, you could double click it or you could just open it through this.

What's going to happen is it's going to open that file here and you're going to want to edit this virtual machine settings. Once you have it loaded, click on Edit Virtual Machine Settings. And in here, we're going to want to first change the amount of RAM that we have. Now this is dependent on your system. If you have like 8 gigs of RAM or maybe even 16 gigs of RAM You might want to try leaving it at 2 at first I'm gonna bump mine up to 4 gigs, which is 4096 and I have a hundred and 28 gigs of RAM so I have more than enough space to allocate for this.

But again, if you're on like 8 gigs of RAM, probably not the best idea to jack this up beyond 2. Honestly, I would try it at 1, maybe 2, see how it works. The other thing you're going to want to make sure of is that you're running on NAT network. So if you click on Network Adapter, make sure that it says NAT and that's selected. Once that's selected, go ahead and hit OK.

And then you're just going to hit Play Virtual Machine. When it asks you what to do, just say I copied it. Now from here it's going to take a minute for this to load. You can just let this run through. It'll boot on its own.

Once you are presented with the login screen, go ahead and unpause the video, but until then pause and I'll meet you back when you're at the login screen. Okay, I'm at the login screen. I'm going to make this a little bit bigger just so we can see. And from here, what I'm going to do is I'm just going to type in the username of Kali, K-A-L-I, and the password of Kali, K-A-L-I. Hit enter.

And if you see this screen, congratulations, you have successfully installed Kali Linux and you now have it up and running. In later videos, we're gonna cover what we're gonna be doing and how to use this and how to use Linux and all this. But for now, pat yourself on the back. You've got Linux installed, and we're gonna pause here and move on to the next video. Okay, so this video pertains to some updates we need to make to VirtualBox for quality of life.

So if you're not using VirtualBox, you can go ahead and skip this video. If you are, buckle in, we just need to do a couple of quick updates and then we should be good for the rest of the course. So go ahead and go out to Google and Google VirtualBox extension pack. What it's going to bring up is just the downloads page of VirtualBox. So we're going to want to go here.

And on this page, if you look kind of towards the middle, you'll see that there is a Virtual Box extension pack here. We're going to just click all supported platforms and that will automatically download the file that we need. So once that is downloaded, and pause if you need to, go ahead and open VirtualBox. And you can come in here and up at the top, we're gonna go ahead and click on Preferences. And from here, we are interested in extensions.

See extensions right here, go ahead and click on that. There's a little plus sign, we're gonna Go ahead and click on that. There's a little plus sign. We're going to go ahead and click on that. And then you should have your downloads right here.

So we're going to take the downloads and just go ahead and install that. Hit install, read this, give away your firstborn, accept all the terms, and you should be good. Very quick install, okay? The second thing we need to do is we need to come to the 1 tab up here above, which is network. We're gonna go ahead and hit the network button or this add button.

We're going to add what is called a NAT network. Okay, and we're going to come in here and we're going to double click. And you can go ahead and keep these defaults. I'm going to actually change them to 192.168.57.0. Because that's what's going to be used through the rest of the course.

And that is what the cider notation of my Kali machine and my key optics, which we'll see later, etc, all fell into this 57.0. So we're gonna go ahead and keep it on this NAT network. Make sure you support DHCP. Go ahead and just hit OK. Hit OK.

And then for a machine, and make sure any machine that you use, again, any machine that you use in this course, make sure you set it to NAT network if you're using VirtualBox. So you can come in here, click on a machine like this mail machine I have here, you can just click on that settings, go to network. And then you can go ahead and just go to NAT network. All right, and that name right here, you see name NAT network, that's all we're going to use, that'll automatically set it up. So when you have a Kali machine running later, and you have Keoptrix or another box running, or even when we build out an Active Directory lab, you need to make sure that you're running that net network so that all the machines are on the same subnet.

If you don't, you might run into a situation where the same IP comes up for the same machine, and then they're conflicting with each other, or you get on different networks, and some weird stuff happens. So make sure, again, that it's imperative that you're setting that net network for every single machine that you're setting up. So with that said, we're gonna go ahead and move on to the next video in this section. The first thing I'd like to do before we get started with any commands or anything like that, just take a look around Kali Linux and kind of demonstrate why a pentester ethical hacker might use this distribution of Linux. Now throughout the course, as stated in the last video, you might see a different version of this pop up as I recorded videos on some of the older versions, everything should still work just as is, you just might see a different look and feel to some of the Kali interface.

But all the commands I'm going to show you, everything that we do is going to be the same. So let's take a look and just explore Kali Linux just for a bit. So if we come up here into the corner, and we just click on the little Kali logo. You can see that we have nice things broken out for us. So we've got these favorites up here, which we have our terminal, which we're going to be living in.

Essentially, we've got a text editor, we've got a web browser, which is basically Firefox. We've got some other tools down here, docs, etc. The other thing that we can come scroll through is we can see that we have different applications in here. If we look at the different sections, these kind of go in order, which we haven't covered quite yet, But in the order of how a hack might go down, so information gathering is usually the first step, you can come in here, look through this. And here's a bunch of tools related to information gathering, you can even click into these and go deeper if you wanted to related to specific things.

So DNS, or SMB, or open source intelligence, all of this that's in here, this is just built in tools. So let's say we're coming in here, we want to do a wireless attack, well, we go to wireless tax, got a bunch of tools already built in. So Kali Linux is just essentially a ethical hacking distribution of Linux. And it's built on Debian. So if you've ever used something like Ubuntu or anything along those lines of a Debian distribution, this is all going to feel really familiar to you with just a bunch of tools built in on top of it.

So fairly straightforward, they do have some nice tools in here, you can come through and utilize these. A lot of this is already built in. And we're going to take a look at that as we go. Okay, so the next thing that we're going to do is in throughout the rest of this course is start looking at the terminal. So if you come up here, you'll see that we have a terminal.

Now, mostly everything that we do is going to be done in this terminal here. Now, this is almost like accessing the command line. So if you're using a command line like in Windows, for example, if you ever use a command line, if not, that's okay but we do a lot of this from this interface as opposed to maybe utilizing a GUI based interface where if we clicked a folder this might look more familiar to you. If you're a Windows or Mac user, we come in here you have this kind of area. Yeah, we can do that.

And sometimes we'll utilize this. But a lot of times we're going to be living right here. Okay, so as we move forward, we're going to start talking about this command line, how we can utilize it and use it to our advantage. And then we'll do some tips and tricks and hopefully learn some pretty neat stuff as we go. So in the next video, I'm going to cover the pseudo feature, which I think is important.

It's something that was brought in. Now, originally, we had something called a root permission. And we'll talk about that. That has changed since 2020.1. Moving forward.

So we're introducing that into this course, and we'll talk options that you have. So let's go ahead and move to the next video, we talked about the pseudo feature. Alright, so before we look at any commands or learn any command line, we have to talk about pseudo. Pseudo is very important. And what had happened previously was that in the earlier versions of Kali Linux, we ran as a user called route route is the ultimate user, you could think of it as the administrator of the machine.

Now we're running as a user called Kali, so we don't have root privileges directly. This is as an improved security feature, because we should be running only certain commands when we need to as the root user. So what we're going to see is we're going to see how we can run commands as an elevated privilege. And we're going to do that with sudo, which stands for super user do they just kind of shorten it. So we just have sudo now.

Okay. Now with sudo, what we're doing is we're saying, Hey, I want to run a command elevated, I want to run this as a higher user. In this instance, we can say I want to run the command as root. Why is that important? Well, let's take a look at an example.

Let's say that I wanted to look at a very sensitive file. Now 1 sensitive file in our system is the Etsy shadow file, you can see cat Etsy, like this Etsy shadow. And you don't have to follow along right now. You don't have to really understand what's going on. If you've never seen Linux, all I'm doing is saying, hey, I want to print out this file, I want to look at it.

Okay. And for here, I can't see it. It says permission denied, you don't have the access to see this file. That's a good thing. But if I was the root user, or somebody that had elevated privileges, I could see it.

So I could say sudo cat, Etsy shadow like this. Okay, and it's gonna say, What is your password for Cali? I'm gonna go ahead and say, Cali, Kali, hit Enter. And now I can see that I have access to this file. And this file is very sensitive.

We'll talk about this later on in the course, but sensitive file. Okay. So when we're looking at it, I ran that command specifically as the root user, as the root user, I'm able to see, okay, this file now. Why or what's going on here? Well, we're running that specific command, right?

And we're still staying as Callie, we're doing this in a kind of 1 off scenario. So there will be times where something that you run in this course might require sudo, or you can run the command without sudo, but you notice something doesn't work. So best practice for this is saying, Hey, let's go ahead and just run mostly everything that I'm showing you command wise in this course, that's not best practice. Overall, usually you should run things just as a regular user, if you get permissions blocked, then run it as pseudo as necessary. Now, the other thing to point out, and we'll talk about this again later on in the course, But why can we do this is because this user is part of what's called a sudoers file, meaning we can have this permission, not any user can come in here, say we made a new user, and we just call the user john, we can't just take john and just go ahead and just run these commands as root.

No, john has to have the permission to do this. So you can think of Callie as being an administrator, but only when we utilize that access or that privilege. Okay, the other thing I want to show you, though, is that we can switch over to root if we want to, we can come in here and we can say sudo switch user dash just like that. And then I'll put us into route. Now you can see okay, we're running route at Cali.

And that's only for this instance. You can if you want, I'm not going to demonstrate how to do this. But you can if you want, change the root password, log out and log back in as root and run through this course as root. Again, that's not best security practice. But that feature is available to you if you are a Linux user that is comfortable with Linux comfortable running as root and you want the easy path.

Otherwise, I highly recommend just staying as Kali running as sudo privileges as you need it, and then moving forward. But this is a quick way to switch into root if you need to. Sometimes even running sudo causes some issues. So switching to root to run a command is okay. What we can do here to is a demonstration is we can go file new tab and look at a new instance.

And you'll see that this instance of root is only good for this tab here. Once we start a new tab, we're going to be brought back right back to Kali Kali, you can see that from the top line in the tab as well. So just keep note of this when you're running commands in this course. If you see something, again, try running it with sudo if it's not working, or if it says access denied, then you know, hey, I need to run sudo. Very, very, very important.

Okay, I'm trying to drive that into your brains right now. So from here, we're gonna move on. We're gonna start looking at how to navigate around the file system, taking a look at everything from a bigger picture and diving into Terminal. So I will see you over in the next video. Now we're going to take a look at the Linux terminal.

And if you're a user of a regular computer like Windows or even Mac OS, you are probably used to using what is called a GUI, or a graphical user interface. And we can do this with our version of Linux, we can come in here and if we want to like go to folders, we can absolutely open this and go to folders. We've got the ability to go to Firefox, we've got all of our tools in here that we want to use or look at. And we have a graphical user interface. However, a lot of our time is going to be spent on the command line and using a terminal.

So it's very important that we learn how to use a terminal in Linux. So looking at our terminal here, we can see a few things before we even get started. The first thing is that we have a Kali at Kali. What does that mean? Well, the first instance here is Kali, that is your user.

So remember, when we first logged in, we logged in as Kali, and that is our user. So if we ever switch over to root, we'll see root here. The second part of this is our hostname. So our computer name happens to also be Kali. If you change your hostname, you could say whatever you wanted to say here.

The last little part of this is this a tilde. This is actually the directory that you are currently in. So this is a quick way to say what user am I, what workstation am I on, and what directory am I in. Now we can take a look at what directory we are in with the pwd command and that stands for print working directory and in this instance you can see we are in the home forward slash cali folder and that is the equivalent of being in the atilda so if you see the atilda that just means you are in your users home folder. So if we were a root user, we would actually be in the forward slash root folder as opposed to the home Kali folder.

So the tilde means something different for every user that you're on. Next thing we're going to look at is the change directory feature. So imagine that we are in our folder here. So if we go to like, I don't know our desktop, and we're sitting in our Kali folder, this is really what we're looking at. So we're looking at Kali right here.

And we want to get out of this Kali folder and change into another folder, say like, I don't know, downloads, for example. If we go into downloads, it's very easy to click into, but how do we navigate around on the terminal, I'm going to show you how to do that. So the first thing we're going to do is use the CD command that stands for change directory. Now if we do change directory dot dot, that says I want to go backwards. So if I do that, now you can see that we are in the forward slash home folder, But we can also do a pwd, print the working directory, and you can see that we are in the home folder.

Now can we go any further back? Well, let's try cd dot dot again. And now you can see we are at a forward slash. If we do a PWD, we are at a forward slash. And 1 more time, I'm going to CD dot dot and see if anything happens.

Nothing happens here. We cannot change any further. We are in what is called our base directory. So if you see a forward slash, Think of that as the base folder. You cannot go any further back from that Now I'm going to clear my screen if you want to clear your screen.

You just hit ctrl L like that and that'll clear the screen and From here. We're going to look at what is in our base folder And to do that we can use a tool called list which is LS. So from here we can see different colors and different things and we can tell based on the colors though these color schemes are not the greatest than the newest Kali Linux, we can still see like, hey, this darker version of blue is actually a folder where some of these other things are actually files. We don't have to worry too much about that right now. But we just came out of the home folder.

So we can see here that we have a bunch of files and folders. And let's say we want to go back to the home folder. Well, we can cd home. And I'm going to start typing h and I'm just going to hit tab. And because there's nothing else in here with an h, we don't have to worry too much, it will just auto complete to the home folder.

Now, for example, if there's a bunch of L's, I'm going to back up really quick before I hit enter. If I wanted to try something that has multiple items in here, I tried the L and I hit tab, you're going to see that there's going to be a lot of options for me to go through. And depending on what you have is when you can auto complete. So if I start typing L O it should know that there's only 1L0 and I can tab and auto complete the rest. So you just have to be able to get to a point where you can tab out.

Or if you know the first letter of the file that you're looking for, you can hit tab on that and you can see, okay, here's where I need to be, or here's what I can look at with everything that starts with that letter. I'm going to delete this and we're going to CD back into home. We're going to LS to list the contents of home, which is just our Kali folder. I'm going to CD into Kali. And if I LS from here, you could see that I have our desktop documents downloads, similar to what we saw in the graphical user interface when we were in the folder.

Now we can see it from our terminal. Now before we go diving deeper into these folders, something that I want to look at is what if I wanted to get to this Etsy folder over here. So there's this Etsy folder that was in our base. Now, if I try to CD into Etsy from here, nothing's going to work. I'm tabbing, nothing works.

If I try CD Etsy, it's going to say I can't find it. So what does that mean? Well, when we change directories, we can only change directories from the folders that we have available to us. So I can only change directories into these folders by using that sort of nomenclature. However, if I can provide a full directory or a full path, then I can CD from any folder that I'm in.

So if I go CD forward slash, because remember, we have the base here, well, then I can say forward slash et start typing that out. And guess what I get Etsy here. And if I wanted to dive deeper into what folders are in there I could hit tab and I could see all the folders that are available in the Etsy folder to complete my task now if I hit enter I will be brought into the Etsy folder and Similarly, I can hit LS and see all the files and folders that are in here. Now let's just CD here and I'm going to use the Atilda and that's going to

get us back to our home folder. I'm going

to control L to clear screen and then I'm going to LS again. You're going to see we're back where we just were. Now in this case, what if I wanted to list the files of the Etsy folder? Well, it's the same thing. I could do ls forward slash Etsy and that will list all the files as if I were sitting in that folder.

So just know that you can list folders and files. You can change directories from being within another directory. It doesn't have to be in that same up and down tree that I was showing you. There's a lot more robustness to these commands. Same thing if we LS in here, We could take a look at the folders and we don't have to change the directory to see what's in these folders.

We can just LS desktop, for example, and start auto tab completing. There's nothing in there. I do have something in the downloads folder just because I changed my picture. I put our TCM security logo in there. So I have that in the downloads folder, but it's completely normal not to have anything in your desktop or downloads when you first install Kali.

And again, we can achieve the same thing by cd'ing into downloads and then hitting LS. You have the same object here as you saw before, except we're just now in that folder. So you have to declare the folder or be within the folder to see the contents. Okay, now let's go ahead and CD back to the base folder, you could CD dot dot or just use the tilde, I'm going to clear my screen. And from here, we want to talk about making a directory.

So let's make a directory, I'm going to make a directory called Heath, you can just use your first name if you want. And then when you LS in here, you can see now that the Heath directory is here. And I could cd into that Heath directory, I can ls in that directory, and there's not going to be anything in there. I'm going to go ahead and back up 1. And now I'm going to show you how to remove a directory or remove a folder, they say RM dir.

And you're going to go ahead and just say he and that will remove that. These commands work exactly the same as everything else. If I wanted to make a directory in the base folder, I could totally make dir forward slash eat if I wanted to. And I could also remove that from here. So again, it doesn't matter exactly where you're at as long as you're using full file paths.

Okay, so I've cleared my screen. And now I want to run LS. And you see an LS that we just have a bunch of folders. That's not entirely true. What we're going to do is we're going to do an LS dash LA.

And I like to think of this as list all but really it stands for long all. And if we hit enter, you can see that there's a bunch of new files in here, and folders actually. So from this, we can see that we have a like a bash history, we've got a dot Java folder, anything with a dot is considered a hidden file. We won't see that when we're using the LS command, we actually have to do a dash la command. And this is a great time to actually take a look at what these sub commands are.

And how are some ways that we can identify what these things mean. So I'm going to show you a website first. And I think this website is awesome. We can go to something like explain shell.com. So it is explain shell.

You can see it auto completing up there, but explain shell.com. And if you came in here and you wanted to take a look, let me make this a little bit bigger. If you wanted to take a look at like LS-LA, you could say, okay, explain this to me. And it'll tell you, Okay, the first part is LS. That means list directory contents.

Remember, I called it the list command. That's what it is. Now what does that LA do? Well, the L you hover over it says use long listing format, and the A says use all a so do not ignore entries starting with a dot, which is what we're looking for. And the long listing just gives us more detail.

It gives us these file permissions, which we'll get into a little bit later and who owns it and what the file size is, the directory, et cetera, et cetera. We'll get down into that in just a few videos. We can also use what are called man pages. I'm going to control L again. If we do man, LS, man stands for manual.

So man LS, we could see in here that LS means list directory contents. Great. Dash A stands for all. Do not ignore entry starting with the period. Same thing as we saw before, we could scroll down, look for the L portion of this, and we'll see that we have used a long listing format.

You can hit Q to quit this. So if you don't have internet access, for example, you can use man pages. I like using explain shell.com. I think it's pretty awesome. But man works very quick.

And from the terminal, you don't have to leave or do anything. Another thing that you can do is ls dash dash help. And that will give you similar to the man pages, though not as full detail, I guess is the best way to say it. And you come in here and you can see the same kind of switches and commands that were in here. So dash dash help works for a lot of commands.

It's 1 of those that you should know and you should try if you have any questions about what you're trying to do. It's a great resource. So if we ls dash la, we can cd into 1 of these hidden folders like we could cd into .cache for example and we just ls that you can see that there's actually stuff in the cache in here so we're not going to get into this I just want to show you that hidden files and folders do exist so if you're looking for something especially pen test related something might be hidden if you're on a linux machine you might need to do ls-la to see a hidden file. And they're incredibly easy to see as you can see for yourself. Let's go ahead and cd back to our home folder.

And from here, I'm going to show you a couple of things that we're going to explain later on. But I just kind of want to get you familiar with it. The first thing I want to show you is the echo command. If we go echo, and we use a single apostrophe, and we say hi, like this, that's just going to echo out to the screen. We'll get into the echo command a little bit later on in the course.

What we're doing here is we're going to echo this into a file. So I'm going to say hi. And then I'm going to put that file, I'm going to use this greater than symbol, and that's going to be a redirection operator. And I'm going to say, hey, just go ahead and make a file called test.txt. And while you don't need to know this yet, if I ran cat on this on test.txt, you'll see that it prints back out high.

Okay, so I just wanna have this file here that we created. And what we're gonna do is we're going to just quickly LS. We're gonna see that it's there. You can see that there are color differences for files and folders again. And the reason we're making this in this video is I want to show you the copy command.

So if we run copy on this, we could say copy test dot text. What I want to do is I want to copy this into the downloads folder. So I can just say copy test dot text into downloads. If we LS we'll see that test dot text is here We're making a copy. If we ls downloads, we can see that test.txt is actually in there as well.

So similar with the remove directory, we can use the rm command and what we're going to do is remove that file. And again, we don't have to be in the directory to remove it, we can call the directory path and then test.txt. If we hit LS on downloads again, we can just go ahead and hit enter and you're gonna see that there is no test.txt in there anymore. But if we LS here, you'll see that test.txt does exist. I'm going to go ahead and Ctrl l.

The opposite of this is the move command. Now if I move test.txt and I put that into downloads, if I ls now, you're going to see that there is no test.txt in here. Why is that? Well, if we ls downloads, you're going to see that we moved it. So remember, copy leaves an original version wherever you copied from move completely moves it.

So the CP and the MB commands are what you need to know there. Now while we're on this, what we're going to do is we're going to look at a command called locate. The locate is pretty awesome. If we did locate and say I wanted to find out where that test.txt file is, I could do locate test.txt and we're probably not going to get anything back quite yet. Now, if we're looking through this, none of these files are where we're at.

So there are some tests that text files on this machine, but we're not seeing the 1 that we created. So say that we created a file, we can't remember where we put it and we just want to go search for it and find it. What we can do is we can say update DB and you're going to see that we actually get a denied. Why are we getting permission denied? Well, this comes back to sudo.

So let's go ahead and sudo update DB. You're going to enter in your pseudo password it's going to update the database and now if we do locate test.txt and you can just when you see a screen like this by the way where it's kind of semi-gray if you just hit the right arrow that will go ahead and autocomplete because it remembers your last command You can hit that and you can now see that the first entry in here is home Kali downloads test.txt. So now the database is updated and it finds it. 1 other thing to mention, I just talked about auto completing with the right arrow. If you hit the up arrow, you can go through your previous commands.

You can see all the commands that I've been running through. So we can also use the down arrow to scroll back down through those commands. So say I wanted to run that locate test.txt command again, Instead of typing it out, I just hit the up arrow and then I hit enter. Easy breezy. Okay, so we're gonna go ahead and remove downloads test.txt.

And now that file should be gone. We can LS 1 more time into downloads just to make sure. And you can see that PCM security files, the only thing that's in there. 1 other thing to point out that I just noticed actually, is these files are case sensitive in the folders are case sensitive. So if I try to CD into downloads, it's not going to work because downloads doesn't exist.

So if I CD into downloads, like it's spell, then you can see that I actually get into the downloads folder. So note that it's case sensitive, auto complete, I go back, we'll do a pretty decent job at trying on newer versions of Kali that is, if I hit do, for example, and then I tab, it'll realize that I'm trying to get to downloads. The last thing I'm going to show you is the password command. That is PASSWD, we are going to be good security engineers and change our password, we're going to make it a strong password because we're good security engineers, I am going to be the bad security engineer and make my password password. And I'm doing that because later on the course, we'll talk about cracking Linux passwords.

And we're going to use my bad password as an example. So here we're going to type our current password. Kali is a terrible password, by the way. And we're going to go ahead and type in our new password. You can make your password whatever you want.

I'm making mine password. And now we have updated successfully and we have finished all the commands that we need to know for this video. I'll go ahead and see you in the next lesson. Now we're going to talk about users and privileges. So in the last video we learned about LS-LA.

So I am in my home folder which is the Atilda here and all I'm gonna do is just say LS-LA. I'm gonna hit enter and we're going to see a bunch of stuff over here on the left hand side. We've got this, we've got the details kind of of ownership, we've got some file size in here, and we'll talk about all of this. But when we do ls-la, we're getting so much more information than whether or not a file is hidden, which is kind of the purpose we looked at it for last time. But now we can take it and look at it from a different scope or lens.

We can see that we have this column here, the first column. Now the first column tells us something interesting. It first tells us whether or not we are looking at a file or a directory. So if we see a D here, we are seeing that this is a directory. Note that these are also color coded, right?

So we have blue for directories, it looks like and then white here for files. And then we also have links, which we're not going to get into much right now, but a link looks like it's a lighter blue. So we have the indicator here first, it says, okay, it's either a D or maybe a dash or an L. There are other settings that could be here, but for now, this is all we need to worry about. The next set of things that we're going to look at are these RWXs or R blank X.

What does that all mean? Well, RWX means read, write, execute. When we're missing 1 of those, like a dash here, that just means we have a read and execute. And there are actually 3 groups that we're looking at here. So we have the first group, which is the owner of our file.

So this first group says read write execute for the owner of this file. And if we look at the owner of the file, we can actually see that the owner is going to be Kali. Well, in this instance, it's the directory. But here we're looking at Kali, you can see that 1 of these has root listed. But in this instance, or since we're using the Kali user and we're in our home folder, we're looking at mostly Kali being the file owner for this.

The next 1 we're going to look at is we're going to say, okay, group membership. So anybody that is a part of this group, what do they get ownership to? Or what do they get to do with this directory or this file? Well, anybody in this group can read or execute, but they cannot write to this directory or file. And lastly, we have the third setting, which is all other users.

What can all other users do? All of the users can read and execute, but they cannot write here. And we don't have anything in here besides this link that is read write execute. We don't have a world read write execute in this folder and that's okay. This does come into play when we're doing penetration testing however.

We want to find some sort of file that has read write access or read write execute access. If we have full access, that is ideal, especially if there are some sensitive files that we're not supposed to see, or maybe we're

misconfigured, or if

we need somewhere to write to on the disk. For example, if I clear the screen here, and we do an ls-la of the temp folder, we can see that temp actually has read, write, execute privileges throughout. This is a great place when we're doing pen testing and we're working on a Linux machine, that if we need to come drop a file, we know that this temp folder can be written to, we can write whatever file we want and execute these files from here, without having to worry about too many permissions. So for attacking machines later on, especially as we get on into the practical ethical hacking course, you may see me go and use the temp folder to upload malware or write a malicious file or something that I can do from a folder that is read write executable. So let's clear the screen again.

Now another reason and importance for the read write execute is that if we write a script, we won't be able to execute that script until we have full access to do so. That's going to become more important as we download files and try to run them against machines. But even in this little section, when we're looking at the bash scripting, we're going to need to be able to execute our script. And we're going to need to be able to change the permissions on that. Let's go ahead and do that here, we're going to create a little text file and just look at the permissions and how things change.

So similar to the last video, we're gonna do an echo, and we're just gonna say hello. And in this, we are going to use our directional operator, and we are going to just put this in a hello.txt file. If we ls-la, we can see that hello.txt is in here, but look at the permissions that are set. We have read-write permissions. We don't have any execute permissions.

If this was a script or anything that we're trying to run, the machine will not let us run it because we do not have the execute permissions. Same thing here, everybody else can only read this file, they cannot write or execute this file. So we can change the permissions on this. And we can do that with the chmod, which stands for change mode. So I'm going to go ahead and clear screen again and we can do a chmod and there's 2 different ways to do this.

The first way is to do something like a plus sign and then give the permissions that you want set for that file. So we could do something like rwx, that is read write execute. If you wanted just read access or read write access or just write access, you would put the appropriate lettering there. And let's go ahead and just give this a read write execute. And I'm going to say hello dot txt and hit enter.

And we're going to go ahead and ls-la again. And now you can see that the color of this has changed. Why? It is fully read, write, executable for us as the user. Okay, as the owner, I should say.

That's 1 way of doing it. However, there is another way of doing this as well. We can say chmod 777 hello.txt, hit Enter, do an ls-la, and you'll see now that everything has read-write execute here. Well, what changed? What is this 777 and why is it so important?

Okay, for that, we're going to jump over to PowerPoint for just a second. Okay, so we have different numbers that we can set for the chmod. Remember, we did 777 because we gave a 7 to each group. We had the first, second, and third groups. Remember that.

Well, what does 7 mean? Well, 7 means read, write, execute. So for a read permission, we get 4 points. For a write, we get 2 and for execute, we get 1. So as you can see down here, we have 4 plus 2 plus 1, that equals 7.

Well, if we had no permissions, that would be 0. So we could do something like a 700. You might see something like read only, and then you would just give it 444 across the board, for example. Or I've seen something like an SSH PM file, and those files require specific permissions. Typically it is 6 4 4.

So that would say that the owner has read write, but no execute. And then the rest of everybody else has just read access to that file. So that would be a 644 permission. So if you ever wonder what the permissions mean, you can always refer back to a chart like this or quickly Google what are the ch mod numbers mean? Just know if you want to give something full permissions, you are going to set 777 across the board.

If we're doing hacking or doing penetration testing, that's often what we're going to use with the exception of PEM files where they have to have more restricted permissions, sometimes 644, sometimes actually 400 is what I've seen as well. From here, let's go back to our Kali machine, and I'm going to go ahead and Control L to clear the screen. Here, we want to take a look at adding a user. So we're going to do a sudo add user, And you can give whatever username you want. I'm going to just call this user john.

It's going to ask for our pseudo password. Remember, we changed our password. So make sure you put in the right password. And now it's going to say, okay, what password do you want to use for John? I'm going to go ahead and enter that.

And I'm going to enter it again. And then you could just hit enter through all of this and get back to this screen where it says Kali at Kali. From here, we're gonna go ahead and switch user and go into John. So just do su john. Gonna ask for John's password.

Go ahead and give that password. And now you can see that we are John at Kali. So what is special about John? Well, we've made a new user and John has some permissions. Now if we wanted to cat out like the Etsy password file, we can.

And This is a very common file that you're going to look at as a pen tester. If you come in here, the Etsy password file is important. This is something that we can see a lot of information about this machine. Now, the Etsy password file is called the password file, not because it has our password in it, but because it used to store our password in it a very, very long time ago. Now what is being done is they put an X here for a placeholder, and that placeholder is then filled in with the shadow file.

We'll take a look at that here in a second. So we are using the cat command and you've seen me use this several times throughout the course. We are using that to basically print out a file. So when we print out the file, we can read the file. So from here, we're reading the file and we're saying, okay, I see root root is the 0 user ID.

And that is important. That's telling us they are the ultimate user on the machine. They are user 0. If we scroll way down to the bottom, we should see some users that were created here. For example, we see Callie.

Callie is user 1, 000, pretty common. We can also see that john is in use here and john is user 1001. We can see what type of shell type they're using and what their home folder is as well. You can see the ZSH shell type compared to John's bin bash. So they are different shell types.

And we'll get into those a little later on. But from here, we can also see routes here, we can see the root shell type. And we can also see what kind of services are running on this machine. So if you want to find the users, I typically look at root and then I look and scroll all the way to the bottom to see what's been installed besides what's on this machine. So in here we can see some things like SSH, which is important, we know, okay, this has the capability of running SSH, maybe has an SSH service, maybe it has a SQL service here with the MySQL, OpenVPN.

So it's a little bit of information gathering. If we were to land on a machine, for example, and we're a low level user with no privileges, we can start to look at who are the other users on the computer? Why are they important? How can we get a hold of them? Where are their files located?

What kind of services are running on this machine? This is all part of the information gathering stage of ethical hacking and this file leads to a lot of clues for us. Now clearing the screen, let's say I want to view the shadow file. The shadow file is the file that contains the password hashes for this machine. I'm going to go ahead and try to type in cat etsy

shadow permission denied. Okay, maybe I need to use sudo.

Try here, enter our password. Oh, John is not in the sudoers file. This is also called the sudoers file and you can also call sudo, sudo depends on your nomenclature and how you pronounce it. I'm a sudo person. So from here, I'm going to go ahead and Ctrl L, we're going to switch user back into Callie and we're gonna take a look at some stuff.

So if I go switch user, Callie is going to ask me for the password, enter our password in. And first thing I want to show you the shadow file before we move on to the sudoers file. So if we go to do cat, etc, shadow, I think this is important to see, you can come in here and remember how I said with a hash that this is set here. So our root password has not been set, there's no hash in here. And this is security best practice, we don't really want to have a root password unless we absolutely need to.

In this instance, we might just want to have certain users that can elevate into root. And then if logging is enabled, we can then see from our logs who access that root account at what time. You really don't want to have a root password where anybody can just log in with a known password, because then that eliminates some accountability. So best practice would say, hey, if we have a Linux machine, you get all regular user accounts. And then if you want to run something as an elevated privilege, you're going to do that with your account and then use sudo for that.

But looking down here, we can see the hashes for this computer. And what's interesting, actually, is Callie and john have the same password, but they have different hashes. And that is sort of unique. If you saw this in a Windows machine, if the password was the same on the local machine, you would see the exact same hash. And that is a clear indicator that password reuse is in play.

But here it's not. So the hashing algorithm that's being used is a little bit different, and it's generating different hashes, even though the password is the same. Regardless, the password for both of these accounts is password, and that's very weak and can easily be cracked, as we'll find out later on. Okay. Now, onto the sudoers file.

What we're going to do is we're going to do a sudo cat, and we're going to look at Etsy sudoers, just like that. I may have typed that a little fast. I'm going to go ahead and scroll back up for a second. Sudo cat etsy sudoers. Just like that, it should auto tab complete.

From there, we're going to come in here and we're going to look at who has what privileges. Well, if you see allow members of a group pseudo to execute any command, and you see percent pseudo, so it's calling pseudo from somewhere else. Sometimes we can just include users in here, we could say, hey, the user Callie, I want to do these things. Instead, this is saying, hey, anybody a part of this group, I want to be able to do whatever they want, they can execute any commands like they were the root user, essentially. So with that, what we're going to do is we're going to take a look at who is in that percent pseudo group.

And we can do that by using the grep command. So we can say grep, and we're going to get really familiar with grep in the bash scripting video, but basically think of grep as pulling out a specific string or element out of a file or some contents that you want to see. It's a great way to narrow down specifics and pull down only the information that you want and we're gonna get really familiar with it here in a couple of videos. We're gonna say grep and then we're gonna say pseudo just like this and we're gonna do that from Etsy group. Okay and it says, who has a pseudo privilege?

Here, all we see is Callie. So our user has pseudo privilege. If we wanted to give privileges to John, we'd have to add john to the pseudo group in the Etsy group. Or we could add john specifically to the su doers file and give him specific permissions as well. And as we move on in the course, and we get into privilege escalation, And if you ever go into more of the privilege escalation courses that we have, you'll see that we look at pseudo privileges immediately when we get onto a machine by doing something like pseudo dash L.

And we'll take a look at those and say, Okay, what commands can I run? And in this instance, we could see, okay, all commands can be run here. But sometimes that's not the case. Sometimes we can only run 1 specific command or maybe john, for example, we want john to be able to run Python, because john's a developer. So John can run Python with pseudo privileges but cannot run anything else.

So something to think about depending on the individual and who we want to give permissions to on that machine, they might not have privileges to access everything as pseudo, they can actually be limited in what they can run as well. So that is it for this video. I'm going to go ahead and catch you in the next 1. Now we're going to touch on networking commands that are relevant to penetration testing and relevant to this course. So the first thing that we're going to do is we're going to use the IP command, and that is IP a IP a list all is the way I like to think about it.

And you can see here that we have a loopback address and we have our eth 0, this is our ethernet address. And you can see that we have an IP address here, IPv4, of 192.168.138.140. We are on a slash 24 subnet, and here is our broadcast address here. We can also see our IPv6 here, which is nice. And we can see our MAC address here.

So we can also look at this through the ifconfig command. And that will show us the same things. Here's Ethernet 0, here is the loopback, all the same information here. I have config is the old school way of doing it. IPA is the newer way of doing it.

IPA is nice and colorful. If I'm being honest, I still use if config because I like the old school way of doing things. But IPA is the new way of doing things. And in some instances, ifconfig requires sudo to even run or may no longer be on a machine. But in some instances, IP is on a machine, depending on what type of machine you're on and what you access.

You may need either 1 of these so it's great to show you both. Now while the IPA does all, IF only shows the Ethernet connection, so the hardwired connections. If we wanna see wireless connections, we need to do iwconfig. And in this instance, you're gonna see down here that we have no wireless connections right now. When we get into wireless hacking, we'll see that we have connections established and we'll use the iwconfig command but just know for now that it's for wireless and if you ever need to use it that's what it's for.

Let's clear our screen and the next thing I want to cover is the IPN and N stands for neighbor. The alternative to this is the ARP-A. Okay, what is ARP? If you do not know what ARP is, that is the address resolution protocol. This comes from your networking.

If you are not familiar with networking, then you may need to go study up on a little bit of this. Now, our says, what IP address is associated with what MAC address. And what happens is, a broadcast message goes out when we are trying to identify an IP address and a MAC address. So broadcast goes out and it says, who has this IP address? Whoever has the IP address will come back and it'll say, hey, that's me, I have that IP address and here is my MAC address.

So now, you can associate my MAC address with this IP address. And it is a way to identify these 2 items together and link them up. So again, in this instance, we can use the IP command or the old ARP command. Now the IP command is a little bit prettier and a little bit more colorful, I think easier to read, in my opinion, but either will work in this situation. Another IP command that we're going to want to run and know is the IP R command.

Now R stands for route, you could also type in route, and you'll get similar feedback here. So what we're looking at is what is called a routing table. We want to know where our traffic is routing. And here you can see on either 1 of these that we're routing through 192.168.138.0. We have an open gateway, we can see the gateway here is 138.2.

We can see our mask here, and we can find all that information out up here as well. So it's important to know the routing and what's going on, especially if you are in a network, for example, where you might have multiple routes. Say if we come in and we say, oh, IPA, okay, we're on the 192.168.138 network. But we just try to connect to only the machines on this network, we see a slash 24, we think, Okay, well, I know a slash 24 has 255 potential IP addresses. And I'm going to go ahead and just stick to scanning that subnet and looking for Those IPs on that subnet well if you looked at the routing table You might actually see that there's a 1 3 7 in here 1 3 6 or maybe a 10 dot IP address or something different than what you have here.

Maybe you have the ability to talk to other networks, even though you're on this 1 slash 24 network. Very important to look at the routing table. It's also important because in real life pen tests, we have been on a quote unquote, segmented network. And in reality, it really wasn't a segmented network, there just wasn't a route to that network. So they said that we were isolated, and we couldn't access anything.

And all we had to do was say, okay, we're going to go add that network to our routing table. And what do you know, we were able to scan and connect to the network. So being able to know your routing table, being able to understand what a route is and how to add routes, how to remove routes can become important as well. These are things that you should already know from general networking. I'm showing you the commands here for basic routing and how to display the routing tables.

If you need further information on routing tables, you should go look that up and research that before continuing on with the ethical hacking course. OK, last command I want to get through. That is the ping command. So I'm going to do an ifconfig again. And in this instance, I'm just going to ping 192.168.138.

And I believe earlier I saw a dot 2 was my gateway. So I'm going to go ahead and just hit Enter, that should talk back to me and it does. Now if you are a Windows user and you've ever used ping before, it will only send 4 packets out, so it'll check 4 times. As you can see here, we are getting more than 4 packets sent. We are sending indefinitely.

And I'm going to go ahead and just hit control C and stop that. We are definitely seeing that we're getting responses back. Now there is a way to limit the amount that we send and the amount of traffic that we're sending. But basically what we're doing with the ping command is we're saying, hey, Are you there? Are you alive?

Can you respond to me? Let me know you're there. So I asked the machine at this IP address to respond and tell me yes I am here. Now this is called ICMP traffic. Not all machines permit ICMP traffic.

Just because we ping a machine and it does not respond does not mean that it's not online. Okay, there are machines that have ICMP disabled, it will not respond to ping requests. But ping is a quick way to see if a machine is online and typically by default, ping or ICMP is enabled on most machines. Just as a further example, we can ping a machine that we do not believe to be alive. So I'm going to change this to A3I don't think there's a 3 on my network.

And you're going to see it's going to try to send data and it's just going to get stuck here and say host unreachable. Now again, that could potentially mean that that host is not there or could potentially mean that the host has ICMP disabled. But we're going to be using ping sweeping to identify a host in our network. And we'll do that here in just a couple of videos. But I wanted you to get familiar with the ping command if you weren't familiar already.

Now there are some commands in this video that we did not talk about. For example, the netstat command. Now the netstat command is used to identify what open ports and services are there. We'll take a look at that more later on, but just know that that command exists and that we're going to do due diligence on that command later. So any of you that are watching that have networking background or like, hey, you didn't show net stat that's so important.

You're correct. It's coming later on in the course. So that's it for this video. We're going to go ahead and move on to the next 1. Let's now talk about viewing, creating, and editing files.

We've done a little bit of this in the course already. You've seen me do something like echo, hello, and remember that prints out to the screen. We could just echo that again like a hello and put that into a file. You've seen me do that. We'll just call this 1 hey.txt.

If we LS, we should see hey.txt right here. If we do a cat, hey that TXT we should print out to the screen. Hello. All these should be pretty familiar to you. So let's build upon this.

Let's talk about how we can append to this and overwrite these files in different ways that we can actually create and edit files. I'm going to clear the screen here. Now what if I wanted to add to this file, and I'm just tabbing up, By the way, what if I want to say hello again? I want to say echo hello again into this hey.txt file that already exists.

What do we think is going to happen here? So I'm going

to go ahead and hit Enter, and then I'm going to cat out the hey.txt. Well, now it says hello again. It used to say hello. Well, that is because when we use 1 greater than symbol like this, what's going to happen is that overwrites the file. So if we tab up and if we go over and we just write, hey again again, just for fun, and let's add a second 1 of these.

So now there should be 2 of these greater than symbols. We hit enter, we cat out a.txt, And now you can see it says hello again and hello again again. Why do we care? Why are we doing this? Well, when we are using scripting, for example, and we want to loop through a bunch of information, and we want to add that information to a file, we might use something like this, where if we're gathering, say, IP addresses, this is foreshadowing, by the way, they were gathering IP addresses, and we are wanting to put them all in a file, we're going to need to use something like a double greater than in order to not overwrite the file with 1 IP address.

We want to list all the IP addresses in the file. So you're going to see that when we get into the bash scripting of this section. Let's clear our screen. Another way that we can make a new file is just to say touch new file dot txt. And if we LS, you can see that new file dot txt is here.

We can cat out new file dot txt. And nothing is going to be in there because we didn't tell it to do anything. We just said touch, which creates a file. So we can use a different type of editor to try and edit this and save the file. Now there are a few editors that we can use within our terminal.

So we can use something called nano, which is my personal favorite. You may hear other people talk about Vi and Vim. You may hear lots of jokes about quitting Vim and how it's impossible to quit Vim. And for that reason, honestly, because of the complications and because I like simplicity, I just use nano. So we can nano new file.

And in here, you can type whatever you want. I'm going to literally say I can type whatever I want in here. And now I'm going to hit Ctrl X. And throughout this course, you're going to actually see me use Nano quite a bit. And we're going to use it for updating files and shellcode.

And it's beneficial if we log into a machine remotely, for example, and we won't have the ability to have a graphical user interface type notepad, which I'm going to show you here in a second, we might not have the luxury of having something like that we might have to use nano or BIM or an in terminal text editor. So we're going to go ahead and hit Ctrl X here, I'm going to hit y, which is going to say yes, I want to save this file. And then I'm going to hit enter. And now if I cut out new file dot txt, you can see it says I can type whatever I want in here. Lastly, we're going to look at a graphical notepad.

So we're going to use mouse pad, we can type in mouse pad. And we can just say new file dot txt, just like we created. And hidden here, you can see that it says I can type whatever I want in here. And that's true. I can also modify is just like a notepad if you had on Windows machine or if you've used leaf pad or any sort of notepad type material.

This one's just called mouse pad. So we can Ctrl S and save and then just exit out. If we cat out our new file again, you can see I can also modify. Now throughout this course, you might see me use a tool called G edit. It is not installed on this machine yet, though we are making updates to the course we will be using G edit.

Anytime you see me use G edit, feel free to use mousepad instead of G edit, it's become deprecated offensive security got rid of it in Kali Linux. And now if you go hit G edit, it'll say it's not found, but you can install it, we're not going to do that right now. But when we install tools in a upcoming video, you will be able to install that with 1 of the tools that we're running. So anyway, just note that we're going to be using mouse pad instead of G edit because it's the new and latest and greatest. 1 last thing with Nano, or any of these tools, you can make a brand new file.

So you can say like brand new file.txt, and then you can type whatever in here and Control X, hit Y, hit Enter, and then you can cat out brand new file and guess what? It's there. So the file doesn't have to be existing to use Nano or existing to use Mousepad. You can create new files with these commands as well. So that is it for this video.

I'm going to go ahead and catch you in the next 1. Another topic we need to talk about is starting and stopping services. We may have a service like a web server or SSH or maybe SQL or some sort of database that we need to start while we're already running Kali, or we might want to start a service on boot every single time that our computer loads. If you've ever used Windows, this is similar to installing a program and then having that boot up on launch. It's kind of the same thing here.

If we're installing something, we want that service to start on launch, we have to tell our machine to do that. So we're going to look at how to start a service and how to have a service start on launch. So the first service that we're going to look at is the Apache service. And this is what I used to use when I first started out as an ethical hacker. And the reason is, is that we can spin up our own web server fairly easily and host malicious data or files or things that we might want to access or might want somebody else to access.

So before we run that command, I do want to do a proof of concept. So let's do an ifconfig. And we're going to grab our IP address here. I'm going to copy this

and then I want to open up Firefox. From within Firefox, I'm going to go ahead and try to navigate to that IP address

and you're going to see that it says it's unable to connect. This is exactly what we expected. So now what we're going to do is we're going to come in here and we're going to say sudo service

Apache to start.

We hit enter, it's going to ask for our pseudo password. And then we have no confirmation of anything. So let's go ahead and come in back into the browser. And we're going to refresh. And take away the HTTPS.

And now you can see that this is here on port 80. So we're actually on HTTP and HTTPS. And we have an Apache server running now. Now let's say we wanted to stop this service, we could we can go in here and say pseudo service Apache to stop. And before we do that, I want to show you something.

So if we come back into the Apache to make this a little bit bigger, you can see that Our files are located in the bar WWWHTML. Folder. And what that is if we come to our home folder here and we just go to file system we scroll down and go to bar and then we go to WWWHTML. All I'm doing is going to the same location here. Why I'm doing this is this is where if I wanted to host like a picture or a file or malware, I could put that in here, this index dot html is the same index page that's loaded here.

Like if I open that, that's literally the same page that's being hosted, you're seeing it here from a file format. But now if I go back, you can see I'm hosting it at this IP address. So if I wanted to host something malicious, I could do that. Now in order to stop the service, all we have to do is say stop, hit enter, then we come back and we refresh this page, you can see that we're now again, unable to connect. Now I did mention the beginning of this video that this was my favorite way to host malicious stuff or just host files for whatever purpose.

Now that has changed. I now use Python to do this. So we can create a file, let's go ahead and just say echo hello. And we're going to do hello.txt. So if we ls, we can see that we've got a bunch of stuff in here.

Hello.txt being 1 of them. So what I'm going to do is I'm going to spin up a web server on the fly with Python. So I'm going to say Python 3 dash m HTTP dot server. And then I'm going to give it port 80. Now, what we're saying is we want to run the module HTTP server, and we're going to run port 80.

Here, you can put whatever port you want. And you can see now it says, hey, it's hosting up HTTP on port 80. And what's going to happen is any file within the directory that I'm in is going to now be hosted. So you can see that I'm hosting all this stuff here. Pretty awesome.

It's a quick way to host up a web server without having to start and stop services. And you can on the fly from within a folder, just start a web server. So I think this is the cooler and better way to do it. So I wanted to show you how to start a service, but also that Python has some robust capabilities as well. If you follow into the Python section, we'll cover how to run an FTP server as well, which is also fun stuff.

So I'm going to hit Ctrl C, which is going to again, shut down the server. If I come here and refresh, you'll see that it's now shut down. And we can go ahead and talk about 1 more thing before we go. So let's say that we wanted a service to start when we started our machine. Well, for that, we're going to use the system CTL command system CTL.

And we can say enable. If we wanted to, for example, enable SSH, we can come in here and just enable SSH. And we just hit enter on this. And now you can see that it's enabled. So when we restart the computer, SSH will always be enabled for us.

Now I'm going to disable that this isn't like security best practice. And now you can see that we have disabled it and we're good to go. So if you ever have a service that you want to run, you just need to figure out the name of the service and enable that. And there may be times that you want things to run like historically, I have ran SSH with it enabled or I used to run the Apache 2 server so I didn't have to spin it up every time. I just had a place to go immediately host that.

But your mileage may vary depending on what it is you want to run, but knowing these commands is important in case you need to start or stop a service, maybe restart a service. Same thing with enabling a service at boot up or disabling a service at boot up. So that's it for this video.

I'll go ahead and see you over in the next 1. Now let's talk about installing and updating tools. So the

first thing that we're going to do from our command line is we're going to look at how we would update our current machine. So just like other operating systems, Linux machines require updates as well. And patching can be best practice. So in order to update and upgrade our machine, we're going to use the pseudo command. And we're going to say, apt, APT.

And then we're going to say update and upgrade just like that. So make sure you use 2 ampersand symbols here. We're going to do 2 commands, we're going to say first, I want you to update second, I want you to upgrade. Well why are we doing this? Why are we running 2 commands in the first place?

Well what we do when we actually install items on our Kali machine, we are going out to what are called repositories, and we're looking through packages. And the update command is going out to the known repositories, and it is updating those repositories. And then it's going to look at those repositories and say, okay, what needs upgraded here? So what tools have upgrades or updates available for them that we need. So if we run this command, you're going to see that it's going to go through these repositories.

You can see it going through these Kali rolling and release, AMD 64 packages and contents, etc. It'll take some time as it goes through and it updates these repositories. It's going to find what programs we need, and it'll provide it in a list. Now what you can see is it's asking us, are you root? So this is a lesson here.

Sometimes we have to be the root user, we can't be just a pseudo user to run command. So what we're going to do in this instance, is we're going to pseudo switch user into route. Now we're route and we're going to run that command again, we're going to say app update, and app upgrade. Okay, and it's going to run through this and then it should provide us with the list of what we're going to install, which if we scroll back up to the top, you can see that it says, Hey, These packages were automatically installed and no longer required. And it says we can use the apt auto remove command to do that.

It's saying here are the brand new packages that need to be installed. And then here are the packages that are going to be upgraded. So these are already installed, such as like Apache 2 has some updates that are required. And it's going to go through and install all these. Now when you scroll down to the bottom, it's going to say you need 801 megabytes and yours might be different depending on when you watch this video, it's gonna say, do you want to continue this operation?

In this instance, I'm going to say no. And the reason that I'm going to say no is because updating on Kali Linux can break things. You should always have almost 2 copies of your Linux, right? You should take a backup copy before you ever make an update. And there are some limitations on being able to make backups, depending on if you're using VMware or VirtualBox, and we're not going to get into that right now.

But just know that tools can easily get broken by pushing updates. And we'll talk about a tool that you can use that is up to date and kind of makes your Kali the latest and greatest without breaking anything. Even the current version of Kali right now 2022.2, not all the tools work out of the box as the way that they should. We'll talk about that in just a little bit. So let's say that you wanted to install a tool, and we're just going to go grab 1 as an example.

So let's say that there was a tool you wanted to install like this cron Damon common, I'm just going to copy that You could come in here and you could say apt install cron Damon common like this, it enter and it's going to say, Oh, you want to install this? Just hit yes. And it will install. And it will also upgrade this cron package here. I'm not going to do that, but just know that you can also install applications as a one-time thing if they're a part of the repository that you have.

We're not going to get into updating repositories and adding manual repositories. We don't need to know that at this point in our Linux careers, we just need to understand that we're going out to repository and we can download those items or packages based on what is in the repository. So updating the repository is always good. And then we check for upgrades available to our packages. In this instance, we're not going to do any updating or upgrading.

But there may be a time where we need to install a specific tool or we go out to the web and we have to grab a tool and it says, Hey, run this app install command. This is what is going to be doing. This is how we would install something if we need to. Now the next thing that we're going to look at is we're going to look at the Git command. And Git is a tool that runs with GitHub.

I'm going to

open up a new Firefox. And I'm

going to make this a little bit bigger. We're going to go to GitHub. Actually, let's just go to Google. We're going to go to Google. A lot of times in our ethical hacking careers, we're going to be searching for tools.

We're going to come out here and we're going to say, Oh, I really want to find a tool maybe that does brute force, Office 365. And then I might say something like GitHub. And you can see it's already starting to fill out. And we might go find something like, okay, there's this daft hack tool, we might click on that. And we come in here and it might tell you how to install this.

Well, this is PowerShell so that's not a great example. We might come into here and we might say, okay, here's 1 how to install. So you go through and it'll say here's the usage on how to use this and sometimes we'll give you installation instructions but a lot of times all you will need to do is you'll need to come in here and just download the code to install the file. So I'm going to show you a tool that we're going to install and run. We go to Google and we search for pimp my Kali just like that, you're going to see that we can click in here and this tool is available to us to download.

Now, 1 way to look at a tool and see if it has any relevancy on GitHub is to look up at the number of stars that it has and the forks that it has. Anything with like 700 stars like this is pretty reputable. And you also should look at when it was last updated. You can see that this was last updated last month. Now full disclosure, the wall actually works for TCM security, and is a fantastic person.

If you never got to interact with the wall, he is somebody that is awesome and a great resource. He built this out because there were so many issues with Kali Linux and the tools that were coming freshly installed like in 2022.2 don't always work in the way that we intend them to work. So a lot of tools are broken, some things need downgraded. And there's a lot of options in here that can tell you, hey, here's what we can fix. Like we can fix different missing issues that are going on, or we can fix Golang or fix Impact.

And you don't have to worry about what any of that means right now until we get into pen testing. But this is something that we actually do install and run when we build out our lab machines or we build out our machines for even hacking on clients. This is such a well done tool. And he tells you in here how to install it. He says, Hey, get clone right here off of this address.

We can also come up here and we can go to the code and we can just copy. We say copy at my Cali right here. And then we'll come in and we can just say get clone. Actually, let's switch user I'm sorry, let's sudo or let's switch user back to Cali. And we'll enter here.

And Then what I like to do when I install tools, is I like to install them into the OPT folder. So from here, we're going to run git clone, paste that. Actually, we're going to run sudo git clone, I apologize. And then enter your password. And now if we look in here, we should have pimp mycali, which we do.

So if we cd to pimp mycali, and now we ls, we can see that we have the pimp mycali.sh script. If you come back into the website, it will tell you how to run and operate this. Any decent GitHub will say, hey, here's how you run this script. So it says, hey, just run sudo

get my Kali. This is for a new Kali VM, you just need to run menu option and we're going to copy this and paste it. And then we're going to run it. So now this tells you what do

you want to do? Well, here's all the different options. And as a new VM setup, run this option is your first time running PimpMyKali. Okay, that's going to fix all the things for you. I'm gonna go ahead and hit N and let this run.

It's going to go out and fetch some stuff from repositories and it's running apt update. And now it's going to install certain tools and packages and uninstall certain tools and packages and uninstall certain tools and packages. As you can see, it's rolling through here. So go ahead and let this run. I'm going to pause the video here for a second and then meet me back when you're at the next screen where

you can actually enter in any sort of command. Okay, so

it's been about 5 minutes and we get to this page here. And you can see that it's asking us if we want to run root login installation. It explains that in Kali 2019.x, the default user used to be root, which we talked about early on in this course. And now that they've switched it to Kali, which is what we've been using. Now, do we want to re-enable the ability to log in as root in Kali?

In this instance, I'm going to choose Yes. However, you need to make sure that you are comfortable and capable of running as root in Linux. If you do not feel comfortable, stick with running as Kali, you're going to see me throughout the course as we get into the ethical hacking section running as root. Just know that there may be times where you might need to use sudo, or you may need to switch user into root as you saw me do with upgrading packages just a few minutes ago, that may be required. So if you're understanding of that, you can hit no on this screen.

And that's perfectly okay. Security best practice suggests to hit no, I'm going to hit yes, because I feel comfortable running as root. I'm the only user on this machine. And I don't have any accountability or repudiation to worry about. I'm going to give a new password for this.

And I'm going to enter it again. And now it's going to ask if we want to copy everything over from our Kali folder into our root folder, I'm going to say no. And now it's going to continue on installing. So we're going to let this run again, go ahead and pause the video if you need to, and then we'll meet you back when this is all said and done. Okay, and when everything is said and done, which it took about 10 minutes to get through all that, you should get to this all done happy hacking screen right here, and everything should be installed for you.

If you chose to go the route route, that's a weird thing to say if you chose to go the route route, you can log out and log back in as root and begin using Linux as root. Otherwise, you can continue on with this lesson using Kali as your main user. We're gonna go ahead and move on to the next video. Last video in the section and this is going to be 1 of my favorites. So what we're going to be talking about is scripting with bash.

I'm going to show you some cool tricks that we can do to kind of narrow down some of the results that we get. And then I'm going to show you how you can automate some of that process. And we'll take that and even write out some for loops and 1 line loops, which this might not make any sense right now. And that's absolutely okay. But by the time the video is done, hopefully it does.

So the first thing I want to show you is I want to show you how we're going to write a ping sweep. So we're going to write a ping sweeper, basically, we're going to go out and say, I want to ping a device, if that device is alive, go ahead and show me that result. And we're going to sweep an entire network. So what we're going to do first is we're going to identify a device that's alive, so we can test this out, and then build upon that. So you can go ahead and type in if config, and then just hit Enter.

Now my ethernet here is on a natted network. So I'm running through a different IP address subnet here. So this 1 is 192 168 57 150. My actual IP address is on a dot 4 dot x here. So I'm going to for this example, I'm going to be pinging 192.168.4.29.

However, And you can see here's the ping that we're getting back. However, if you are unsure of a IP address in your house that is active or your subnet in your house, that's okay, you can just run 57.1. For this example, you might not get a lot of return results. However, you might only get 1 or 2 when we do this sweep. So I advise you to figure out what your IP address is, that's a good challenge anyway.

And if you are familiar with networking, which you should be at this point, then you should be able to determine the IP address of your home network. But if you do not do that, then you can use 57.1 or whatever your IP address is here on this third octet. So that will also work if you see that. Alright, so I'm going to clear this. Now what are we noticing when we're pinging?

We're pinging this address and we're getting some data back. Now if we ping an active address, you can see that we get Okay, 64 bytes from 192.168.4.29. It's saying it's active. We're getting details back. If we were to ping something Let me do like 41 where we just don't get any data back.

Okay, and let's try this 1 more time. Let's try this a different way. It's do like a count of 1 dash c of 1, we'll do a count of 1, it's going to try to send 1 packet over and see if it works. Nothing's happening, right? It's trying to transmit that packet, you can see that it's getting 0 received here, we're here is getting 4 received, no data is coming back, it's just not doing anything for us.

So the thing that we can identify here is what's the big difference? If we look at line 1, and 2 versus line 1 and 2, what are we seeing when we get data back? Well, the big difference here is we're well, 2 of them, I guess, we see that we get this response, right? That's big difference. And then down here, it'll say, hey, we received some packets if it's not 0.

Now, the easy way to do this is to look at a line that says, hey, we received data, which is this line here. Okay. Now what I want to do is I want to narrow this down just a little bit, what we're gonna say is we're just gonna do a ping of 1 time. So I'm going to clear this, I'm going to bring it back to this like this. I'm gonna do a count of 1.

And that should just ping once. And that's perfect. We don't need to ping endlessly. We just want to make sure we can ping once and then we're done. Okay, and then from here, I'm going to put this into a text file, I'm just gonna call this IP dot txt, just like that.

So when I cat out IP dot txt, now you can see that I have this file, it's stored, I don't have to run the command again, we're good to go. So what we're going to do now is we can take this and then we can start gathering data based off of what we see here. So what I want to do is I want to just extract this 1 line here, the 64 bytes from 192.168.4.29. And the best way to do that is with a command called grep. So grep is going to look for a specific term or phrase.

And we can do that, and it's gonna pull down any line that has that term or phrase. So if I say grep here, and then I just put in quotation 64 bytes like this. Now when I cat out this, all I'm pulling down is this line. And it's even highlighting it for us to saying here's the line that we see 64 bytes from 192 168. Okay, so we've extracted just the 1 line.

And why am I extracting this line? Well, for building out a ping sweeper, what I want to do is I want to sweep every single IP within a specific subnet. So say this dot 4, right, I want to ping 4 dot 1 dot 2 dot 3, all the way through 254 255. I want to see if I can get through all the IP addresses in a subnet. So what we're going to do is we're going to ping every single 1 of them and say, Hey, are you up?

Are you there? And we're gonna do it with a count of 1. And we're gonna say, Are you there? Okay. And if they're there, they're gonna say, yeah, I'm here 64 bytes, here's my response.

And it's gonna say 64 bytes from this IP address. So we want to extract the IP addresses to say, Yeah, we're alive. That's basically our goal here. So when we run this on a bigger scale, which is what we're going to do, we're going to need to grep out this information and extract this information to where we only just get the IP address back. Okay, so what we're gonna do now is we're going to start narrowing down and grabbing this IP address.

And then I'm going to show you how we're going to take this all in 1 instance, and run it and then extract IP addresses. So from here, what I want to do is I want to do another command. So every time we pipe, we're saying, Hey, run this command, then with that command, run this command, then also run this command too. So we're going to keep running this command on top of this to narrow things down. So here's what we're doing here.

We're going to run a command called cut. And with cut, we're going to say I want to cut something out of this, we need to provide it what is called a delimiter. So we do a dash D like this. And the delimiter I'm going to use is a space. And then I'm going to say dash f for field.

And then I'm going to say 4. Okay, what is this doing? Well, it's saying, Hey, I want to cut this line that you're getting back on a space. So the delimiters of space. So here's a space, here's a space, here's a space.

And it says, I want to count up to 4 to grab that data So 1234 Right here So if we say 4 here like this we hit enter We're grabbing that specific IP address because we're doing it by spaces. If we did it on 3, what do you think we're going to grab, we're going to grab the word from. So you can see here is from. So what I want to do is grab the IP. So we're going to use this cut just like this, use our delimiter, and then get to the correct field position that we want to grab the IP address.

All right, so we've got the IP address. Now there's only 1 thing wrong here with this IP address is that there is a little colon on the end of it. We just want this without a colon at all. We want it just like this. Now there's a couple ways we can do this.

We could use something called sed. Sed's a little bit complicated and a little bit advanced, I would say, for where we're at right now. So I'd rather teach you an easier way to do this and that is called translate. So with translate all we're gonna do is we're going to do 1 more pipe like this. And we're just going to say tr for translate a dash D for a delimiter again, and then we're going to say we want to get rid of this.

And that's it, we're just getting rid of this. Okay, so we run this 1 more time. Now you can see that we've successfully extracted this IP address out. That's our goal. That's all we wanted to do.

Now, how can we apply this to something bigger? How can we make this part of a bigger script? That is the question. And we're going to do that. So what I want you to do is I just want you to copy this, okay, copy this entire line.

And we're going to go into a mouse pad. So let's copy this selection. And I'm going to clear my screen, I'm just going to say mouse pad. And we're going to call this IP sweep that sh. Okay, so this is going to be a bash script.

And I'm going to make this bigger. And the first thing we're going to do with our bash script is we have to declare that it's a bash script. We're going to say hash bang right here. Shabang is what we'd call this. Forward slash bin forward slash bash.

This allows the machine to know when we run this, This allows Bash to know, hey, we're calling this. Here's the location of Bash. This is what we're running with the script. You're also going to see this when we use Python as well. You'll see the declaration here at the top or when we're calling this out.

So I'm going to go ahead and Control-S and save this. That'll add some nice color to this. So when we're coding this out, we get to see in color. I like that a lot. I'm going to actually make this a little bit smaller and then make this like this here so we can get the whole picture.

Okay. So what I want to do is I want to paste in what we just wrote. So I'm just going to control V here and paste that in. So, we don't need to do a cat of an IP address here. In this instance, instead, we're gonna change this back.

We're gonna ping. Remember, we wanna ping every device in the network. So we want to ping, say if we're pinging 192.168.4.x, okay, we wanna ping that. And we can leave this like this for now. Don't worry about changing anything here.

This is just gonna be a placeholder. We're gonna do a little bit of extra syntax here to make this work. So we're going to write what is called a for loop. So we're going to say for and I'll explain what this does here in a second, you're also going to see this again, when we get into Python encoding. And so you'll be able to understand more and more about loops and what for loops are while loops, etc.

They're very, very useful and very common in coding and scripting. So I'm going to say for IP in, and then I'm going to say sequence 1 through 254. Now, very important, this character here is not an apostrophe. Okay, this is not an apostrophe. This is the little line, I don't know what it's called.

It's above the tilde next to your escape button on your keyboard. So it's this right here. Okay. It's like a backwards apostrophe. Almost.

I'm sure there's a term for it. I just don't know it. So you come in here and you say, okay, for IP address in sequence 1 through 254. And I'm going to explain what all this does in a second, I want you just to type this out. For now, I want you to say do.

Alright, and then I want you to come down here. And we're going to say ampersand on this line. And we're going to say done, I'm gonna explain what all this means. Okay, So this is a loop that we've just created. What we're saying is for the IP address, and we're just declaring this, this could be Bob, if you wanted to, we're just, I'm just making it a name or term that's easy for us to remember.

So we're going to say for IP, but if you want to call this Bob call Bob for IP in sequence 1 through 254. So what sequence is doing is it's saying, Hey, I want to count everything from 1 to 254. So 12345678, all the way to 254. This for loop means I'm going to do this every single time. So for IP in 1 for IP and 2 for IP and 3, we're going to run this command until we're done.

So until this sequence has run 255 times, it's done. Okay, and now we're going to say I want to do a count of dollar sign IP. So what we're saying here is for IP in sequence 1 through 254, go ahead and do a ping dash C for a count of 1192 1684 254. And here, we're going to say dot 1.2 dot 3, every time this loops over and over and over, it's going to be incrementing that number through this sequence. That's all we're doing.

This is a basic loop. Okay, so we're going to keep going through and through and through. Now, this will work. If you plugged in your hard coded IP address here, this will absolutely work. Now we can improve this just a little bit if we want to.

So what's going on here is what we're going to say is if we wanted to run this, we would just do dot forward slash and then IP sweep. Okay. And this would work, that's fine. But we can make this a little bit better from a coding perspective, we can come in here and we can give this a dollar sign 1. And that means argument 1.

So what we're saying here is I want to give an argument instead. So if you want to be technical, this first dot forward slash IP sweep dot sh, that is argument 0. So you can consider this dollar sign 0, argument 1 would be what you type after that. So this would be argument 1, argument 2, etc. So in this case, what we can do is we could say I want to run 1921684, like this, and this will run the dot 1.2 dot 3 after it.

So you provide the argument, it places that here in argument 1, and then it does the rest for you. So this way, you can specify your network. And if you wanted to ping multiple networks, you don't have to come back in here and keep changing this. It just works. So super easy.

This is a great little script for a slash 24 type subnet. Okay. Okay, so let's go ahead and try running this really quick. I'm going to just Ctrl s save this. I'm going to close it.

We're going to do a ch mod plus x on IP sweep. If it'll allow us to we might have to do a Okay, let's do LS la real quick, make sure it worked. It sure did. OK, so here's what we're going to do. We're going to run the IP sweep.

And we're going to say 192.168. You just put in your IP here. I'm going to run that. All right. And you could see all the devices that are coming back within my network here.

I'm going to go ahead and hit Ctrl C, cancel this out. And so this is grabbing all the different devices in my network. Now that's great. That works out really well. But what we can do is improve this.

What if I typed in a, what if I didn't type anything at all? What if I just hit Enter here? Now, I'm just getting all kinds of pings, unknown, and it's going off of some of the stuff I was doing before, but it just causes all kinds of issues and errors. So you can see I'm trying to hit Ctrl C, it's taking its time to break. Here, we get issues because we're not, we're just allowing any sort of argument here.

What we need to do is we need to fix this up just a little bit. So what we can say is we can come back in here and just go mousepad, IP sweep.sh, and come in here and let's add a little bit extra. Oh, and I also left this in here. Don't leave this in here. That's why that was running twice.

Okay, so what we're doing here is we need to add in a statement. What we're going to do is we're going to add in a if statement. If statements are conditions, we're saying, hey, if this condition is met, do something for us. If it's not met, then go ahead and do something else. Alright, so we're going to say if We're gonna just put in here dollar sign 1 is equal to nothing Then we're gonna go ahead and just say then echo You forgot an IP address Echo syntax, something like this.

We'll just say, ip sweep.sh, and we'll go 192.168.4, like that. Then if we did do this correctly, if we do have an argument inside of argument 1, then we're going to say else do all of this here, and be done. And then we're going to end our if statement with fi. Now, this script or this resemblance of this script is not 1 of my own, by the way, this is goes credit to something I've modified over time. But the original credit definitely goes to Georgia Weidman.

I remember seeing this in her course a long, long time ago, when I was first getting started. And she did a great job of teaching this, this is just a modification of this script. So I just want to make sure that all credit goes to her. But looking at this, let's break this down really quick. Before we run this again, we've got an if statement, we said if argument 1 doesn't equal anything, then you're going to echo back out and say, Hey, you forgot an IP address.

Here's the syntax. If it does include something, then we're gonna go ahead and come in here and say, let's run our for statement or for loop and run through it, and then we're gonna end our if here. The only thing that I'm doing uniquely here is I'm including this ampersand, which is going to run this command multiple times at once. This is a good way to explain it. Basically, we have a couple ways of doing this.

We could say, like this, we could put a command here and this will run 1 at a time. It'll say, okay, for 1, for 2, for 3. This allows multiple instances of this loop to run at once and just speeds things up. I can show you the difference between that. So I'm going to go ahead and just Ctrl S, save this.

I'm going to go ahead and just run this script real quick. Now let's try running it without anything here. Okay. Now look, it says you forgot an IP address. So look, we did that correctly.

Now let's go ahead and add the 192.168.4, run it. You can see, okay, it's sweeping, but it's taking its sweet time, Especially for the IP addresses that are going to hang. Like if I don't have a .2 or .3, it's going to take a while. So I'm going to Ctrl-C and get out of this. If it'll let me, it looks like it's actually going to hang.

So what we can do is we can come back in. I'm going to open a new tab real quick, just while that's waiting. And I'm just going to say mousepad. And we're just going to go back into ipsweep.sh. It's in this folder.

There we go. OK. So from here, I'm going to change this back to the ampersand, and I'm going to save it. I just want you to see the difference really quick and why I run it like this. So ipsweep.sh 192.168.4.

You can see it's picking everything up really fast. All right What I can do now is I can run this and then store this into like IPs dot txt Something like that just like found IP addresses. Okay, so now if I cat IPs Dot txt. I have all the IP addresses. I just found and I found them that fast Versus this which may still be going and it is and I can't even kill.

I'm just gonna close this out Okay, so this is the big difference there with that ampersand and the speed of what it's capable of doing. So with all that being said, we could take this and do 1 more thing. So I'm going to show you how we can utilize a 1 liner, these are called 1 line statements in, in bash. And we can do similar to what we just did and accomplish that in this command line. So now we have an IP address.

We have a list of IP addresses. Let's say that we want to run nmap. Now we haven't gotten to nmap yet. You don't need to really know about it. Just know that it is a tool that allows us to go out and do port scanning.

Okay, so typically we would just say something like nmap, and we might do something like dash t4 dash a dash p dash, like this. This is just saying, I want to run nmap scan, I want to look at everything, and I want to scan all ports. This is just an example. You can just run nmap IP address like this, and that would be fine too. Like we could just go 192.168.4.29.

And we'll do a quick nmap scan. Okay, but what we can't do here is we can't just say, Hey, I want to run what we could we could say I want to run and map for everything in dot 0 slash 24. The issue is it's going to take time looking and finding what IP addresses are valid here. If we have a list, we can automate this process quite a bit, we can just come in here. And we can say something a little bit different, we can say, hey, for IP, we're using the same kind of syntax in dollar sign.

And we're going to put parentheses here, we're going to say cat. And then we're going to say IPS dot txt. And then we're just going to do this, we're going to say do and map dollar sign IP. And then again, we have the option of doing done, or we can do ampersand done, just like this. Okay, I'm just going to do done here as an example.

And to show you. So this is really easy. We're saying, hey, for every IP address in this list, and all we're doing is we're cutting out this IP list that we just had. So it's going to take the first IP, then run the map scan, and it's going to come back around the next 1. So until this list is completely done, it's going to keep going through this loop.

That's all it is, a simple loop. And then we're gonna say done. It's gonna take that IP address, it's gonna start scanning it, it's gonna go through and hopefully find information and go in a loop. So this is a quick way to automate some of this process. I actually do this with a lot of my scripts where I will do some probing, see if anything is out there that's alive, put it into an IP file, and you're gonna see this later in the course and then and map scan that.

So think about this, hopefully this gets your wheels spinning on what you can do to really start scripting some of this stuff out. And this is going to be the first time you get your hands dirty with scripting, we're going to go on again with this. And we're going to get more advanced as we go. But this should be a good introductory lesson to you on how we can build a simple tool and automate a lot of this process fairly easily with just a little bit of command line syntax. So we're going to go ahead and move on to the next section.

And I will see you over there. And we have reached the end of our video. So thank you so much for taking the time to spend the last 2 hours with me. Again, if you enjoyed the video, please do consider subscribing to our channel. It's as simple as just hitting the subscribe button and you get access to all of our content and the new content that we're releasing, including courses similar to this 1.

And while you're at it, please do consider checking out the rest of the videos on our YouTube channel. We do have a 12-hour ethical hacking course, we've got open source intelligence course, course on buffer overflows, We got a bunch of cool videos on open source intelligence and other things on this channel as well. Lastly, if you enjoyed this course, again this is part of a full length course, a 25 hour course on ethical hacking. This is just scratching the surface on what is to come. You can come to the academy.tcm-sec.com and come down and check out the practical ethical hacking course.

As always, I'll put everything down in the description below, but we do cover a lot of great stuff and a lot of

the information required to get you into the field of ethical hacking. So that is it for this video. I thank

you again for taking the time to sit with me and learn Linux with me and hopefully you took some valuable information away from this and I'll see you soon in the ethical hacking field. Thank you so much.