The Pre-requistes to Cybersecurity - An Insight into Linux

11 Apr 2018

So Cybersecurity... This field is all about finding exploitable areas in code and closing it off before the bad guys exploit the vulnerablities. For Cybersecurity testing,you must first know how to spot exploits and vulnerablities in a Code that will provide a way to get in and also how to get in and exploit a system. Exploiting can be anything from accessing data you shouldn't access, breach privileges, control stuff etc., I'll try to share some resources that will see how we can do that. First, some Insight into Linux, commandlines will help. This will take a peek at Linux OS, Linux filesystem,permissions,commands, endianness

  • Linux OS

    • What is an OS?
    OS is basically a software that helps to make,execute and work with other programs.
    GNU/Linux or Linux as it is called nowadays is one such operating system. It has supportive programs like text editors, compiler (most are by GNU) etc in addition to the kernel(Linux)
    Kernel is responsible for dividing the memory and system resources among various processes.
    Examples for Linux distributions is Ubuntu, Kali Linux etc

  • Linux Filesystem

    • First lets see about - Linux Filesystem Linux has a single root filesystem. There is a root directory/folder - "/" and the entire system is attached as branches to this root. Every directory is there for a specific purpose to store files of some specific nature.

    1. /home - for user files
    2. /etc - for system configuration files
    3. /bin - Binary files that execute programs
    4. /dev - Device driver files
    5. /usr - User program binary files shared by mutliple users - getting obsolete
    6. /mnt and /media- Mountable media
    7. /boot - Has files to boot the Filesystem
    8. /tmp - temporary files
    9. /var - variable length or temp files that keep changing
    For example , When you insert a CDROM/ Pen drive , its filesystem is attached/mounted to existing root, say under /media/user/CD_Name or /media/user/Pendrive
  • Linux Permission System

    • Every file has a owning user and a owning "group"(A group is a group of users other than the owning user). Every file has a permission associated with it in Linux.
    There are three sets of permissions
    1) User permissions - Permission that a user has over a file
    2) Group permissions - Permission that the owning group has over a file
    3) Other permissions - Permission that others other than the owning user and group have over the file.
    Each of User,Group and Other has 3 permissions - Read,Write,Execute.
    This can be set by using u,g,o and add/remove (+/-) and r/w/x for read write and execute addition or removal
    Also can be set through octal values for set of ugo in that order. 0777 means read,write,execute for all UGO.
    0666 means read,write only for all UGO
    Owning user/group can be changed through chown command
    Permissions can be changed through chmod command
    Syntax:

    				

			chown user(:group) filename
			chmod (+/-)permission filename
    Part inside () means that field is optional

    Examples:
    				
						chmod 0777 afile
						chmod -x afile
						chmod u+rwx afile
						chmod g-x afile
						chmod o+r a file
						chown a:b afile
    0777, same as u+rwx g+rwx o+rwx -Adds Read,Write,Execute permissions to afile
    -x - Removes all Execute permissions from all ugo
    u+rwx - Adds Read,write execute for user alone
    g-x Removes Execute permission for Group
    o+r Adds Read permission for others
    chown a:b - a is owning user name, b is owning group name
  • What is a Terminal?
    • In older days, a mainframe computer existed with multiple users accessing it with keyboards and monitors connected. These access points were called "Terminals". That concept has stuck till date in Linux, only we dont use physical Terminals nowadays. A terminal is a place to enter data, display / print data.
  • Linux Shell/Commandline
    • In Linux, shell is where you can type in commands to run programs.(like cmd in windows)
    Commandline is what happens in background when you click that fancy GUI button. Commandline knowledge helps you understand a system better and this bit will cover some basic Linux shell commands
    Default shell in Linux is Bash - Bourne again shell.
    $ is called shell prompt - indicates waiting for user command input
    By default, a shell generally starts at /home/user directory, represented by a ~(tilde)
    Here are some basic linux commands below.
    1. grep - search for a pattern
    2. ls - list contents of directory
    3. cd - change current working directory
    4. pwd - prints path of current working directory
    5. cat - show contents of file on screen
    6. rm - remove a file/directory
    7. cp - copy a file/directory
    8. logout - logs out of current session
    9. poweroff/shutdown -h now - shuts down PC
    10. reboot - reboots PC
    11. passwd - Changes current password
    12. ssh - secure shell - remote connection to another terminal
  • Endianness

    • Endianness is how bytes are stored in memory locations. For example the data "0x0a0b0c0d" can be stored in two ways.(0x,\x represents data has a hexadecimal base)

    • In Little Endian method, In one byte, LSB stores the base address and then rest of data is stored incrementally(left to right for each byte) "\x0d\x0c\x0b\x0a "
    • In Big Endian method, MSB stores the base address and then the rest of the data follows.(right to left for each byte) "\x0a\x0b\x0c\x0d "