Linux Fundamentals II
Logging to a Linux machine using SSH, how to advance your commands & file system interaction
As I continue my cybersecurity journey I wanted to publish my notes in order to provide helpful write-ups for other learners on the same journey, with the added benefit of explaining the concepts in a beginner friendly way. I intend to break things down bit by bit and provide further clarification for learners.
The second TryHackMe module is Linux Fundamentals II. This section helps us learn how to connect to a Linux machine remotely using SSH, advance the use of commands by providing flags & switches and use man pages and other root directories on a Ubuntu Linux install to gather further information. We also learn further commands used to interact with the file system, digress into file permissions and switching users.
What is SSH & how Does it Work?
In-browser functionality uses protocol called Secure Shell or SSH for short and is the common means of connecting to and interacting with the command line of a remote Linux machine.
Secure Shell or SSH simply is a protocol between devices in an encrypted form.
Using cryptography, any input we send in a human-readable format is encrypted for travelling over a network -- where it is then unencrypted once it reaches the remote machine.
SSH allows us to remotely execute commands on another device remotely.
Any data sent between the devices is encrypted when it is sent over a network such as the Internet
The TryHackMe AttackBox is a Ubuntu Linux machine that is hosted online in the cloud and can be interacted with via your browser.
Using SSH to Login to Your Linux Machine
The syntax to use SSH is very simple. We only need to provide two things:
1. The IP address of the remote machine
2. Correct credentials to a valid account to login with on the remote machine
Now that we are connected, any commands that we execute will now execute on the remote machine -- not our own.
Note: When you type a password into an ssh login prompt there is no visible feedback -- you will not be able to see any text or symbols appear as you type the password. It is still working, however, so just type the password and press enter to login.
Intro to Flags and Switches
A majority of commands allow for arguments to be provided. These arguments are identified by a hyphen and a certain keyword known as flags or switches.
We'll later discuss how we can identify what commands allow for arguments to be provided and understanding what these do exactly.
When using a command, unless otherwise specified, it will perform its default behaviour. For example, ls
lists the contents of the working directory. However, hidden files are not shown. We can use flags and switches to extend the behaviour of commands.
Using our ls
example, ls
informs us that there is only one folder named "folder1" as highlighted in the screenshot below. Note that the contents in the screenshots below are only examples.
However, after using the -a
argument (short for --all
), we now suddenly have an output with a few more files and folders such as ".hiddenfolder". Files and folders with "." are hidden files. (The command is: ls -a
)
Commands that accept these will also have a--help
option. This option will list the possible options that the command accepts, provide a brief description and example of how to use it.
This option is, in fact, a formatted output of what is called the man page (short for manual), which contains documentation for Linux commands and applications.
The Man(ual) Page
The manual pages are a great source of information for both system commands and applications available on both a Linux machine, which is accessible on the machine itself and online.
To access this documentation, we can use the man
command and then provide the command we want to read the documentation for. Using our ls example, we would use man ls
to view the manual pages for ls
like so:
DIRECTIONAL KEY TO MOVE DOWN TERMINAL PAGE= downward arrow
FLAG-h
- provide output from LS to be in human readable format
Press Q
- closes man page stands for quit. (vim / escape?)
Definition of man command:
List information about the FILEs (the current directory by default).
Sort entries alphabetically if none of -cftuvSUX nor --sort is speci\u2010
fied.
Filesystem Interaction Continued:
We covered some of the most fundamental commands when interacting with the filesystem on the Linux machine. For example, we covered how to list and find the contents of folders using ls
and find
and navigating the filesystem using cd
.
In this task, we're going to learn some more commands for interacting with the filesystem to allow us to:
create files and folders
move files and folders
delete files and folders
More specifically, the following commands:
Command | Full Name | Purpose |
touch | touch | Create file |
mkdir | make directory | Create a folder |
cp | copy | Copy a file or folder |
mv | move | Move a file or folder |
rm | remove | Remove a file or folder |
file | file | Determine the type of a file |
Protip: Similarly to using cat, we can provide full file paths, i.e. directory1/directory2/note for all of these commands
Creating Files and Folders (touch, mkdir)
Creating files and folders on Linux is a simple process. First, we'll cover creating a file. The touch command takes exactly one argument -- the name we want to give the file we create. For example, we can create the file "note" by using touch note
. It's worth noting that touch simply creates a blank file. You would need to use commands like echo or text editors such as nano to add content to the blank file:
USING TOUCH TO CREATE A NEW FILE:
tryhackme@linux2:~$ touch note
tryhackme@linux2:~$ ls
folder1 note
This is a similar process for making a folder, which just involves using the mkdir
command and again providing the name that we want to assign to the directory. For example, creating the directory "mydirectory" using mkdir mydirectory
:
USING MKDIR TO CREATE A NEW FOLDER:
tryhackme@linux2:~$ mkdir mydirectory
tryhackme@linux2:~$ ls
folder1 mydirectory note
Removing Files and Folders (rm)
rm
is extraordinary out of the commands that we've covered so far. You can simply remove files by using rm
. However, you need to provide the -R
switch alongside the name of the directory you wish to remove.
Using rm to remove a file
tryhackme@linux2:~$ rm note
tryhackme@linux2:~$ ls
folder1 mydirectory
Using rm recursively to remove a directory
tryhackme@linux2:~$ rm -R mydirectory
tryhackme@linux2:~$ ls
folder1
Copying and Moving Files and Folders (cp, mv)
Copying and moving files is an important functionality on a Linux machine. Starting with cp
, this command takes two arguments:
1. the name of the existing file
2. the name we wish to assign to the new file when copying
cp
copies the entire contents of the existing file into the new file. In the screenshot below, we are copying "note" to "note2".
USING CP TO COPY A FILE
tryhackme@linux2:~$ cp note note2
tryhackme@linux2:~$ ls
folder1 note note2
Moving a file takes two arguments, just like the cp command. However, rather than copying and/or creating a new file, mv
will merge or modify the second file that we provide as an argument. Not only can you use mv
to move a file to a new folder, but you can also use mv
to rename a file or folder. For example, in the screenshot below, we are renaming the file "note2" to be named "note3". "note3" will now have the contents of "note2".
USING MV TO MOVE A FILE
tryhackme@linux2:~$ mv note2 note3
tryhackme@linux2:~$ ls
folder1 note note3
Determining File Type
What is often misleading and often catches people out is making presumptions from files as to what their purpose or contents may be. Files usually have what's known as an extension to make this easier. For example, text files usually have an extension of ".txt". But this is not necessary.
So far, the files we have used in our examples haven't had an extension. Without knowing the context of why the file is there -- we don't really know its purpose. Enter the file
command. This command takes one argument. For example, we'll use file
to confirm whether or not the "note" file in our examples is indeed a text file, like so file note
.
Permissions
As you would have already found out by now, certain users cannot access certain files or folders. We've previously explored some commands that can be used to determine what access we have and where it leads us.
In our previous tasks, we learned how to extend the use of commands through flags and switches. Take, for example, the ls
command, which lists the contents of the current directory. When using the -l
switch, we can see ten columns such as in the screenshot below. However, we're only interested in the first three columns:
DETERMINING THE CONTENTS OF A FILE
tryhackme@linux2:~$ file note
note: ASCII text
PERMISSIONS 101
As you would have already found out by now, certain users cannot access certain files or folders. We've previously explored some commands that can be used to determine what access we have and where it leads us.
In our previous tasks, we learned how to extend the use of commands through flags and switches. Take, for example, the ls
command, which lists the contents of the current directory. When using the -l
switch, we can see ten columns such as in the screenshot below. However, we're only interested in the first three columns:
Using ls -lh to list the permissions of all files in the directory
tryhackme@linux2:~$ ls -lh
-rw-r--r-- 1 cmnatic cmnatic 0 Feb 19 10:37 file1
-rw-r--r-- 8 cmnatic cmnatic 0 Feb 19 10:37 file2
Although intimidating, these three columns are very important in determining certain characteristics of a file or folder and whether or not we have access to it. A file or folder can have a couple of characteristics that determine both what actions are allowed and what user or group has the ability to perform the given action -- such as the following:
Read
Write
Execute
Note: Diagram indicates column meanings (not pictured)
- :
dash indicates file type. Dash is a regular file, D indicates a directory
rwx-
read, write, execute permissions for the file owner
rwx (second listed) -
" for the group owner of the file
rwx (listed third) -
' for all other users
(dashes for other users indicates permission not available)
Example: rw r r - owner can read and write but everyone else can only read it
Using su to switch to user2=
tryhackme@linux2:~$ su user2
Password:
user2@linux2:/home/tryhackme$
Let's use the "cmnatic.pem" file in our initial screenshot at the top of this task. It has the "-" indicator highlighting that it is a file and then "rw" followed after. This means that only the owner of the file can read and write to this"cmnatic.pem" file but cannot execute it.
The Differences Between Users & Groups
We briefly explored this in Linux fundamentals part 1 (namely, the differences between a regular user and a system user). The great thing about Linux is that permissions can be so granular, that whilst a user technically owns a file, if the permissions have been set, then a group of users can also have either the same or a different set of permissions to the exact same file without affecting the file owner itself.
Let's put this into a real-world context; the system user that runs a web server must have permissions to read and write files for an effective web application. However, companies such as web hosting companies will have to want to allow their customers to upload their own files for their website without being the webserver system user -- compromising the security of every other customer.
I.e.- A low privledge user cannot overwrite files on other peoples websites.
We'll learn the commands necessary to switch between users below:
Switching Between Users
Switching between users on a Linux install is easy work thanks to the su
(=substitute user) command. Unless you are the root user (or using root permissions through sudo), then you are required to know two things to facilitate this transition of user accounts:
The user we wish to switch to
The user's password
The su
command takes a couple of switches that may be of relevance to you. For example, executing a command once you log in or specifying a specific shell to use. I encourage you to read the man page for su
to find out more.
NAME
su - change user ID or become superuser
SYNOPSIS
su [options] [username]
DESCRIPTION
The su command is used to become another user during a login session. Invoked without a username, su defaults to becoming the superuser. The optional argument - may be used to provide an environment similar to what the user would expect had the user logged in directly. Additional arguments may be provided after the username, in which case they are supplied to the user's login shell. In particular, an argument of -c will cause the next argument to be treated as a command by most command interpreters. The command will be executed by the shell specified in /etc/passwd for the target user. You can use the -- argument to separate su options from the arguments supplied to the shell.
However, I will cover the -l
or --login
switch. Simply, by providing the -l
switch to su
, we start a shell that is much more similar to the actual user logging into the system - we inherit a lot more properties of the new user, i.e., environment variables and the likes.
Using su to switch to user2 interactively
tryhackme@linux2:~$ su user2
Password:
user2@linux2:/home/tryhackme$
For example, when using suto switch to "user2", our new session drops us into our previous user's home directory.
Using su to switch to user2 interactively
tryhackme@linux2:~$ su -l user2
Password:
user2@linux2:~$ pwd
user2@:/home/user2$
Where now, after using -l, our new session has dropped us into the home directory of "user" automatically.
COMMON DIRECTORIES
/etc. (PRONOUNCED ETSY)
This root directory is one of the most important root directories on your system. The etc folder (short for etcetera) is a commonplace location to store system files that are used by your operating system.
For example, the sudoers file highlighted in the screenshot below contains a list of the users & groups that have permission to run sudo or a set of commands as the root user.
Also highlighted below are the "passwd" and "shadow" files. These two files are special for Linux as they show how your system stores the passwords for each user in encrypted formatting called sha512.
Notable Comments of the /etc directory
tryhackme@linux2:/etc$ ls
shadow passwd sudoers sudoers.d
/var
The "/var" directory, with "var" being short for variable data, is one of the main root folders found on a Linuxinstall. This folder stores data that is frequently accessed or written by services or applications running on the system. For example, log files from running services and applications are written here (/var/log), or other data that is not necessarily associated with a specific user (i.e., databases and the like).
Notable contents of the /var directory
tryhackme@linux2:/var$ ls
backups log opt tmp
/root
Unlike the /homedirectory, the /root folder is actually the home for the "root" system user. There isn't anything more to this folder other than just understanding that this is the home directory for the "root" user. But, it is worth a mention as the logical presumption is that this user would have their data in a directory such as "/home/root" by default.
Notable contents of the /root directory
root@linux2:~# ls
myfile myfolder passwords.xlsx
/tmp
This is a unique root directory found on a Linuxinstall. Short for "temporary", the /tmp directory is volatile and is used to store data that is only needed to be accessed once or twice. Similar to the memory on your computer, once the computer is restarted, the contents of this folder are cleared out.
What's useful for us in pentesting is that any user can write to this folder by default. Meaning once we have access to a machine, it serves as a good place to store things like our enumeration scripts.
Note: this is similar to how ram works on a computer..
Notable contents of the /tmp directory
root@linux2:/tmp# ls
todelete trash.txt rubbish.bin
As always, if you see anything I've missed or have suggestions to add, feel free to drop me a line or let me know in the comments. Happy learning!
-Mary
Sources: TryHackMe Pre-security Pathway: Linux Fundamentals 1-3