#+STARTUP: showall
#+OPTIONS: toc:nil num:nil html-preamble:nil html-postamble:nil html-scripts:nil
#+TITLE: OSS Linux Workshop
#+HTML_HEAD_EXTRA:
#+BEGIN_navbar
[[file:../index.org][/]] [[file:../talks.org][Talks]] [[file:oss-linux-workshop.org][OSS Linux Workshop]]
#+END_navbar
#+OPTIONS: num:t
This is the outline from the talk given to the [[http://www.fullerton.edu/][CSUF]] Offensive Security
Society (OSS) Club on Friday, 16 March 2018. A big thanks goes to
Shelley and Brandon for inviting me.
I also gave the same talk the next morning at [[http://www.oclug.org/][OCLUG]]. Thanks goes to
Steve for setting up the talk.
This outline is available in @@html:@@Emacs Org format@@html:@@, [[file:oss-linux-workshop.html][HTML]],
and [[file:oss-linux-workshop.txt][plain text]].
* What are you looking at?
+ Laptop: System76 Gazelle Pro 8, running Slackware
+ Xorg desktop running Openbox
+ Emacs with an Org Mode document open
+ Web browser: Pale Moon <[[http://www.palemoon.org/]]>
* About me
+ Name: Kyle Terrien
+ Alias: "klipkyle"
+ Studied Computer Science at CSUF
+ Graduated in May 2016
+ Working for Dell EMC on data protection "appliances"
+ Website: https://klipkyle.gitlab.io/
* How did you get into Linux?
** Telesphoreo (iPhone)
+ https://en.wikipedia.org/wiki/Cydia
+ GNU coreutils and other Unix utilities ported to the iPhone
** First Linuxes I used
+ First Linux install: Linux Mint 7 Gloria (2009)
+ 2013: started using Linux desktop as a daily driver
+ Desktops: Linux Mint, Arch Linux, Slackware
+ Servers (professional): SUSE Linux Enterprise, Red Hat
Enterprise, Slackware
* Documentation
+ =man=
+ =/usr/doc= (or =/usr/share/doc=)
+ Web
* Books
+ Many. Online resources are good too.
+ Eric Raymond - "Cathedral and the Bazaar":
http://www.catb.org/esr/writings/cathedral-bazaar/
+ Linux in a Nutshell (O'Reilly Media)
+ Unix System Administration Handbook
+ Internet Standards and Protocols (Microsoft Press) (Warning: out
of date!)
* Basic commands
** cd/ls/pwd
** mv/cp
** touch/mkdir
** rm/rmdir
** chown/chmod
* Unix Philosophy
** Simplicity
+ Symplicity of design, not ease of use
+ I abhor a system designed for the "user", if that word is a coded
pejorative meaning "stupid and unsophisticated". -- Ken Thompson
+ Controlling complexity is the essence of computer programming.
-- Brian Kernighan
** Everything is a file
Look under =/dev=
** Expert-friendly
+ Unix was not designed to stop you from doing stupid things,
because that would also stop you from doing clever things. --
Doug Gwyn
+ To design the perfect anti-Unix, write an operating system that
thinks it knows what you're doing better than you do. And then
adds injury to insult by getting it wrong. -- Eric S. Raymond,
/The Art of Unix Programming/
** Pipelines
Output of one command can be used as the input of another.
: ntpq -pn | grep '^*'
** Separation of user-space and kernel-space
User-space processes make syscalls to switch to kernel space
* Searching and filtering: grep/sed/awk
** grep
Search for a string (or regexp).
: grep http /etc/services
** sed
Edit contents of a stream.
: sed 's/http/https/' /etc/services
** awk
Parse and print reports.
: awk '{print $2;}' /etc/services
: awk '/http/' /etc/services
: awk '$1 ~ /http/' /etc/services
: awk '$1 == "http"' /etc/services
: awk '$1 == "http" {print $2;}' /etc/services
** Resources
+ https://www.funtoo.org/Awk_by_Example,_Part_1
+ https://cmdchallenge.com/
* Secure shell: ssh
** Regular usage
: ssh
: ssh @
: ssh
: ssh -t
** Install key on remote system
: ssh-copy-id -i ~/.ssh/id_rsa.pub
** SSH agent
: ssh-agent bash
: ssh-add []
** Copy over SSH
: scp :
* rsync
+ Copy file tree across hosts
: rsync -av remote:/path/to/dir/ /path/to/local/dir/
* CentOS
Binary compatible rebuild of Red Hat Enterprise Linux
** GRUB2 bootloader
+ Press =e= to edit boot options
** Apache httpd
+ Start and enable Apache
: sudo systemctl start httpd
: sudo systemctl enable httpd
+ Put files in
: /var/www/html/
: /var/www/htdocs/
: /srv/www/
+ Configuration is in
: /etc/httpd/
: /etc/apache2/
** Firewalld
: sudo firewall-cmd --permanent --zone=public --add-service=http
: sudo firewall-cmd --permanent --zone=public --add-service=https
: sudo firewall-cmd --reload
** SELinux
http://selinuxgame.org/
* HTTP pocketknife: curl
Command-line downloader
** Basic usage
: curl http://www.example.com
: curl -I http://www.example.com
: curl -i http://www.example.com
** wttr.in
: curl wttr.in
: curl -s wttr.in | colorstrip
* HTTP downloader: wget
Another command-line downloader, supports recursive downloads
** Basic usage
: wget http://192.168.58.104/images/apache_pb.gif
** Recursive downloading
Read the manual before attempting!
: wget -r -m -np http://192.168.58.104/
* Checking open ports: netstat
+ List all listening sockets
: netstat -tulpn
* Checking open ports: nmap
+ Regular scan
: nmap 192.168.58.104
+ Intense scan
: nmap -T4 -A -v 192.168.58.104
+ Resources
+ http://www.hackingexposed.com/hacking-exposed-an-overview.php
* Firewall rules: iptables
+ List all iptables rules
: iptables -nvL
: iptables -nvL -t nat
: ip6tables -nvL
+ Set a bunch of iptables rules at once
: iptables-restore /etc/iptables
: ip6tables-restore /etc/ip6tables
* Generic TCP pocketknife: netcat (nc)
+ Client: =nc =
+ Server
+ Traditional and GNU: =nc -l -p -s =
+ OpenBSD: =nc -l =
+ nmap ncat: =ncat -l =
* Real-world hacking: tar trick
+ Copy directory recursively from remote host
: ssh root@centos tar cC /etc/httpd . | tar xvC /home/kyle/tmp/httpd
+ Copy directory recursively to remote host
: tar cC /etc/httpd . | ssh kyle@192.168.58.1 tar xvC /home/kyle/tmp/httpd
+ Challenge: use this trick with netcat
* Mapping network topology: traceroute
: traceroute www.example.com
* System service manager: systemd
You must either be root or a member of the wheel group.
** Start a service
: sudo systemctl start httpd
** Check the status of a service
: sudo systemctl status httpd
** Automatically start a service
: sudo systemctl enable httpd
** Analyze bootup times
: sudo systemd-analyze plot
* Real world example: reset root password
See my guide:
https://github.com/linuxcsuf/linuxcsuf/wiki/Rescue-boot
1. In GRUB, try to boot in single user mode (=single=,
=systemd.target=rescue.target=, or =rd.break=).
2. Didn't work? Hijack the entire init process. Try to boot with
: init=/bin/sh
: mount -o remount,rw /
3. Didn't work? Boot from a Live CD. If you do this, mount the
partition and then chroot in.
: mount /dev/sda1 /mnt
: chroot /mnt /bin/su -
4. When you find the system =/etc/shadow=, set a root password
: passwd
5. Some systems (e.g. RHEL) require SELinux labels to be
regenerated.
: touch /.autorelabel
6. Reboot as cleanly as possible.
* Audio/Video pocketknife: mpv
** Basic usage
+ Local file
: mpv
+ Youtube
: mpv
** Real-world hacking: pulling audio from a Youtube video
+ List formats
: youtube-dl -F
+ Download
: youtube-dl -f 251
+ Stream
: mpv --ytdl-format 251
** Real-world hacking: getting a radio stream
Try it: http://www.885fm.org/
: mpv
* Philosophy
** Security
+ Security and convenience are inversely proportional.
+ Security is largely the way a computer is used. -- Jack Denman
** "Can we?" versus "Should we?"
Example: Nectome mind-uploading service can preserve your brain,
but you must be euthanized first.
https://www.technologyreview.com/s/610456/a-startup-is-pitching-a-mind-uploading-service-that-is-100-percent-fatal/amp/
** Bending the rules
"The worse the (objective) evil, the more the perpetrator was
completely convinced of the goodness of himself and of his
'purification'." -- Erik Naggum
http://genius.cat-v.org/erik-naggum/punishers-and-moralists