Questions about this topic? Sign up to ask in the talk tab.

Bash

From NetSec
Revision as of 05:55, 13 September 2011 by MargeryLeddy (Talk | contribs)

Jump to: navigation, search

Getting Started

Bash, (bourne-again shell) is the linux command line utility similar to MS-DOS.

You will need some version of Linux to run this.

Usually the application you are looking for is `xterm' or `terminal' in the desktop, or you can access this via ssh. It will be easier to learn all of this if you have the root password, or if you are listed in the sudoers file. The two most important commands are `info' and `man'. Many tutorials will teach you about the `man' pages. You can access any command's manual by typing `man commandname'. What many tutorials do not tell you about is `info coreutils'. Here's a small snippet of `info coreutils' listing:

  • Introduction:: Caveats, overview, and authors
  • Common options:: Common options
  • Output of entire files:: cat tac nl od base64
  • Formatting file contents:: fmt pr fold
  • Output of parts of files:: head tail split csplit
  • Summarizing files:: wc sum cksum md5sum sha1sum sha2

The info command will let you move with pageup and pagedown, as well as use errors to select words and hit enter to follow the link kind of in a wiki like format.

File System

You will also have to understand the basic file structure on Linux is different than that of windows.

df -h

Your partitions are not formatted into drive letters. In stead they can be found in:

  • /proc/mounts
  • /etc/fstab
  • /etc/mtab

You can also view these with the following commands:

  • mount
  • fdisk
  • cfdisk

Directories

You can change directory the same way you can in MS-DOS with the cd command. Listing directories is done with the `ls' command, rather than the `dir' command. On certain systems, the `dir' command has been setup as a shortcut to `ls' to help new linux users. Example:

 cd /etc/
 xplicit@ubuntu:~$ ls -at [Enter]
 .gconfd                .sudo_as_admin_successful  Pictures
 .xsession-errors       .cache                     Public
 .gconf                 .pulse                     Templates
 .config                .nautilus                  Videos
 .gnome2                .gtk-bookmarks             Desktop
 .thumbnails            .esd_auth                  Downloads

Another way of displaying files is using the `-lash' flags with `ls'. As an example:

 xplicit@ubuntu:/proc$ ls -lash
 total 4.0K
 0 dr-xr-xr-x 207 root       root           0 2010-12-01 20:35 .
 0 drwxr-xr-x  22 root       root        4.0K 2010-12-02 20:03 ..
 0 dr-xr-xr-x  10 root       root           0 2010-12-01 20:35 acpi
 0 dr-xr-xr-x   4 root       root           0 2010-12-02 20:50 asound
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 buddyinfo
 0 dr-xr-xr-x   4 root       root           0 2010-12-02 20:50 bus
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cgroups
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cmdline
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 cpuinfo
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 crypto
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 devices
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 diskstats
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 dma
 0 dr-xr-xr-x   3 root       root           0 2010-12-02 20:50 driver
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 execdomains
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 fb
 0 -r--r--r--   1 root       root           0 2010-12-02 20:50 filesystems
 0 dr-xr-xr-x   8 root       root           0 2010-12-01 20:38 fs

Using the `-lash' argument will display all files and file permission which we'll discuss later on.

You can also list only directories by using grep:

 21:54:40-zach@ninja:~/Downloads$ ls -la | grep ^d
 drwxr-xr-x   2 zach zach   4096 2010-10-29 01:24 .
 drwx------ 102 zach zach 425984 2010-12-02 21:14 ..
For the purpose of this wiki, files have been omitted to make the above shorter and readable.

/proc

Properties:<toggledisplay>

  • Filesystem Type: procfs
  • Does not support ext3 attributes (chattr)
  • Recommended additional mount flags: nosuid
 Should be owned by root for user and group
 Should have permissions: 0555 (dr-xr-xr-x)

</toggledisplay> Using this virtual filesystem you can obtain active statistics about the local host. The following files contain a bit of hardware specs:

  • /proc/cpuinfo
  • /proc/meminfo

/proc/mounts contains all of the things you see when you invoke the `mount' command.

/proc/PID/environ contains all of the environment variables for the associated PID.

/proc/PID/maps contains an index of all loaded files by the associated PID in memory.

/etc

Properties: <toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay> This partition is usually used to store configuration files.

/bin

Properties:<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0755 (drwxr-xr-x)

</toggledisplay> This directory contains commands accessible to all bash users.

/sbin

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay>

/var

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay>

/home

<toggledisplay>

  • Filesystem Type: ext2/ext3
 Should be owned by root for user and group
 Should have permissions: 0711 (drwx--x--x)

</toggledisplay>

/tmp

<toggledisplay>

  • Filesystem Type: tmpfs
  • Recommended additional mount flags: nosuid,noexec,nodev
 Should be owned by root for user and group
 Should have permissions: 1777 (drwxrwxrwt)

</toggledisplay>

Files

You can view files for now using the commands:

  • cat
  • less
  • more

You can exit `more' or `less' by typing `q'. You can search for text by pressing `/' and go to a specific line number by typing `:'.

The syntax is simply [command] [filename]. You can edit files with:

  • nano
  • pico
  • vi
  • vim
  • emacs

Nano and pico are the easiest to use. To learn to vim, use the `vimtutor' command.

You can search for things inside of files using the grep command.

You can delete files using the rm command.

.bashrc

.ssh/known_hosts

/etc/motd

Partitioning & Formatting

fdisk

  • fdisk is the command-line utility that provides disk partitioning functions for almost all operating systems.

fidsk is a very powerful tool, it can allow you to look at something as little as a list of drives and all the information gathered about those drives, or it can be used to format almost seemingly broken hard drives into perfectly working machines once again. fdisk is a very powerful tool that has been around for many years and will not be going anywhere anytime soon.

The fdisk commands can be found by going into your command-line interface (CLI), and typing fdisk. It will spit out this onto your screen.

Example:

 livecd ~ # fdisk
 Usage:
  fdisk [options] <disk>    change partition table
  fdisk [options] -l <disk> list partition table(s)
  fdisk -s <partition>      give partition size(s) in blocks
 Options:
  -b <size>                 sector size (512, 1024, 2048 or 4096)
  -c                        switch off DOS-compatible mode
  -h                        print help
  -u <size>                 give sizes in sectors instead of cylinders
  -v                        print version
  -C <number>               specify the number of cylinders
  -H <number>               specify the number of heads
  -S <number>               specify the number of sectors per track

cfdisk,mkfs

Commands

Text Manipulation

`cat',`tac',`head',`tail',`sed',`awk',`grep'

File Manipulation

>, >> , &>, touch, rm

Process Manipulation

ps, top, kill, skill, pkill, killall

Debugging

strace ptrace gdb kgdb

Network Manipulation

ifconfig, dhcp clients, packet injectors, sniffers

Firewall Manipulation

iptables nufw

FileSystem Manipulation

mount, umount, losetup

Pipes & Golfing in Bash

piping to sh