pwd (current directory)- location

cd (change directory )- change location

cd desktop

touch abc.txt - (create a new txt file)

ls = list the content

ctrl+l = clear

attribute of file
- where file is created
- what is the time

when these files are created - "ls -l"

latest change in content - "ls -lt"

oldest to latest - "ls -lrt"

type of file
m = modified
c = change
a = access

mactime

"ls -la" - all files

"ls -l|less"

"chmod 777 sumit.txt" - write,read,execute (all three)

"ls -l sumit.txt"

"chmod 755 sumit.txt" - write,read,ececute - read,write - read

read (r) - 4
write (w)- 2
execute(X) - 1

u - user 7
g - group 7
o - others 7

"chmod u+r sumit.txt" - user ko permission deni ,

"chmod u-rw sumit.txt" - remove all permissions

"umask"

"umask 0222"

to know the permmission just subtract the umask value by 666

default permission - dp
we write 4 numbers for umask value , 1st value "0" is special permission

"mkdir" - directory

directory follow permission inheritence

(permission is same for the directory as the folder)

access control list --

directory cant execute only contain execute
what will be accessed and who will access
directory is a room

discreationary access control - directory

"updatedb" update index

" touch ex\ man" - create a file with ex man name

----------------------------------------------
| FILES | DIR-FILE |
---------------------------------------------|
READ | READ | ACCESS | 666 - FILES 777 - DIRECTORY
WRITE | READ & WRITE | ACCESS & MODIFY | - BY FILES - BY DIRECTORY
EXECUTE| EXECUTE | CD |
----------------------------------------------

i node number - unique identification number of file

i node remains same but only name can change

stat - access modify change time will be displayed

we recreated the file and all the time will change
"stat abcdef"

"idle" - idle time will get 0 when comp is working.

otherwise time will get added

"id" - 0 is for root user.

in linux there is id and in windows it is sid
sid for administrator acc - 500
sid for guest - 501

USERS -
in linux there are two types of user
1. root user 2. non root
represented by # represented by $

"tty"- to get name of terminal

"tmux" -terminal multiplexer to customize terminal after this ctrl + b
shift + % - right up terminal
shift + " - right down terminal
procedure -
write"tmux" and press enter
ctrl + b
shift + % or shift + " to make new window

ctrl + b - to switch between terminals

"/bin/bash"
"adduser demo"
"su -demo"

passwd - file where all directories are present

"cd /" - root directory

"root#ls" -- home of root
c drive in linux is root directory
root directory (/) will contain bin, sbin, etc, var, temp, usr

"cd" -- we will come back to our default location

"adduser thor"
"cat /etc/(file name)" -
etc contains all the config file

passwd - user data base is in this file

"cd /home"

"useradd thor" - temp directory or user

"adduser thor" - perm directory or user

"su - (username)" - switch as a root

pass is not requires
changing directory directly

"pwd"
"exit" - logout the user

"su (username)" - (switch as a guest)

accessing directory thru root

"passwd (username)" - changing password

"chage -l (username) " - details of specific user related to their creditentials or

password

"who" - who is logging the system

"w" - detailed info of user
"whoami" - name
"date" - date of login
"lstab"
"cd /proc" - enter all processes
"ps " - proccesses
"ps -eaf" - detailed processes
"top" - sorted process acc to what is running
"cd (proces number)" - access the proccess
"ls" - list of all present under this process
"gedit (folder name)" - open the directories to edit

"cat .bash_history" - to check the commands that we used or history of commands

"user del" - delete user

"user del -r" -

Q - what is the meaning of etc/skeleton

"cp *.txt (dir name)" - * means all

"rm (dir name)" - it is used to remove empty dir
"rmdir (dir name)" - it is used to remove empty dir
"rm -r (dir name)" - remove dir with files

copying files from /etc/skel doesnt tell what is being copied

"chgrp (name)" - group changes

to check "ls -l (filename)"

"chown (name)" - owner chnages

"id"-

"addgroup" - to add group

"su - root"
"chmod 0755 /bin/cat"
"su - bob"
"cat /etc/shadow"

bin includes executeable programs

when we open using cat we can dump the program

"chmod 4755 /bin/cat"

bin - for every user

sbin - computer
usrbin - kernel

0755 - off special permission

4755 - on special permission

4-setuid
2-set gid
1-stickybit - uneditable

"file ./-file*" - find human readable file

_________________________________________________________________________
CRYPTOGRAPHY

CIA - CONFIDENTIALITY INTEGRITY AND AVAILABILITY

|_______________||_________| |____________|
| | |
SERVER AND
CLIENT LEVEL
SHOULD HAVE
SAME INFO

website ---
crackstation.com
md5

SIEM - SECURITY INCIDENT EVENT MONITORING

ENCRYPTION - PLAIN TEXT + KEY = CYPHER TEXT

DECRYPTION - CYPHER TEXT - KEY = PLAIN TEXT
HTTP WEBSITE - NOT SECURED HAS 80 PORT
HTTPS WEBSITE - SECURED

BURP SUIT - USED FOR BUGS AND PENETRATION

SSL - SECURED SOCKET LAYER HAS 443 PORT

TLS - TRANSPORT LAYER SECURITY

HEART BLEED VULNERABILITY

-------------------------------------
subnet mask - how many numbers are for host and network part

ipv4
32-bit
8 8 SUBNET MASK 8 8
(UNICAST)A=0-127 255.0.0.0
(UNICAST)B=128-191 255.255.0.0
(UNICAST)C=192-223 255.255.255.0
(MULTICAST)D=224-289
(RESERVED)E=240-289

10.5.4.10
-255.0.0.0
=10.0.0.0

5.4.10 ------> HOST ID

10------> NETWORK ID

179.50.4.255
255.255.0.0
179.50.0.0

CLASSLESS ADDRESSING - WE WILL NOT USE DEFAULT SUBNET MASK

10.200.5.100 (IP ADD, LOGICAL &, SUBNET MASK)
255.128.0.0 CONVERT 200 & 128 IN BINARY
10. .0.0

CLASSFUL ADDRESSING -WHEN WE USE DEFAULT SUBNET MASK

NUMBER OF NETWORK POSSIBLE | NUMBER OF HOST PER NETWORK

2^7 | 2^24
2^14 | 2^16
2^21 | 2^8
|
|
|

11111111 00000...(X24)
NET BIT HOST BIT
1ST DIGIT IS CONST

255 IN BINARY - 1(X8)

MAX NUMBER OF NETWORKS POSSIBLE IN CLASS C
MIN NUMBER OF HOSTS PER NETWORK POSSIBLE IN CLASS C
MIN NUMBER OF NETWORK POSSIBLE CLASS A
MAX NUMBER OF HOSTS PER NETWORK POSSIBLE IN CLASS A

2 TYPES OF NETWORK
PUBLIC - ROUTABLE OVER INTERNET IANA(INTERNET ASSIGN NAME NUMBER ) GIVEN TO ISP
PRIVATE - FREE
A CLASS - 10.0.0.0 TO 10.255.255.255
B CLASS - 172.16.0.0 TO 172.31.255.255
C CLASS - 192.168.0.0 TO 192.18.255.255

PING - IP ADDRESS
NSLOOKUP - DNS ADDRESS

NETWORK ADRESS TRANSLATOR (NAT) - MAPS PVT TO PUBLIC

LAN GAME

WIRELESS SWITCH - ACCESS POINT

SIMPLEX - SENDER SENDS AND RECIEVER RECIEVES

HALF DUPLEX - WALKIE TALKIE(ONE AT A TIME)
FULL DUPLEX - PHONE CALL(BOTH AT A TIME)

SENDER SHOULD SYNC ACC TO RECIEVER

HIGHER LEVEL DEVICE SYNC ACC TO LOWER LEVEL DEVICE

---------------------------------------
TRANSPORT LAYER
TCP - RELIABILITY
UDP - SENDING PACKAGE WHETHER RECIEVER GOT OR NOT
SPEED IS FAST
CONNECTION ORIENTED APPROACH - RELIABILITY IS 100%
BUT TAKES TIME
RECIEVER ACKNOWLEDGES -VE UNTIL HE GETS FULL INFO
USES PORT ADDRESSES
SIZE OF PORT ADDRESS - 16 BIT
2^16 IS POSSIBLE PORTS
0-1023 ARE WELL KNOWN PORTS

FTP - 20,21
SSH - 22
TELNET - 23
SMTP - 25
HTTP - 80
HTTPS - 443

SOCKET ADDRESS - IP COMBINE WITH PORT

SESSION LAYER IS USED TO MAKE A SPECIAL VALUE WHICH TRACKS OF SESSIONS
SESSION ID GENERATE WITH THE NETWORK ID

PRESENTATION LAYER - DIFFERENCE IN LANGUAGES OR PLATFORMS, TO COMMUNICATE BETWEEN

THE
ENCRYPTION AND DECRYPTION , COMPRESS THE DATA

APPLICATION LAYER - TO PROVIDE SERVICES TO THE END USER

MAC ADDRESS IS USED IN DATA LEAK LAYER

NO ADDRESS IS USED IN PHYSICAL LAYER

A DEVICE WHICH HAVING IP AND MAC IS CALLED HOOP

MAC ADDRESS = NUMBER OF INTERFACE

NETWORK LAYER IS NUMBER OF DEVICES (PC , ROUTER)

NETWORK IS SAME AS IP CAN BE SAME BUT NOT THE MAC

NETWORK LAYER IS NOT CHANGED BUT IT USES TIMES.

HOW MANY TIMES NETWORMK LAYER IS USED

NETOWRK AND NETOWRK LAYER IS DIFFERENT

ROUTER WORKS ON NETWORK LAYER

SWITCH WORKS ON PHYSCIAL LAYER

LAYER 3 SWITCH WHICH HAVING ROUTING QUALITY

ASSIGNING IP , SWITCHING PACKETS

NETWORK ADDRESS CANT BE ASSIGNED TO ANY DEVICE

DEFAULT GATEWAY IS THE ROUTER ADDRESS

INBOUND - FROM WHERE THE PACKET COMES

OUTBOUND -TO WHICH IT WILL GO PACKET

packet injections
mac changer

port address translation

apt-get install (package)

apt-get install figlet

virustotal - tells the number of subdomain and domains

"recon-ng" - info gathering

"help"
"workspaces" -
double tab - used for auto completing
"workspaces list"
"workspaces add demo1" - add workspace
"workspaces add demo2" - add workspace
"workspaces select demo1"- switch between workspaces
"load / use" - loads specified module
"show modules"
"use google" - whose modules are available in recon
"use whoisproc"
"ctrl+shift+c"
"show options"
"show info"
"set SOURCE (website)"
"run"
"use metacrawler" - to know how many downloading links are avail
"show options"
"set SOURCE (website)"
"run"
"use recon/domains-contacts/whois_procs"
"use recon/profiles-profiles/profiler"
"show options"
"run"
"use reporting"
"use reporting/html"
"show options"
"set CREATOR CYBERHACK"
"set customer xyz"
"set filename /root/Desktop/hack.html"
"show options"

diff between sudo and root

password cracking

guess attack
root force

rainbow table attack - contain pre computed hashes

password is stored in hash form

hashing has many algorithms

any size of input is always fix size of output

input size is n but output size is fixed

hash is always generated from text

"hash-identifier" - identify the type of hashh

"john"
"john --list=formats" - check the type is avail or not

how to break your own pass

own pc pass is stored in shadow file
"john (filename)" - to crack the pass

"john (path of file)"

"john --format=RAW-MD5 (filename)"
"gedit (filename)"

"rm ~/.john/john.pot"

"zip2john (zipname) > (new txt name)

"ls"
"cat (new text file made)"

hackers have there own server

gpu towers
antialen
sam and system file -- when outlook is not connected

windows has 5 files registory file--

sam - system account manager file (when logged in and when logged out)
system - keep track of all the hardware
security - all the locks and security patches when installed or uninstalled
user -

linux root user id - 0

windows root user id - 500

HKLM - stores the registory key path

WINDOWS
"reg save HKLM\SAM C:/SAM"
"reg save HKLM\SYSTEM C:\SYSTEM"

we can read these files by registory viewer

NTLM for pass crack in windows

"samdump2"
"samdump2 SYSTEM SAM > pass.txt"

"john --format=LM pass.txt"

"cat ~/.john/john.pot"
"rm ~/.john/john.pot" - empty john.pot file

pass can only be cracked once of specific user

"sudo -u#-1 bash"