03 August 2010 | 19,238 views
Weaknet Linux – Penetration Testing & Forensic Analysis Linux Distribution
Want to Learn Penetration Testing
WeakNet Linux is designed primarily for penetration testing, forensic analysis and other security tasks. WeakNet Linux IV was built from Ubuntu 9.10 which is a Debian based distro. All references to Ubuntu have been removed as the author completely re-compiled the kernel, removed all Ubuntu specific software which would cause the ISO to bloat, and used a non-Ubuntu-traditional Window Manager, with no DM. To start X11 (Fluxbox) simply type “startx” at the command line as root.
The tools selected are those that the developer feels are used most often in pen-tests. A sample of those included are:
* BRuWRT-FORSSE v2.0
* Easy-SSHd
* Web-Hacking-Portal v2.0
* Perlwd
* Netgh0st v3.0
* YouTube-Thief!
* Netgh0st v2.2
* DomainScan
* ADtrace
* Admin-Tool
* Tartarus v0.1
A full list of applications is here:
WeakNet Linux Applications List
You can also get the guide here:
Official WeakNet Linux WEAKERTHAN System Administration Guide [PDF]
Hardware Requirements
This distro boots to a command line by default, so they are quite minimal. For Fluxbox, the recommended specs are:
* 256 MiB of system memory (RAM)
* 2 GB of disk space
* Graphics card and monitor capable of 800×600 resolution
You can download Weaknet Linux here:
WEAKERTHAN4.1k.ISO
Tuesday, August 2, 2011
Linux command lists n usage
a
adduser Add a user to the system
addgroup Add a group to the system
alias Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index
b
basename Strip directory and suffix from filenames
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop •
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)
c
cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command - ignoring shell functions •
continue Resume the next iteration of a loop •
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts
d
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls'
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage
e
echo Display message on screen •
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands •
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments
exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions
f
false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file
g
gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)
h
hash Remember the full pathname of a name argument
head Output the first part of file(s)
help Display help for a built-in command •
history Command History
hostname Print or set system name
i
id Print user and group id's
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes
j
join Join lines on a common field
k
kill Stop a process from running
killall Kill processes by name
l
less Display output one screen at a time
let Perform arithmetic on shell variables •
ln Make links between files
local Create variables •
locate Find files
logname Print current login name
logout Exit a login shell •
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files
m
make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)
n
netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively
o
open Open a file in its default application
op Operator access
p
passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data •
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory
q
quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas
r
ram ram disk device
rcp Copy files between two machines
read Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot Reboot the system
rename Rename files
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)
s
screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.'
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory
t
tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command •
u
ulimit Limit user resources •
umask Users file creation mask
umount Unmount a device
unalias Remove an alias •
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode
v
v Verbosely list directory contents (`ls -l -b')
vdir Verbosely list directory contents (`ls -l -b')
vi Text Editor
vmstat Report virtual memory statistics
w
watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Search the user's $path, man pages and source files for a program
which Search the user's $path for a program file
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un')
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user
x
xargs Execute utility, passing constructed argument list(s)
adduser Add a user to the system
addgroup Add a group to the system
alias Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index
b
basename Strip directory and suffix from filenames
bash GNU Bourne-Again SHell
bc Arbitrary precision calculator language
bg Send to background
break Exit from a loop •
builtin Run a shell builtin
bzip2 Compress or decompress named file(s)
c
cal Display a calendar
case Conditionally perform a command
cat Display the contents of a file
cd Change Directory
cfdisk Partition table manipulator for Linux
chgrp Change group ownership
chmod Change access permissions
chown Change file owner and group
chroot Run a command with a different root directory
chkconfig System services (runlevel)
cksum Print CRC checksum and byte counts
clear Clear terminal screen
cmp Compare two files
comm Compare two sorted files line by line
command Run a command - ignoring shell functions •
continue Resume the next iteration of a loop •
cp Copy one or more files to another location
cron Daemon to execute scheduled commands
crontab Schedule a command to run at a later time
csplit Split a file into context-determined pieces
cut Divide a file into several parts
d
date Display or change the date & time
dc Desk Calculator
dd Convert and copy a file, write disk headers, boot records
ddrescue Data recovery tool
declare Declare variables and give them attributes •
df Display free disk space
diff Display the differences between two files
diff3 Show differences among three files
dig DNS lookup
dir Briefly list directory contents
dircolors Colour setup for `ls'
dirname Convert a full pathname to just a path
dirs Display list of remembered directories
dmesg Print kernel & driver messages
du Estimate file space usage
e
echo Display message on screen •
egrep Search file(s) for lines that match an extended expression
eject Eject removable media
enable Enable and disable builtin shell commands •
env Environment variables
ethtool Ethernet card settings
eval Evaluate several commands/arguments
exec Execute a command
exit Exit the shell
expect Automate arbitrary applications accessed over a terminal
expand Convert tabs to spaces
export Set an environment variable
expr Evaluate expressions
f
false Do nothing, unsuccessfully
fdformat Low-level format a floppy disk
fdisk Partition table manipulator for Linux
fg Send job to foreground
fgrep Search file(s) for lines that match a fixed string
file Determine file type
find Search for files that meet a desired criteria
fmt Reformat paragraph text
fold Wrap text to fit a specified width.
for Expand words, and execute commands
format Format disks or tapes
free Display memory usage
fsck File system consistency check and repair
ftp File Transfer Protocol
function Define Function Macros
fuser Identify/kill the process that is accessing a file
g
gawk Find and Replace text within file(s)
getopts Parse positional parameters
grep Search file(s) for lines that match a given pattern
groups Print group names a user is in
gzip Compress or decompress named file(s)
h
hash Remember the full pathname of a name argument
head Output the first part of file(s)
help Display help for a built-in command •
history Command History
hostname Print or set system name
i
id Print user and group id's
if Conditionally perform a command
ifconfig Configure a network interface
ifdown Stop a network interface
ifup Start a network interface up
import Capture an X server screen and save the image to file
install Copy files and set attributes
j
join Join lines on a common field
k
kill Stop a process from running
killall Kill processes by name
l
less Display output one screen at a time
let Perform arithmetic on shell variables •
ln Make links between files
local Create variables •
locate Find files
logname Print current login name
logout Exit a login shell •
look Display lines beginning with a given string
lpc Line printer control program
lpr Off line print
lprint Print a file
lprintd Abort a print job
lprintq List the print queue
lprm Remove jobs from the print queue
ls List information about file(s)
lsof List open files
m
make Recompile a group of programs
man Help manual
mkdir Create new folder(s)
mkfifo Make FIFOs (named pipes)
mkisofs Create an hybrid ISO9660/JOLIET/HFS filesystem
mknod Make block or character special files
more Display output one screen at a time
mount Mount a file system
mtools Manipulate MS-DOS files
mv Move or rename files or directories
mmv Mass Move and rename (files)
n
netstat Networking information
nice Set the priority of a command or job
nl Number lines and write files
nohup Run a command immune to hangups
nslookup Query Internet name servers interactively
o
open Open a file in its default application
op Operator access
p
passwd Modify a user password
paste Merge lines of files
pathchk Check file name portability
ping Test a network connection
pkill Stop processes from running
popd Restore the previous value of the current directory
pr Prepare files for printing
printcap Printer capability database
printenv Print environment variables
printf Format and print data •
ps Process status
pushd Save and then change the current directory
pwd Print Working Directory
q
quota Display disk usage and limits
quotacheck Scan a file system for disk usage
quotactl Set disk quotas
r
ram ram disk device
rcp Copy files between two machines
read Read a line from standard input •
readarray Read from stdin into an array variable •
readonly Mark variables/functions as readonly
reboot Reboot the system
rename Rename files
renice Alter priority of running processes
remsync Synchronize remote files via email
return Exit a shell function
rev Reverse lines of a file
rm Remove files
rmdir Remove folder(s)
rsync Remote file copy (Synchronize file trees)
s
screen Multiplex terminal, run remote shells via ssh
scp Secure copy (remote file copy)
sdiff Merge two files interactively
sed Stream Editor
select Accept keyboard input
seq Print numeric sequences
set Manipulate shell variables and functions
sftp Secure File Transfer Program
shift Shift positional parameters
shopt Shell Options
shutdown Shutdown or restart linux
sleep Delay for a specified time
slocate Find files
sort Sort text files
source Run commands from a file `.'
split Split a file into fixed-size pieces
ssh Secure Shell client (remote login program)
strace Trace system calls and signals
su Substitute user identity
sudo Execute a command as another user
sum Print a checksum for a file
symlink Make a new name for a file
sync Synchronize data on disk with memory
t
tail Output the last part of files
tar Tape ARchiver
tee Redirect output to multiple files
test Evaluate a conditional expression
time Measure Program running time
times User and system times
touch Change file timestamps
top List processes running on the system
traceroute Trace Route to Host
trap Run a command when a signal is set(bourne)
tr Translate, squeeze, and/or delete characters
true Do nothing, successfully
tsort Topological sort
tty Print filename of terminal on stdin
type Describe a command •
u
ulimit Limit user resources •
umask Users file creation mask
umount Unmount a device
unalias Remove an alias •
uname Print system information
unexpand Convert spaces to tabs
uniq Uniquify files
units Convert units from one scale to another
unset Remove variable or function names
unshar Unpack shell archive scripts
until Execute commands (until error)
useradd Create new user account
usermod Modify user account
users List users currently logged in
uuencode Encode a binary file
uudecode Decode a file created by uuencode
v
v Verbosely list directory contents (`ls -l -b')
vdir Verbosely list directory contents (`ls -l -b')
vi Text Editor
vmstat Report virtual memory statistics
w
watch Execute/display a program periodically
wc Print byte, word, and line counts
whereis Search the user's $path, man pages and source files for a program
which Search the user's $path for a program file
while Execute commands
who Print all usernames currently logged in
whoami Print the current user id and name (`id -un')
Wget Retrieve web pages or files via HTTP, HTTPS or FTP
write Send a message to another user
x
xargs Execute utility, passing constructed argument list(s)
Some basic Linux Hardening Tips
Some basic Linux Hardening Tips
Few basic things to keep in mind to secure network communications :
1. Remove unneeded network services.: R-services such as rlogin, rdist, rexecd, rsh, and rcp are especially vulnerable to hacker attacks.
2. Filter access to unknown services in tcpwrappers.
3. Filter access using network firewalling rules.
4, Do periodic checks to monitor reachability of network services.
5. Controlling File Permissions & Attributes:In Linux, special file types allow programs to run with the file owner’s rights. SetUID (for user IDs) and SetGID (for group IDs).Regularly audit your systems for any unauthorized and unnecessary use of the setuid or setgid permissions.
6. Manual testing for Rouge programs:
A.Programs that are configured for SetUID:
find / -perm -4000 –print
B.Programs that are configured for SetGID:
find / -perm -2000 –print
C.Files that are readable by anyone in the world:
find / -perm -2 -type f –print
D.Hidden files:
find / -name “.*”
E.World writable files:
root# find / -perm -2 ! -type l –ls
F.Files that do not have an owner or belong to no group.
root# find / -nouser -o –nogroup
7. Look for Unusual Accounts:
Look in /etc/passwd for new accounts in sorted list by UID:
# sort –nk3 –t: /etc/passwd | less
Normal accounts will be there, but look for new, unexpected accounts, especially with UID < 500.
Also, look for unexpected UID 0 accounts:
# egrep ':0+:' /etc/passwd
On systems that use multiple authentication methods:
# getent passwd | egrep ':0+:'
Look for orphaned files, which could be a sign of an attacker's temporary account that has been deleted: # find / -nouser –print
8. Look for Unusual Scheduled Tasks
Look for cron jobs scheduled by root and any other UID 0 accounts:
# crontab –u root –l
Look for unusual system-wide cron jobs:
# cat /etc/crontab
# ls /etc/cron.*
====================================================
Automatic hardening tools to the rescue:
1.Bastille (http://www.bastille-linux.org): an interactive
hardening tool. Helps implement a security policy
guiding the administrator through different questions.
Portable and robust.
2.Titan (http://www.fish.com/titan): an automated hardening
tool. Implements common security measures.
====================================================
Security audit tools:
1.Remote assessment tools: Nessus, nmap
2. Local assessment tools:
Some hardening tools can be used: Bastille, Titan
Some (H)IDS tools can be used too: Tiger
Some other specific tools: LSAT, OVAL
====================================================
Intrusion detection:
Intrusion Detection can be done at different locations:
1.Host-based:
Kernel audit
Integrity analysis of the (file)system
Suspicious activities that take place in the host
2.Network-based:
Inspection of packets through the network (to any
host)
Inspection of packets that arrive to the host
====================================================
HIDS tools In user space:
1.Rutinary checks: checksecurity (in different
Linux/BSD distributions)
2.Analysis of logfiles : logcheck,
log-analysis,logsnorter
3.Filesystem integrity checks (hashes, permissions...):
tripwire, aide, integrit samhain, bsign. Can also be
done using the package management databases
(rpm and dpkg)
4.Configuration and security issues: Nabou
5.Other: chkrootkit, checkps, adeos, dtk
=======================================================
Few basic things to keep in mind to secure network communications :
1. Remove unneeded network services.: R-services such as rlogin, rdist, rexecd, rsh, and rcp are especially vulnerable to hacker attacks.
2. Filter access to unknown services in tcpwrappers.
3. Filter access using network firewalling rules.
4, Do periodic checks to monitor reachability of network services.
5. Controlling File Permissions & Attributes:In Linux, special file types allow programs to run with the file owner’s rights. SetUID (for user IDs) and SetGID (for group IDs).Regularly audit your systems for any unauthorized and unnecessary use of the setuid or setgid permissions.
6. Manual testing for Rouge programs:
A.Programs that are configured for SetUID:
find / -perm -4000 –print
B.Programs that are configured for SetGID:
find / -perm -2000 –print
C.Files that are readable by anyone in the world:
find / -perm -2 -type f –print
D.Hidden files:
find / -name “.*”
E.World writable files:
root# find / -perm -2 ! -type l –ls
F.Files that do not have an owner or belong to no group.
root# find / -nouser -o –nogroup
7. Look for Unusual Accounts:
Look in /etc/passwd for new accounts in sorted list by UID:
# sort –nk3 –t: /etc/passwd | less
Normal accounts will be there, but look for new, unexpected accounts, especially with UID < 500.
Also, look for unexpected UID 0 accounts:
# egrep ':0+:' /etc/passwd
On systems that use multiple authentication methods:
# getent passwd | egrep ':0+:'
Look for orphaned files, which could be a sign of an attacker's temporary account that has been deleted: # find / -nouser –print
8. Look for Unusual Scheduled Tasks
Look for cron jobs scheduled by root and any other UID 0 accounts:
# crontab –u root –l
Look for unusual system-wide cron jobs:
# cat /etc/crontab
# ls /etc/cron.*
====================================================
Automatic hardening tools to the rescue:
1.Bastille (http://www.bastille-linux.org): an interactive
hardening tool. Helps implement a security policy
guiding the administrator through different questions.
Portable and robust.
2.Titan (http://www.fish.com/titan): an automated hardening
tool. Implements common security measures.
====================================================
Security audit tools:
1.Remote assessment tools: Nessus, nmap
2. Local assessment tools:
Some hardening tools can be used: Bastille, Titan
Some (H)IDS tools can be used too: Tiger
Some other specific tools: LSAT, OVAL
====================================================
Intrusion detection:
Intrusion Detection can be done at different locations:
1.Host-based:
Kernel audit
Integrity analysis of the (file)system
Suspicious activities that take place in the host
2.Network-based:
Inspection of packets through the network (to any
host)
Inspection of packets that arrive to the host
====================================================
HIDS tools In user space:
1.Rutinary checks: checksecurity (in different
Linux/BSD distributions)
2.Analysis of logfiles : logcheck,
log-analysis,logsnorter
3.Filesystem integrity checks (hashes, permissions...):
tripwire, aide, integrit samhain, bsign. Can also be
done using the package management databases
(rpm and dpkg)
4.Configuration and security issues: Nabou
5.Other: chkrootkit, checkps, adeos, dtk
=======================================================
Subscribe to:
Posts (Atom)