This blog entry will cover some basic Linux commands to get you started in the terminal. Commands are in no particular order. Note: Some of these commands can vary depending on the distro. They are all just binary files. I made this a while ago, pretty much just for fun, and I wanted to see if I could be of some help. I'm not sure it was everything I wanted it to be at the time. For a more comprehensive list of commands try this website.
Helpful Tip: Most commands will come with a help file. To access it you generally type in the command followed by --help, or -h. This will list some more advanced features of the commands which I wont be covering most of here.
history - View commands previously typed in.
pwd - Which stands for present working directory will tell you where you are located on the system.
cd - If you type cd followed by a directory you can switch to that directory.
ls - Which stands for list will list all the contents of the current directory. If you would like to view some extra info, such as the permissions, use "ls -l". If you would like to include hidden files type "ls -a". You can implement both at the same type if you like by typing "ls -la".
rm - Which stands for remove can delete files. Common options are "rm -r", the r standing for recursive, which deletes directories. "rm -f", the f standing for force will delete files without prompting various warnings.
cp - Which stands for copy will copy a file.
mv - Which stands for move will move a file.
chmod - Which stands for change mode, will change the permissions of the files. Adding a value of 1 will allow you to execute. Adding a value of 2 will let you write. Adding a value of 4 will allow you to read. You have to enter a combination of these 3 values added together 3 times. The order is "Owner Group Users". The command "chmod 777 [file]" will allow everyone to read write and execute. A directory must have the ability to execute in order to be opened.
adduser - Add a user.
groupadd - Add a group.
groupdel - Delete a group.
chgrp - Change the group of a specific file. Every file and directory has a said owner and group. To view these type "ls -l".
usermod - Which stands for user modification can do a variety of things. If you want to add a user to a group, without changing the other groups the user is in type "usermod -G [group] -a [user]".
df - Will list the filesystems and tell you how much disk space you have left in them.
du - Will list all the files on the disk and tell you how much space they take up.
ifconfig - Will list internet devices. You are given IP addresses, mac addresses and the like so you can check on everything.
mount - Will tell you what's mounted. You can also use this to mount drives. For example "mount /dev/sda1 /mnt/drive" will mount the sda1 partition in the directory /mnt/drive.
fdisk - You could tell fdisk which device you would like to partition by typing in it's name ex("fdisk /dev/sda"), or you could have it list all of the devices by typing "fdisk -l".
Helpful tip:
You can use some commands together with a pipe. "|" is a pipe.
less - Is a command which will let you view the output of a command that might be too long to scroll through on the terminal. Or perhaps you're not able to scroll through your terminal, you can with this program. If you type "history | less" you will be able to scroll through the history of the commands you typed.
grep - This command will narrow down the output lines with specific output. It's kind of like the find feature. Lets say you want to look through your history to find every time you used the cp command. You could do this by typing "history | grep cp".
echo - Will output something to the screen. I will give an example of why this is useful down below.
Helpful tip:
If you want to write the output of a command to a file use > filename. For example if you wanted to add your history to a file named history you could type "history > history". If you wanted to first label this as your history you could type "echo "history:" > history && history >> history". The two greater than signs will append data to the file and wont delete what's already in there, while just one greater than sign will overwrite what's in there.
Added by request:
man - You can use this command to read the manual of a command. Similar to typing --help. This goes into more detail than help.
Helpful tip:
If you don't remember an exact command, but you remember the start of it, you can often press tab and have it auto-complete. The same thing applies if you don't want to type in a long file name. You start to type it in and then press tab and it will auto-complete.
Thursday, May 5, 2011
Thursday, March 10, 2011
What's an ARP poisoning attack, and how can you proect yourself from it?
In the world of hacking, and more specifically script kiddies, there's something known as an ARP poisoning attack. ARP stands for Address Resolution Protocol. This protocol is responsible for matching an IP address to a Mac address.
So what's an ARP poisoning attack you ask? In a nutshell ARP poisoning attack is when a computer running special software, connected to a network, pretends to be the router. It also pretends to be the other computers connected to the network. What does this mean? It means all of the traffic going over the network runs through the computer running this software. This could be bad for a number of reasons.
Reasons this could be bad:
1. A person running this software could use it in combination with a packet sniffer. This means all the unencrypted stuff you're sending and receiving could be viewed by the wannabe hacker. This could include AIM conversations, FTP passwords, Facebook pages, etc...
2. A person running this software could spoof security certificates. What does this mean for you? You could be signing into your encrypted e-mail, and have your password stolen. Generally you will get a bit of dialogue that explains the certificate can't be verified, but you can't always rely on this. I'll explain further how to protect yourself in a second.
3. A person running this software could spoof DNS. What does this mean for you? You could be redirected to an inappropriate website in a very bad place to view it. Or maybe you get tricked into installing a Trojan on what's normally a safe website. Such a thing could give a script kiddie full access to your computer.
Now that I've explained a bit about what an ARP poisoning attack is, I will explain some ways to protect yourself.
If you use a wireless router at home it should always be protected with the best encryption. Use a long passphrase. Never use WEP encryption as it's practically useless. This should be enough to protect yourself at home.
Unsecured public wifi is the riskiest kind to be on. The absolute best way to protect yourself in this situation is to set up an SSH tunnel to send all of your traffic through a remote box. SSH is encrypted, and by tunneling all of your traffic through it, you will be keeping your information private. To do this you can issue the following command (assuming you're running Linux with ssh capabilities):
ssh -f user@server.com -L 3000:server.com:25 -N
Fill in all of the user and server information accordingly. This will send all of the traffic on port 3000 of your computer to the remote server you have set up. All the traffic will go through port 25 on that computer. You can replace the ports with whatever you like to suit your needs. Just make sure your programs are set up to go through the correct port.
If you don't set up an SSH server to tunnel your traffic through there are still some steps you can take to protect yourself. You can install a nice script blocker like No-Script(a plug-in for Firefox). With No-Script you wont have any surprise java drive by Trojan scripts pop up and try to get you to run them. This can be a good thing regardless of if you're on an unprotected/untrustworthy network or not.
Look for dialogue detecting unverified security certificates. This is common place on the Internet as you generally need to pay money to verify a certificate, but it could also be sign of an attack.
The last thing you can do is just use common sense. Companies wont ask you for your re-verification on your password generally, or credit card, or what have you. You've probably heard this enough, but I thought I might add it because apparently some people still get fooled by phishing schemes.
So what's an ARP poisoning attack you ask? In a nutshell ARP poisoning attack is when a computer running special software, connected to a network, pretends to be the router. It also pretends to be the other computers connected to the network. What does this mean? It means all of the traffic going over the network runs through the computer running this software. This could be bad for a number of reasons.
Reasons this could be bad:
1. A person running this software could use it in combination with a packet sniffer. This means all the unencrypted stuff you're sending and receiving could be viewed by the wannabe hacker. This could include AIM conversations, FTP passwords, Facebook pages, etc...
2. A person running this software could spoof security certificates. What does this mean for you? You could be signing into your encrypted e-mail, and have your password stolen. Generally you will get a bit of dialogue that explains the certificate can't be verified, but you can't always rely on this. I'll explain further how to protect yourself in a second.
3. A person running this software could spoof DNS. What does this mean for you? You could be redirected to an inappropriate website in a very bad place to view it. Or maybe you get tricked into installing a Trojan on what's normally a safe website. Such a thing could give a script kiddie full access to your computer.
Now that I've explained a bit about what an ARP poisoning attack is, I will explain some ways to protect yourself.
If you use a wireless router at home it should always be protected with the best encryption. Use a long passphrase. Never use WEP encryption as it's practically useless. This should be enough to protect yourself at home.
Unsecured public wifi is the riskiest kind to be on. The absolute best way to protect yourself in this situation is to set up an SSH tunnel to send all of your traffic through a remote box. SSH is encrypted, and by tunneling all of your traffic through it, you will be keeping your information private. To do this you can issue the following command (assuming you're running Linux with ssh capabilities):
ssh -f user@server.com -L 3000:server.com:25 -N
Fill in all of the user and server information accordingly. This will send all of the traffic on port 3000 of your computer to the remote server you have set up. All the traffic will go through port 25 on that computer. You can replace the ports with whatever you like to suit your needs. Just make sure your programs are set up to go through the correct port.
If you don't set up an SSH server to tunnel your traffic through there are still some steps you can take to protect yourself. You can install a nice script blocker like No-Script(a plug-in for Firefox). With No-Script you wont have any surprise java drive by Trojan scripts pop up and try to get you to run them. This can be a good thing regardless of if you're on an unprotected/untrustworthy network or not.
Look for dialogue detecting unverified security certificates. This is common place on the Internet as you generally need to pay money to verify a certificate, but it could also be sign of an attack.
The last thing you can do is just use common sense. Companies wont ask you for your re-verification on your password generally, or credit card, or what have you. You've probably heard this enough, but I thought I might add it because apparently some people still get fooled by phishing schemes.
Subscribe to:
Posts (Atom)