Time
14 hours 43 minutes
Difficulty
Advanced
CEU/CPE
15

Video Transcription

00:01
Hello, everybody. And welcome to the exit number six of the RCP course
00:06
breakfast scenarios. My name's Alejandra Gonna and I'll be instructor for today's session.
00:12
The learning our objectives is to use some of the techniques we have cover so far, um, command combined commands and scripts to execute useful penetration. Destined task. So let's get a starter.
00:28
I'm just clear here. Um,
00:32
you know, we will. I will start by going through some commands one by one, and we'll be putting that in a single line common in a singing command or a single line on the terminal
00:47
so you can see we're already so that we can create bashes scripts where we can execute several commands.
00:52
But can we actually do that in a single line?
00:56
Yeah, we can. Some of the scenarios and the real world scenarios. You can actually have execute or execute a bash file, whether because we already took control of the remote machine. And, you know, we just we just want to
01:12
we can have uploaded or download any file. We can just execute commands,
01:18
so yeah, yeah, we can actually execute several commands in single line in the terminal, so we'll start by, you know, incriminating that command one command way one.
01:29
Ah, First, a little download. Ah,
01:34
t X t file, which contains several names. I mean, this is nothing new here. Will use the w get command,
01:41
as you can see here, huh?
01:44
We already have it here. First names, but we'll remove them so we can just
01:49
You can just see.
01:52
Um
01:56
we don't have it anymore. Ah, and we will. We'll use w get to get to go to this, uh, t x t file to download a list of names. Simple is that
02:12
and we can now see it
02:15
first names. And as you will see, it contains several names.
02:21
Um, so let's just assume that this is actually a list off the main names. But, you know, we have to first normalize it so we can actually do something with it
02:30
s oh, yeah, it's a long list. Ah. Will now use the tr command to actually Ah, well, just a cat command just to bring that to the common line. And with that, we just use that. Actually, we just just that command here
02:49
and now we will use the TR command to actually
02:53
Camembert. They'll The upper case is to lower cases. As you can see, the first letter and each name it contains
03:02
upper case. We cannot use that. If you were going todo resolve that you had to make a name or to an i p. So let's just tr a key over here. T ark man, um,
03:15
and won't tell it. Okay, whatever. Just put it right here.
03:22
Whatever that is in upper cases
03:28
offer
03:29
police turning
03:30
back or turning thio lower cases.
03:38
But where we were using the pipe here to actually tell him that whatever comes here, it will be passed to this command. That's what the pipes is used for.
03:50
Inch really short awards.
03:53
So, as you can see ah, all the first laters of the young. Each name is now lower case.
04:00
If we get good that you can see that the Z in the output is upper case. And if we put that tear tr command its lower cases now,
04:12
so then we will For the sake of this example, we're certain the least and we will make the least I know
04:21
he contains 20 names. That's up to any names.
04:25
You can apply any other criteria you want. Maybe you want to grab, um, on lee the names that contains the Z later on them. I don't know. I think the criteria you'll fly it will depend on the on the extra marry you want you're actually working on.
04:42
But for the sake of this example, I will just use the command
04:46
head
04:47
and let me just bring the top 20
04:54
names
04:56
again. The pipe. So first we print the all the names, then we turn the first opera casing to lower case. And now that we have that list, I want to print the 1st 20 names, so as you can see, it will return this.
05:15
All right, this is taking shape. Then maybe I want to add www and that at the beginning and that cop that come at the end,
05:26
Uh, this is just, you know, a word of advice I'm using. Ah, brutalized in my mark environment. So this,
05:36
you know, that might create different characters in this case. I think this output that you're actually seen right now it has a carriage return hidden, so I will have to normalize this and just pass it to ah kind of UNIX, um,
05:56
output. So I will use the command d O s to UNIX.
06:01
And as you can see, you don't see any actual difference. But when we're actually dealing dealing with this commands, I was I would show you here.
06:12
I don't want to act www at the beginning and that come at the end. So I will use the command wook a tal K, and I will tell it to, um
06:27
at the beginning,
06:30
we just put here,
06:31
um, at the beginning, off the of the string. In this case, each of the strings
06:38
type the w r at the prefix to adulterate off w. And, um, at the end
06:47
of the
06:50
of the word kind of a suffix
06:53
at the word that come.
06:55
That's it.
06:57
A simple as that sounds
07:00
okay.
07:03
So close to here. I made him stay here.
07:08
Eso again? Ah, the beginning.
07:11
And there you have it. What will happen if I don't put that the u S to UNIX command
07:16
again? Carriage return will mess everything up country.
07:21
And as you can see, the dot com is actually attached to the beginning.
07:27
So yeah, we have to use the U S
07:29
to UNIX. command, but that's it. So again, just to see Marie, a summary cat first names. I was just praying that the list of names I just don't loud it we'd have to get.
07:43
Then I turned up for cases to lower cases. Then I pray in the top 20 names, which is our right here.
07:50
And then I convert that thio from readable four months to my UNIX machine. But, you know, this is just an additional step. You can if you're using Lennox,
08:03
um, or Kali in a direct machine, you can just jump and to dis command, which will just at a pen www at the beginning and dot com and the end. But that's it. So now that I have, ah, least of useful names or you know, the names that I can actually use,
08:20
let me just throw you a bomb right now kind of above. Um, we will enclose all of this
08:31
with this little
08:35
symbol. I don't know. I want to call it single quote, but, you know, it's kind of different to us what I know as a single book. But yeah, it will execute all of this. You know, I don't have any. I'm enclosing all of it
08:48
in a single, so I will odd afford in here. So Ford,
08:56
buy in
08:58
all of this,
09:00
You know, at the end will be
09:03
all of this.
09:05
I wanted to actually
09:07
perform something on this which will be due on closing this doo doo. I don't What do you want? Whether we want to do with this Well, maybe just resolved to an I p goes, I will just the command host and our juice. I will do that for every eye,
09:28
every output into here, which will be again all of this.
09:33
And, um,
09:35
I will just, you know, get the state. I'm done.
09:39
So it will bring all of this agency.
09:46
So this is the power of how how powerful this bash command can be Our, you know, a single command or several commands in single line off of the terminal or the shell. You know, this This command is kind of messy s o To get a cleaner output,
10:05
we add another, Get another man
10:07
to the end of this. So we have these long command here, and we actually
10:13
just at a deal Vic a again
10:16
and I wanted to filter this by the lines that had because the string has address.
10:24
And I want this to print,
10:30
um,
10:31
field number four.
10:37
And that's simple, man. I'm just adding eso us. You see? Let me just find here when the states has address. Okay, so here
10:48
this the main aim has the address This
10:52
So I want to filter all of this,
10:56
and there you have it.
11:01
Okay, so maybe you actually went to, uh, see what ports or which ports are up in this. All of this. I p's Obviously these are public eye piece. I don't have any permissions to go near any of these hippies, and, you know, uh,
11:18
board a scanning this kind of an attack already because it's noisy, it consumes a lot of traffic.
11:24
And, you know, this is a word of advice. If you're actually going through your penetration testing career, make sure to use only local machines or local environments to actually go for her. Maybe these passive reconnaissance or, you know,
11:41
for for the sake of the exercise in Yeah, you could do that. That maybe ghoul hacks and
11:46
and proving for some ports, but actually going to ah, see which boards are often and implemented, the techniques will see later in the course. I will. Yeah, I will tell you go with your local machines or any other servers that actually hold machines
12:03
s so you can attack them. Like have the box, for example.
12:07
Yeah. S O, yeah. This long command again. Perform several task. So from from this thing's file, which contains a lot of names that, you know, it didn't make sense to us. We turn it into this useful information and we can say that to an output file. Maybe
12:26
I wouldn't say to Ah,
12:28
eyepiece
12:31
that 60
12:33
and you know it will create the file and walks leave.
12:37
Then we can just print that
12:41
and waken save that for we can later do something else with this.
12:52
Ah,
12:54
why can't be performed by the adult get command? Well, actually you can. I mean that the most basic thing that can be performed is actually done allowed any other files or something that in the example we saw in this video was just to dial out a list of names. But you can, you know, specify
13:13
all their stuff.
13:15
This command What is the resolve off executing the head dash and 20 man Well. The result is that you will get the 1st 20 Bally's on a some file. It's Kay's the 1st 20 names that appear on file because at the end, if I was wait so long when she showed an out
13:35
and
13:35
again, you can actually use the head command to apply any other criteria. As you saw in entire video, you can use a deal V. K. You can use the set command to apply criteria to filter any text file for any criteria. One
13:54
you can actually use the four Can you actually use the four loop directly the terminal? Well, yes you can. We saw a really useful example today. We had several entries in a common line, so we went in to apply
14:09
several other commands over each entry said, Yeah, you can use that
14:15
in a common light
14:16
way. Saw an example of how to use several commands and scripts in a real world scenario,
14:22
and we saw that is actually possible to run several commands in a single terminal line again, you can you can use this commands. So are all of the example we sell today. in this video to in a bash script, but this is especially useful when you're actually penetrate trying. Thio penetrate a system
14:43
and you maybe don't. You cannot upload and download
14:46
Ah, fires to that system and you use have to escalate privileges or execute commands in just a single line or a single terminal. So this is really handy and really useful when you're doing that. Believe me, you will see several different scenarios on H Machine.
15:03
You will never see the same. You will never use the exact same clique nicks or the exact same commands for
15:09
two different missions.
15:13
Supplemental material again over the wire war games. There's no other way to go with this. I mean, you can use author servers to practice this, but I found that over the over the White War names is a really fun platform.
15:30
Looking forward, it and experience will see the basics of the end. My tool.
15:35
Well, that's it for today, folks. I hoping Jerry the video. Thank you for watching. And I hope Susan

Up Next

Offensive Penetration Testing

This is a deep course about penetration testing. In this course, you’ll learn from basic to the most advanced and modern techniques to find vulnerabilities through information gathering, create and/or use exploits and be able to escalate privileges in order to test your information systems defenses.

Instructed By

Instructor Profile Image
Alejandro Guinea
CERT Regional Director
Instructor