This is the badge that was obtained after successfully completing the Linux Security class as part of the CSULB Cybersecurity Bootcamp.

A few of the focused tasks from the following hands on material is to showcase what was learned in the Linux Security Course.

For searching Linux file system from within the Terminal we can use the following:

Open Terminal

If we try to find the log file for the package manager with the following:

find /var/ -name dpkg.log

We can see that we don't have permission to access the files in the /var directory, but we can still see the contents of the directory that can be used for enumeration.

If we use the above command with an adjustment to redirect the error messages and prevent them from being displayed, it will show what we are looking for:

find /var/-name dpkg.log 2>/dev/null

grep is a big help when looking for specific characters or phrases, for instance:

grep firefox /var/log/dpkg.log

We can see when the firefox packages have been installed, updated, modified, and when these changes took effect.

Using the wildcard character * we can search for any file name or type of file, in the below example we can look for any shell applications that are in a specific directory. In this case we are looking in the /home/john directory for any file ending in .sh:

find /bin/ -name *.sh 2>/dev/null

We can also use grep to look for files that contain words like password for instance and by using the color command we can see it highlight password in red:

grep -rw password . --color

There are also ways we can try to see previous commands that have been input into the Terminal. This can lead to grabbing credentials that have been entered and we can see them in clear text.

Running the list command to show all files in the directory will also show the hidden files, these can be indicated by the period before the file name for instance here we will look at the history using the concatenate (cat) command: cat .zsh_history

Side note, with .bash_history you can delete it's contents with the 'history -c' command (minus quotes) but this command is not seen with the newer zsh structure. Manually deleting the contents of the file .zsh_history with a file manipulator like nano or vim you can open the file and then manually delete the contents save and exit and then there will be no history listed when doing a cat .zsh_history read out.

Now for some file manipulation

We can get access to the sudoers file as root with the following:

su - visudo

Once open we can scroll all the way down to the bottom of the document and under # User Privilege Specification we can add our normal user in this case is john by adding the following:

john ALL=(ALL:ALL) ALL

Now that we have sudo access we can see the content of the shadow file to grab the hash:

Now we can get into some bash scripting to make a script

First we can grab our local IP Address, for this lab will be using Pfsense firewall in a VM with our Kali box.

ip a

Using the following we can start up a new document for our script within nano:

nano pingsweep.sh

Once this is open we will enter the following bash code to get some pings going:

For the above if doing this on your own environment you would need to enter the correlating IP address, in my case it is on the 192.168.1.x subnet.

Now to see this in action we can save and exit the above and run the new script to get the following output:

./pingsweep.sh

As we can see in the above output added a capture of Wireshark to show that the script is working, we can also see that it is sending out the Broadcast ARP (no need for me to keep scan running as there are only 2 VMs on the network) and some ICMPv6 Advertisements (not using IPv6) from the local fe80:: on the Pfsense VM.