Linux shell with effective way (ways to use it)

Here we are going to focus on linux / unix shell with specific symbols which we can use the shell in effective manner.

The symbols are,
|, \ , &, &&, [], [[]], (), {} 

These symbols are very usefull in bash.

Using pipe symbol in shell

| the pipe sign can use to pipe the output of a command. simply it's forwarding what have in stdout in to stdin.

ex:

ls /etc | grep gtk

here we get the output of the ls /etc and put it into the grep gtk  command as an input to that command.


Logical Operators.




Ampersand Operator (&)

The function of ‘&‘ is to make the command run in background. Just type the command followed with a white space and ‘&‘. You can execute more than one command in the background, in a single go.

Run one command in the background:

root@localhost:~$ ping ­www.google.com &

Run two command in background, simultaneously:
root@localhost:~$ apt-get update & apt-get upgrade &


2. semi-colon Operator (;)

The semi-colon operator makes it possible to run, several commands in a single go and the execution of command occurs sequentially.
root@localhost:~$apt-get update ; apt-get upgrade ; mkdir test

The above command combination will first execute update instruction, then upgrade instruction and finally will create a ‘test‘ directory under the current working directory.

3. AND Operator (&&)

The AND Operator (&&) would execute the second command only, if the execution of first command SUCCEEDS, i.e., the exit status of the first command is 0. This command is very useful in checking the execution status of last command.
For example, I want to visit website google.com using link command, in terminal but before that I need to check if the host is live or not.
root@localhost:~$ ping -c3 www.google.com && links www.google.com

4. OR Operator (||)

The OR Operator (||) is much like an ‘else‘ statement in programming. The above operator allow you to execute second command only if the execution of first command fails, i.e., the exit status of first command is ‘1‘.

For example, I want to execute ‘apt-get update‘ from non-root account and if the first command fails, then the second ‘links www.google.com‘ command will execute.

tecmint@localhost:~$ apt-get update || links www.google.com

In the above command, since the user was not allowed to update system, it means that the exit status of first command is ‘1’ and hence the last command ‘links www.google.com‘ gets executed.

What if the first command is executed successfully, with an exit status ‘0‘? Obviously! Second command won’t execute.

tecmint@localhost:~$ mkdir test || links www.google.com

Here, the user creates a folder ‘test‘ in his home directory, for which user is permitted. The command executed successfully giving an exit status ‘0‘ and hence the last part of the command is not executed.


5. NOT Operator (!)


The NOT Operator (!) is much like an ‘except‘ statement. This command will execute all except the condition provided. Let's assume a directory which exists some files with several .html files. We need to delete all files without deleting .html files. So we can use the following command for this.
 
root@localhost:~$ rm -r !(*.html)

do ls for confirm the files are exists.

6. AND – OR operator (&& – ||)


The above operator is actually a combination of ‘AND‘ and ‘OR‘ Operator. It is much like an ‘if-else‘ statement.

For example, let’s do ping to google.com, if success echo ‘Verified‘ else echo ‘Host Down‘.
tecmint@localhost:~/tecmint$ ping -c3 www.tecmint.com && echo "Verified" || echo "Host Down"

Sample Output

PING www.google.com (212.71.234.61) 56(84) bytes of data. 64 bytes from www.google.com (212.71.234.61): icmp_req=1 ttl=55 time=216 ms 64 bytes from www.google.com (212.71.234.61): icmp_req=2 ttl=55 time=224 ms 64 bytes from www.google.com (212.71.234.61): icmp_req=3 ttl=55 time=226 ms --- www.google.com ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2001ms rtt min/avg/max/mdev = 216.960/222.789/226.423/4.199 ms Verified

Now, disconnect your internet connection, and try same command again.

root@localhost:~/tecmint$ ping -c3 www.google.com && echo "verified" || echo "Host Down"

Sample Output

ping: unknown host www.google.com Host Down


\ Back slash

this operator will use when we writing long statement in the shell and if we want to break it in to several lines.


Test and [ ]

Test function is used in many language for check the condition of a expression (evaluate a expression). [ ] is similar to test.

[ "abc"="abc" ]

This tells check whether abc equals abc. if they are equals it returns 0(expression true). else 1(expression result False).

ex :

root@localhost:~$if [ "abc"="abc" ];then echo "equals";fi
root@localhost:~$equals

[[ ]] is same as [ ], but using it we can include number of commands with other operators.

We can use [ ] this for check whether if a file exists, check whether it's a file or a directory and so on. Here is a list of them.

some common file test

Operator	Characteristic
-d	Directory
-e	Exists (also -a)
-f	Regular file
-h	Symbolic link (also -L)
-p	Named pipe
-r	Readable by you
-s	Not empty
-S	Socket
-w	Writable by you
-N	Has been modified since last being read

Testing pair of files

Operator    True if
-nt                Test if file1 is newer than file 2. The modification date is used for this and         the next comparison.

-ot                Test if file1 is older than file 2.

-ef                Test if file1 is a hard link to file2.

 


You can get the actual result of test function using $?

ex:

root@localhost:~$[ -e /home ]; echo $?

root@localhost:~$0

Using parentheses in Shell

Parentheses can use for certain no. of instances.

1) Executing group of commands in a different shell(subshell) we can use ()

ex:

root@localhost:~$pwd
/home/user
root@localhost:~$(cd /tmp; pwd)
/tmp
root@localhost:~$pwd
/home/user

2) Defining an array,

array=(a b c d)

To iterate all the values in array use the following comand

echo ${array[@]}

arrayname[@] will result all values in the array.

3) Command substitution

Reassigns the output of a command. Even multiple command.

ex ;

var=$(ls /home/user/Documents)
echo $var

Output reassigned to var variable and it can be printed
similar to ' '

We can rewrite above command as follow

var=$'ls /home/user/Documents'
echo $var


Double parantheses

1) Integer arithmatic

((i=23))

2) Integer arithmatic with variable

v=$((45+34))
echo $v
 79

3) Variable increment or  decrement

var=1
((var++))
echo $var
2

4) In functions

for ((i=0; i<10; i++))

Curly braces

This is doing big part in bash.

1) Truncate the contents of a variable

$ var="abcde"; echo ${var%d*}
abc

This will remove all characters after "d" letter with the "d". It looks from right to left. That mean if d has number of occurrences, from the last "d" characters will removed.





2) Make substitutions similar to sed

$ var="abcde"; echo ${var/de/12}
abc12

3) Use a default value

$ default="hello"; unset var; echo ${var:-$default}
hello

4) And also can use for iterate strings as loops

$ echo f{oo,ee,a}d
food feed fad

$ mv error.log{,.OLD}
(error.log is renamed to error.log.OLD because the brace expression
expands to "mv error.log error.log.OLD")

$ for num in {000..2}; do echo "$num"; done
000
001
002

$ echo {00..8..2}
00 02 04 06 08


$ echo {D..T..4}
D H L P T

$Variable="abcdef"
$ echo Variable: ${VARIABLE}123456
    Variable: abcdef123456


5) Run block of code in the same shell

$ { date; top -b -n1 | head ; } >logfile
    # 'date' and 'top' output are concatenated,
    # could be useful sometimes to hunt for a top loader )

Deleting certain files in a directory

Assume a directory with three files named a.txt, b.txt and c.txt
You need to delete only a.txt and b.txt

rm /home/user/Documents/{a.txt,b.txt}

this will remove only those files.


Summary of all

•  Brackets

    if [ condition ] # test construct
    if [[ condition ]] # extended test construct, similar to single, but is bash builtin
    Array[index]=element1 # array initialization
    [a-z] # range of characters in a regular expression

• Curly Brackets

    ${variable} # parameter substitution
    ${!variable} # indirect variable reference
    { cmd1; cmd2; …; cmdN; } # block of code
    {string1,string2,…,stringN} # brace expansion
    {a..z} # extended brack expansion
    {} # text replacement, after find and xargs

• Parentheses

    ( cmd1; cmd2; …; cmdN ) # command group executed within a subshell
    Array=(element1 element2 … elementN) # array initialization
    result=$(cmd) # command substitution like “
    >(cmd) # process substitution
    <(cmd) # process substitution

• Double Parentheses

    (( var = 78)) # integer arithmetic
    var=$(( 20 + 5 )) # integer arithmetic with viriable assignment
    (( var++ )) (( var– )) # c-style variable increment/decrement
    (( var0 = var1<98?9:21 )) # c-style trinary operation

Hope this is very useful while using bash.


Referenced links ;
http://unix.stackexchange.com/questions/32210/using-single-or-double-bracket-bash
https://shunchaowang.wordpress.com/2015/03/06/bash-parentheses/
http://www.linuxjournal.com/content/bash-brace-expansion
http://stackoverflow.com/questions/8748831/bash-when-do-we-need-curly-braces-in-variables
http://www.tecmint.com/chaining-operators-in-linux-with-practical-examples/
http://mywiki.wooledge.org/BashFAQ/031
http://stackoverflow.com/questions/2188199/how-to-use-double-or-single-bracket-parentheses-curly-braces
https://bash.cyberciti.biz/guide/Logical_OR

How to open Shell on web server using PHP

Web servers are the most vulnerable for attacks. Because they directly connected with internet and also what are they meant to be. So for a hacker web server is a good start. Spidering web site, directory traversal, catching the x site scripts and finding holes in a web site is lead to a good hack. So here i'm going to explain a good trick to hack a web site using php script. But there should be some vulnerables in the particular web site in order to make this hack.

<?php
$output = shell_exec('ls -lart');
echo "<pre>$output</pre>";?>

How to install Ubuntu Core and work with it

Ubuntu is the most popular Linux distro which handled by canonicals. It offers several installations which is customized such as gnome-ubuntu, ubuntu-core. Ubuntu core is a light version of ubuntu which is not a installation iso but its a file system to work with linux in minimal resources.

After you setup the Ubuntu core you get only the file system with Ubuntu repos, shell, grub and other initial items for linux. It is very good to try this out because this gives you a good knowledge of the linux file system how format the disk, how to install grub, how make the disk bootable, how will kernel interact with grub and so on.

Firstly you have to download the Ubuntu-core rootfs (root file system). You can download the ubuntu 14.04.3-core root file system in this link http://cdimage.ubuntu.com/ubuntu-core/releases/14.04/release/



Download the tar ball.Then you need a ubuntu live cd to boot the machine. Boot the machine using live CD and select try Ubuntu. Get the shell and type sudo gparted. Using gparted you can create, delete, format partitions and select which one should be the boot partition, which one is the swap and so on. Same thing can be done using fdisk also in terminal. To learn how to use fdisk follow this link. In this case using any preferred tool that you familiar create one partition including the whole size of the disk. After you create the partition the sdx will change to sdx1(x is the disk. may be a/ b/ c). And after that make it the boot partition. This can be done easily using gparted, right click on the partition create a flag. To do this in fdisk type 'a' after you created the partition and then type '1' . And make sure that the partition you've created is formated with ext4 format. Because other wise you would not be able install grub. You can easily format to ext4 in gparted but if you used fdisk to create the partition you can format the partition to ext4 format using the mkfs tool. Type the following command to do that.

mkfs.ext4 /dev/sda1

Now you have a partition to make you core file system and it's fs is ext4. So firstly you have to mount this partition to a folder in live boot cd. Because when  we are boot from live cd it's showing us the file system on that live cd. In order to access to the hard drive that you have you should mount that disk into some where in this live cd file system. We are going to mount our disk into /mnt directory. Type the following command to mount

sudo mount /dev/sda1 /mnt

Then your partition have mounted to the /mnt directory. Now go to your /mnt directory using cd /mnt . Now you are in your partition. Now we are going to extract the ubuntu core root file system in to our disk (/mnt). Firstly copy the ubuntu-core-rootfs tar file in to /tmp directory. Then execute the following command.

sudo tar -zxvf /tmp/ubuntucore-rootfilesystem.tar.gz

No error should be raised. Then go to /mnt directory and check whether there are files. You can see a file system in /mnt.

Now we have to copy the resolv.conf file because else the system cannot resolve dns. to  do this type

sudo cp /etc/resolv.conf /mnt/etc/resolv.conf

Now we should run the following command

for i in /dev /dev/pts /proc /sys; do sudo mount -B $i /mnt$i;  done

what this command does ? Before you execute this command check the /mnt/dev , /mnt/proc and /mnt/sys. Check after the command executed. You will see new files are there which was not before executing the command. This will mount the sub trees of the given directories(this case /dev /dev/pts /proc /sys) in to a mentioned directory (this case /mnt) which makes source directory content available in both destination and source directories. So the files inside live cd /dev /dev/pts /proc /sys are also available in /mnt/dev/ mnt/dev/pts /mnt/proc /mnt/sys.

Now we should chroot in /mnt inorder to execute commands in our new file system. What is chroot? In normal case you are root in live cd file system ( / ). But in this case we need to be the root file system is /mnt/ directory. Then only the changes that we are executing are affects to our new file system. Other wise our changes affects to live cd file system which will erased after reboot. So we should make chroot to /mnt directory. Type the following command

sudo chroot /mnt

If command worked now terminal should like root@ubuntu:~ 

Now we should install our linux kernel. To install kernel type the following command

apt-get update && apt-get install linux-{headers,image}-generic

If "failed to fetch" like error is on terminal try following.
edit the /etc/resolv.conf (actually in /mnt directory, /mnt/etc/resolv.conf) and at the end at the following
nameserver 8.8.8.8

Some times during the installation you may prompt to install grub. This is very important. Grub must be installed in order to boot in to kernel. When It's prompt to install grub using tab select the ok and press enter. Then you will ask to which disk you should install. You will see two or more options there make sure you are selected sda ('a' may change as to your setup.) and not sda1. You should select the device not the partition. After you highlight it using arrow keys press space bar to select it. then * mark will apear infront of it. Then using tab go to ok and press enter. Grub will install.

To make sure Grub installed correctly go to  /mnt/boot/ directory and see is there files like vmlinuz (kernel image), initrd and go to /mnt/boot/grub directory and check is there file called grub.cfg . If it's not there that means grub has not installed correctly. You have to reinstall it.

do apt-get update   # ***
note : *** is  necessary to retrieve grub packages.
 and
apt-get purge grub grub-pc grub-common

in any of above apt-get install or apt-get purge case if get an error saying use apt-get -f insatll to install the package type in the terminal

apt-get -f install

It will install, remove and upgrade relevant packages.

If you get an error in updating or apt-get install ing saying cannot resolve try ping internet host. Try to make the internet connection.

If every thing is ok you should have a file system in /mnt directory, grub.cfg file in /mnt/boot/grub, vmlinuz in /mnt/boot, initrd in /mnt/boot , resolv.conf in /mnt/etc

Now we should create a user and we should make the user to have root privileges.

type commands

useradd user_name
passwd user_name
when it's prompt to type a password type the preferred password

nano /etc/sudoers
we are editing this file to make our user to be root privileges.
the file content is as follows,

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

This is the part we are going to change. Change it as follows

# User privilege specification
root    ALL=(ALL:ALL) ALL
user_name ALL=(ALL:ALL) ALL
# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

now reboot and enjoy Ubuntu core


     

How to recover files in Linux

Recovery is necessary thing  todays computer world because of the value of the computer data is higher. I have explained how a file can be recovered if it has been deleted and I have explain how it happen in a previous post. So in this post I'm going to discus a technique/ tool to recover files in Linux systems because there are lots of tools to achieve this on windows.

There are many command line tools to recover files in Linux systems which are working in different way. Here I will mention about the Testdisk tool which is very use full tool when recovering damaged hard disks also. In this article we are focusing only how to recover a file which has been deleted from the linux file system.

Installing Testdisk

Investigating USB logs and create a amazing encrypting tool.

Universal Serial Bus controller or we most familiar USB, is a main requirement these days. We put movies to our pen drives, we watch them through USB, we connect our phones, players, External drives and lots of other stuff to our USB hubs and full fill our most important requirements. But the thing we don't know is all every time we connecting a USB device to our USB hub, our OS will keep information about the date, time, ID of the device, Manufacturer of the device, Product ID, Serial number and other unique details for a particular USB device will save on our machine.

Yes that's true. All of this stuff are saved by our OS. So these records are very important in a computer forensic investigation. These information will give very important evidence for computer crime scenes.

Hacking Tutorial released from ANONYMOUS in ghostbin.com

This the hacking tutorial released by Anonymous last week on this link https://ghostbin.com/paste/jrr89#L29

First and foremost, it is important for you to understand that 'hacking' is a broad term. There are many aspects to it, most of which require several programming skills, but that shouldn't stop you from using the tools made available by the internet for you to take advantage of. Go to the HTMLdog website and learn some HTML first, it is a great website and you will progress in no time. Also, consider Python as your first programming language; it is a tradition to recommend Python to newbies because it is the fundamental and appropriate language that will kickstart you in the world of computing. So, now that you are set and ready to continue with the quest, allow me to present to you a simplistic and minimalistic reference guide. 

Analise RAM dump file

In forensic investigations it's very important thing dump the RAM's data into a file and analyze the processes / tasks that were running on the dumped time. So let's look at how we can dump the RAM's content as a raw file and how we can analyze that file for get further more details.

For this we are going to use MoonSols  windows memory toolkit. This toolkit contains with four or more related tools. But for in this case we need only one tool which is "ramdumpit.exe". We can build the raw file of our ram's dump in a particular time using this tool. Just run it and it will ask the ordinary "Are you sure?" question just give yes for it. now you will see the blahblah.raw file has been created which is the dump of our RAM. Now we need our second tool which is going to analyze our dump file.