August 19, 2011

Linux for hackers - Part II



After posting 1st part and my 1st entry in the blog, I decided that I would post at least 1 new entry every week, but here I am again, writing after 4 weeks. Now looking back, I feel like the 1st entry isn't how I wanted it to be.
I wanted to put the things present in Linux which are required for hackers most often. So in this part, I would list all such things and briefly explain their importance so that it doesn't look like a tutorial.
Obviously this list not extensive or authorized.  I might miss something very important and put something very basic, because I am no master in Linux. I am still learning and I will always be learning.






Various directories and their importance:
/etc
Configuration files specific to the machine are kept here.
/dev
Device files. In *nix systems, everything is a file. This directory contains special files which enable us to interact with various devices.
/usr
All programs are installed here.
/var/log
Stores log files from various programs.

Important Files:
/etc/passwd
This file contains one entry per line for each user (or user account) of the system. All fields are separated by a colon (:) symbol. Total seven fields as follows:

  1. Username
  2. Password: An x character indicates that encrypted password is stored in /etc/shadow file.
  3. User ID (UID): Each user must be assigned a user ID (UID). UID 0 (zero) is reserved for root and UIDs 1-99 are reserved for other predefined accounts. Further UID 100-999 are reserved by system for administrative and system accounts/groups.
  4. Group ID (GID): The primary group ID (stored in /etc/group file)
  5. User ID Info: The comment field. It allow you to add extra information about the users such as user's full name, phone number etc. This field use by finger command.
  6. Home directory: The absolute path to the directory the user will be in when they log in. If this directory does not exists then users directory becomes /
  7. Command/shell: The absolute path of a command or shell (/bin/bash).

/etc/shadow
This file stores actual password in encrypted format for user's account.

/etc/services
This file maps port numbers to services

/etc/hosts
Contains host names and their corresponding IP addresses used for name resolution

/etc/resolv.conf
This file is used to configure the Domain Name System (DNS) resolver library.

/etc/network/interfaces
See all available network interfaces

/proc/cpuinfo
Information about the processor

/proc/uptime
The time the system has been up.

/proc/sys/kernel/randomize_va_space
This is a special file which holds the option which determines the type of process address randomization being used in the system.
options can be:
0 - No address space randomization
1 - Make the addresses of mmap base,stack and VDSO page randomized.
2 - Additionally enable heap randomization

That's all for this part then. It barely scratches the vast surface of linux systems, but it is a start nonetheless. In the next part, I am planning to document some of the most important command line tools for hackers. Lets hope it comes soon!

No comments:

Post a Comment