Section 4 - Operations and Incident Response Flashcards
chmod
*nix command to change the access permissions.
1 - Execute
2 - Write
4 - Read
Example: sudo chmod 664 file.txt
chown
*nix command to change the file/folder owner.
Example: sudo chown dennis:dennis file.txt
hping
Is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols.
Using hping3, you can test firewall rules, perform (spoofed) port scanning, test network performance using different protocols, do path MTU discovery, perform traceroute-like actions under different protocols, fingerprint remote operating systems, audit TCP/IP stacks, etc.
curl
(short for “Client URL”) is a command line tool that enables data transfer over various network protocols. It communicates with a web or application server by specifying a relevant URL and the data that need to be sent or received.
curl is powered by libcurl, a portable client-side URL transfer library.
Cat
It copies standard input to standard output. The command supports scrolling, if text file doesn’t fit the current screen. The most frequent use of cat is to read the contents of files. All that is required to open a file for reading is to type cat followed by a space and the file name.
Example: cat file.txt
Head and Tail
The head command will output the first part of the file, while the tail command will print the last part of the file. Both commands write the result to standard output.
Logger
type logger <message> on the command line and your message will be added to the end of the /var/log/syslog file</message>
nmap
Allows you to scan your network and discover not only everything connected to it, but also a wide variety of information about what’s connected, what services each host is operating, and so on. It allows a large number of scanning techniques, such as UDP, TCP connect (), TCP SYN (half-open), and FTP.
netcat
Is a simple program that reads and writes data across networks, like cat reads and writes data to files. Some of the many uses of Netcat include port scanning, transferring files, grabbing banners, port listening and redirection, and more nefariously, a backdoor.
theHarvester
Is a command-line tool included in Kali Linux that acts as a wrapper for a variety of search engines and is used to find email accounts, subdomain names, virtual hosts, open ports / banners, and employee names related to a domain from different public sources (such as search engines and PGP key servers).
sn1per
Is an automated scanner that can automate the process of collecting data for exploration and penetration testing. It scans for vulnerabilities and tries to exploit them.
scanless
Command-line utility and library for using websites that can perform port scans on your behalf.
Example: scanless -t target -r
Cuckoo
Sandbox environment - automated malware analysis system. You can throw any suspicious file at it and in a matter of minutes Cuckoo will provide a detailed report outlining the behavior of the file when executed inside a realistic but isolated environment.
Dnsenum
Is a multithreaded perl script to enumerate DNS information of a domain and to discover non-contiguous ip blocks.
Nessus
Is a remote security scanning tool, which scans a computer and raises an alert if it discovers any vulnerabilities that malicious hackers could use to gain access to any computer you have connected to a network. It does this by running over 1200 checks on a given computer, testing to see if any of these attacks could be used to break into the computer or otherwise harm it.
