TryHackMe: Introductory Researching
Apr 11, 2020 · 3 min read
[Task 1] Introduction
[Task 2] Example Research Question
- In the Burp Suite Program that ships with Kali Linux, what mode would you use to manually send a request (often repeating a captured request numerous times)?
3. What are automated tasks called in Linux?
ANS: Cron ****
4. What number base could you use as a shorthand for base 2 (binary)?
Reference: https://byte-notes.com/number-bases/
There’re many shorthands: 2 ,8, 10 ,16
5. If a password hash starts with $6$, what format is it (Unix variant)?
ANS: Reference: https://github.com/frizb/Hashcat-Cheatsheet
[Task 3] Vulnerability Searching
I will use exploit-db
- What is the CVE for the 2020 Cross-Site Scripting (XSS) vulnerability found in WPForms?
2. There was a Lo c al Privilege Escalation vulnerability found in the Debian version of Apache Tomcat, back in 2016. What’s the CVE for this vulnerability?
Источник
Automate tasks in Windows and Linux
Why to automate
Automation is saving time and is best way to protect yourself from forgetting. I use also automation of small tasks as a delegation. I delegate some of my tasks to my PC.
The advantages of are:
- The PC never forgets
- The PC is never wrong 🙂 — only human programs and algorithms do.
- I can do something else while my tedious or boring tasks are done
- Huge tasks can be done effortlessly — Once we had to convert more than 10000 pics, to do some changes, to rename the file according to some needs and to categorize them. Time for the program: 4 hours and 2 hours tests. The processing took about 1 hour and 1 hour to verify the results. I can’t imagine if we had to do it manually what time we had to spent and the errors.
- You can reuse the automated tasks
Windows
You can use Task Scheduler(example for windows 7 — it may also be called ‘Scheduled Tasks’ you can find it located in the Control Panel.):
After that is really straightforward:
- first you need to give the «trigger» — when to start the task:
- based on time frequency
- event — computer start, login etc
- one time — you can run it manually later (select the task and start it from the context menu);
- next is to set up the program that will be run:
- start a program — you can put a command and parameters — for example run music every hours and give as parameters this song.
- send a mail
- display a message
Linux
You can use crontab(depending on the distribution — in this example I’m using Ubuntu 14):
- Installation
- set up
- create new job(per user) by
- add tasks
If the command runs properly, a text editor will appear. Now you can add your commands to the crontab file. To run python script every five minutes:
*/5 * * * * python /home/user/test.py
*/5 * * * * /home/user/test.sh
- save the text file — depending on the text editor that is used — id could be ctrl + X and then Y or something else. The is to read the instructions.
Cron information
Read more about it on the following pages: Wikipedia: crontab
Источник
What are automated tasks called in linux
In Linux, tasks can be configured to run automatically within a specified period of time, on a specified date, or when the system load average is below a specified number. Red Hat Enterprise Linux is pre-configured to run important system tasks to keep the system updated. For example, the slocate database used by the locate command is updated daily. A system administrator can use automated tasks to perform periodic backups, monitor the system, run custom scripts, and more.
Red Hat Enterprise Linux comes with several automated tasks utilities: cron , at , and batch .
Cron is a daemon that can be used to schedule the execution of recurring tasks according to a combination of the time, day of the month, month, day of the week, and week.
Cron assumes that the system is on continuously. If the system is not on when a task is scheduled, it is not executed. To schedule one-time tasks, refer to Section 27.2 At and Batch .
To use the cron service, the vixie-cron RPM package must be installed and the crond service must be running. To determine if the package is installed, use the rpm -q vixie-cron command. To determine if the service is running, use the command /sbin/service crond status .
The main configuration file for cron, /etc/crontab , contains the following lines:
SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ # run-parts 01 * * * * root run-parts /etc/cron.hourly 02 4 * * * root run-parts /etc/cron.daily 22 4 * * 0 root run-parts /etc/cron.weekly 42 4 1 * * root run-parts /etc/cron.monthly
The first four lines are variables used to configure the environment in which the cron tasks are run. The SHELL variable tells the system which shell environment to use (in this example the bash shell), while the PATH variable defines the path used to execute commands. The output of the cron tasks are emailed to the username defined with the MAILTO variable. If the MAILTO variable is defined as an empty string ( MAILTO=»» ), email is not sent. The HOME variable can be used to set the home directory to use when executing commands or scripts.
Each line in the /etc/crontab file represents a task and has the following format:
minute hour day month dayofweek command
minute — any integer from 0 to 59
hour — any integer from 0 to 23
day — any integer from 1 to 31 (must be a valid day if a month is specified)
month — any integer from 1 to 12 (or the short name of the month such as jan or feb)
dayofweek — any integer from 0 to 7, where 0 or 7 represents Sunday (or the short name of the week such as sun or mon)
command — the command to execute (the command can either be a command such as ls /proc >> /tmp/proc or the command to execute a custom script)
For any of the above values, an asterisk (*) can be used to specify all valid values. For example, an asterisk for the month value means execute the command every month within the constraints of the other values.
A hyphen (-) between integers specifies a range of integers. For example, 1-4 means the integers 1, 2, 3, and 4.
A list of values separated by commas (,) specifies a list. For example, 3, 4, 6, 8 indicates those four specific integers.
The forward slash (/) can be used to specify step values. The value of an integer can be skipped within a range by following the range with / integer > . For example, 0-59/2 can be used to define every other minute in the minute field. Step values can also be used with an asterisk. For instance, the value */3 can be used in the month field to run the task every third month.
Any lines that begin with a hash mark (#) are comments and are not processed.
As shown in the /etc/crontab file, the run-parts script executes the scripts in the /etc/cron.hourly/ , /etc/cron.daily/ , /etc/cron.weekly/ , and /etc/cron.monthly/ directories on an hourly, daily, weekly, or monthly basis respectively. The files in these directories should be shell scripts.
If a cron task is required to be executed on a schedule other than hourly, daily, weekly, or monthly, it can be added to the /etc/cron.d/ directory. All files in this directory use the same syntax as /etc/crontab . Refer to Example 27-1 for examples.
# record the memory usage of the system every monday # at 3:30AM in the file /tmp/meminfo 30 3 * * mon cat /proc/meminfo >> /tmp/meminfo # run custom script the first day of every month at 4:10AM 10 4 1 * * /root/scripts/backup.sh
Example 27-1. Crontab Examples
Users other than root can configure cron tasks by using the crontab utility. All user-defined crontabs are stored in the /var/spool/cron/ directory and are executed using the usernames of the users that created them. To create a crontab as a user, login as that user and type the command crontab -e to edit the user’s crontab using the editor specified by the VISUAL or EDITOR environment variable. The file uses the same format as /etc/crontab . When the changes to the crontab are saved, the crontab is stored according to username and written to the file /var/spool/cron/ username .
The cron daemon checks the /etc/crontab file, the /etc/cron.d/ directory, and the /var/spool/cron/ directory every minute for any changes. If any changes are found, they are loaded into memory. Thus, the daemon does not need to be restarted if a crontab file is changed.
The /etc/cron.allow and /etc/cron.deny files are used to restrict access to cron. The format of both access control files is one username on each line. Whitespace is not permitted in either file. The cron daemon ( crond ) does not have to be restarted if the access control files are modified. The access control files are read each time a user tries to add or delete a cron task.
The root user can always use cron, regardless of the usernames listed in the access control files.
If the file cron.allow exists, only users listed in it are allowed to use cron, and the cron.deny file is ignored.
If cron.allow does not exist, users listed in cron.deny are not allowed to use cron.
To start the cron service, use the command /sbin/service crond start . To stop the service, use the command /sbin/service crond stop . It is recommended that you start the service at boot time. Refer to Chapter 12 Controlling Access to Services for details on starting the cron service automatically at boot time.
Источник
How to automate tasks on a Linux system
Administrator
You don’t have to do that yourself!One of the main tasks of a system administrator is carrying out maintenance work on the server. Most of these tasks can be automated or programmed to be carried out at certain times without user intervention. In this section we’ll talk about the two most widely used programs to carry out tasks in this way.
‘at’ is a program to carry out commands that you intend to do only once. It’s mostly used for scheduling specific jobs under specific circumstances. If you had to rotate your company’s webserver logs every Saturday, ‘at’ is not the appropriate tool for the job. That would be done best with ‘cron’, about which we will talk about shortly. Let say your boss, the CTO, called for a meeting with you at 1:00. He wants to know how frequently your external consultants are logging into the network. This is a prime candidate for ‘at’.
First, you’d type:
which would give you plenty of time to get that information before the meeting. You will see the ‘at’ prompt:
warning: commands will be executed using /bin/sh
Now you’d write the commands you want carried out. Here we’ll get the output of the command last, which tells us who’s logged in to our servers lately, and write it to a file called ‘log-ins’. The second command, separated by a semi-colon ( will then print that file using lp.
press ‘Enter’ and then ‘Ctl + d’ and you will see the following:
job 15 at 2003-02-16 12:45
Of course, your job number will vary with the number of times you’ve used ‘at’.
There are various ways to indicate at what time you want ‘at’ to carry out commands. at now + 5 minutes will carry out a command five minutes from when you type it. There’s even a provision for at teatime which will carry out commands at 4:00 PM/16:00 hrs. (If you don’t believe me, consult ‘man at’!). You can cancel these jobs as well. If you type:
you will remove job 15 from the ‘at’ queue. To see what is in the ‘at’ queue, type:
You can control which users are allowed to use ‘at’. By default /etc/at.deny controls who cannot use ‘at’. That is to say, the users listed in at.deny cannot use it. You can also create an /etc/at.allow file. Creating at.allow makes the at daemon ignore the /etc/at.deny
Therefore, anyone who is not in at.allow cannot use ‘at’. The question of using one file or another comes down to a question of your management style. If you prefer to let people use things until the abuse the privilege, then use the default at.deny. When the user ‘barney’ programs an ‘at’ job to set off an infernal sounding noise when he’s gone to get coffee, scaring the bejeebers out of everybody in the office, then you can add him to the at.deny file. If you’re of the opinion that nobody needs to use it, then create an at.allow file with only your personal user account listed. Remember that the root user can always use at.
From a system administrator’s point of view, the cron daemon is probably the best thing since sliced bread. You can schedule practically any program (provided that they don’t have a graphic user interface since cron is not really designed to run GUI applications) at any time, for any date and at any interval. That is to say, if you want a text dump of the number of times a person with the IP address 64.09.200.12 has logged into your computer and you only want it on February 4th, cron will do this for you.
The jobs that you want to run with cron can be scheduled in various ways. The most common way is to edit a file which is known as your crontab. Normally, each user has his/her own and is able to schedule jobs by editing it. You can add to and delete entries from you crontab by typing:
But before we go jumping right into scheduling jobs, it’s important to point out that cron looks for a particular syntax in your crontab file. You just can’t just write:
get my mail from mail.mydomain.com
and expect it to work. The syntax in your crontab is not easy to master, but it is not excessively difficult to comprehend either. First, there are 5 time periods that cron looks for. You start your crontab entry with these. Here is the order and some examples:
Table 1. Guide to Cron times
You will not be able to use all of them at the same time. If you have used the first four, you do not need the last one. This last one, the weekday, is particularly useful because it lets you run jobs once a week. There is also another way of doing that and we’ll talk about it shortly. If you don’t wish to specify a particular time period, you must substitute an asterisk (*).
Once you have decided when you want a particular command to be run, you add the command itself at the end. Thus, a typical crontab entry will end up looking like this:
which runs a script in your home directory to back up your files at 3:30 AM on Sunday. If you entered this into your crontab, you would simply save the file by pressing ESC + :wq which is a vi command. Vi is normally the editor that crontab uses by default, but you may use a text editor other than vi, by typing export VISUAL=pico, for example, which would allow you to use the pico editor. Every time you want to alter, add or delete an entry, you would first type
Enter whatever it is that you want to get done and then type
ESC + :wq
(or the combination of keys used to save a file in your particular text editor of choice). If you’re curious about what’s in your crontab file and want to list the jobs you have programmed, type:
If you want to delete your crontab file, type
Variations on a theme
Crontab entries don’t have to necessarily have just numbers in them. We can combine the numbers with other characters to modify how commands get carried out. For example, I have a USB webcam that doesn’t really do what it’s supposed to, which is to take a picture every minute and then shut off. It takes the picture all right, but it doesn’t shut off. So I wrote a script to shut it off and then I added a crontab entry to call this script every minute. This is what I added:
Let’s look at this one part at a time
0-59/1
basically means that between the 0-59 minutes of every hour, at every 1 minute interval, the camera is to shut off. To show you how useful cron is, I remember seeing a James Bond movie where the perpetual bad-guy, Blofeld, was brainwashing girls to carry out biological attacks from a base in the Swiss Alps. He would play these hypnotic tapes to the girls every evening. There is one scene where you see Blofeld and one of his minions switching the tapes manually. If only they had had a Linux computer! They could have done this:
which would play the brain-washing instructions at 3 minute intervals between 10:30 and 10:45 PM.
Disclaimer: PLEASE DO NOT TRY BRAINWASHING TECHNIQUES AT HOME! ALSO, LINUX ONLINE DOES NOT ENDORSE THE WORLD DOMINATION SCHEMES OF SPECTRE. THIS IS ONLY USED AS AN EXAMPLE. THE ONLY WORLD DOMINATION SCHEME WE ENDORSE IS THAT OF LINUS TORVALDS.
We should also point out something that you’ve probably already noticed in the two examples above; that they end with
command >/dev/null 2>&1
We tacked this on the end because cron, by default, mails a «report» to you of the command you carried out. This is so you can either get the output directly in the mail, and/or to see if the command was successful. You may have made a mistake when you added an entry to your crontab (like typing the wrong path or the name of a command wrong). That way, you’re notified and even if your job was important and you missed the first one, you can correct it and then you won’t miss any others. Again, in the examples above, if we got a mail every time the command was carried out (every minute or couple of minutes), your in-box would quickly fill up with useless mail. Therefore, we tack that on so that cron will send notification of those jobs to /dev/null (ie. the trash).
Here are some other examples of variations:
The first one makes use of the comma, which means ‘and’. In the first example, we see that we will get a report of MySQL use on the 15th and 30th of every month (except February, of course!). The second one will run ‘who’ which tell us who is logged in, every weekday (1-5) at 8:30 AM. This would be a particularly good one for systems administrators who want to see who’s working (or at least who’s logged-in) at the time they also start work.
Permissions for cronThe ability to use cron is regulated in the same way as ‘at’. Those in /etc/cron.deny are not allowed to use cron and all other users are allowed. If you have a /etc/cron.allow file, this supersedes cron.deny (ie, cron.deny is ignored) and allows only those listed in it to use cron.
cron.hourly, cron.daily and cron.monthly
Most Linux distributions have three directories in /etc called cron.hourly, cron.daily andcron.monthly, which, as you may have already guessed, lets the systems administrator run jobs on an hourly, daily or monthly basis. Simply by placing a shell script here, jobs can be carried out at those intervals. There is no need to have a crontab entry for these jobs.
As you can see, the sky is the limit with the things that you can do with cron. It won’t get you to the point where you’ve programmed absolutely everything, letting you pass your working hours at the beach, but it will make your life a whole lot simpler.
Источник
