Windows: Searching Strings within Files

Select-String or sls is about searching for strings.

For example: Select-String action *.txt

Where "action" is the string I am searching for inside all the ".txt" files.

Windows: Searching within Directories

ls "C:\Program Files\" -Recurse -Filter *.exe | more

Linux: Searching within Files

grep "string" filename.txt

With a wildcard:

Windows: Input, Output, and the Pipeline

Example of how input, output and the pipeline works

Linux: Input, Output and Pipeline

• stdin → <

  • For example cat < hello.txt

• stdout → >

  • For example echo hello > hello.txt

  • For example echo hello >> hello.txt with append

• stderr → 2>

  • Here is an example of stderr below.

  • You can discard the stderr by using redirecting that to /dev/null: 2>/dev/null

Users, Administrators, and Groups

Types of users:

• Standard user

  • One who is given access to a machine but has restricted access to do things like install software or change certain settings.

  • No standard user can see anyone else's file.

• Guest users: This is a special type of user that's allowed to use the computer without a password. Guest users are disabled by default. You might enable them in a very specific situations.

• Administrator

  • A user that has complete control over a machine

  • There can be multiple administrators on that machine as well.

  • An admin can view, edit and delete anyone's file.

• Groups:

  • Users are put together in groups according to levels of access and permissions to carry out certain tasks.

Windows: View User and Group Information

To view user and group information, search for "Computer Management".

Rundown of System Tools:

• Task Scheduler: Schedule programs and tasks to run at certain times, like automatically shutting off the computer at 11:00 pm every night.

• Event Viewer: This is where Windows store its system logs.

• Shared Folders: This shows the folders that different users on the machine share with each other. Anyone has access to these folders can view the files.

• Local Users and Groups: This is where we'll be doing our user and group management.

• Performance: This shows monitoring for the resources of our machine like CPU and RAM.

• Device Manager: This is where we go to manage devices to our computer like our network cards, sound cards, monitors, and more.

Windows Domain: A network of computers, users, files, etc that are added to a central database. For example, Active Directory.

Using Powershell:

Get-LocalUser Information about local users

Get-LocalGroup Information about local groups

Get-LocalGroupMember Administrators Information about users in a specific group.

Linux: Users, Superuser and Beyond

• Standard users

• Administrators: A normal user with sudoers privilege - sudo. For example, sudo cat /etc/sudoers

  • su - substitute user. sudo su - Used to login as another user. If you don't specify a user, it will default to root.

• Root user - don't get confused by the root directory or slash (/). The root user is the first user that gets automatically created when we install a Linux OS. This user has all the privileges on the OS. They are the super user. There's technically only one superuser or root account

How to view groups:

• cat /etc/group → this is how you view the group information.

• In the above screenshot, the first field is sudo is the group name.

• The second field x denotes the group password. We don't really need to specify a group password so it defaults to the root password. The x here means that the password has been encrypted and stored in a separate file that we'll talk about in a later lesson.

• The third field 27, in this case, is the group id.

• The fourth field suggests the list of users in this group. In this case, seed is the only member of this group.

How to view users:

• cat /etc/passwd → shows users' information. Most of these accounts aren't actually humans using the computer. They are a bunch of processes that are constantly running on a computer that we need to associate with a user.

• The first field root is the username and the second field x is the user password. The password isn't actually stored in this file. It's encrypted and stored in a different file, just like our group ID password.

• The third field here is the user id or UID. Similar group IDS, user IDs or how our system identifies a user, not by the username. Root has a UID of zero.

Windows: Passwords

Force a user to change the password on the next logon: net user victor /logonpasswordchge:yes

Linux: Passwords

Change password: passwd username

Force a password change on the next logon by the admin: sudo passwd -e username

Windows: Adding and Removing Users

• Adding user: This command creates a user with the name of 'bablu' and sets a password as 'pa5sw0rd' and flags the account for password reset on the next logon: net user bablu pa5sw0rd /add /logonpasswordchg:yes

• Removing user: This command removes the user from the computer: net user bablu /del

• You can also use Remove-LocalUser bablu to remove the account.

Linux: Adding and Removing Users

• Adding a user :sudo useradd bablu

• Remove a user : sudo userdel babl

Permissions

Windows: File Permissions

In Windows, files and directory permissions are assigned using Access Control Lists or ACLs. Specifically, we're going to be working with Discretionary Access Control Lists or DACLs.

Windows files and folders can also have System Access Control Lists or SACLs assigned to them. SACLs are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder. These are advanced features of Windows.

Note: Windows permission controls differ whether you are using a file or folder.

These permission are in terms of a directory:

• Read: The Read permission lets you see that a file exists, and allows you to read its contents. It also lets you read the files and directories in a directory.

• Read & Execute: The Read & Execute permission lets you read files, and if the file is an executable, you can run the file. Read & Execute includes Read, so if you select Read & Execute, Read will be automatically selected.

• List folder contents: List folder contents is an alias for Read & Execute on a directory. Checking one will check the order. It means that you can read and execute files in that directory.

• Write: The Write permission lets you make changes to a file. It might be surprising to you, but you can have write access to a file without having read permission to that file.

  • The Write permission also lets you create subdirectories, and write to files in the directory.

• Modify: The Modify permission is an umbrella permission that includes read, write and execute.

• Full Control: A user or group with full control can do anything that want to the file! It includes all of the permissions of modify, and adds the ability to take ownership of a file and change its ACLs,

Here is a CLI version to see the permission using icacls. Read more here.

Linux: File Permissions

• Read (r) - This allows someone to read the contents of a file or folder.

• Write (w)- This allows someone to write information to a file or folder.

• Execute (x) - This allows someone to execute a program.

These are categories in owner, group, and all.

Windows: Modifying Permissions

• Read permission to everyone (including guests users) and the permission will be inherited if another folder is crated is created inside it :icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /grant 'Everyone:(OI)(CI)(R)'

  • (OI) - object inherit

  • (CI) - container inherit

  • (R)- Read

• If you only want to give permission to view (read) the content who are authenticated, not just EVERYONE! → icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /grant 'Authenticated Users:(OI)(CI)(R)'

• If you want to remove the Everyone permission on that directory: icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /remove Everyone

Linux: Modifying Permissions

• Symbolic Format

  • + indicates of a permission being added, and - indicates the permission to be removed.

  • chmod u+x myfile.txt → giving execute permission to the user

    • u → user

    • x → execute

  • chmod u-x myfile.txt → taking away execute permission from the user

  • chmod u+rx myfile.txt → adding both read and execute permission to the user

  • chmod ugo+r myfile.txt → adding read permission to user, group and all.

    • g → group

    • o → all

Numerical equivalent for rwx:

• 4 for read or r

• 2 for write or w

• 1 for execute or x

• In the screenshot above, the 7 indicates the user has read, write and execute permission

• 5 indicates the group has read and write

• 4 indicates everyone has the read permission.

​

• chown changes the owner of the file

  • sudo chown hacback17 my_cool_file

• chgrp changes the group

  • sudo groupadd hacback17_group → adding a new group named hacback17_group

  • sudo chgrp hacback17_group hello.txt → changing the file's group to hacback17_group

Linux Special Permission

What if I want a user to be able to do something that requires root privileges, but I don't want to give them these privileges? There are certain commands that need to change files that are owned by root. The SetUIDbit is used to allow a file to be run as the owner of the file.

As you can see, even if the user doesn't own the shadow file but it can still change her own password.

Below you can see the special permission set as s - The s stands for setuid. When the s is set where the regular bit would be, it allows us to run the file with the permissions of the owner of the file. To enable the setuid bit, you can do it symbolically or numerically.

sudo chmod u+s my_cool_file is the symbolic format to change the permission so a user