Select-String
or sls
is about searching for strings.
For example: Select-String action *.txt
Where "action" is the string I am searching for inside all the ".txt" files.
ls "C:\Program Files\" -Recurse -Filter *.exe | more
grep "string" filename.txt
With a wildcard:
Example of how input, output and the pipeline works
stdin → <
For example cat < hello.txt
stdout → >
For example echo hello > hello.txt
For example echo hello >> hello.txt
with append
stderr → 2>
Here is an example of stderr below.
You can discard the stderr by using redirecting that to /dev/null: 2>/dev/null
Types of users:
Standard user
One who is given access to a machine but has restricted access to do things like install software or change certain settings.
No standard user can see anyone else's file.
Guest users: This is a special type of user that's allowed to use the computer without a password. Guest users are disabled by default. You might enable them in a very specific situations.
Administrator
A user that has complete control over a machine
There can be multiple administrators on that machine as well.
An admin can view, edit and delete anyone's file.
Groups:
Users are put together in groups according to levels of access and permissions to carry out certain tasks.
To view user and group information, search for "Computer Management".
Rundown of System Tools:
Task Scheduler: Schedule programs and tasks to run at certain times, like automatically shutting off the computer at 11:00 pm every night.
Event Viewer: This is where Windows store its system logs.
Shared Folders: This shows the folders that different users on the machine share with each other. Anyone has access to these folders can view the files.
Local Users and Groups: This is where we'll be doing our user and group management.
Performance: This shows monitoring for the resources of our machine like CPU and RAM.
Device Manager: This is where we go to manage devices to our computer like our network cards, sound cards, monitors, and more.
Windows Domain: A network of computers, users, files, etc that are added to a central database. For example, Active Directory.
Get-LocalUser
Information about local users
Get-LocalGroup
Information about local groups
Get-LocalGroupMember Administrators
Information about users in a specific group.
Standard users
Administrators: A normal user with sudoers privilege - sudo
. For example, sudo cat /etc/sudoers
su - substitute user. sudo su -
Used to login as another user. If you don't specify a user, it will default to root.
Root user - don't get confused by the root directory or slash (/). The root user is the first user that gets automatically created when we install a Linux OS. This user has all the privileges on the OS. They are the super user. There's technically only one superuser or root account
How to view groups:
cat /etc/group
→ this is how you view the group information.
In the above screenshot, the first field is sudo
is the group name.
The second field x
denotes the group password. We don't really need to specify a group password so it defaults to the root password. The x
here means that the password has been encrypted and stored in a separate file that we'll talk about in a later lesson.
The third field 27
, in this case, is the group id.
The fourth field suggests the list of users in this group. In this case, seed
is the only member of this group.
How to view users:
cat /etc/passwd
→ shows users' information. Most of these accounts aren't actually humans using the computer. They are a bunch of processes that are constantly running on a computer that we need to associate with a user.
The first field root
is the username and the second field x
is the user password. The password isn't actually stored in this file. It's encrypted and stored in a different file, just like our group ID password.
The third field here is the user id or UID. Similar group IDS, user IDs or how our system identifies a user, not by the username. Root has a UID of zero.
Force a user to change the password on the next logon: net user victor /logonpasswordchge:yes
Change password: passwd username
Force a password change on the next logon by the admin: sudo passwd -e username
Adding user: This command creates a user with the name of 'bablu' and sets a password as 'pa5sw0rd' and flags the account for password reset on the next logon: net user bablu pa5sw0rd /add /logonpasswordchg:yes
Removing user: This command removes the user from the computer: net user bablu /del
You can also use Remove-LocalUser bablu
to remove the account.
Adding a user :sudo useradd bablu
Remove a user : sudo userdel babl
In Windows, files and directory permissions are assigned using Access Control Lists or ACLs. Specifically, we're going to be working with Discretionary Access Control Lists or DACLs.
Windows files and folders can also have System Access Control Lists or SACLs assigned to them. SACLs are used to tell Windows that it should use an event log to make a note of every time someone accesses a file or folder. These are advanced features of Windows.
Note: Windows permission controls differ whether you are using a file or folder.
These permission are in terms of a directory:
Read: The Read permission lets you see that a file exists, and allows you to read its contents. It also lets you read the files and directories in a directory.
Read & Execute: The Read & Execute permission lets you read files, and if the file is an executable, you can run the file. Read & Execute includes Read, so if you select Read & Execute, Read will be automatically selected.
List folder contents: List folder contents is an alias for Read & Execute on a directory. Checking one will check the order. It means that you can read and execute files in that directory.
Write: The Write permission lets you make changes to a file. It might be surprising to you, but you can have write access to a file without having read permission to that file.
The Write permission also lets you create subdirectories, and write to files in the directory.
Modify: The Modify permission is an umbrella permission that includes read, write and execute.
Full Control: A user or group with full control can do anything that want to the file! It includes all of the permissions of modify, and adds the ability to take ownership of a file and change its ACLs,
Here is a CLI version to see the permission using icacls
. Read more here.
Read (r) - This allows someone to read the contents of a file or folder.
Write (w)- This allows someone to write information to a file or folder.
Execute (x) - This allows someone to execute a program.
These are categories in owner, group, and all.
Read permission to everyone (including guests users) and the permission will be inherited if another folder is crated is created inside it :icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /grant 'Everyone:(OI)(CI)(R)'
(OI) - object inherit
(CI) - container inherit
(R)- Read
If you only want to give permission to view (read) the content who are authenticated, not just EVERYONE! → icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /grant 'Authenticated Users:(OI)(CI)(R)'
If you want to remove the Everyone permission on that directory: icacls 'C:\Users\Grey Head Media\Desktop\all-wordlists\' /remove Everyone
Symbolic Format
+
indicates of a permission being added, and -
indicates the permission to be removed.
chmod u+x myfile.txt
→ giving execute permission to the user
u
→ user
x
→ execute
chmod u-x myfile.txt
→ taking away execute permission from the user
chmod u+rx myfile.txt
→ adding both read and execute permission to the user
chmod ugo+r myfile.txt
→ adding read permission to user, group and all.
g
→ group
o
→ all
Numerical equivalent for rwx
:
4 for read or r
2 for write or w
1 for execute or x
In the screenshot above, the 7 indicates the user has read, write and execute permission
5 indicates the group has read and write
4 indicates everyone has the read permission.
chown
changes the owner of the file
sudo chown hacback17 my_cool_file
chgrp
changes the group
sudo groupadd hacback17_group
→ adding a new group named hacback17_group
sudo chgrp hacback17_group hello.txt
→ changing the file's group to hacback17_group
What if I want a user to be able to do something that requires root privileges, but I don't want to give them these privileges? There are certain commands that need to change files that are owned by root. The SetUID
bit is used to allow a file to be run as the owner of the file.
As you can see, even if the user doesn't own the shadow file
but it can still change her own password.
Below you can see the special permission set as s
- The s
stands for setuid
. When the s
is set where the regular bit would be, it allows us to run the file with the permissions of the owner of the file. To enable the setuid
bit, you can do it symbolically or numerically.
sudo chmod u+s my_cool_file
is the symbolic format to change the permission so a user