# Intro to Kali Linux

![](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-bb9035bcb3c4b668117ee38c956fe859f6577409%2Fkali.svg?alt=media) [Kali Linux](https://www.kali.org/)

## Linux Commands

> 🔗 [explainshell.com](https://explainshell.com/)
>
> 🔗 [TCM Linux-101 - syselement](https://blog.syselement.com/tcm/courses/linux-101)

* 📌 Use `TAB` for autocompletion

### ➡️ File System

**`sudo`** - run commands and tasks as a superuser or another user, with elevated privileges.

```bash
sudo <COMMAND>

# Switch to "root" user
sudo su -
```

**`pwd`** - print the current working directory absolute path

```bash
pwd
```

**`cd`** - change current working directory

```bash
# Change dir to user's home dir
cd

# Change dir to parent dir (one level up)
cd ..

# Change dir
cd /home/user
cd /etc
```

**`ls`** - list current directory contents

```bash
ls

# Detailed list
ls -la
```

**`mkdir`** - make a new directory

```bash
mkdir tcm
```

**`rmdir`** - remove a directory

```bash
rmdir tcm
```

**`man`** - manual of a command

```bash
man <COMMAND>
<COMMAND> --help

man ls
man sudo
sudo --help
```

**`echo`** - display a line of text as output

```bash
echo "See ya"
```

**`cat`** - concatenate files to standard output

```bash
cat text.txt
```

**`>`** - redirect the output of a command to a file

```bash
echo "See ya" > text.txt
```

**`>>`** - append the output of a command to a file

```bash
echo "Tomorrow" >> text.txt
```

**`rm`** - delete files/dirs

```bash
rm text.txt

# Force and recursive remove a folder - PAY ATTENTION!
rm -rf tcm
```

**`mv`** - move/renames files/dirs

```bash
mv text.txt tcm/text_renamed.txt
```

**`cp`** - copy files and directories

```bash
cp text.txt tcm/text.txt
```

**`locate`** - find files by name in a prebuilt database

```bash
locate text.txt
```

**`updatedb`** - update the `locate` database

```bash
sudo updatedb
```

**`history`** - show user's history input list

```bash
history
```

**`passwd`** - change user's password

```bash
passwd
passwd <USER>
```

**`touch`** - create a new empty file or change existing file timestamp

```bash
touch test.txt
```

**`nano`** - text editor (other are `vi`, `vim`)

```bash
nano test2.txt
```

**`mousepad`** - GUI text editor

```bash
mousepad test3.txt
```

### ➡️ Users & Permissions

![ls -la](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-838d7e706692200b8b78d7f55a81468a70823e57%2F2023-06-13_15-31-52_57.png?alt=media)

![](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-0af0958457072c3c13343efc8e0e9e7620617906%2F2023-06-13_15-34-48_58.png?alt=media)

* **`r`** - read
* **`w`** - write
* **`x`** - execute

**`d rwx r-x r-x 2 syselement syselement 4096 Jun 13 15:01 Desktop`**

* Permissions
  * 1st character - **`d`** / **`-`** / **`l`** = directory / file / symbolic link
  * 2nd block - **owner** permissions
  * 3rd block - **group** permissions
  * 4th block - **world** permissions
    * **`-`** (hyphen) = no permission
* File hard links - **`#`**
* **`user`**
* **`group`**
* **`file size`** (bytes)
* **`date`**
* **`file name`**

```bash
la -la /tmp
	drwxrwxrwt 16 root root 4096 Jun 13 15:39 .
```

**`chmod`** - change the mode/permissions of files/dirs

```bash
# Give "execute" permissions
chmod +x test.sh
chmod 777 test.sh
```

| Octal |  Decimal  |       Permission       | Representation |
| :---: | :-------: | :--------------------: | -------------- |
|  000  | 0 (0+0+0) |      No Permission     | ---            |
|  001  | 1 (0+0+1) |         Execute        | --x            |
|  010  | 2 (0+2+0) |          Write         | -w-            |
|  011  | 3 (0+2+1) |     Write + Execute    | -wx            |
|  100  | 4 (4+0+0) |          Read          | r--            |
|  101  | 5 (4+0+1) |     Read + Execute     | r-x            |
|  110  | 6 (4+2+0) |      Read + Write      | rw-            |
|  111  | 7 (4+2+1) | Read + Write + Execute | rwx            |

> 🔗 [chmod Calculator](https://nettools.club/chmod_calc)

**`adduser`** - create a new user

```bash
sudo adduser <USER>
```

**`su`** - switch to another user

```bash
su <USER>
```

**`/etc/passwd`** - user's list, shell types, etc

```bash
cat /etc/passwd
```

**`/etc/shadow`** - user's passwords hashes

```bash
sudo cat /etc/shadow
```

**`/etc/sudoers`** - `sudo` configuration directives

```bash
man sudoers
sudo cat /etc/sudoers

# Check "sudo" group
grep 'sudo' /etc/group
```

**`sudo -l`** - list user's privileges or check a specific command

```bash
sudo -l
sudo -ll
```

### ➡️ Network

![Network](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-684ee3903420fe84c94db1ff7ce6d9da28fa823b%2F2023-06-13_16-13-44_61.png?alt=media)

**`ip`** / **`ifconfig`**- show/manipulate routing, network devices, interfaces and tunnels

```bash
ip a
ip -br -c a

ifconfig
```

**`iwconfig`** - show wireless network interface configuration and status

```bash
iwconfig
```

![ARP & Routes](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-a862eeccf27fba1880ea80ba42a5777616ac1b56%2F2023-06-13_16-12-41_60.png?alt=media)

**`ip n`** - display the neighbor/ARP table

```bash
ip n
```

**`arp -a`** - display ARP cache, IP-to-MAC address mapping

```bash
arp -a
```

**`ip r`** - display the IP routing table (destination networks, gateway IP, net interfaces)

```bash
ip r
```

**`route`** - display/manipulate the IP routing table

```bash
route
```

![ping \<IP>](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-5d1e9021bad6d06f38959144b3947475094253b5%2F2023-06-13_16-18-52_62.png?alt=media)

**`ping`** - send **ICMP** `ECHO_REQUEST` to network hosts, checking network connectivity

```bash
ping 8.8.8.8
# Stop with CTRL+C
```

**`netstat`** / **`ss`** - print network connections (e.g. for open ports)

```bash
netstat -tulpn
ss -tnl
```

### ➡️ Services

**`service`** - manipulate services

```bash
# Start Apache Web server service
sudo service apache2 start

# Stop Apache Web server service
sudo service apache2 stop
```

![service](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-0eede48de3d63e740f2e08b866e80075eb547b3e%2F2023-06-13_16-29-12_63.png?alt=media)

**`python`**

```bash
# Start a simple HTTP server using Python, in current directory
python3 -m http.server 80
```

![python3 -m http.server 80](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-2b55f1c1b6e029d5b0e048447f2ee79d416aae40%2F2023-06-13_16-31-48_64.png?alt=media)

**`systemctl`**

```bash
# Enable a service at system boot
sudo systemctl enable ssh
sudo systemctl enable ssh --now

# Disable a service at system boot
sudo systemctl disable ssh
```

➡️ **Tools**

**`apt update`** - update the packages list and upgrade installed packages using the APT package manager

```bash
# Update O.S.
sudo apt update && sudo apt upgrade -y
```

**`apt install`** - install packages

```bash
sudo apt install cron-daemon-common

# Install some useful tools
sudo apt install -y apt-transport-https btop curl duf eza fastfetch flameshot htop kali-wallpapers-all net-tools pipx speedtest-cli telegram-desktop terminator tor tree vlc wget
```

**`git`** - work with Git repository and version control

> 🔗 [pimpmykali](https://github.com/Dewalt-arch/pimpmykali)

```bash
# Clone a Github repository in the "/opt" dir
cd /opt
sudo rm -rf pimpmykali/
sudo git clone https://github.com/Dewalt-arch/pimpmykali

sudo /opt/pimpmykali/pimpmykali.sh
# For a new kali vm, run menu option N
# hit N for NO root login
reboot
```

![](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-ede105220e260ad603f23c1685d5a199aef54c03%2F2023-06-13_16-45-36_65.png?alt=media)

***

## Other Tools Install

```bash
# Sublime
sudo sh -c '
    wget -qO- https://download.sublimetext.com/sublimehq-pub.gpg | gpg --dearmor -o /usr/share/keyrings/sublimehq-archive.gpg &&
    echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/sublimehq-archive.gpg] https://download.sublimetext.com/ apt/stable/" | tee /etc/apt/sources.list.d/sublime-text.list &&
    apt update &&
    apt install -y sublime-text
'

# Brave
sudo sh -c '
    apt install -y curl
    curl -fsSLo /usr/share/keyrings/brave-browser-archive-keyring.gpg https://brave-browser-apt-release.s3.brave.com/brave-browser-archive-keyring.gpg
    echo "deb [arch="$(dpkg --print-architecture)" signed-by=/usr/share/keyrings/brave-browser-archive-keyring.gpg] https://brave-browser-apt-release.s3.brave.com/ stable main" | tee /etc/apt/sources.list.d/brave-browser-release.list
    wget http://archive.ubuntu.com/ubuntu/pool/main/libu/libu2f-host/libu2f-udev_1.1.10-3.2_all.deb
    dpkg -i libu2f-udev_1.1.10-3.2_all.deb
    apt update && apt install -y brave-browser
    rm -rf libu2f-udev_1.1.10-3.2_all.deb
'

# VSCodium
wget https://gitlab.com/paulcarroty/vscodium-deb-rpm-repo/raw/master/pub.gpg && sudo mv pub.gpg /usr/share/keyrings/vscodium-archive-keyring.asc
sudo sh -c 'echo "deb [ signed-by=/usr/share/keyrings/vscodium-archive-keyring.asc ] https://paulcarroty.gitlab.io/vscodium-deb-rpm-repo/debs vscodium main" > /etc/apt/sources.list.d/vscodium.list'
sudo apt update && sudo apt install -y codium

# AutoRecon + Scanning Tools
sudo apt update
sudo apt install -y python3 python3-pip seclists curl dnsrecon enum4linux feroxbuster gobuster impacket-scripts nbtscan nikto nmap onesixtyone oscanner redis-tools smbclient smbmap snmp sslscan sipvicious tnscmd10g whatweb wkhtmltopdf
sudo apt install -y python3-venv
python3 -m pip install --user pipx
python3 -m pipx ensurepath
source ~/.zshrc
pipx install git+https://github.com/Tib3rius/AutoRecon.git
```

***

## Bash Scripting & Piping

➡️ **Ping Sweep Script**

* Make a **`bash`** script that gathers data from a `ping` command during a **ping sweep** network scanning.

**`grep`** - print lines that match patterns

```bash
ping 192.168.31.135 -c 1 > ip.txt

cat ip.txt | grep "64 bytes"
# Prints only the line matching the grep string
```

```bash
cat ip.txt | grep "64 bytes" | cut -d " " -f 4 | tr -d ":" 
```

![](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-f5b8d8249c1b39e3af9f47d07399d8287472e557%2F2023-06-20_13-53-15_93.png?alt=media)

**Script:** *Sweep every IP address in a specific subnet network* and export only the IPs that respond back.

> 🔗 [Github - ipsweep repositories](https://github.com/search?q=ipsweep\&type=repositories)

```bash
nano ipsweep.sh
```

```bash
#!/bin/bash

if [ "$1" == "" ]
	then
		echo "ERROR: Insert an IP address!"
		echo "Syntax is: ./ipsweep.sh 192.168.1"
	else
		# For every IP in the subnet Ping and print the IP
		# & = multiple loop instances at once
		for ip in `seq 1 254`; do	
		ping -c 1 $1.$ip | grep "64 bytes" | cut -d " " -f 4 | tr -d ":" &
	done
fi
```

```bash
chmod +x ipsweep.sh
./ipsweep.sh 192.168.31
./ipsweep.sh 192.168.31 > ips.txt
```

**One liner `nmap` scan of ips.txt**

```bash
for ip in $(cat ips.txt); do nmap $ip; done
```

![](https://1178537843-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2KUxfxUFmy000PDT7MtM%2Fuploads%2Fgit-blob-47ef0473b8603958c5fc5b50e1b6ae2fb4d94da9%2F2023-06-20_15-43-49_94.png?alt=media)

***