Complete Beginner Certificate - tconklin-champlain/Tech-Journal GitHub Wiki
Complete Beginner Intro
Types of Careers
- Offensive Security
- Defensive Security
Vulnerability Scanning Websites
💡 "If you're inclined towards the CLI on Linux, Kali comes pre-installed with a tool called "searchsploit" which allows you to search ExploitDB from your own machine. This is offline, and works using a downloaded version of the database, meaning that you already have all of the exploits already on your Kali Linux!"
Format: CVE-YEAR-NUMBER
❗Note: CVEs numbers are assigned when the vulnerability are discovered, not when they are publicised. Bear in mind that if a vulnerability is discovered at the end of a year, or if the process of confirming and rectifying the vulnerability takes a long time, then the release date might be the year after the year in the CVE date... bear this in mind when answering the following questions.
Manual Pages
Command: man
💡Consider using grep to find what you are looking for.
Extra Content: Google Dorking
What are Crawlers and how do They Work?
- Crawlers attempt to traverse, termed as crawling, every URL and file that they can find.
Search Engine Optimization
At an abstract view, search engines will “prioritize” those domains that are easier to index. There are many factors in how “optimal” a domain is - resulting in something similar to a point-scoring system.
-
How responsive your website is to the different browser types I.e. Google Chrome, Firefox and Internet Explorer - this includes Mobile phones!
-
How easy it is to crawl your website (or if crawling is even allowed ...but we'll come to this later) through the use of "Sitemaps"
-
What kind of keywords your website has (i.e. In our examples if the user was to search for a query like “Colours” no domain will be returned - as the search engine has not (yet) crawled a domain that has any keywords to do with “Colours”
Robots.txt
| Keyword | Function |
|---|---|
| User-agent | Specify the type of "Crawler" that can index your site (the asterisk being a wildcard, allowing all "User-agents" |
| Allow | Specify the directories or file(s) that the "Crawler" can index |
| Disallow | Specify the directories or file(s) that the "Crawler" cannot index |
| Sitemap | Provide a reference to where the sitemap is located (improves SEO as previously discussed, we'll come to sitemaps in the next task) |
Sitemaps
A websites map in xml format.
What is Google Dorking?
Common Terms
| Term | Action |
|---|---|
| filetype: | Search for a file by its extension (e.g. PDF) |
| cache: | View Google's Cached version of a specified URL |
| intitle: | The specified phrase MUST appear in the title of the page |
Linux Fundamentals
💡 List of Common Commands
| Command | Description |
|---|---|
echo |
Output any text that we provide |
whoami |
Find out what user we're currently logged in as! |
ls |
listing |
cd |
change directory |
cat |
concatenate |
pwd |
print working directory |
find |
search for files in a directory hierarchy |
grep |
search for patterns in a file |
touch |
Create file |
mkdir |
Create a folder |
cp |
Copy a file or folder |
mv |
Move a file or folder |
rm |
Remove a file or folder |
file |
Determine the type of a file |
su |
Switch user |
wget |
Used to download files from the web via HTTP |
scp |
Secure copy a file from host to remote or vice versa |
ps |
Provide list of current running process' |
kill |
Kill a process |
systemctl |
Systemd Control and Service Manager |
💡 List of Common Operators
| Symbol / Operator | Description |
|---|---|
& |
This operator allows you to run commands in the background of your terminal. |
&& |
This operator allows you to combine multiple commands together in one line of your terminal. |
> |
This operator is a redirector - meaning that we can take the output from a command (such as using cat to output a file) and direct it elsewhere. |
>> |
This operator does the same function of the > operator but appends the output rather than replacing (meaning nothing is overwritten). |
💡 Common Directories
| Directory | Description |
|---|---|
| /etc | The etc folder (short for etcetera) is a commonplace location to store system files that are used by your operating system. |
| /var | The "/var" directory, with "var" being short for variable data, is one of the main root folders found on a Linux install. This folder stores data that is frequently accessed or written by services or applications running on the system. |
| /root | The /root folder is actually the home for the "root" system user. There isn't anything more to this folder other than just understanding that this is the home directory for the "root" user. |
| /tmp | This is a unique root directory found on a Linux install. Short for "temporary", the /tmp directory is volatile and is used to store data that is only needed to be accessed once or twice. Similar to the memory on your computer, once the computer is restarted, the contents of this folder are cleared out. |
Terminal Text Editors
- VIM
- NANO
Maintaining Your System
Automation
- CRON Generator or Cron Guru
cron -e
| Value | Description |
|---|---|
| MIN | What minute to execute at |
| HOUR | What hour to execute at |
| DOM | What day of the month to execute at |
| MON | What month of the year to execute at |
| DOW | What day of the week to execute at |
| CMD | The actual command that will be executed. |
Package Management
Normally we use the apt command to install software onto our Ubuntu system. The apt command is a part of the package management software also named apt. Apt contains a whole suite of tools that allows us to manage the packages and sources of our software, and to install or remove software at the same time.
One method of adding repositories is to use the add-apt-repository command we illustrated above, but we're going to walk through adding and removing a repository manually. Whilst you can install software through the use of package installers such as dpkg, the benefits of apt means that whenever we update our system -- the repository that contains the pieces of software that we add also gets checked for updates.