hey everyone welcome back to another video here on tryhackme i'm john and today we're going to take a look at the linux fundamentals part 2 room continue your learning linux journey with part 2 you will be learning how to log into a linux machine using ssh how to advance your commands and some file system interaction that being said let's go and dive right into task 1 introduction welcome to the second part of the reworked linux fundamentals series we'll be applying our knowledge from the first installment of the series so i highly recommend you completing that room before proceeding further in part two we'll be ditching the in-browser functionality and help you get started in what is a fundamental skill in being able to log in to and control the terminals of remote machines not only this but the room will also have you unlocking the potential of your first few commands by introducing you to using flags and arguments advancing your knowledge of the file system to perform some more useful commands such as copying and moving files introducing you to the access mechanisms in place to keep files and folders secure and how to identify the things that our current user has access to and then finally running your first few scripts and executables let's proceed we're going to mark this as completed close that and then move into task 2 accessing your linux machine using ssh the in-browser functionality was used in linux fundamentals part 1 to get you directly connected to your first ever linux machine without any hassle in fact the in-browser functionality uses the exact same protocol that we are going to be using today the protocol is called a secure shell or ssh for short and is the common means of connecting to and interacting with the command line of a remote linux machine we will be deploying two machines in this room your linux machine and the try hackme attack box what is ssh and how does it work secure secure shell or ssh simply is a protocol between devices in an encrypted form using cryptography any input we send in a human readable format is encrypted for traveling over a network where it is then unencrypted once it reaches the remote machine such as in the diagram below and here we can see we have our computer the internet which we're using to connect over and then the linux server that is remote or not in the same room as us you can learn about the various types of encryption on a try hack me room and one thing to note you can use this with machines on your own network this is just a nice way that you can connect to things from one computer and have everything maybe your workstation and you want to connect into a server that you're running or things like that but for now we only need to understand that ssh allows us to remotely execute commands on another device and remotely any data sent between the devices is encrypted when it is sent over a network such as the internet deploying your linux machine press the green start regime button at the top right of this task and then scroll to the top of the page to see the deployment info like so let's go ahead and do that now we'll start the machine and we can see that we are given a couple pieces of information along with some commands so the first thing that we have up here is the title that's not very important don't worry about that for now we have the ip address which is what we're going to use to target the machine this gives us sort of the street address that it's at so we can send it mail and then we have the expiration time by default all machines on trey hackney currently have a two hour life span so when you start them up in two hours from that time they will automatically turn themselves off in this case we can see that we also have another couple buttons we have add one hour so if this expiration time falls below one hour we can add another hour to extend it in case we're taking a long time with the current machine or we want to continue working on it and then we also have terminate if we want to turn this off note this ip address is hidden for the first 60 seconds i believe and that is done because the machine's starting it might be ready to go but we want to give services time to start up hence why it is hidden in that case let's go ahead and scroll down we've already gone over that information and then we also want to deploy the try hackney attack box looking at the top of the page press the start attack box button to deploy the try hack me attack box that we will be interacting with we can scroll back up we see this blue button right here go and click on that and our screen is going to be divided here in just a moment now this is our calling machine that is already on the try tryhackme network now one thing to note if you are a free user this will not have access to the internet it can just talk to these other machines that we have spun up uh additionally it's worth noting that as a free user you have a maximum of one hour of usage of this per day so once you start it it needs to stay if you want to continue using it don't turn it off and you have a full hour of that time if you are a subscriber you do have unlimited usage of this machine and it does have access to the internet let's go ahead and continue down while we let these machines boot all right using ssh to log into your linux machine the syntax to use ssh is very simple we only need to provide two things the ip address of the remote machine and then corrects credentials to a valid account to log it log in with on the remote machine for this room we will be logging in as tryhackme whose password is tryhackme not a strong password by the way without the quotation marks let's use the ip address of the machine displayed in the card at the top of the room as the ip address and this user to construct a command to log into the remote machine using ssh the command to do so is ssh and then the username of the account and then at ip address of the machine and here we can see a breakdown of that command right here now one thing to note we do need to open up a terminal on the attack box once it starts in order to be able to type this command that being said we can see a screenshot of what that would look like down here and we can give it just a moment for the machine to start i'm gonna go ahead and pause the recording now and when we're back we'll go ahead and log in all right and we're back the machine just finished booting now we have a little warning as well as some instructions i'm gonna click pax this for now and you can do the same you just click into the terminal and then press enter to close that now we want to go ahead and open up our own terminal and we can do that by double clicking the terminal application there and now we can log in let's go ahead and scroll back up to get the target ip address of the machine that we're going to connect to and we will go and connect to it using the command ssh 10 actually try hack me at 10 10 137 96. and then we'll type in yes and then our password for that user is try hack me all lowercase and there we go i managed to type it in correctly i went ahead and include the screen with control and alice so i held down the control key and then hit l that just cleans up what loads right away and then we can go ahead and move into the next task we'll go ahead and mark this as completed and move into task three introduction to flags and switches majority of commands allow for arguments to be provided these arguments are identified by a hyphen and a certain keyword known as flags or switches we'll just we'll later discuss how we can identify what commands allow for arguments to be provided and understanding what these do exactly when using a command unless otherwise specified it will perform its default behavior for example ls lists the contents of the working directory however hidden files are not shown we can use flags and switches to extend the behavior of commands using our ls example ls informs us that there is only one folder named folder1 as highlighted in the screenshot below note that the contents in the screenshot below are only examples and are not those of the instances you deploy in the room so this is just an example it won't be the case over here however after using the tac a or dash a argument short for dash dash all we now suddenly have an output with a few more files and folders such as dot hidden folder and then we can see a couple other ones here files and folders with a period at the beginning are hidden files a lot of times this is just system things or more configuration files that you don't necessarily need to see otherwise and that's why these are hidden by default commands that accept these will also have a dash dash help option sometimes this is dash h however not every command has a dash h that specifies help however most uh commands that we can use have this dash dash help option this option will list the possible options that the command accepts provide a brief description and an example of how to use it this option is in fact a formatted output of what is called the man page short for manual which contains documentation for linux commands and applications the man manual page the manual page our pages are a great source of information for both system commands and applications available on both a linux machine which is accessible on the machine itself and online so here we can see that we have the online version of the man page you can click into that and explore around it can be very helpful for searching if you're not that comfortable with the command line yet and this will also come up in google results along with stack overflow both of those are pretty good resource to access this documentation we can use the man command and then provide the command we want to read the documentation for using our alas example we would use man space ls to view the manual pages for ls like so and we can see an example up here explore the manual page of the ls command let's go ahead and do man ls and there we go mark that as complete and then what directional key will be used to navigate down the manual page that is going to be the down arrow fairly self-explanatory and then what flag will be used to display the output in a human readable format now we can scroll down and eventually we will find a dash each command or dash h flag rather that allows us to specify that we want our output from ls to be in human readable format and there we go let's move into task four file system interaction continued now we can go ahead and close the main page by pressing q and we can see that's down here as well there we go we covered some of the most fundamental commands when interacting with the file system on the linux machine for example we covered how to list and find the contents of folders using ls and find and navigating the file system using cde in this task we're going to learn some of the some more commands for interacting with the file system to allow us to create files and folders move files and folders and delete files and folders and you can see that you have the list here i recommend adding that to your notes and then we have a pro tip at the bottom similarly similarly to using cat we can provide full file paths i.e uh directory one directory two note for all these commands so you can provide full paths for these if as well as relative paths which don't worry about that too much right now this is just the full proper path to it on the system if you want to specify that creating files and folders with touch and make dur creating files and folders on linux is a simple process first we'll cover creating a file the touch command takes exactly one argument the name we want to give the file we create for example we can create the file note by using touch and then space note again where note is the name of the file it's worth noting that touch simply creates a blank file you wouldn't need to use commands like echo or text editors or you would need to rather use commands like echo or text editor such as nano to add content to the blank file and here we can see that down here after that has been created with touch this is this is a similar process for making a folder which just involves using the make dur command or mkdir command and providing the name that we want to assign that directory for example creating the directory in my directory we can do that with maker and then the name of the directory right here my directory and we can see that's done in the example below removing files and folders with rm rm short for remove is extraordinary out of commands that we've covered so far you can simply remove files by using rm however you need to provide the dash capital r switch alongside the name of the directory you wish to remove in case you want to remove directory so this is a recursive option i believe which removes the directory in all of its contents is otherwise rm will say hold on i can't do this so here we can see that we've removed note uh in this example and that file is no longer here however to remove a directory you can see it doesn't work without providing dash capital r but if we provide dash capital r as a switch it will remove it copying and moving files and folders with cp and mv copying and moving files is an important functionality on a linux machine starting with cp short for copy this command takes two arguments the name of the existing file and the name we wish to assign to the new file when copying cp copies the entire contents of the existing file into the new file in the screenshot below we are copying note to note2 we can see that right here moving a file takes two arguments just like the cp command however rather than copying and or creating a new file mv short for move will merge or modify the second file that we provided as an argument not only can you use mv to move a file to a new folder but you can also use mv to rename a file or folder and you can just move it to the same location that it's already in if you want to just rename it for example in the screenshot below we are renaming the file note 2 to be named note 3 and we can do see that right here note 3 will now have the contents of note 2 because it was that file at one point determining file type what is often misleading and often catches people out is making presumptions from files as to what their purpose or contents may be this is something that's very common in ctfs and this next command especially for ctfs and in a situation where you don't have a file extension is going to be very handy in those cases files usually have what's known as an extension to make this easier for example text files usually have an extension of txt but this is not necessary windows will require this for most files and that's how it knows what program to open it with by default and i believe os x has a similar functionality with it however linux doesn't really care we don't have to have file extensions it's recommended as it is best practice however it's not necessary so far the files we have used in our examples haven't had an extension without knowing the context of why the file is there we don't really know its purpose enter the file command this command takes one argument for example we'll use file to confirm whether or not the note file in our examples is indeed a text file like so and you can see that we've done that with file and then the file that we want to examine and sure enough it is an ascii text file how would you create the file named new note we can do that with the command touch and then the name of the file we want to create on the deployed deployable machine what is uh what is the file type of unknown one in try hackme's home directory so we can do ls and we have unknown one we'll do file unknown and i can type part of that and hit tab to have it auto complete and there we go we can see that it is an ascii text file there we go how will we move the file my file into the directory my folder we can do that with the mv command and then my file and then my folder and there we go what are the contents of this file so let's see we want to cat my file cat my file there we go and we can see that we have our flag thm file system and there we go continue to apply your knowledge and practice the commands from this task i do recommend playing around just a little bit so that you can become a little bit more familiar with these commands once you're ready go ahead and move on to task 5 permissions 101 as you would have already found out by now certain users cannot access certain files or folders we've previously explored some commands that can be used to determine what access we have and where it leads in our previous task we learned how to extend the use of commands through flags and switches take for example the ls command which lists the contents of the current directory when using the tac l or dash i'll switch we can see 10 columns such as in the screenshot below however we're only interested in the first three columns and you can see that right here where we have the properties and d right here it's a little bit covered up by the outline that specifies where there's a directory and a dash in that first bit here specifies where there's a file then we have the file owner and then we have the group that's an owner one thing to note on linux whenever you create a new user there is a group that's created that's named the same as that user hence why we have a user cmnatic and then we have a group cmnatic although intimidating these three columns are very important in determining certain characteristics of a file or folder and whether or not we have access to it a file or folder can have a couple of characteristics that determine both what it is what it is that and who can do with it as so in other words it determines the owner and what we can actually do with it if we can read write or execute the file we can see that broken out down here below the diagram below is a great representation of how these permissions can be translated and we can see that we have these four different areas that we're looking at and again that's mirrored up here so breaking this down again i mentioned this previously that uh this first bit here specifies if it is a directory or just a regular file since we have a dash here we know we're working with a file next we have rwx this is short for read write and execute this first group here is the permissions that are available for the files owner next we have those in the same group as the file owner and last but not least everyone else on the system and we can see that in this case since rwx is available or printed at each one in every single space here everyone can read write and execute the this file in question however in this case if we scroll up just a little bit more we can see that there are examples where there are dashes instead of those letters where there is a dash that permission is not available for those in that user group so if we take a look at this example right here we have that the user who owns this can read and write to it but not executed and everyone else can only read it there's no write or execute set to be available let's use the cmnatic.pem file on our initial screenshot at the top of this task and you can walk through this as well so here we can see that we have the cmnatic.pem where the owner can read and write to this file but no one else can do anything and the owner cannot execute that briefly the differences between users and groups we briefly explored this in linux fundamentals part one namely the differences between a regular user and a system user the great thing about linux is that file permissions or permissions rather can be very very granular that whilst a user technically owns a file if the permissions have been sent then a group of users can also have either the same or a different set of permissions to the exact same file without affecting the file letter itself let's put this into a real world context the system user that runs a web server must have permissions to read and write files for an effective web application however companies such as web hosting companies will have will have to want to allow their customers to upload their files for their website without being the web server system user compromising the security of every other user so essentially when you are interacting with a web system or a website rather such as try hackme and you can upload something like a profile picture you are running uh that uh actual process is running as a low privileged user that can't just overwrite files on the website that wouldn't be very secure because then we could upload whatever website we want on anyone's website and that does happen that is a common security issue okay uncommon security issue but it does happen switching between users switching between users on a linux install is easy easyworks thanks to the su command short first substitute user i like to remember this a switch user it's not technically correct substitute user is the way that this is abbreviated from unless you are the root user or using root permissions through sudo then you are required to know two things to facilitate this transition of user accounts the user we wish to switch to and then that user password you need to know that user's password in order to change to be them unless you are just super user the su command takes a couple of switches that may be of relevance to you for example executing a command once you log in or specifying a specific shell to use you might have a specific shell you really want to use such as bash or zsh that's up to you and that's outside of the scope of this actual room don't worry too much about this just something to have as a general piece of knowledge i encourage you to read the man page for su to find out more however i will cover the dash l or dash dash login switch simply by providing the dash l switch to su we start a shell that is much more similar to the actual user logging into the system so it simulates an actual login uh the thing with this is we have that user's environment variables actually populate which can be very useful especially if we are in a programming environment where we need to have access to say for example we're assuming the web user that runs the website we want to be able to access that user's uh environment variables and we want them actually loaded into our current session so makes a big difference if you have a development background that will make a little bit more sense for now don't worry too much about it just if something's not working you probably need to use this dash l switch for example when using su to switch to user 2 our new session drops us into our previous user's home directory so we can see that using the login here it is moving us to that home directory because we're actually simulating that login and we're switching what directory we're in we're now after using the dash l uh our new session has dropped us into the home directory of user automatically and you can see if we don't use it we just stay in our old home directory where we don't have permissions for anything not very convenient on the deployable machine who is the owner of important so we can go ahead and do lstack l and we can see that important is owned by user two there we go what would the command be to switch to user two we saw that before in our examples with su and then user 2. now switch to this user 2 using the password user 2. we can use su and then i'm going to use the dash l to switch to that user's home directory actually we don't want that in this case su user 2 and then user two and then we want to be able to read important let's go ahead and cat important and there we go now one thing to note we could read this beforehand because the root permissions are enabled however we're reading this as the actual user now and there we go we have our flag thm su underscore user user two and there we go let's move into task six common directories first we have slash etc or etsy this root directory is one of the most common or most important root directories on your system the etsy folder short for etc and etsy is the common way to pronounce this it's pretty fast and it's just commonplace with an id to call it that way or pronounce it that way is a commonplace location to store uh system files that are used by your operating system for example the sudowers file which allows that specifies who can run things with root permissions don't worry about this too much it's outside again outside of the scope of this room just know that it exists and something you'll eventually want to be familiar with uh for example the tutors file highlighted in the screenshot below which we can see right here contains a list of the users and groups that have permission to run sudo or a set of commands is the root user also highlighted below are the passwd and shadow files so we can see those right here those two files are special for linux as they show how your system shows the pat stores the passwords for each user in encrypted formatting called sha-512 don't worry too much about this these are very powerful files if you are in a system you don't own and you have root permissions or if you can somehow access especially the shadow file right there you can do very bad things don't worry about it too much right now just know that these files should be protected you can read this passwd as any user but you should not be able to read shadow slash var the sash var directory with var being short for variable data is one of the main root folders found on a linux install this folder stores data that is frequently accessed or written by services or applications running on the system for example log files from running services and applications are written here so for example specifically in the var log file or in that directory rather or other data that is not necessarily associated with a specific user for example databases in the like then we have root unlike the slash home directory the root folder is actually the home for the root system user this is just their home directory and again i preface this a little bit in linux fundamentals part one this is just where your documents and everything that your user specifically owns will live pictures your desktop things like that there isn't anything more to this folder other than just understanding that this is the home directory for the root user but it is worth a mention as the logical presumption is that this user would have their data in the directory in a directory such as home root which is not the case brute does have its own directory and this is consistent off of i believe every single linux distribution there may be some bizarre linux distribution that doesn't have this as a default rule however i've never come across it slash temp or tmp this is a unique root directory found on a linux install short for temporary the temp directory is volatile and is used to store data that is only needed to be accessed once or twice now one thing to note don't put anything here you care about especially don't take notes into this directory it's something that as soon as the computer is restarted which is referenced right here this is cleaned out and everything in there is just wiped i've made the mistake of storing things in this folder that i cared about don't make the same mistake don't store anything in there that you don't need very temporarily what's useful for us in pen testing is that any user can write to this folder by default meaning once we have access to a machine it serves as a great place to store things like our enumeration scripts you can destroy your shell here sometimes this won't be the case but again that's outside of the scope of the room generally speaking slash temp is going to be your friend just to check things into is you can by default right to it read me we've gone ahead and completed that what is the directory path that we would expect logs to be stored in that is var log what root directory is similar to how ram on a computer works this is cleared on restart and then that's the slash temp directory name the home directory of the root user and that is going to be slash root and then now apply your learning and navigate through these directories on the deployed linux machine i'm not going to do that in this case i will let you practice this on your own once you're comfortable with this move on to task 7 conclusions and summaries and we'll do that right now nice work this room was quite theory heavy and covered quite a range of the fundamentals in getting you familiar with linux to quickly recap this room taught you how to connect to a linux machine remotely using ssh advancing your use of commands by providing flags switches and where you can go to learn about these for each command via the man pages some more commands that you'll frequently be using to interact with the file system in its contents a brief introduction to file permissions and switching users and then a brief a summary paragraph of the important group directories on an ubuntu install and how we may be able to use the data stored within these i encourage you to go through this room again once or twice to gain some familiarity with the concepts after all practice makes perfect and i highly highly recommend taking notes over this if you don't take notes regularly when you are covering things like this it believe me it will help you retain this knowledge a little bit better even if it's just copying out those uh the tables that we have with the commands it will help we'll go ahead and mark that as completed and move into task 8 linux fundamentals part 3. visit part 3 of the linux fundamentals series here so first we want to go ahead and terminate the machine from task 2. i will scroll up and we can press the red terminate button don't terminate your attack machine we do need that for moving into part three so there's no point in closing it unless you're done on try hack me for the time being and then you can go ahead and close that down we'll go and mark that as completed and then you can go ahead and join the linux fundamentals room via that link i will see you there in the next video but until then happy hacking