When we want to find the permissions on a file, we can simply use the lscommand with the -l or long switch. Let's use that command in thepentest/wireless/aircrack-ng directory and see what it tells us about the files there.
If we look at each line, we can see quite a bit of info on the file including whether it's a file or directory, the permissions on the file, the number of links, the owner of the file, the group owner of the file, the size of the file, when it was created or modified, and finally, the name of the file. Let's examine each of these.
Identifying a File or Directory
The very first character of the line tells us whether it's a file or directory. If the line begins with a d, it's a directory. If it begins with a -, it's a file.
Identifying the Permissions
The next section of characters defines the permissions on the file. There are three sets of rwx that stands for read, write and execute. This determines whether there is the permission to read the file, write to the file, or execute the file. Each set of rwx represents the permissions of the owner, group, and then all others.
So, if we look at the second line for the ChangeLog file...
We can see that it begins with:
This means that it's a file (-) where the owner has read (r) and write (w) permissions, but not execute permission (-).
The next set of permissions represents those of the group. Here we can see that the group has read permissions (r), but not write (-) or execute permission (-).
Finally, the last set of permissions are for all others. We can see that all others have only the read (r) permission on the ChangeLog file.
Step 2: Changing Permissions
Let's imagine a case where we wanted the group to be able to both write and execute the ChangeLog file. Linux has a command called chmod that allows us to change the permissions on a file as long as we're root or the owner of the file. These permissions are represented by their binary equivalents in the operating system.
Remember that everything is simply zeros and ones in the underlying operating system, and these permissions are represented by on and off switches in the system. So, if we could imagine the permissions as three on/off switches and these switches are in the base two-number system, the far right switch represents 1 when it's on, the middle switch represents 2 when it's on, and finally, the far left switch represents 4 when on.
So, the three permissions look like this when they are all on:
r w x
4 2 1 = 7
If you sum these three, you get seven, right? In Linux, when all the permission switches are on, we can represent it with the decimal numerical equivalent of 7. So, if we wanted to represent that the owner (7) and the group (7) and all users (7) had all permissions, we could represent it as:
Now, lets go back to our ChangeLog file. Remember its permissions? They were rw-r--r--, so we could represent that numerically like:
r w - r - - r - -
4 2 0 4 0 0 4 0 0
This can be represented by 644.
Changing the Actual Permissions of ChangeLog
Now, if we wanted to give the group write (2) and execute (1) privilege, we can use the chmod command to do it. We need to add the write (2) privilege and the execute (1) privilege to the ChangeLog file. We do that by:
chmod 7 7 4 ChangeLog
This statements says give the owner all permissions (4+2+1=7), the group the same (4+2+1=7). and give everyone else simply read permission (4+0+0=4). When we now do a ls -l, we can see that the permissions for ChangeLog are now:
r w x r w x r - -
Step 3: Changing Permissions with UGO
Although the numeric method is probably the most common method for changing permissions in Linux (every self-respecting Linux guru can use it), there's another method that some people are more comfortable with. It's often referred to as the UGO syntax. UGO stands for U=user, G=group andO=owner. UGO has three operators:
+ for add a permission
- for subtract a permission
= to set a permission
So, if I wanted to subtract the write permission to the group that ChangeLog belongs to, I could write:
chmod g-w ChangeLog
This command says "for the group (g) subtract (-) the write (w) permission to ChangeLog."
You can see that when I now check file permissions by typing ls -l, that the ChangeLog file no longer has write permission for the group.
If I wanted to give both the user and group execute permission, I could type:
chmod u+x, g+x ChangeLog
This command says "for the user add the execute permission, for the group add the execute permission to the file ChangeLog."
Step 4: Giving Ourselves Execute Permission on a New Hacking Tool
Very often as a hacker, we'll need to download new hacking tools. After we download, extract, unzip, make, and install them, we'll very often need to give ourselves permission to execute it. If we don't, we will usually get a message that we don't have adequate permission to execute.
We can see in the screenshot above that our newhackertool does not have execute permission for anyone.
We can give ourselves permission to execute on a newhackertool by writing:
chmod 766 newhackertool
As you now know, this would give us, the owner, all permissions including execute, and the group and everyone else just read and write permissions (4+2=6). You can see in the screenshot above that after running the chmodcommand, that's exactly what we get!
The internet is a scary place, and if you're like me, you don't want anyone tracking you or learning your search habits. It's a blatant invasion of privacy for companies to do this, but at least we have methods of fighting back—one of which is Tor.
Tor stands for The Onion Router. It operates by donated bandwidth from its users. Tor encrypts your traffic, then forwards it through multiple nodes, like the layers of an onion, hence the name "The Onion Router". It protects you by masking your IP (Internet Protocol) address, which is synonymous to your home address. It also protects you by tunneling all of your traffic automatically, as if you had set up a VPN, or SSH tunnel. Most of the time,Google Sharing, a Firefox plugin by Moxie Marlinspike, will suffice. But sometimes I need to be fully anonymous.
Now, be forewarned, Tor isn't fully anonymous. Some things are left to the user to fix, such as changing your User Agent. A User Agent reveals your OS (operating system) and browser information. I'm a privacy nut, so I don't like people having that either. Also, you probably shouldn't be logging onto Facebook, as that will obviously reveal your information.
In this Null Byte, we're going to go briefly go over how to set up Tor, after which I will forward my traffic through it to show you that it's working. The methodology is the same on Windows and Linux, but I'll use Windows to avoid confusion.
Download & Configure Tor
Follow along with the video and the instructions below.
Many of my aspiring hackers have written to me asking the same thing. "What skills do I need to be a good hacker?"
As the hacker is among the most skilled information technology disciplines, it requires a wide knowledge of IT technologies and techniques. To truly be a great hacker, one must master many skills. Don't be discouraged if you don't have all the skills I list here, but rather use this list as a starting ground for what you need to study and master in the near future.
This is my overview list of required skills to enter the pantheon of this elite IT profession. I've broken the skills into three categories to help you go from one rung to the other more easily—fundamental, intermediate, and intangible skills—and have included links to related articles on Null Byte for you to get acquainted with.
The Fundamental Skills
These are the basics that every hacker should know before even trying to hack. Once you have a good grasp on everything in this section, you can move into the intermediary level.
1. Basic Computer Skills
It probably goes without saying that to become a hacker you need some basic computer skills. These skills go beyond the ability to create a Word document or cruise the Internet. You need to be able to use the command line in Windows, edit the registry, and set up your networking parameters.
Many of these basic skills can be acquired in a basic computer skills course like A+.
2. Networking Skills
You need to understand the basics of networking, such as the following.
Public v Private IP
Routers and switches
As we are often exploiting these technologies, the better you understand how they work, the more successful you will be. Note that I did not write the two guides below, but they are very informative and cover some of the networking basics mentioned above.
You need to become proficient in using one of the virtualization software packages such as VirtualBox or VMWare Workstation. Ideally, you need a safe environment to practice your hacks before you take them out in real world. A virtual environment provides you a safe environment to test and refine your hacks before going live with them.
6. Security Concepts & Technologies
A good hacker understands security concepts and technologies. The only way to overcome the roadblocks established by the security admins is to be familiar with them. The hacker must understand such things as PKI (public key infrastructure), SSL (secure sockets layer), IDS (intrusion detection system), firewalls, etc.
The beginner hacker can acquire many of these skills in a basic security course such as Security+.
In order to be able to hack wireless, you must first understand how it works. Things like the encryption algorithms (WEP, WPA, WPA2), the four-way handshake, and WPS. In addition, understanding such as things as the protocol for connection and authentication and the legal constraints on wireless technologies.
To get started, check out my guide below on getting started with wireless terms and technologies, then read our collection of Wi-Fi hacking guides for further information on each kind of encryption algorithms and for examples of how each hack works.
This is where things get interesting, and where you really start to get a feel for your capabilities as a hacker. Knowing all of these will allow you to advance to more intuitive hacks where you are calling all the shots—not some other hacker.
Without scripting skills, the hacker will be relegated to using other hackers' tools. This limits your effectiveness. Every day a new tool is in existence loses effectiveness as security admins come up with defenses.
To develop your own unique tools, you will need to become proficient at least in one of the scripting languages including the BASH shell. These should include one of Perl, Python, or Ruby.
If you want to be able to proficiently hack databases, you will need to understand databases and how they work. This includes the SQL language. I would also recommend the mastery of one of the major DBMS's such SQL Server, Oracle, or MySQL.
Web applications are probably the most fertile ground for hackers in recent years. The more you understand about how web applications work and the databases behind them, the more successful you will be. In addition, you will likely need to build your own website for phishing and other nefarious purposes.
To become good hacker, you must not be caught! You can't become a pro hacker sitting in a prison cell for 5 years. The more you know about digital forensics, the better you can become at avoiding and evading detection.
The beginner hacker must understand TCP/IP basics, but to rise to the intermediate level, you must understand in intimate details the TCP/IP protocol stack and fields. These include how each of the fields (flags, window, df, tos, seq, ack, etc.) in both the TCP and IP packet can be manipulated and used against the victim system to enable MitM attacks, among other things.
Although one doesn't need to be a cryptographer to be a good hacker, the more you understand the strengths and weaknesses of each cryptographic algorithm, the better the chances of defeating it. In addition, cryptography can used by the hacker to hide their activities and evade detection.
14. Reverse Engineering
Reverse engineering enables you to open a piece of malware and re-build it with additional features and capabilities. Just like in software engineering, no one builds a new application from scratch. Nearly every new exploit or malware uses components from other existing malware.
In addition, reverse engineering enables the hacker to take an existing exploit and change its signature so that it can fly past IDS and AV detection.
A hacker is always coming up against seemingly unsolvable problems. This requires that the hacker be accustomed to thinking analytically and solving problems. This often demands that the hacker diagnose accurately what is wrong and then break the problem down into separate components. This is one of those abilities that comes with many hours of practice.
A hacker must be persistent. If you fail at first, try again. If that fails, come up with a new approach and try again. It is only with a persistence that you will be able to hack the most secured systems.
I hope this gives you some guidelines as to what one needs to study and master to ascend to the intermediate level of hacking. In a future article, I'll discuss what you need to master to ascend into the advanced or master hacker level, so keep coming back, my novice hackers!