learning materials
Development and Status Quo of Linux Operating System
On the basis of the unified kernel code base, the Linux open source community has also developed a large number of operating system distributions according to the needs of different user groups. The popular ones include Ubuntu, Debian, Fedora, CentOS, RHEL, OpenSUSE, and Slackware. The reason why the Linux operating system has become one of the most concerned systems is that it is open source and free.
Basic Framework of Linux Operating System
- Advantages of Linux system: cross-platform hardware support, rich software support, multi-user multi-tasking, reliable security, good stability, and perfect network functions.
- The Linux system structure mainly includes: process and thread management mechanism, memory management mechanism, file system management mechanism, device control mechanism, network mechanism, and system call mechanism.
Linux operating system security mechanism
- Linux authentication mechanism. User identity management is mainly implemented by creating users and user groups with various role types.
- Linux authorization and access control mechanism. Support for different types of file system formats is realized through the VFS virtual file system, and the management of other types of system resources is unified and integrated through the device file type.
- Linux security audit mechanism. Connection time log, process statistics log, error logging.
Linux system remote attack and defense technology
- Linux remote password guessing attack. Mainly for SSH, telnet, FTP, HTTP and other service passwords. Precautions: Use strong passwords.
- Linux network service remote penetration attack. Mainly for Linux system network services, network protocol stacks in the Linux kernel, network services in LAMP Web website construction solutions, file sharing services such as FTP and Samba, email sending and receiving services, and other common network services such as OpenSSH and NFS. Preventive measures: Disable all unnecessary network services, try to choose more secure network protocols and service software and deploy with best security practices, update network service versions in time, use xinetd, firewall to add network access control mechanism for Linux network services, Establish an intrusion detection and emergency response planning process.
- Attack Linux client programs and users. Mainly for client programs and system users on the Linux platform. The main preventive measures are to update the software in time and increase their own security awareness.
- Attack Linux routers and listeners. The preventive measures are to have the awareness of security confrontation and game, improve their technical strength, and repair the problem in time.
Linux system local security attack and defense technology
- Linux native privilege escalation. Linux user password cracking, privilege escalation exploiting sudo flaws, privilege escalation exploiting user mode SUID program vulnerabilities, local buffer overflow attacks against SUID programs, symbolic link attacks against SUID programs, race condition attacks against SUID programs, Shared library attacks against SUID programs, exploiting kernel space code vulnerabilities for privilege escalation, and exploiting improper system configuration to implement local privilege escalation. Precautions: Keeping an eye on privileged code is key.
- Disappearance on Linux systems. Mainly by cleaning system logs.
- Linux system remote control backdoor program. There are mainly Trojanized system programs, command-line backdoor tools and graphical backdoor tools. The precautionary measure is to prevent rootkits from entering the kernel. Problems and Solving Processes in Teaching Materials Learning
Core Security Mechanism of Linux Operating System
- Linux identity authentication mechanism: Linux is a multi-user and multi-task operating system. It implements user identity management by creating users and user groups of various role types to ensure that multiple users use the Linux operating system safely.
- Linux user: In the Linux system, the user is the main body of the execution process to complete the specific operation task: ①Root root user ②Ordinary user ③System user. Linux user information is stored in the /etc/password file of the system, including username, unique uid for each user, shell type used, user initial directory, etc., while the encrypted password is stored in the /etc/shadow file , only readable by Root.
- Linux user group: A Linux user group is actually a collection of user accounts with the same characteristics, which is used to simplify the user rights management of the entire system. The Linux user group information is stored in the /etc/group file of the system, including the user group name, the user group gid and the list of user names contained in the user group, and the user group encryption password is stored in the /etc/gshadow file. You can use the id-a command to query and display the groups to which the current user belongs, add user groups through the groupadd command, and use usermod-G group_name user name to add users to a specific group.
video learning
SET
The Social Engineering Toolkit (SET) is an open-source, Python-driven social engineering penetration testing tool that provides a very rich library of attack vectors. This version of SET can implant various powershels and forward any port. At the same time, SET will not touch the hard disk and use processes that have entered the white list, so it will not trigger the alarm of anti-virus software.
Sniffing spoofing and man-in-the-middle attacks
open ettercap
Permission maintenance backdoor
Permission maintenance includes three subclasses of Tunnel toolset, Web backdoor, and system backdoor. The system backdoor and the web backdoor are collectively referred to as backdoors, which are malicious programs left behind to facilitate re-entry into the system after penetration testing.
WEB backdoor
Weevely
Weevely is a webshell tool written in python (integrating webshell generation and connection, only for safe learning and teaching, and prohibiting illegal use), which can be regarded as a kitchen knife replacement tool under linux (limited to php), Some modules are not available on win.System backdoor
Cymothoa
Tunnel for Privilege Maintenance
Permission maintenance includes three subclasses of Tunnel toolset, web backdoor, and system backdoor.
- CryptCat: Netcat is known as the Swiss Army Knife of network tools, but the tunnels it creates are not encrypted, so cryptcat is created. Similar to using dbd/sbd.
- DNS2TCP: DNS tunnel is DNS channel. From the name point of view, it uses the DNS query process to establish a tunnel to transmit data.
- Iodine
- Miredo: Miredo is a network tool. It is mainly used for IPV6 Teredo tunnel conversion of BSD and Linux. It can convert network connections that do not support IPV6 to IPV6. IPV6 and TUN tunnel support are required in the kernel.
- Proxychains: A tool is often used in intranet penetration testing. For example, we use Meterpreter to open a Socks4a proxy service. By modifying the /etc/prosychains.conf configuration file and adding a proxy, other tools such as sqlmap and lamp can directly use the proxy. Scan the intranet.
- Proxy tunnel
- Ptunnel: Tunnel communication with the help of ICMP packets
- Pwant: communicate via UDP on the intranet
- sslh