WEBVTT 00:01.290 --> 00:08.880 Hackers often need to move process, and an operating system like color is ideal for this. 00:09.330 --> 00:17.370 The hackers maybe have a port scanner running while running a vulnerability scanner and an exploit similar 00:17.370 --> 00:18.380 to the here. 00:19.110 --> 00:26.040 So this requires that the hacker managed his processes efficiently to based your system resources and 00:26.040 --> 00:27.120 complete the tasks. 00:27.570 --> 00:31.470 In his lecture, you will show how to manage multiple processes. 00:32.640 --> 00:36.480 So changing processes priority with nice. 00:37.110 --> 00:44.580 You don't often hear the word nice used in the context of hackers, but there you will. 00:44.940 --> 00:52.320 So the nice command is used to influence the privacy of persons to the kernel, as you saw when we ran 00:52.320 --> 00:53.760 the P.S. command. 00:54.880 --> 00:55.300 You're. 00:56.450 --> 00:57.620 Yes, comment here. 00:58.200 --> 01:03.200 Uh, numerous numerous businesses run on the system at once and um. 01:04.610 --> 01:10.580 And all of them are contending for available the resources, the colonel will have a final say over 01:10.580 --> 01:12.860 the priority of princesses. 01:13.190 --> 01:21.950 But you can use the nice and nice to suggest that the princess should be evaluated in priority. 01:22.670 --> 01:28.940 So the idea behind the use of the term nice is that when you use it, you are reminding how nice you 01:28.940 --> 01:29.390 will be. 01:29.690 --> 01:35.990 Others and users if you is using the most of the system resources, you know, and it's being very nice 01:36.440 --> 01:44.500 device from nice range from minus twelve or twenty to plus nineteen. 01:45.620 --> 01:48.950 So which are being the default value here? 01:49.280 --> 01:49.970 Yeah, so. 01:50.660 --> 01:53.120 So if. 01:54.280 --> 01:54.880 Bold. 01:58.740 --> 01:59.430 Zero, you. 02:02.500 --> 02:02.890 So. 02:04.860 --> 02:13.700 A high nice value translates to a low priority and a low nice value translates to high priority. 02:14.010 --> 02:22.200 We are not being so nice to the users and other users and processes, so when a person is startled, 02:22.200 --> 02:25.620 it inherits the nice value of its parent process. 02:26.280 --> 02:33.120 So the owner of the process can lower the priority of the person but cannot incur its priority. 02:33.570 --> 02:41.220 Of course, the super user route users can arbitrarily set a nice value, whether they please. 02:41.730 --> 02:50.400 So when you start in process, you can set the priority level with a nice command and then after the 02:50.400 --> 02:56.010 priority after the process has started running with the really nice comment. 02:56.350 --> 02:57.270 Really nice. 02:58.110 --> 02:58.680 Very nice. 02:58.730 --> 02:58.980 Yeah. 03:00.230 --> 03:02.930 So once absolute value for niceness. 03:03.500 --> 03:05.740 So let's look at an example, demonstrate this. 03:06.680 --> 03:12.440 So for demonstration purposes, let's assume we have a person's name, slow process that's located in 03:12.440 --> 03:17.510 this scene at being slow process here. 03:17.840 --> 03:26.610 So if you want it to speed up its completion, we called start the process with the nice command here 03:26.610 --> 03:33.680 in nice minus and minus 10 being a slow process here. 03:35.760 --> 03:39.480 We shall use of pseudo rights here. 03:41.080 --> 03:42.700 And enter your password here. 03:42.880 --> 03:45.150 So that personal such files. 03:45.760 --> 03:49.930 Yes, because this is just an example here. 03:50.140 --> 03:57.360 So the command will increment on nice value by minus 10, increasing its priority and allocating it 03:57.370 --> 03:58.270 more resources. 03:59.230 --> 04:07.720 On the other hand, we want if we want to be nice to our fellow users and profile cases and give slow 04:07.720 --> 04:09.190 process and lower priority. 04:09.190 --> 04:10.240 We called increment. 04:10.870 --> 04:14.080 It's a nice value positively by 10. 04:17.560 --> 04:17.890 Ten. 04:20.450 --> 04:28.310 So give you this trial process you have currently training under John P is to see how it changed and 04:28.330 --> 04:28.880 if Donald. 04:30.550 --> 04:36.130 So Changi Airport, the training, the priority of running processes with three nice. 04:38.120 --> 04:38.480 So. 04:40.410 --> 04:48.930 The very nice command man takes absolute values between minus 20 and 19 and sets the priority to that 04:48.930 --> 04:54.750 particular level, rather than increasing or decreasing from the level at which it started. 04:55.290 --> 05:02.400 In addition, Regeni's requires the process I.D. of the persons you are targeting rather than the name. 05:03.060 --> 05:09.120 So if the sort of person is using an inordinate amount of resources on your system and you want to give 05:09.120 --> 05:14.400 it a lower priority, there's allowing the other processes in higher priority and more resources in 05:14.400 --> 05:14.850 poultry. 05:14.850 --> 05:22.500 Nice slow process, not by name, which is, for example, but the processing of, for example, six 05:22.500 --> 05:32.040 nine nine nuts, for example, ranges 12 to six nine nine nine six, for example. 05:32.040 --> 05:35.670 This is the process name, for example, but it's a six, nine and six. 05:36.900 --> 05:41.820 So as with nice only the root user kind of arena as a process, as you can see, followed until you 05:41.820 --> 05:42.470 get priority. 05:42.480 --> 05:44.520 No such process here, but we can use. 05:44.870 --> 05:47.040 So the simplicity of the search process here. 05:47.790 --> 05:49.470 So actually, it's nice. 05:49.470 --> 05:56.280 The only root user can realize a process to a negative value to give it a higher priority. 05:56.640 --> 05:59.730 But any user can be nice and reduce it to a priority. 05:59.790 --> 06:00.690 It's really nice. 06:01.650 --> 06:07.480 So you can also use a top utility, uh, talking to a team, uh, to Chengdu. 06:07.540 --> 06:14.170 Nice value with a top utility running simple press that are key here. 06:15.090 --> 06:15.900 Uh, it's. 06:17.640 --> 06:18.960 Let's run it again. 06:19.230 --> 06:22.200 And simpler, simpler press that are key here. 06:22.800 --> 06:24.870 And then, um. 06:26.090 --> 06:27.570 Separately, the process idea. 06:28.810 --> 06:36.730 Uh, and the nice value, for example, um, if I want to change society of Metasploit era supremacy, 06:36.730 --> 06:37.540 there is a running. 06:38.460 --> 06:39.570 Um, near. 06:43.290 --> 06:51.650 Or just a, for example, sincere and nice with 12, when I settle into an integer because the nice 06:51.660 --> 06:55.290 thing is maximum, very simple six, eight years. 06:57.760 --> 07:06.210 So now I will show you the killing processes at times a process will consume way too many system resources, 07:06.220 --> 07:11.320 except in usual behavior or at worse, freeze up. 07:11.560 --> 07:18.010 A process that executes this type of behavior is often referred to as the zombie process. 07:19.720 --> 07:25.360 So for you, you're probably the most problematic symptom that'll be waste, the resources used by the 07:25.360 --> 07:28.750 zombie that caused but better allocated to use for persons. 07:29.470 --> 07:35.140 When you identify a problematic process, you may want to stop it with the kill command. 07:36.060 --> 07:43.260 Here there are many different ways to create a program, and each has its own fuel number. 07:43.860 --> 07:47.670 So the kill command has six to four different signals. 07:48.710 --> 07:53.210 So and each does something slightly different. 07:53.990 --> 07:57.890 So, for example. 07:59.730 --> 08:10.560 I want this here in Mouse Pad Notepad here, so cignal name, for example, I'm the most important signal 08:10.560 --> 08:11.040 names. 08:13.190 --> 08:23.690 So if you don't provide a signal for luck, it defaults if you don't provide proof of space or if you 08:23.690 --> 08:31.910 don't provide a signal flight, it defaults to C term. 08:33.700 --> 08:41.740 So we have a signal name, and I want created here so, so sick hump, for example. 08:42.370 --> 08:44.950 So you can now name. 08:46.530 --> 08:54.210 Name, uh, number or auction and description. 08:55.290 --> 09:02.390 You're so sick up here, no of auction is one, so, uh. 09:03.610 --> 09:09.950 And hand signal signal, so it stops the disc. 09:10.210 --> 09:17.130 The signal, if the processes and the press starts to do with this same process idea restart. 09:18.700 --> 09:20.640 Same process I did. 09:22.950 --> 09:28.440 So it starts with the same society. 09:29.530 --> 09:38.650 So we have segued into 30 years in an into interrupting, not the director and a number of options to 09:38.650 --> 09:38.830 him. 09:39.160 --> 09:44.200 So this is the interrupt single intel wrapped signal. 09:44.620 --> 09:50.830 So it is a weak signal that it's current year to work, but it works in most cases. 09:51.810 --> 09:53.410 We signal. 09:55.640 --> 09:58.130 But what's actually? 09:59.750 --> 10:05.840 The math works here, so we have a SIG. 10:07.340 --> 10:11.800 Appear as number of option is three. 10:12.170 --> 10:17.690 So this is known as the kurdum core number. 10:18.170 --> 10:19.640 Here it is. 10:19.640 --> 10:25.580 The processes and saves the process information in memory and then it saves this information in the 10:25.580 --> 10:28.820 current working directory to a file named court. 10:29.600 --> 10:36.980 Decisions for doing this are beyond the scope of this course, so but you will learn in later lectures. 10:37.870 --> 10:40.820 And so we have a 10 here. 10:42.520 --> 10:50.950 No of is 15, but this is determination and tender and termination signal. 10:51.790 --> 10:53.770 Um, it will it. 10:57.190 --> 11:04.240 Which is the cue in the phone signal signal. 11:05.770 --> 11:06.280 Here. 11:09.550 --> 11:09.860 It's. 11:12.470 --> 11:12.730 Yes. 11:13.460 --> 11:18.950 And last night, I want to show you, is he killed? 11:19.670 --> 11:20.900 So he kill. 11:21.080 --> 11:23.630 He's using no for option nine. 11:23.900 --> 11:26.120 So this is the absolute kill signal. 11:26.480 --> 11:34.820 So it forces the process to stop by sending the process resources to a special device, the not absolute 11:34.910 --> 11:36.440 kill signal. 11:36.830 --> 11:43.940 And, uh, so very serious here and now. 11:43.940 --> 11:48.530 Using the top command, you can identify which processes are using too many resources. 11:49.310 --> 11:52.100 Often this process is willing to give it and they get to it. 11:52.100 --> 11:52.680 But there are. 11:52.680 --> 11:57.890 I mean, there may be malicious processes taking these sources that you will want to kill here. 11:58.230 --> 12:01.590 And let me look at our lecture time here. 12:01.850 --> 12:09.230 So, uh, if you if you just want to restart the process with a whoop signal, enter the minus one option 12:09.230 --> 12:15.380 with Q here, for example, peel minus one kill minus one. 12:15.770 --> 12:19.850 Actually, let's use this kill Metasploit here. 12:21.390 --> 12:26.340 Let's find this Pierce, Alex, here is the matters played here. 12:26.970 --> 12:29.940 Metasploit, Metasploit, Metasploit. 12:35.560 --> 12:37.310 And that's fine, that's great. 12:37.730 --> 12:45.700 Here he is out here and grab a massive console here. 12:46.300 --> 12:50.470 So the our society is one thousand nine hundred seven. 12:51.400 --> 12:54.580 So we can kill it with that. 12:59.050 --> 13:09.190 Actually, it's probably one thousand six hundred seventy one, so keel minus one, one thousand six 13:09.190 --> 13:10.160 hundred seventy one. 13:10.960 --> 13:13.960 So you can see here our Metasploit is killed. 13:16.840 --> 13:22.810 Clearly, in the case of the zombie or malicious process, you likely want to send this clear signal 13:23.440 --> 13:27.880 nine So this is this is the absolute kill signal, and it's very serious. 13:30.010 --> 13:34.870 So with this kill minus nine and. 13:35.860 --> 13:38.520 Process, name, process, idea. 13:40.160 --> 13:43.340 Like that, but good morning, this one here. 13:43.940 --> 13:52.040 So if you don't know the president's idea, you can use the kill all command killall command to kill 13:52.040 --> 13:52.670 the processes. 13:52.670 --> 13:57.080 This command takes the name of the process instead of the process idea as an argument. 13:58.130 --> 14:02.060 For example, kill all minus nine. 14:02.460 --> 14:05.260 Uh, zombie process. 14:06.080 --> 14:07.190 That's not a racist font. 14:08.660 --> 14:15.290 Uh, so finally, you can also terminate the process in the top comment here, simply press that key 14:15.410 --> 14:17.600 card key and into the process. 14:17.600 --> 14:18.980 I'd like that. 14:19.430 --> 14:23.120 So I will, uh, cause this year so. 14:24.470 --> 14:25.790 And we can run Linux. 14:26.060 --> 14:29.000 Run in background of Linux as well here. 14:29.660 --> 14:30.740 Uh, so. 14:32.700 --> 14:39.180 Actually, how many minutes we have, so I have it and you will learn this in the next lecture. 14:39.300 --> 14:40.860 So I'm waiting here in this lecture.