WEBVTT - This file was automatically generated by VIMEO 0 00:00:00.600 --> 00:00:04.100 Hello and welcome to this. Cali fundamentals lesson. 1 00:00:03.100 --> 00:00:07.000 I'm very excited to be here with you today. So 2 00:00:06.400 --> 00:00:09.900 we're getting ready to jump into services and 3 00:00:09.900 --> 00:00:12.500 some of the default configurations when you first turn 4 00:00:12.500 --> 00:00:15.800 on Kali Linux. So if you've been asking yourself, how exactly 5 00:00:15.800 --> 00:00:18.200 do I go about getting SSH to work 6 00:00:18.200 --> 00:00:21.900 right notice that I don't have anything listening. When I do that netstat 7 00:00:21.900 --> 00:00:24.400 command at the the beginning of booting up. Well, 8 00:00:24.400 --> 00:00:27.400 the good news is today. We're going to get into a high 9 00:00:27.400 --> 00:00:30.700 level understanding of initial service settings in Cali, we're 10 00:00:30.700 --> 00:00:33.500 gonna understand and walk away with some service 11 00:00:33.500 --> 00:00:36.200 and and process management techniques and we're 12 00:00:36.200 --> 00:00:39.900 gonna have a high level understanding of how to configure services. 13 00:00:39.900 --> 00:00:42.400 So I'm going to go ahead and pull our lab 14 00:00:42.400 --> 00:00:45.400 environment over and I'm using the host data 15 00:00:45.400 --> 00:00:48.200 Integrity baseline lab. I'm using the Cali machine that they 16 00:00:48.200 --> 00:00:51.200 have there to do these exercises and show you some of 17 00:00:51.200 --> 00:00:52.300 the things we're going to learn today. 18 00:00:53.100 --> 00:00:56.200 So let's start off with a quick net stat. So we talked about 19 00:00:56.200 --> 00:00:59.200 that in the last lesson and that a 20 00:00:59.200 --> 00:01:02.500 ntp. So you'll notice here that we don't have anything listening. There's 21 00:01:02.500 --> 00:01:05.300 really nothing going on. And so what we 22 00:01:05.300 --> 00:01:08.200 want to do is by default HTTP services like 23 00:01:08.200 --> 00:01:11.900 Apache and SSH aren't enabled in Cali 24 00:01:11.900 --> 00:01:14.200 Linux and that's because if you're going to do a pin test 25 00:01:14.200 --> 00:01:17.800 or you're doing some type of forensics, you're doing something to that nature. You don't 26 00:01:17.800 --> 00:01:20.800 want your system to be very noisy and 27 00:01:20.800 --> 00:01:23.300 you don't want anything to pick it up on the network. If 28 00:01:23.300 --> 00:01:26.500 you've got a threat actor or something like that going around and 29 00:01:26.500 --> 00:01:29.300 sniffing things and so we can quickly do a 30 00:01:29.300 --> 00:01:32.500 service. So typically you start with service and then 31 00:01:32.500 --> 00:01:35.700 the name of the service so we'll do a patchy too for HTTP services 32 00:01:35.700 --> 00:01:37.000 and we'll do start. 33 00:01:37.900 --> 00:01:40.700 And that'll start our Apache services and 34 00:01:40.700 --> 00:01:44.300 then we'll do service SSH start. 35 00:01:45.800 --> 00:01:48.000 And that will start our SSH services. So now 36 00:01:48.800 --> 00:01:51.600 when we do that netstat entp command, you'll 37 00:01:51.600 --> 00:01:54.800 see here that we've got some things listing. So there's the SSH Services. 38 00:01:54.800 --> 00:01:57.200 There's the Apache 2 which will 39 00:01:57.200 --> 00:02:00.500 be your web server. So or the web services and 40 00:02:00.500 --> 00:02:03.200 so you can see now that we've got some stuff listening that we may not 41 00:02:03.200 --> 00:02:04.800 want to have listening by default. 42 00:02:05.500 --> 00:02:08.900 So very interesting stuff there. So you may be asking well, that's 43 00:02:08.900 --> 00:02:11.800 neat, you know, and you can use that service method so 44 00:02:11.800 --> 00:02:14.100 service the service name and 45 00:02:14.100 --> 00:02:17.200 then start stop and that will stop a service. So if 46 00:02:17.200 --> 00:02:20.600 I do service, you know the Apache 2 47 00:02:20.600 --> 00:02:21.300 and I do stop. 48 00:02:23.100 --> 00:02:24.100 You'll see here. 49 00:02:26.400 --> 00:02:29.500 Then it's no longer listening. So you may be asking well, I 50 00:02:29.500 --> 00:02:32.800 want SSH to start up by default when I 51 00:02:32.800 --> 00:02:35.200 boot up my machine. I want to use it, you know every day and I need 52 00:02:35.200 --> 00:02:38.700 I need that for management person purposes so you can do an update our 53 00:02:38.700 --> 00:02:39.300 CD. 54 00:02:40.300 --> 00:02:42.500 dot d there SSH enable 55 00:02:44.100 --> 00:02:47.300 And now whenever you reboot the system or whatever the 56 00:02:47.300 --> 00:02:50.300 case may be SSH should be started by default. But 57 00:02:50.300 --> 00:02:53.300 if you don't make that change SSH and the 58 00:02:53.300 --> 00:02:55.800 Apache Services upon a reboot should not be up and running. 59 00:02:56.600 --> 00:02:59.400 Now you might be wondering how do I manage, you 60 00:02:59.400 --> 00:03:02.500 know processes and things of that nature much like you do in Windows. 61 00:03:02.500 --> 00:03:04.900 So let's say that I start ice weasel here. 62 00:03:06.200 --> 00:03:09.500 And okay, it's up. Now. Let's say I've been working in it and it 63 00:03:09.500 --> 00:03:12.300 freezes. Well, you can do a PS for process 64 00:03:12.300 --> 00:03:15.400 and an ox and that'll show you everything that's pretty noisy. 65 00:03:15.400 --> 00:03:18.600 You can see down here that there's ice weasel and the process 66 00:03:18.600 --> 00:03:21.500 ID number now, let's say you had 67 00:03:21.500 --> 00:03:24.600 a longer list than that and you want it to know it down so 68 00:03:24.600 --> 00:03:27.100 you can do a PS ox and then you can do 69 00:03:27.100 --> 00:03:30.600 a pipe here and then you can do grab which 70 00:03:30.600 --> 00:03:33.600 allows you to get information out 71 00:03:33.600 --> 00:03:36.100 of files or or outputs. And so when 72 00:03:36.100 --> 00:03:36.900 I do PSX 73 00:03:37.600 --> 00:03:41.100 And then I do this pipe and grip it's going to feed that 74 00:03:40.100 --> 00:03:43.600 output through this grip command essentially and 75 00:03:43.600 --> 00:03:44.300 I can do ice. 76 00:03:45.300 --> 00:03:48.500 And bang now, I've got it kind of narrowed down 77 00:03:48.500 --> 00:03:51.200 to these few things that are associated with 78 00:03:51.200 --> 00:03:54.700 ice and I can see I squeezle here pretty easy. Now. 79 00:03:54.700 --> 00:03:57.400 Let's say I want to kill that so you'll see down here that we're still running 80 00:03:57.400 --> 00:04:00.500 Ice weasel. So if I do kill which'll kill 81 00:04:00.500 --> 00:04:03.200 a process and then our process ID here 82 00:04:03.200 --> 00:04:04.400 is three three six three 83 00:04:05.700 --> 00:04:08.400 It's done. It killed the process. So that's a 84 00:04:08.400 --> 00:04:11.000 very high level overview of how to kind of, you know, 85 00:04:11.200 --> 00:04:14.200 look for processes how to kill processes if they're giving you trouble 86 00:04:14.200 --> 00:04:17.300 and you know, you can move through that as you 87 00:04:17.300 --> 00:04:20.200 learn the ropes and continue to Adventure into 88 00:04:20.200 --> 00:04:20.600 some of that. 89 00:04:21.300 --> 00:04:25.000 Now let's do this command again the net stat a ntp 90 00:04:24.500 --> 00:04:27.200 now looking here. We see 91 00:04:27.200 --> 00:04:30.100 that SSH is still running and the program name over here 92 00:04:30.100 --> 00:04:33.100 is sshd. Well, let's say that I don't want it to 93 00:04:33.100 --> 00:04:36.600 run off that default Port of of 22 there. So there are 94 00:04:36.600 --> 00:04:39.700 config files this we had discussed for each of these services. So if 95 00:04:39.700 --> 00:04:42.300 I do let's see a CD 96 00:04:42.300 --> 00:04:45.600 and I need to go to Etsy SSH which is where the config file 97 00:04:45.600 --> 00:04:48.200 is. You'll see here that we have a config file 98 00:04:48.200 --> 00:04:52.800 for sshd. Okay. So if I do Nano sshd 99 00:04:51.800 --> 00:04:53.400 config 100 00:04:54.700 --> 00:04:57.000 I can now see a number of 101 00:04:57.400 --> 00:05:00.300 different things here each of these kind of hashtag or pound 102 00:05:00.300 --> 00:05:03.700 symbols essentially comments out or makes it invalid input. 103 00:05:03.700 --> 00:05:06.600 So if I were to do something like this, it would essentially make 104 00:05:06.600 --> 00:05:09.600 it to where that Port wasn't running. But what 105 00:05:09.600 --> 00:05:12.000 we can do is let's say I want my new port to be 106 00:05:12.500 --> 00:05:16.200 2212. Okay, so I do an o 107 00:05:15.200 --> 00:05:18.000 or a control o and that'll save the 108 00:05:18.500 --> 00:05:21.300 output to that config file. I'll do control X 109 00:05:21.300 --> 00:05:21.900 to exit. 110 00:05:22.900 --> 00:05:23.600 All right now. 111 00:05:25.300 --> 00:05:28.300 You'll notice it's still running on 22 and that's because I have to restart 112 00:05:28.300 --> 00:05:31.400 the service in order for it to take effect the 113 00:05:31.400 --> 00:05:32.000 new configuration. 114 00:05:32.900 --> 00:05:36.000 So I can do service SSH restart. 115 00:05:37.400 --> 00:05:38.100 It will restart. 116 00:05:39.600 --> 00:05:42.200 And then you'll notice that my port that I'm 117 00:05:42.200 --> 00:05:45.400 running that SSH service off now is 2212 and 118 00:05:45.400 --> 00:05:48.900 that's what it's listening on for connections. So at a 119 00:05:48.900 --> 00:05:51.100 high level, you know, that's how we're going to be able to 120 00:05:51.100 --> 00:05:54.400 manage services and that's how we're going to be able to start and stop services 121 00:05:54.400 --> 00:05:57.700 using that service command. There are other commands 122 00:05:57.700 --> 00:06:00.600 that you can use to manage services managing processes 123 00:06:00.600 --> 00:06:03.700 and config files and things of that nature to make changes to 124 00:06:03.700 --> 00:06:06.100 different services. So don't limit that to just what we 125 00:06:06.100 --> 00:06:09.400 look at that here today. You can do that with any number of config 126 00:06:09.400 --> 00:06:12.600 files or other services when you're troubleshooting or 127 00:06:12.600 --> 00:06:15.000 trying to customize your instance and it's configuration. 128 00:06:15.800 --> 00:06:18.100 So with all of that in mind, let's do a quick 129 00:06:18.100 --> 00:06:21.800 check on learning. So how would you enable SSH automatically upon 130 00:06:21.800 --> 00:06:24.100 boot? Well, we talked about each of these 131 00:06:24.100 --> 00:06:27.200 Auto SSH. We didn't even discuss that that's not a 132 00:06:27.200 --> 00:06:30.500 valid Choice here service SSH start 133 00:06:30.500 --> 00:06:33.600 just starts the service but it does not do so upon 134 00:06:33.600 --> 00:06:37.000 a boot you have to do this manually netstat SSH 135 00:06:36.500 --> 00:06:39.800 isn't a valid combination of commands. So 136 00:06:39.800 --> 00:06:42.200 that's not a valid answer. So remember we have 137 00:06:42.200 --> 00:06:45.900 to do the update Dash RC dot d SSH enable 138 00:06:45.900 --> 00:06:48.600 command in order to start SSH Services when 139 00:06:48.600 --> 00:06:50.300 we reboot a system or something of that nature. 140 00:06:51.100 --> 00:06:54.100 So in summary today in this brief lesson, we looked 141 00:06:54.100 --> 00:06:57.600 at how to start the services how to manipulate Services 142 00:06:57.600 --> 00:07:00.400 how to kill processes and check processes 143 00:07:00.400 --> 00:07:03.400 that are running on our instance and how to 144 00:07:03.400 --> 00:07:06.100 modify configuration files. And so I want 145 00:07:06.100 --> 00:07:09.500 to thank you for your time today. Thank you for joining me and I look forward 146 00:07:09.500 --> 00:07:10.800 to seeing you again soon.