WEBVTT 00:00.210 --> 00:02.610 Now managing clinic services. 00:03.030 --> 00:08.130 As you can see, Kerry Linux is a specialized Linux distribution aimed at security professionals, and 00:08.130 --> 00:10.860 it contains several non-standard features. 00:11.190 --> 00:11.520 Okay. 00:11.520 --> 00:16.170 Now the first thing, let's start with the search service or the secure shell. 00:16.440 --> 00:21.900 Now, it is most commonly used to remote access computer using a secure, encrypted protocol. 00:22.560 --> 00:26.630 Now, in that case, we will use command called system CTL. 00:27.420 --> 00:32.790 Now, as we learned previously, many systems still, as you can see, control the system, the system 00:32.790 --> 00:34.230 and service manager. 00:34.470 --> 00:34.700 Okay. 00:34.710 --> 00:36.870 So this is to control the system D. 00:37.110 --> 00:38.940 Now you can read more about it. 00:39.240 --> 00:46.110 The system D is something, kim, for process management and all of that stuff. 00:46.470 --> 00:46.990 No worry. 00:47.100 --> 00:49.050 This is not our subject currently. 00:49.470 --> 00:54.240 Now system CTL, by the way, I can tap again. 00:54.960 --> 00:58.560 System CTL then start. 01:00.620 --> 01:02.120 Or stop. 01:03.140 --> 01:04.700 Or restart. 01:05.060 --> 01:07.100 As you can see, the status or status. 01:09.080 --> 01:11.870 So let's start with the status as such. 01:12.830 --> 01:18.080 Now you can see that it shows us that here, here you can see it is inactive. 01:18.440 --> 01:21.860 Now to show more information, i must provide the sudo. 01:22.070 --> 01:26.750 Now instead of typing the same command or the arrow button. 01:27.620 --> 01:33.590 No I can do sudo shift one shift one or the exclamation mark. 01:33.590 --> 01:40.910 So this will show this will provide the previous command which is system set as such and before it it 01:40.910 --> 01:44.540 is sudo so sudo system city l status as such. 01:44.540 --> 01:46.490 So if I press enter I can see that. 01:46.490 --> 01:46.950 Yeah. 01:47.000 --> 01:49.940 It shows this is the command now press again enter. 01:49.970 --> 01:56.180 And of course it will need the password because this is a sudo command and yeah it showed us now and 01:56.180 --> 01:58.580 now it show us it is inactive. 01:59.000 --> 02:03.170 Now if I type the same command system still not without sudo. 02:03.170 --> 02:05.810 I mean let's start that search. 02:05.930 --> 02:13.850 You can see that if I press that it will ask us for authentication or the password for this to be done. 02:15.350 --> 02:21.470 So in that case, which is using the pseudo so pseudo system, it'll start as a search. 02:21.550 --> 02:23.390 Here you can see that. 02:23.390 --> 02:23.990 Yeah. 02:24.440 --> 02:26.390 Now it is worked. 02:26.420 --> 02:29.870 How to check that system's status as a search. 02:29.900 --> 02:31.250 Yeah, you can see that. 02:31.250 --> 02:32.240 Here it is. 02:32.240 --> 02:33.200 It is active. 02:33.200 --> 02:35.750 And seven second ago. 02:35.930 --> 02:41.870 Now you can see by default here we have the vendor presence and we have the disabled thing here. 02:42.020 --> 02:42.400 Okay. 02:42.410 --> 02:48.680 Now, this means that the vendor, which means that by default, when it comes or when it is downloaded, 02:48.680 --> 02:50.420 by default, it will be disabled. 02:50.630 --> 02:52.730 Now, what does disabled mean? 02:52.730 --> 02:58.010 It means that it will not work or it will not run on the startup on the boot. 02:58.410 --> 02:58.880 Okay. 02:58.880 --> 03:05.750 So when I if I start this Linux machine, this asset will not work by default. 03:06.010 --> 03:07.700 Okay, now here disabled. 03:07.850 --> 03:09.080 This is the first disabled. 03:09.090 --> 03:09.380 Okay. 03:09.410 --> 03:14.830 This is the vendor Brexit here, the disabled, which means they are not the default behavior. 03:14.990 --> 03:20.930 The actual behavior, which is will it run on boot up or it will not. 03:21.170 --> 03:23.510 This is what is so by default. 03:23.510 --> 03:26.210 It is disabled and it is disabled. 03:27.000 --> 03:29.220 So I must enable it. 03:29.220 --> 03:32.190 So when I start clinics, the research will run on. 03:32.520 --> 03:35.800 So enable like that and press enter. 03:35.820 --> 03:37.050 You can see that here. 03:37.050 --> 03:37.880 It is enabled. 03:37.890 --> 03:41.250 It will start creating some links and windows. 03:41.250 --> 03:43.320 It is the shortcut, which means shortcut. 03:43.740 --> 03:44.220 Don't worry. 03:44.220 --> 03:49.350 We will talk about the symbolic links and hard links, soft links, all of that stuff. 03:49.650 --> 03:53.820 Now, if I type status this time, you can see that this time it is enabled. 03:53.820 --> 03:59.640 By the way, the vendor said this is this is still disabled and this cannot be changed, by the way, 03:59.640 --> 04:02.010 because this is how it comes from the factory. 04:02.160 --> 04:02.900 Just like that. 04:03.060 --> 04:03.370 Okay. 04:03.390 --> 04:13.770 So the the guys who created this as search tool by default, they say make it disabled for more security 04:13.770 --> 04:14.640 and stuff like that. 04:14.640 --> 04:15.210 All right. 04:15.210 --> 04:19.380 But we enable it because we want it to be run over and over anyway. 04:20.670 --> 04:23.480 Now, again, this is not for a blue team. 04:23.490 --> 04:24.540 This is for red team. 04:24.900 --> 04:26.910 So to be honest, we don't care. 04:27.600 --> 04:27.950 Yeah. 04:27.960 --> 04:31.860 Because this is not the system we are protecting or hardening. 04:32.400 --> 04:36.780 This is our system to have attack on the systems. 04:37.080 --> 04:40.080 Okay, so this guy Linux to attack systems? 04:40.110 --> 04:41.760 Of course not in a malicious way. 04:41.760 --> 04:51.360 I mean, in team tactics, but we need to understand how the bad guys think and work. 04:52.440 --> 04:54.850 Now how to make sure the asset is enabled. 04:54.870 --> 05:01.460 Now you know that the asset by default is using the port 22, the default board. 05:01.470 --> 05:08.040 So I have net stat dash anti lp oc this is to show us. 05:08.220 --> 05:10.770 NN Which means number three, which means. 05:10.770 --> 05:12.990 TCB because this is a TCB protocol. 05:13.020 --> 05:19.260 Now again, if you are not familiar with TCB, UDP, the OCI model, the board's number, I, I recommend 05:19.260 --> 05:20.560 you to read more about it. 05:20.580 --> 05:21.140 Okay. 05:21.150 --> 05:22.340 Well, it is not a big deal. 05:22.350 --> 05:27.030 Just have a just high level understanding. 05:27.030 --> 05:32.240 Will do the job now, which means that the status of this is listening and PE. 05:32.280 --> 05:39.240 So to protocol or program show the program so or PID ID so you can see that here we have it here. 05:39.240 --> 05:40.230 So here it is. 05:40.230 --> 05:45.480 It is 22 and it is listening on 0 to 0 200, which means anywhere. 05:45.480 --> 05:47.400 And the foreign address is the same. 05:47.400 --> 05:52.500 The status is or the state is listening and there is no idea what it did. 05:54.270 --> 06:01.920 Now there is another command called SS, again, Dash and LP, and here it will show us that here 22 06:01.950 --> 06:05.210 is running and it is running on anywhere. 06:05.560 --> 06:07.350 002020. 06:08.460 --> 06:10.390 Now this is for the service. 06:10.410 --> 06:12.960 Now, let's talk about TB service. 06:13.380 --> 06:18.060 Now, by default clearly comes with Apache or Apache two. 06:18.060 --> 06:23.160 So I will use the same command sudo system ctl status. 06:23.190 --> 06:26.160 Apache and Apache is two. 06:26.340 --> 06:27.420 So you can see. 06:27.420 --> 06:29.130 Yeah, it is inactive. 06:29.370 --> 06:34.590 Now how to do such a thing, how to enable it and to start it as we learned previously. 06:35.010 --> 06:40.830 First we need to start like this, then enable like this. 06:40.830 --> 06:45.990 Now there is a shortcut for this actually which is sudo systems edl enabled. 06:46.020 --> 06:47.220 Yeah, as we learned. 06:47.220 --> 06:48.400 But what is the flag? 06:48.420 --> 06:48.750 Dash. 06:48.750 --> 06:49.950 Dash now. 06:50.220 --> 06:54.750 Which means it will enable it on startup and the same time it will start it. 06:54.900 --> 06:55.980 So you can see that. 06:55.980 --> 07:00.390 Yeah, it has been enabled and it will show it should be started. 07:00.390 --> 07:01.290 How to check that? 07:01.290 --> 07:02.550 Yes, you are correct. 07:02.550 --> 07:04.680 We will use the status command. 07:04.770 --> 07:05.760 So here it is. 07:05.760 --> 07:07.500 It is active and running this time. 07:07.860 --> 07:08.280 Yeah. 07:09.560 --> 07:13.190 Now, by the way, if you didn't provide the pseudo, it will not show all the information. 07:13.190 --> 07:14.900 So you can see that here. 07:14.900 --> 07:19.370 I already provided the pseudo so it show us all everything here as you can see. 07:19.460 --> 07:22.400 Now, if I provided that without. 07:23.500 --> 07:25.570 I provided the command without pseudo. 07:25.930 --> 07:29.340 You can see that it will show less information as you can see. 07:29.350 --> 07:35.350 So up here it show us this group c group thing and it shows us this as you can see. 07:36.960 --> 07:38.700 That much HDTV, whatever. 07:38.700 --> 07:39.570 But here it. 07:39.570 --> 07:47.030 Show us the group without putting more information or some considerate, critical information. 07:47.040 --> 07:47.260 Yeah. 07:47.280 --> 07:49.990 Actually, sometimes it is a critical OC. 07:50.160 --> 07:56.100 Now how to see what what it is running on by default it is the 80. 07:56.280 --> 08:03.930 So again it's run as the anti LP and you can see that here it is running on board 80. 08:04.230 --> 08:06.990 So this is what we need and what we want. 08:06.990 --> 08:07.680 All right. 08:07.800 --> 08:08.290 Okay. 08:08.790 --> 08:09.900 So far, so good. 08:10.380 --> 08:11.550 Thanks for watching. 08:11.550 --> 08:16.170 Now I will provide more exercises on this, kindly to solve them. 08:16.170 --> 08:18.270 And if you have any question, let me know.