Lect99 - Example papers Flashcards by Yves Sturzenegger

The /proc directory is a location for

Virtual file system for process and kernel information

How well did you know this?

Not at all

Perfectly

The /etc directory is a location for

Configuration files

How well did you know this?

Not at all

Perfectly

The passwd file can be found in

/etc

How well did you know this?

Not at all

Perfectly

To transfer ownership of the file toto from dave to nicola type

chown nicola toto

How well did you know this?

Not at all

Perfectly

The /etc/services file contains

a list of port mappings for the system (tcp and udp)

How well did you know this?

Not at all

Perfectly

To set the read, execute permission of the file toto for group and other type

chmod 755 toto

How well did you know this?

Not at all

Perfectly

In an Ubuntu system, the command sudo apt-get dist-upgrade is used to

Upgrade an existing installation and add new packages if needed.

How well did you know this?

Not at all

Perfectly

To identify which shell an user is using, (s)he looks in

/etc/passwd (shows default shell)

How well did you know this?

Not at all

Perfectly

The command ls -lh is used to show:

a long listing of a file or directory of files, including permissions mod time and size in human readable format.

How well did you know this?

Not at all

Perfectly

The /bin directory is a

directory for common executables

How well did you know this?

Not at all

Perfectly

The /sbin directory is a location for

for system executables usually used by root

How well did you know this?

Not at all

Perfectly

To view the boot message from the kernel type:

dmesg

How well did you know this?

Not at all

Perfectly

To show the IP address of the current host, type:

ifconfig

How well did you know this?

Not at all

Perfectly

The command ls [t][ne]* is used to list:

files that start with the letter t followed by either an n or e

How well did you know this?

Not at all

Perfectly

The /usr directory is a

user binaries, libraries and other software (the majority of the system is in here)

How well did you know this?

Not at all

Perfectly

The command cat /etc/passwd | egrep /bin/bash is used to show:

entries in /etc/passwd that contain the string /bin/bash

How well did you know this?

Not at all

Perfectly

To run a command vi as root, type:

sudo vi or su – vi

How well did you know this?

Not at all

Perfectly

To extract the usernames of all users on your system from /etc/passwd type:

cat /etc/passwd | awk -F’:’ ‘{print $1}’ cat /etc/passwd | cut -d’:’ -f1

How well did you know this?

Not at all

Perfectly

To count the lines in a file toto, type:

cat toto | wc -l

How well did you know this?

Not at all

Perfectly

To print the result of the command who to a file users.txt, type:

who > users.txt

How well did you know this?

Not at all

Perfectly

Change to home directory

cd /home cd ~

How well did you know this?

Not at all

Perfectly

Move a file

mv file /destination/file

How well did you know this?

Not at all

Perfectly

Delete lines 2 to 3 of a file called toto

sed -e ‘2,3d’ toto

How well did you know this?

Not at all

Perfectly

Create a directory tata

mkdir tata

How well did you know this?

Not at all

Perfectly

Extract characters 6 to 8 from each line of a file called data

cut -c 6-8 data

To display the content of a text file

cat file less file

To display all lines in a file called toto that contains a number

grep [:digit:] toto

Display all lines of the file data that contain a number from 0 to 9

grep [0-9] toto

Calculate the SHA1 hashes of all files in a directory without showing filenames

sha1sum \* | cut -d' ' -f1 sha1sum \* | awk '{print $1}'

Display all lines except line 10 of file toto

sed -e ‘10d’ toto

Search for the string “hacker” in ps.dd

grep -a hacker ps.dd

Search for IP addresses in ps.dd and place the results in a file called IP.log

egrep -a --color=always '([0-9]{1,3}\.){3}[0-9]{1,3}' ps.dd \> IP.log

Search for Friday May 26, 2017 and “gmail” in the IP.log file above

egrep ‘Friday May 26, 2017.\*gmail’ IP.log

Extract lines that contain the userID=12345 from the file IP.log and place the results in a file called User.log

grep ‘userID=12345’ IP.log \> User.log

Extract lines that contain the email address from the file User.log above

grep “email address” User.log

List the first ten characters of the SHA1 sum of sp.e01

sha1sum sp.E01 | cut -c 1-10

Convert sp.E01 to a raw image

ewfexport sp.E01

List the partitions in the image, reporting in units of sectors

mmls sp.E01

List the file system of its bootable partition

fls -o 48195 sp.E01

Mount its Windows NTFS partitions

mkdir /mnt/ewf mkdir /mnt/part2 mkdir /mnt/part4 ewfmount sp.E01 /mnt/ewf mount -o loop,offset=$(48195\*512) /mnt/ewf/ewf mnt/part2 mount -o loop,offset=$( \*512) /mnt/ewf/ewf /mnt/part4

The /var directory is a location for

data which may be modified in real time by programs

The /mnt directory is a location for

directory in which to mount devices

To show the currently mounted partitions on a Linux system, type:

mount -l

The command netstat -l is used to show:

only listening socket

The command ls -lSr is used to show:

lists files in current directory with long listing, sorting the list by file size

To substitute more than one occurrence per line of ‘one’ with ‘two’ in file called toto, type:

sed 's/one/two/g' toto

To find every occurrence of the word car in a file called engines, type:

grep car engines

To see if user ryan is logged on, type:

who | grep ryan

To display all lines in a file called engines that contain three characters long, starting with a capital letter and ending with a digit, type:

grep [[:upper:]].[[:digit:]] engines

In Linux, to identify the type of a file, the file command is based on:

The header of a file

In Linux, to list the content of an archive toto.tgz, type:

tar tzvf toto.tgz

To print usernames from /etc/passwd, type:

awk –F: ‘{print $1}’ /etc/passwd

To calculate the MD5 hashes of all files in a directory without keeping filenames, type:

md5sum \* | cut –c1-32

The output of the command grep -q $(md5sum toto | cut –c1-32) hashes.txt && echo Match is:

Match, if the MD5 hash of the file toto exists in hashes.txt

The command dd if=/dev/hda of=~/hdadisk.img is used to:

create an image of hda device

The command xxd -l 120 -c 20 toto prints:

hexdump the first 120 bytes with 20 bytes per line of the file toto

The command sfdisk -l -uS able2.dd :

shows partition table of the disk image able2.dd

To change directory to the last directory, type:

cd -

To view the boot message from the kernel type:

dmesg

To calculate the SHA1 hashes of all files in a directory, type:

sha1sum \*

In Ubuntu, to check who is running what, type:

top

The command icat -o 10260 able2.dd 2139 \> lrkn.tgz.2139:

recovers a deleted file from the image able2.dd and store to a report file

The command dd if=/dev/hdx | gzip \> ~/image.gz is used to:

create an image of hdx device

The command fls -o 10260 –r able2.dd:

provides file system specific information about the file system of able2.dd

To sum file sizes of all files stored in an archive toto.tgz, type:

tar tzvf toto.tgz | awk ‘{ sum += $3} END {print “Total size: ” sum “ bytes.”}’

ls -lh

List directory contents in long format with human readable sizes.

head -n13 file1.txt

Print first 13 lines.

cp file1 file2

Copy file1 to file2

mkdir /mnt/usb/evidence

Create directory called "evidence" under /mnt/usb

wc -l filename

Count lines in file "filename"

cat /etc/passwd | egrep /bin/bash

Print all lines of /etc/passwd that contains /bin/bash

cut -d: -f1 /etc/passwd

Prints all usernames of /etc/passwd - d : delimiter - f1 : field number

grep [[:upper:]] engines

Print all lines that contain at least one upper case letters.

tail /etc/passwd \> smallpass

Output the last 10 lines of file /etc/passwd to smallpass

awk –F: ‘{print $1}’ /etc/passwd

Prints out username from /etc/passwd

Rename a file:

mv file1 file2

Delete a file:

rm file1

Find differences between file1 and file2:

diff file1 file2

Create a file:

touch file1

Display a file:

cat file1

To display lines in a file:

sed -n 2p file.txt

Count the number of lines in a file:

wc -l filename

Calculate the MD5 hashes of all files in a directory:

find . -type f -exec md5sum {} \;

Extract files in a tarball:

tar xvf filename

Extract a field from a file:

cut -d: -f1 filename

List the first five characters of the MD5 sum of file.e01:

md5sum filename | cut -c1-5

Convert suspect.E01 to a raw image:

ewfexport -t [NewFileName] -f raw -u suspect.E01

List the partitions in the image suspect.e01:

mmls suspect.e01

List the file system of a partition, which starts at sector 48:

fsstat -o 48 suspect.e01

Mount a Linux partition, which starts at sector 102400:

mount -t ext4 -o ro,loop,offset=$((512\*102400)) image.raw /mnt/hdd

Check the file type of access\_log:

file access\_log

Print the number of lines in this file of access\_log:

wc -l access\_log

Display and sort the first column of access\_log:

cat access\_log | awk '{print $1}' | sort

Display and filter out duplicates in the first column of access\_log:

cat access\_log | awk '{print $1}' | sort -u

Count the number of different IP addresses (suppose that the first column contains the IP addresses) of access\_log:

cat access\_log | awk '{print $1}' | sort -u | wc -l

Lect99 - Example papers Flashcards

(95 cards)