1
00:00:00,240 --> 00:00:06,660
Now, managing clinic services, as you can see, Kelly Linux is a specialized Linux distribution aimed

2
00:00:06,660 --> 00:00:10,680
at security professionals, and it contains several non-standard features.

3
00:00:11,100 --> 00:00:16,010
OK, now the first thing let's start with such service or the execution.

4
00:00:16,470 --> 00:00:21,780
Now what is most commonly used to remote access computer using a secure, encrypted protocol?

5
00:00:22,050 --> 00:00:26,460
OK, now in that case, we will use command call system Seitel.

6
00:00:26,850 --> 00:00:32,070
OK, now, as we learned previously, man systems ideal, as you can see, control the system, the

7
00:00:32,070 --> 00:00:34,140
system and service manager.

8
00:00:34,290 --> 00:00:36,360
OK, so this is to control the system.

9
00:00:37,170 --> 00:00:38,850
Now you can read more about it.

10
00:00:39,240 --> 00:00:45,930
The system is something Kim a tool for process management and all of that stuff.

11
00:00:46,500 --> 00:00:48,870
No, this is not our subject currently.

12
00:00:49,500 --> 00:00:51,740
No system CTL.

13
00:00:51,780 --> 00:00:55,500
By the way, I can't bring step again system.

14
00:00:56,670 --> 00:00:58,260
Then start.

15
00:01:00,580 --> 00:01:01,900
Or stop.

16
00:01:03,100 --> 00:01:06,910
Or at a start, as you can see, the status or status.

17
00:01:07,450 --> 00:01:11,630
OK, so let's start with the status such.

18
00:01:11,890 --> 00:01:15,070
OK, now you can see that it show us that.

19
00:01:15,070 --> 00:01:21,730
Yeah, here you can see it is inactive now to show more information, I must provide that sudo.

20
00:01:22,120 --> 00:01:26,590
Now, instead of typing the same command or the arrow button.

21
00:01:27,580 --> 00:01:33,400
No, I can do pseudo shift to one shift to one or that exclamation mark.

22
00:01:33,730 --> 00:01:39,010
So this will this will provide the previous command, which is system set.

23
00:01:39,970 --> 00:01:44,580
And before it, it is so, so sudo systemctl status as such.

24
00:01:44,590 --> 00:01:46,480
So if I press enter can see that.

25
00:01:46,480 --> 00:01:48,460
Yeah, it show us this is the command.

26
00:01:48,490 --> 00:01:49,740
No, again, enter.

27
00:01:50,050 --> 00:01:53,500
And of course, it will need the password because this is a pseudo command.

28
00:01:53,740 --> 00:01:56,500
And yeah, it showing us now and now.

29
00:01:56,500 --> 00:01:58,480
Yeah, it's show us it is inactive.

30
00:01:59,050 --> 00:02:05,560
Now, if I type the same command system and not without sudo, I mean, let's start to that search.

31
00:02:05,980 --> 00:02:13,390
You can see that if I press that, it will ask us for authentication or the password for this to be

32
00:02:13,390 --> 00:02:13,710
done.

33
00:02:15,430 --> 00:02:22,990
So in that case, which is using the pseudo so pseudo systemctl start as a search here, you can see

34
00:02:22,990 --> 00:02:26,320
that, yeah, now it is worked.

35
00:02:26,440 --> 00:02:29,740
How to check that systemctl status search.

36
00:02:30,010 --> 00:02:31,220
Yeah, you can see that.

37
00:02:31,240 --> 00:02:32,050
Here it is.

38
00:02:32,230 --> 00:02:35,590
It is active and seven seconds ago.

39
00:02:36,070 --> 00:02:38,770
Now you can see by default, here we have the vendor processed.

40
00:02:38,960 --> 00:02:41,680
OK, and we have that disabled thing here.

41
00:02:41,950 --> 00:02:47,470
OK, now this means that somebody at the window, which means that by default, when it comes or when

42
00:02:47,470 --> 00:02:50,260
it is downloaded by default, it will be disabled.

43
00:02:50,710 --> 00:02:52,690
Now what does this mean?

44
00:02:52,720 --> 00:02:58,160
It means that it will not work or it will not run on the startup on the boot up.

45
00:02:58,390 --> 00:02:58,840
OK.

46
00:02:58,990 --> 00:03:05,590
So when I if I restart this Kelly Linux machine, this asset will not work by default.

47
00:03:05,860 --> 00:03:07,560
OK, now here disabled.

48
00:03:07,870 --> 00:03:09,090
This is the first disabled.

49
00:03:09,100 --> 00:03:14,800
OK, this is the vendor Brissette here the disabled, which means they're not the default behavior on

50
00:03:15,010 --> 00:03:20,740
the actual behavior, which is will it run on boot up or it will not?

51
00:03:21,220 --> 00:03:26,020
This is what is so by default, it is disabled and it is disabled.

52
00:03:27,080 --> 00:03:34,430
So I must inability, so when I restart clinics, the search will run on water, so any event like that

53
00:03:34,850 --> 00:03:37,910
and press enter, you can see that here it is enabled.

54
00:03:37,910 --> 00:03:41,230
It will start creating some links and windows.

55
00:03:41,240 --> 00:03:43,130
It is the shortcut, which means shortcut.

56
00:03:43,760 --> 00:03:49,130
Don't worry, we'll talk about the symbolic links and our links, soft links, all of that stuff.

57
00:03:49,760 --> 00:03:55,400
Now, if I Typekit status, this time you can see that this time it is enabled by the way they've interpreted

58
00:03:55,420 --> 00:03:55,640
it.

59
00:03:55,910 --> 00:04:01,400
This is this is still a bit and this cannot be changed, by the way, because this is how it comes from

60
00:04:01,400 --> 00:04:02,000
the factory.

61
00:04:02,180 --> 00:04:02,880
Just like that.

62
00:04:02,900 --> 00:04:13,040
OK, so that the guys who created this as a search tool by default, they say, make it this way for

63
00:04:13,040 --> 00:04:14,610
more security and stuff like that.

64
00:04:14,720 --> 00:04:15,000
Right?

65
00:04:15,320 --> 00:04:19,220
But we enable it because we want it to be run over and over anyway.

66
00:04:20,660 --> 00:04:23,460
Now again, this is not for a blue team.

67
00:04:23,480 --> 00:04:24,380
This is routine.

68
00:04:24,590 --> 00:04:26,720
OK, so to be honest, we don't care.

69
00:04:27,670 --> 00:04:31,660
Yeah, because this is not a system we are protecting or hardening.

70
00:04:32,440 --> 00:04:36,580
This is our system to have attack on the systems.

71
00:04:36,790 --> 00:04:41,740
OK, so this Kalanick's to attack systems, of course, not in a malicious way.

72
00:04:41,740 --> 00:04:44,920
I mean, in maritime tactics.

73
00:04:45,100 --> 00:04:51,130
OK, but we need to understand how the bad guys think and work.

74
00:04:51,580 --> 00:04:54,850
OK, now how to make sure the asset is enabled.

75
00:04:54,910 --> 00:05:00,220
Now you know that the US is by default, is using the abort 22.

76
00:05:00,430 --> 00:05:01,440
OK, the default abort.

77
00:05:01,450 --> 00:05:06,280
So I have Netstat A. LP, OK.

78
00:05:06,730 --> 00:05:12,910
This is to show us and which means no T, which means TCB, because this is a piece of protection.

79
00:05:13,120 --> 00:05:17,740
Now again, if you are not familiar with TCB, you would be the though I imagine the boards.

80
00:05:17,770 --> 00:05:18,630
No, I prefer.

81
00:05:18,670 --> 00:05:20,380
I recommend you to read more about it.

82
00:05:20,620 --> 00:05:22,300
OK, well, it is not a big deal.

83
00:05:22,360 --> 00:05:27,040
Just have a just high level understanding.

84
00:05:27,040 --> 00:05:28,180
Will do the job OK?

85
00:05:28,510 --> 00:05:31,500
No idea, which means that the status of this is listening.

86
00:05:31,510 --> 00:05:35,650
And b so to protocol or program show the program.

87
00:05:35,980 --> 00:05:38,200
So or so you can see that.

88
00:05:38,200 --> 00:05:39,250
Yeah, we have it here.

89
00:05:39,250 --> 00:05:40,210
So here it is.

90
00:05:40,210 --> 00:05:45,310
It is twenty two and it is listening on zero two zero zero zero, which means anywhere.

91
00:05:45,520 --> 00:05:52,360
And the point this is the same, the status is or the state is listening and there is no idea what to

92
00:05:52,360 --> 00:05:52,510
do.

93
00:05:53,050 --> 00:06:01,150
OK, now there is another command called S s again Dash and T LP, and here it will show us that, yeah,

94
00:06:01,450 --> 00:06:05,060
twenty two is running and it is running on anyway.

95
00:06:05,530 --> 00:06:07,170
Zero zero zero zero.

96
00:06:07,810 --> 00:06:10,420
OK, now this is for the service.

97
00:06:10,450 --> 00:06:14,500
Now let's talk about active TB service now by default.

98
00:06:14,830 --> 00:06:17,980
Kelly comes with Apache or Apache2.

99
00:06:18,130 --> 00:06:22,930
So I would use the same command sudo systemctl status.

100
00:06:23,200 --> 00:06:25,960
Apache and Apaches two.

101
00:06:26,440 --> 00:06:32,830
So you can see, yeah, it is inactive now, how to do such a thing, how to enable it and to start

102
00:06:32,830 --> 00:06:34,390
it, as we learned previously.

103
00:06:35,020 --> 00:06:40,690
First, we need to start like this, then enable, OK, like this.

104
00:06:40,900 --> 00:06:44,740
Now there is a shortcut for this actually, which is pseudo systems.

105
00:06:44,950 --> 00:06:45,990
The L enable.

106
00:06:46,000 --> 00:06:47,150
Yeah, as we learn.

107
00:06:47,260 --> 00:06:53,890
But what is the flag dash dash now, which means it will enable it on startup and the same time it will

108
00:06:54,070 --> 00:06:54,640
start it.

109
00:06:55,030 --> 00:06:59,200
So you can see that, yeah, it has been enabled and it will.

110
00:06:59,320 --> 00:07:00,340
It should be started.

111
00:07:00,400 --> 00:07:01,210
How did you do that?

112
00:07:01,330 --> 00:07:02,560
Yes, you are correct.

113
00:07:02,590 --> 00:07:04,510
We will use that status command.

114
00:07:04,900 --> 00:07:05,700
So here it is.

115
00:07:05,710 --> 00:07:07,330
It is active and running this time.

116
00:07:07,850 --> 00:07:08,140
Yeah.

117
00:07:09,600 --> 00:07:13,830
Now, by the way, if you didn't provide the pseudo it, we're not sure all the information, so you

118
00:07:13,830 --> 00:07:14,790
can see that here.

119
00:07:14,940 --> 00:07:21,180
I already provided the soda, so a choice or anything here, as you can see now, if I provided that

120
00:07:21,480 --> 00:07:22,170
without.

121
00:07:23,460 --> 00:07:25,410
I provided a command without Sudo.

122
00:07:25,950 --> 00:07:29,130
You can see that it would show less information, as you can see.

123
00:07:29,490 --> 00:07:35,190
So up here, it shows us this Group C groupthink and it show us this, as you can see.

124
00:07:36,920 --> 00:07:44,990
That magic three, whatever, but here it shows us this group without putting more information or some

125
00:07:44,990 --> 00:07:47,030
considered critical information.

126
00:07:47,070 --> 00:07:48,520
Yeah, actually sometimes it is actually.

127
00:07:49,430 --> 00:07:53,690
OK, now how do you see what what it is running on?

128
00:07:53,960 --> 00:07:55,880
By default, it is the 80.

129
00:07:56,300 --> 00:07:59,570
So again, it's run as the NTSB.

130
00:08:00,140 --> 00:08:03,920
And you can see that, yeah, it is running on Port 80.

131
00:08:04,310 --> 00:08:06,830
So this is what we need and what we want.

132
00:08:06,980 --> 00:08:07,460
All right.

133
00:08:07,820 --> 00:08:08,180
OK.

134
00:08:08,930 --> 00:08:09,740
So far, so good.

135
00:08:10,340 --> 00:08:11,450
Thanks for watching.

136
00:08:11,540 --> 00:08:16,010
Now I will provide more exercises on this kindly to solve them.

137
00:08:16,280 --> 00:08:18,110
And if you have any questions, let me know.