Unix/Linux (Ubuntu, Debian, Kali Linux etc.) Privilege Management

File permission in Linux

1 Read: Show/Display content of the file
2 Write: Edit/Delete the file
3 Execute: Execute the bash/shell/script program etc.

Types of file permission

1 File owner: Creator of the file
2 User in the same group: Any users in the same group as the file owner
3 Other users: Any other users within other groups that doesn’t include the file owner

[email protected]:/tmp/test# ls -l
total 12
drwxr-xr-x 10 root root 4096 Jan 25 14:08 'folder 1'
drwxr-xr-x 5 root root 4096 Jan 25 14:08 'folder 2'
-rw-r--r-- 1 root root    0 Jan 25 14:12 'New Empty File'
-rwxr-xr-x 1 root root    8 Jan 25 14:09  script.s
Output of ls -lDescription
total 12Total size of all files within this folder
drwxr-xr-xd = Type of the file (directory), rwxr-xr-x = file permission
10Total hard links to this file
rootOwner name
rootOwner group
4096File size
Jan 25 14:08Time of last modification
folder 1File name
File typeDescription
dDirectory/Folder
lLink (Pointing to another file)
sSocket
bBlock file
cCharacter file
pPipe file
Files doesn’t belong to above categories

The 9 characters “rwxr-xr-x” represents the file access privileges. They can be treated in three three groups. rwx: Owner privilege r-x: Owner group privilege r-x: Other users’ privilege

If “-” is present instead of “r” or “w” or”x” e.g. “r-x” vs “rwx”, that means the corresponding permission is disabled.

PermissionDescription
r— — —Owner can read but not write or execute.
rwx r– r–Owner can read, write, execute, Owner group and other users can only read
rwx rwx rwxEveryone can read, write, execute

Change file permission/Modify file permission

Symbolic Mode (Using Symbol and characters)

chmod [who] operator [permission] filename
Who (Character)Description
uOwner
gOwner group
oOther users
aAll users (Owner, Owner group, other users)
OperatorDescription
+Add permission
Remove permission
=Set permission
PermissionDescription
rRead
wWrite
xExecute

e.g.

CommandResultDescriptoin
chmod a-x filerw- rw- rw-Remove execute permission from all users
chmod go-w filerw- r– r–Remove write permission from owner group and other users
chmod u+x filerwx r– r–Add execute permission to Ownder

Absolute Mode – (Using numbers)

Use binary 0 and 1 to represent user permission.

rwx
111

Convert “111” from binary to Decimal it is “7” (4+2+1=7)

rwx
101

Convert “101” from binary to Decimal is “5” (4+0+1=5)

CommandResultDescription
chmod 777 filerwx rwx rwxAll users, can read, write, execute
chmod 644 filerw– r– r–Owner can read, write, other users can read
chmod 444 filer– r– r–All users can read
Octal Value File Permissions Set Permissions Description 
0No permissions 
1–xExecute permission only 
2-w-Write permission only 
3-wxWrite and execute permissions 
4r–Read permission only 
5r-xRead and execute permissions 
6rw-Read and write permissions 
7rwxRead, write, and execute permissions 

Windows PowerShell: “… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at….”

The Error

When executing some PowerShell scripts, this error comes up.

… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at https://go,microsoft.com/fwlink/?LinkID=135170

The Fix

1 Enter following command then hit Enter key in PowerShell

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted

2 Enter Y or A to continue when prompted.

3 Now we can run the script again, this time there should be no error returned.


Useful Windows network commands

1 ping

Usually, it can be used for testing the connectivity and the network latency in millisecond (ms)

TTL: Time To Live

ping <host name>
ping <domain name>
ping <IP address>
ping google.com
ping google.com

1.1 ping 127.0.0.1: Check if the Network interface controller (NIC), TCP/IP protocol, subnet mask works.

1.2 ping the current host’s IP address: Check if local configuration/installation are correct. (If not, we can check network equipment and cables.)

1.3 ping IP within the current subnet: Check if the NIC works in local area network (LAN), if there is no reply, it means that the subnet mask may be incorrect, network cable issue, configuration issue etc.

1.4 ping default gateway: Check if the gateway works.

1.5 ping remote IP address: Check if the default gateway works, if the device can get on to internet.

1.6 ping localhost: localhost is an operating system (OS) reserved host name. It resolves to 127.0.0.1. Usually, devices should be able to resolve this to such address, otherwise there can be something wrong with the host file (/Window/host for Windows) (/etc/host for Linux)

1.7 ping www.google.com: It will be resolved to IP address first via querying DNS server, if not resolved, it can be the DNS server is not configured correctly or DNS server is not working. Sometimes it can be the domain is blocked by firewall in local area network. (ping can be blocked completely by firewall as well.) Or simply, the domain does not exist.

ping IP -t: ping the IP address continuously until Ctrl + C is pressed.

ping IP -l 1000: ping with specified length (1000 bytes) (default is 32 byte)

ping IP -f -l 1492: ping with specified length without fragmenting the packet.

ping IP -n 10: execute the ping command 10 times.

Note: Ping command can be blocked by firewall deployed in the LAN, while it is a useful and helpful command for troubleshooting the network issues most of the time, but do not rely on it entirely and draw conclusion completely from ping command. Better to use it as a reference.

2 ipconfig

Used for checking TCP/IP configuration. Release, Renew DHCP leasse. Flush DNS cache etc.

2.1 ipconfig: Show IP address, Subnet Mask, Default Gateway of the interface

2.2 ipconfig /all: Show all details including DNS, WINS and extra information, MAC address, DHCP server IP address, DHCP lease obtained time, expire time etc.

2.3 ipconfig /release: Release all IP addresses obtained from DHCP server

2.4 ipconfig /renew: Renew the IP address from DHCP server, usually it will be the same IP address before “ipconfig /release”

2.5 ipconfig /flushdns: Flush DNS cache in Windows

2.6 ipconfig /displaydns: Print DNS cache from local machine on screen. (We can use ipconfig /displaydns > C:\dns-cache.txt to save output to text file for easier diagnostic)

3 tracert (traceroute)

Windows: tracert

Linux: traceroute

Used for checking routing condition/path and latency etc.

tracert <host name>
tracert <domain name>
tracert <IP address>
tracert google.com
tracert google.com

Output with 5 columns

Column 1: The number of the hop

Column 2: Round Trip Time 1 (RTT 1)

Column 3: RTT 2

Column 4: RTT 3

Column 5: IP address, name of the router

If any packet loss happen, “*” will be used instead of time in “ms”

4 arp (Address Resolution Protocol)

Used to check the corresponding Media Access Control Address (MAC address) of the IP address.

Can be used to output ARP cached information from current device or other devices. Manually set the MAC/IP pair.

arp -a
arp -a <IP>
arp -s <IP>
arp -d <IP>

4.1 arp -a: Show all data in ARP cache

4.2 arp -a IP: Only show all ARP cache from one of the NIC associated with the specified IP address

4.3 arp -s IP MAC: Manually add the IP MAC pair as static ARP cache to the system (Persistent across reboots)

4.4 arp -d IP: Manually delete a static ARP cache

5 route

Used for checking and configuring routing information.

route print
route add
route change

5.1 route print: Show current routing table

5.2 route add:

e.g. To configure a routing table for reaching 192.168.1.11, through 5 networks, via one of the route on local network which is 192.168.2.22, where the subnet is 255.255.255.224, then the following command will be used

route add 192.168.1.11 mask 255.255.255.224 192.168.2.22 metric 5

5.3 route change:

Can be used to change the path for the routing table but not the routing destination.

e.g. Change the above example from metric 5 to metric 2

route change 192.168.1.11 mask 255.255.255.224 metric 2

5.4 route delete: Delete routing table.

route delete 192.168.1.11

6 nslookup

Used to find out domain name/IP address of an host. Usually require DNS server.

6.1 nslookup: Show current configured DNS server on the host

nslookup

6.2 nslookup google.com: Use the default DNS server to check DNS records

nslookup goolge.com

6.3 nslookup google.com 8.8.8.8: Use the google DNS server (8.8.8.8) to resolve domain (google.com)

nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8
nslookup google.com 8.8.8.8

6.4 nslookup <IP address> <DNS server>: Reverse lookup

nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8
nslookup 8.8.8.8 8.8.8.8

7 netstat

Get current network information from current host.

Show active TCP connections, Ports the host listening on, Ethernet information, IP routing table, IPv4 information (IP, ICMP, TCP, UDP protocol), IPv6 information (IPv6, ICMPv6, TCP, UDP over IPv6).

7.1 netstat

Show active TCP connections

netstat

7.2 netstat -a: Show all connections, including “ESTABLISHED”, “LISTENING” states. (With host name/domain)

7.3 netstat -n: List the detail in IP address rather than host name/domain name.

7.4 netstat -e: Show statistical data about Network interface. (Total Bytes transferred, Errors, Discards, Unicast packets, Unknown protocols, Non-unicast packets)

7.5 netstat -r: Similar to route print, the output is similar to rout print command as well. Output routing table information.

Network DestinationDestination network
0.0.0.0Unknown network (Added automatically when using default gateway)
127.0.0.0Local host network address
224.0.0.0Multicast address
255.255.255.255Broadcast address
NetmaskNetmask address
GatewayGateway address
InterfaceInterface address
MetricHops

8 nbtstat

Used to troubleshoot NetBIOS.

8.1 nbtstat -n: Show information about your workgroup.

8.2 nbtstat -a <IP Aaddress>: Show NetBIOS information about that device

9 net

Used for service related, network related.

9.1 net help: Get more help

9.2 net hep <command> e.g. net help accounts: To get help on that specific net command (accounts in this case)

CommandExampleDescription
NET ACCOUNTSNET ACCOUNTSShow current accounts information
NET CONFIGNET CONFIG SERVER (or WORKSTATION)Show network configuration
NET GROUPNET GROUPShow groups (Only available on Domain Controller)
NET SENDNET SEND server1 “test message”Send broadcast message to other computers
NET SHARENET SHAREShow shared files/folders from local host
NET STARTNET START FaxStart service
NET STOPNET STOP FaxStop service
NET STATISTICSNET STATISTICS WORKSTATION (or SERVER)Show network statistics
NET USENET USE x:\serverFolderMap network drive with letter
NET USERNET USERShow accounts/users on local host
NET VIEWNET VIEWShow available computers on network

Linux Bash/Shell simple, basic flow control

“if else” and pass variable to the script

if [condition]
 then
     //if block code
 else
     // else block code
 fi
#!/bin/bash
# https://dannyda.com
if [ $1 == $2 ];then
	echo "Numbers are equal ("$1" = "$2")"
elif [ $1 -gt $2 ];then
	echo "1st Number is greater than 2nd Number ("$1" > "$2")"
elif [ $1 -lt $2 ];then
	echo "1st Number is smaller than 2nd Number ("$1" < "$2")"
else
	echo "error"
fi
if else, pass variables to script
if else, pass variables to script

for Loop

for [var] in [list]
do
    //command1
    //command2
done
#!/bin/bash
# https://dannyda.com
for variable in 1 2 3 4 $(echo 7)
do
	echo "The value is: $variable"
done
for i in {1..3}
do
	echo "Loop $i times"
done
echo "2 Done"
echo
for i in {0..10..2}
do 
	echo "Step of 2, $i times"
done
echo "3 Done"
echo
for loop
for loop

while Loop

while [condition]
do
    //command1
    //command2
done
while [condition]; do commands; done
#!/bin/bash
# https://dannyda.com
i=0
while [[ $i<5 ]]
do
    echo $i
    let "i++"
done
echo "Job Done"
echo
i=0
while [[ $i<5 ]]; do echo $1 $((i++)); done
while loop
while loop

while Loop with input (Interactive script)

while read [condition]
do
    //command1
    //command2
done
#!/bin/bash
# https://dannyda.com
echo '<CTRL-D> to exit'
while read input
do
	echo "The number is $input"
done
while with input (interactive script)
while with input (interactive script)

until Loop

Until loop is opposite to while loop, it execute the given commands as long as the given condition evaluates is false

until [condition]
do
    //command1
    //command2
done
#!/bin/bash
# https://dannyda.com
i=0
until [ $i -gt 5 ]
do
  echo Counter: $i
  ((i++))
done
echo "-----------"
i=0
while [ $i -lt 6 ]
do
  echo Counter: $i
  ((i++))
done
until loop
until loop

Infinite while Loop

Use Ctrl + C to stop/exit the loop

while true
do
    //command1
    //command2
done
#!/bin/bash
# https://dannyda.com
while true
do
	echo a
done
infinite while loop
infinite while loop

Infinite for Loop

Use Ctrl + C to stop/exit the loop

for (( ; ; ))
do
    //command1
    //command2
done

infinite for loop
infinite for loop

Options/Case/Switch/Select Case

case  $variable  in
     pattern1)
         command1
         command2
         …
         ….
     ;;
     pattern2)
         command1
         command2
         …
         ….
     ;;
     patternN)
         command1
         command2
         …
         ….
     ;;
     *)
         command1
         command2
         …
         ….
 esac
case  $variable  in
     pattern1|pattern2|pattern3)
         command1
         command2
         …
         ….
     ;;
     pattern4|pattern5|pattern6)
         command1
         command2
         …
         ….
     ;;
     pattern7|pattern8|patternN)
         command1
         command2
         …
         ….
     ;;
     *)
         command1
         command2
         …
         ….
 esac
esacThe EOF for case
)the end of the pattern
*)Else, if doesn’t match anything
;;The end of current case clause
#!/bin/bash
# https://dannyda.com
case $1 in
    a) echo 'Case a'
    ;;
    b) echo 'Case b'
    ;;
    3) echo 'Case 3'
    ;;
    *) echo 'Not Case a or Case b or Case 3'
    ;;
esac
Case
Case

Microsoft Office 365/O365 Administration links (Admin links, admin centers)

Office 365

https://www.office.com

Azure Portal

https://portal.azure.com

Azure Active Directory

https://aad.portal.azure.com

Device Management

https://devicemanagement.microsoft.com

Office 365 Cloud App Security

https://<company-name>.portal.cloudappsecurity.com

Microsoft 365 security center

https://security.microsoft.com

Microsoft 365 compliance center

https://compliance.microsoft.com

New Exchange Admin Center

https://admin.exchange.microsoft.com/

Classic Exchange Admin Center

https://outlook.office.com/ecp/

Microsoft Teams admin center

https://admin.teams.microsoft.com/

Office client management portal / Office cloud policy service

https://config.office.com/

Microsoft Store for Business

https://businessstore.microsoft.com/en-au/manage/dashboard

Different ways to delete/remove folder/directory in Linux (Ubuntu, Kali Linux etc.) (Empty and non-empty folders)

rmdir

Used for removing empty folders only. If the folder is not empty, error will be returned.

rmdir folderName
rmdir
rmdir

rm

Used for removing empty and non-empty folders (and files as well)

#Force to remove folder and sub-folders without warning.
rm -rf folderName
#Remove multiple folders
rm -rf folder1 folder2 folder3
rm -rf aa, rm -rf b c
rm -rf aa, rm -rf b c

Using “rm” and “find” command to do conditional deleting

  • Find a single folder within current folder, then delete it.
find . -type d -name "folder" -exec rm -rf {} +
Find and Delete single folder
Find and Delete single folder
.Current folder
-type dOnly search folder/dirctory
-nameName of the folder
-exec rm -rfRun rm -rf command, delete the folder
{} +append the command to the end of the rm -rf
  • Delete all empty folders
find . -type d -empty -delete
Find and delete all empty folders
Find and delete all empty folders
-emptyOnly delete empty folders
-deleteDelete all empty folders, including empty sub-folders

How to: Create/Add/Delete/Remove/List Users/Groups with Command Prompt/Command line in Windows (net command)

Keywords: Windows command prompt, command line, cmd, Add Users, Create Users, Delete Users, Remove Users, List Users, Add local groups, Create local groups, Delete local groups, List local groups, net command

Launch the Command Prompt (In Admin mode)

We should launch the Command Prompt in Administrator mode.

  • Use Win + X key combination -> “Windows PowerShell (Admin)”

or

  • Open start menu -> Type “cmd” -> Right click on “Command Prompt” -> Run as administrator

Add a New User

net user username password /add

net user user1 1234 /add
net user username password /add
net user username password /add

Add a user to a group

net localgroup administrator username /add

e.g. add user to local administrator group

net localgroup administrators user1 /add
net localgroup administrators user1 /add
net localgroup administrators user1 /add

Add a New Local Group

net localgroup newGroupName /add

net localgroup newgroup /add
net localgroup newgroup /add
net localgroup newgroup /add

List All Users

net user

net user
net user
net user

List information about a specific User

net user userName

net user win10
net user win10
net user win10

List All Users with Sid

WMIC useraccount get name

WMIC useraccount get name,sid

WMIC useraccount get name
WMIC useraccount get name,sid
WMIC useraccount get name,sid
WMIC useraccount get name,sid

List All Local Groups

net localgroup

net localgroup
net localgroup
net localgroup

Remove a User from a Local Group

net localgroup groupName userName /delete

net localgroup administrators user1 /delete
net localgroup administrators user1 /delete
net localgroup administrators user1 /delete

Remove a Local Group

net localgroup groupname /delete

net localgroup mygroup /detele
net localgroup mygroup /detele
net localgroup mygroup /detele

Remove a User

net user username /delete

net user user1 /delete
net user user1 /delete
net user user1 /delete

How to fix: Notepad ++ Shortcut key disappear, not working

The Issue

When closing the file we are editing in Notepad++, it will ask if we want to save the file or not, usually we can use Y, N, C, a, o keys to select intend action.

Notepad++ Save file dialog with shortcut keys
Notepad++ Save file dialog with shortcut keys

Sometimes the shortcut keys can disappear:

Notepad++ Save file dialog without shortcut keys
Notepad++ Save file dialog without shortcut keys

The Fix

1 Open the Notepad++ installation directory

2 Navigate to “Notepad++\localization” folder

3 For English, open the “english.xml” file

4 Find following lines

<DoSaveOrNot title="Save">
	<Item id="1761" name="Save file "$STR_REPLACE$" ?"/>
	<Item id="6" name="Yes"/>
	<Item id="7" name="No"/>
	<Item id="2" name="Cancel"/>
	<Item id="4" name="Yes to all"/>
	<Item id="5" name="No to all"/>
</DoSaveOrNot>

5 Change to

<DoSaveOrNot title="Save">
	<Item id="1761" name="Save file "$STR_REPLACE$" ?"/>
	<Item id="6" name="&amp;Yes"/>
	<Item id="7" name="&amp;No"/>
	<Item id="2" name="&amp;Cancel"/>
	<Item id="4" name="Yes to &amp;all"/>
	<Item id="5" name="N&amp;o to all"/>
</DoSaveOrNot>

6 Save the file, now change Notepad++ to other languages then change back to English, you will be able to see and use those shortcut keys again.

Note: For other languages, just modify the same section

CHANGE

name="Yes"

TO

name="&amp;Y Yes"

Windows Operating System Penetration – Disable security measures via commands

We must have obtained admin privilege first, then execute following commands under administrator privilege.

  • Disable built-in firewall
netsh advfirewall set allprofiles state off
Disable Windows firewall
Disable Windows firewall

  • Disable Windows Defender (Via sc stop or net stop command, or via registry)

  • Disable DEP
bcdedit.exe /set {current} nx AlwaysOff 

  • Disable Bitlocker
manage-bde -off C:

(Use following command to check Bitlocker status)

manage-bde -status C:
manage-bde
manage-bde