Penetration Testing with Kali Linux OffSec
parts of the material as many times as they would like
|
|
parts of the material as many times as they would like. In lieu of this sort of repetition, we often choose to take an indirect route to the finish line. For example, we might try things that don’t work so that we can experience the act of picking ourselves up and trying again. This is the metaphorical equivalent of moving the target around a bit. Put simply, we feel that memorizing syntax is less important than being familiar with challenges and comfortable with a bit of struggle as a necessary character trait for someone in the field of information security. Let’s make one other note here while we’re on the subject. We expect that just about every student will get stuck at some point in their learning journey. We don’t see this as a negative. Getting stuck isn’t fun, but we believe that being comfortable in a situation where we might not have all of the information and working through the problem is critical to success in the field of cyber security. To that end, we both sometimes take an indirect route to the finish line (in order to encounter “getting stuck”) and provide technical exercises that ask students to go beyond simply repeating covered material. Our goal is to help you practice getting stuck enough that you become quite comfortable with recovering. To that end, we have written about this notion, which we call The Try Harder Mindset , in greater detail and with some specific strategies elsewhere. 153 4.3.4 Contextual Learning and Interleaving Whenever possible, OffSec’s learning materials will present a new skill as part of a realistic scenario. This can be difficult with more basic skills, like the command used to rename a file, but as we move deeper and deeper into the materials, we will find ourselves working through hands- on scenarios that are as representative of the real world as possible. Teaching this way takes more time; however, learning new skills in a realistic context drastically improves a student’s retention and success. 154 Students may also find that when information is presented in context, they are actually learning several things at once. For example, if we are learning about how an attack method might be both executed and detected at the same time, our brain can make more connections to help us learn effectively. This method is called interleaving . 155 4.4 Case Study: chmod -x chmod It may be difficult to understand some of these ideas about teaching and learning completely out of context. In order to observe some of these ideas “in action”, let’s take a moment to learn about something called executable permissions . 156 We’ll use this as a sort of case study to better 153 (OffSec, 2023), https://www.offensive-security.com/offsec/what-it-means-to-try-harder/ 154 (Osika, MacMahon, Lodge, Carroll, 2022), https://www.timeshighereducation.com/campus/contextual-learning-linking-learning- real-world 155 (University of Arizona, 2022), https://academicaffairs.arizona.edu/l2l-strategy-interleaving 156 (Arora, 2013), https://www.thegeekstuff.com/2013/02/sticky-bit/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 69 understand how the OffSec training materials are presented and how we might approach learning. For this next section, please keep in mind that it is fine if the content is more technical than what you feel you are ready for or if you are not able to follow along. For example, we’re going to start off by saying “Every file on a Linux machine has a number of properties associated with it.” It is fine if, as a reader, you don’t know what a Linux machine is yet, or what properties are, or even what files are. We’ll try and keep things pretty basic for a while, and then we’ll go a little deeper. If you’re a bit more experienced in Linux, you may enjoy the puzzle that we work through as we go on. Again, the purpose here isn’t actually to learn about the executable portion, but to have an example so that we can discuss how we might approach teaching such a subject. This Learning Unit covers the following Learning Objectives: 1. Review a sample of learning material about the executable permission, expand beyond the initial information set, and work through a problem 2. Understand how OffSec’s approach to teaching is reflected in the sample material While each student will learn at their own pace, this Learning Unit should take about 30 minutes to complete. 4.4.1 What is Executable Permission? Every file on a Linux machine has a number of additional properties associated with it. These include when the file was created, what user created it, which users have permissions to read that file, and even the name of the file itself. File permissions are particularly important. They indicate whether or not we are allowed to either read, write, or execute a particular file. We might think of the word write in this context as our ability to make certain changes to a file. This could, for example, be set to not allow us to write to a file, which might keep that file from being accidentally deleted. The permissions might also be set to not allow us to read a file that has information in it that we shouldn’t be allowed to view. These are called the file permissions , 157 and they pertain to a few different types of users who might be on this computer: the file owner, the user ownership group, and anyone else. These different classes of users can be given (or denied) permission for each of the three actions above: read, write, and execute. For the sake of this Module, we’ll focus only on the owner of the file, ourselves in this case. Let’s open a terminal and review how this works in practice. We’ll touch 158 a file (newfilename.txt), which will create it and automatically make us the owner. Then we’ll use the listing command ls 159 to gather information about the file, providing the -l parameter that will produce a long listing including the file permissions. 157 (Study Tonight, 2022), https://www.studytonight.com/linux-guide/understanding-file-permissions-in-linux-unix 158 (Rani, 2021), https://www.geeksforgeeks.org/touch-command-in-linux-with-examples/ 159 (Verma, 2021), https://www.geeksforgeeks.org/practical-applications-ls-command-linux/ Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 70 kali@kali:~$ Yüklə Dostları ilə paylaş:
|