Читать книгу Kali Linux Penetration Testing Bible - Gus Khawaja - Страница 42
Searching and Filtering Text
ОглавлениеOne more thing to learn in the world of text files is the search mechanism. There are so many ways to search and filter out text, but the popular ones are as follows:
grep
awk
cut
You've seen me using the grep
command a lot. This filter command is structured in the following way:
$grep [options] [pattern] [file name]
Let's say you want to search for the word password in all the files starting from the root system ( /
).
root@kali:/# grep -irl "password" / /boot/grub/i386-pc/zfscrypt.mod /boot/grub/i386-pc/normal.mod /boot/grub/i386-pc/legacycfg.mod
Here's what the options mean:
‐i : To ignore case and include all the uppercase/lowercase letters
‐r : To search recursively inside subfolders
‐l : To print the filenames where the filter matches
As another example, let's say you want to count the number of occurrences of the word password in the dictionary file rockyou.txt
:
root@kali:/# cd /usr/share/wordlists/ root@kali:/usr/share/wordlists# grep -c "password" rockyou.txt 3959
The awk
command is an advanced tool for filtering text files, and it uses the following pattern:
$awk /[search criteria]/ [options] [file name]
For example, let's say you want to search for the text root inside the /etc/passwd
file:
root@kali:/# awk '/root/' /etc/passwd root:x:0:0:root:/root:/bin/bash nm-openvpn:x:125:130:NetworkManager OpenVPN,,,:/var/lib/openvpn/chroot:/usr/sbin/nologin
Let's take the challenge one more step further. Let's say you want to extract the password of the root in the /etc/shadow
file (you can print the whole thing first so you can visualize the difference of before and after):
root@kali:/# awk '/root/' /etc/shadow root:$6$uf2Jy/R8HS5Tx$Vw1wHuBV7unq1hImYGTJdNrRwMwRtf0yd/aSH0zOhhdzWofAT5WUSduQTjWj8AbdmT62rLbcs6kP3xwdiLk.:18414:0:99999:7::: root@kali:/# awk -F ':' '/root/{print $2}' /etc/shadow $6$uf2Jy/R8HS5Tx$Vw1wHuBV7unq1hImYGTJdNrRwMwRtf0yd/aSH0zOhhdzWofAT5WUSduQTjWj8AbdmT62rLbcs6kP3xwdiLk.
We know that the shadow file is using the :
delimiter to separate the sections, so we use ‐F ':'
to get the job done. Then, we tell the tool to print only the second part of the delimiter {print $2}
, which is the hashed password contents.
Another popular way to extract substrings is the cut
command. In the following example, we use the cat
command to open the shadow file; then we use the grep
command to filter out the root account, and finally, we use the cut
command to extract the password:
root@kali:/# cat /etc/shadow | grep "root" | cut -d ":" -f 2 $6$uf2Jy/R8HS5Tx$Vw1wHuBV7unq1hImYGTJdNrRwMwRtf0yd/aSH0zOhhdzWofAT5WUSduQTjWj8AbdmT62rLbcs6kP3xwdiLk.