OT SIEM

Kali - Lab 3
from NANO
to WGET

By

Zakhar bernhardt
linkedin.com/in/zakharb

OT SIEM LEVELING GUIDE 1-60

SECURITY TREE
LEVEL 2
KALI
 Zakhar bernhardt
linkedin.com/in/zakharb

INTRODUCTION
KALI & LABSHOCK
NANO
COMPARING FILES
MANAGING PROCESSES
FILE & COMMAND MONITORING
DOWNLOADING FILES
CONCLUSION

Zakhar bernhardt Security Tree Level 2 - Kali

 Zakhar bernhardt
linkedin.com/in/zakharb

INTRODUCTION
ABOUT THIS GUIDE

This lab provides a hands-on experience with various tools and

techniques used in penetration testing and system administration.

By using Labshock, a virtualized environment, you’ll access Kali

Linux as the Pentest Station and learn how to ef ciently manage
processes, monitor les, and compare con gurations.

The exercises will also introduce you to basic le and command

monitoring, as well as downloading les via wget and curl.

These tools and commands are integral to cybersecurity tasks,

offering exibility and speed when handling different types of
penetration testing scenarios.

Zakhar bernhardt Security Tree Level 2 - Kali

fl
fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

KALI & LABSHOCK

ACCESSING KALI LINUX

Kali Linux is included in Labshock as the Pentest Station, which

provides a pre-con gured environment for security testing. Before
using Kali, you need to start Labshock and connect to the system.

Key Concepts
Labshock runs multiple virtualized environments, including the
Pentest Station.
SSH is the recommended method to connect to the Kali instance.
By default, Kali runs as a regular user, but administrative tasks
require sudo

Links
Github Page
https://github.com/zakharb/labshock
Wiki Page
https://github.com/zakharb/labshock/wiki
Quickstart Guide
https://github.com/zakharb/labshock/wiki/Quickstart-Guide
Discord Server
https://discord.gg/bpmaQFfW76

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

CONNECTION STEPS

To get started, you need to:

1. Start Labshock: docker-compose up
2. Identify Pentest Station SSH port in docker-compose.yml
3. Default port is 2222
3. Connect via SSH: ssh pentest@localhost -p 2222
4. Default username/password is pentest/pentest

Zakhar bernhardt Security Tree Level 2 - Kali

 Zakhar bernhardt
linkedin.com/in/zakharb

NANO
EDITING FILES FROM THE COMMAND LINE

Editing les directly from the terminal is a key Linux skill, especially
in penetration testing when working on a Unix-like system.

While graphical editors like gedit and leafpad exist, we will focus on
terminal-based editors, which offer speed and exibility.

There are many options, but we will cover the basics of one of the
most commonly used editors: nano

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fl
 Zakhar bernhardt
linkedin.com/in/zakharb

MAIN FUNCTIONS & COMMANDS

Nano is a simple and user-friendly terminal-based text editor. It is

pre-installed on most Linux distributions and is useful for quick edits.
Basic Controls
nano lename : Open a le (creates one if it doesn’t exist)
Ctrl + O : save (Write Out)
Ctrl + X : exit
Ctrl + K : cut a line
Ctrl + U : paste a line
Ctrl + W : search
Ctrl + \ : search and replace

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

EXERCISES NANO

1. Create a new le with Nano, add text, save and exit.

2. Search for a word in a le and replace it with another.

3. Cut a line, paste it elsewhere, save and exit.

4. Edit a le, then exit without saving to discard changes.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

COMPARING FILES
FILE COMPARISON

File comparison is useful for system administrators, network

engineers, penetration testers, and IT professionals. It helps track
changes, troubleshoot issues, and verify con gurations.

Two common command-line tools for le comparison are comm & diff:
comm compares sorted les line by line and shows unique and
common lines.
diff highlights differences between les, making it useful for tracking
modi cations.

Understanding these tools makes it easier to analyze con guration

changes, log differences, and troubleshoot issues ef ciently. In the
next section, we will cover their usage with examples.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

COMM

The comm command compares two sorted les and outputs three
columns:
- IPs unique to the rst le
- IPs unique to the second le
- IPs common to both les

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

DIFF

The diff command compares two les line by line and shows the
differences between them. It’s useful for identifying changes,
discrepancies, and variations in les.

Options
-u : uni ed format (shows a few lines of context)
-i : ignore case differences
-w : ignore all whitespace

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

EXERCISE: USING COMM AND DIFF

1. Compare two lists of IP addresses using comm and show only the
common IPs.

2. Use comm to nd the IPs that are only in the second le.

3. Compare two IP address les using diff and identify the differences
between them.

4. Use diff -u to show the uni ed format and highlight the changes
between two sorted IP lists.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

MANAGING PROCESSES
MULTITASKING & PROCESSES

Managing processes is essential for system administration and

troubleshooting. In Linux, you can monitor and control processes
using commands like ps, top, kill, fg, jobs & bg.

ps: displays information about active processes

top: provides a dynamic view of system processes
kill: terminates a process by sending a signal
fg: brings a background process to the foreground
jobs: lists jobs running in the background
bg: resumes a suspended process in the background

In this section, we'll cover how to use these commands to manage

processes effectively, ensuring proper system performance and
troubleshooting during tasks like penetration testing or system
administration.

Zakhar bernhardt Security Tree Level 2 - Kali

 Zakhar bernhardt
linkedin.com/in/zakharb

BACKGROUNDING PROCESSES: BG

When running processes in the terminal, they typically occupy the

session until they nish. For long-running tasks, you may want to
background the process to free up the terminal for other commands.
This is especially useful for complex tasks, like network scans or large
data transfers, which can take time to complete.
You can send a process to the background immediately after it starts
by appending an ampersand (&) to the command. Here's an example:
However, if you forget to add the ampersand and the process runs in
the foreground, you can suspend it by pressing Ctrl+Z.
Then, use the bg command to resume the process in the background:

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

JOB CONTROL: JOBS & FG

To monitor and manage background processes, we use two important

commands: jobs & fg
jobs: displays the list of background jobs in the current session
fg: brings a background job back to the foreground

By using jobs and fg, you can easily manage processes, bringing them
to the foreground as needed and ensuring that the terminal stays
responsive for other tasks.

Zakhar bernhardt Security Tree Level 2 - Kali

 Zakhar bernhardt
linkedin.com/in/zakharb

PROCESS CONTROL: PS

The ps command is used to display information about processes. You

can customize the output using various options. Here’s a quick guide
to the most common options:
ps -e : show all processes
ps -f : show full format
ps -C : show processes by command name

ps useful for nding processes related to a particular programs or

services.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

PROCESS CONTROL: KILL

The kill command sends signals to terminate processes. To stop a

process, you need its PID (Process ID). First, nd the PID using ps:
kill [PID] - terminate by PID
kill -9 [PID] - force terminate by PID

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

EXERCISES WITH PROCESSES

1. Background a Process: Run a ping command to a host (e.g., ping -c

100 google.com) and background it using &.

2. Check Jobs: Use the jobs command to list the background

processes.

3. Bring a Process to Foreground: Use the fg command to bring the

ping process back to the foreground.

4. Find and Terminate the Process: Create process, put to

background, use ps -e to nd the background PID of the ping process
and terminate it using the kill command.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

FILE & COMMAND MONITORING

TAIL & WATCH

During a penetration test, it's crucial to monitor les and commands

in real-time to track system activities. Two powerful commands for
this purpose are tail & watch.

tail - Monitoring File Changes

watch - Monitoring Command Output

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

TAIL

The tail command is used to view the last few lines of a le. It's
particularly useful for monitoring log les or any le that changes
frequently.

tail /path/to/ le - to monitor a le and display the last 10 lines

tail -f /path/to/ le - to continuously monitor the le for new additions

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

WATCH

The watch command runs a command repeatedly at regular

intervals. By default, it runs the speci ed command every two
seconds. However, you can adjust this interval with the -n option to
set a custom time (in seconds).
For example, to list logged-in users with the w command every 5
seconds:

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

TAIL & WATCH EXERCISES

1. Use watch to run the ls -l /home command every 3 seconds to

monitor changes in the /home directory.

2. Run the df -h command every 10 seconds using watch to monitor

disk usage.

3. Use watch with the w command to check logged-in users every 5

seconds.

4. Monitor the contents of some le in/var/log/ every 2 seconds using

watch tail.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

DOWNLOADING FILES
WGET & CURL

When it comes to downloading les from the internet, two commonly

used commands in Linux are wget and curl. Both allow you to
download content from URLs, but they have different features and
use cases.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
 Zakhar bernhardt
linkedin.com/in/zakharb

WGET

The wget command is a simple, non-interactive tool used for

downloading les from the web. It works with HTTP, HTTPS, and FTP
protocols.

Options:
-b : download in the background
-c : continue an incomplete download
-r : recursive download
-l : set recursion level
-N : only download newer les
—limit-rate : limit download speed
-P : specify download directory
-q : quiet mode
—no-check-certi cate : disable SSL certi cate veri cation

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

WGET

The curl command is a versatile tool for transferring data using

various protocols. Unlike wget, curl is often used for API requests
and handling various data transfers beyond simple le downloads.

Options:
-O : save the le with the same name as the remote le
-o : save the le with a speci ed name
-L : follow redirects
-C : resume a partially downloaded le
—limit-rate : limit download/upload speed
-u : specify username and password for authentication
-I : fetch the HTTP header only
-s : silent mode (no output)
-T : upload a le
-d : send data with POST request
-H : add custom HTTP headers
-x : use a proxy
-k : allow insecure SSL connections

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

EXERCISES

1. Use wget to download a le from a given URL and save it in a

speci c directory of your choice.

2. Use curl to download a le from a URL, but save it with a different

lename than the one on the server.

3. Use wget with the -c option to resume a partially downloaded le.

4. Use curl to fetch the HTTP headers of a URL and display them in
the terminal using the -I option.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

CONCLUSION
SUMMARY OF KALI & BASH

In this lab, you've explored essential Linux tools that are crucial for
penetration testing and system monitoring.

You have learned how to connect to Kali Linux in Labshock, edit les
using Nano, compare con gurations with comm and diff, and manage
processes with commands like ps, jobs, and kill.

Additionally, you gained practical knowledge in monitoring les with

tail and watch, as well as downloading les using wget and curl.

Zakhar bernhardt Security Tree Level 2 - Kali

fi
fi
fi
fi
 Zakhar bernhardt
linkedin.com/in/zakharb

Thanks a lot
yours
Zakhar bernhardt

Follow me on
linkedin.com/in/zakharb
x.com/zakharbernhardt
github.com/zakharb

Join discord server

https://discord.gg/bpmaQFfW76

Github PAGE
https://github.com/zakharb/labshock

YOU CAN USE OT SIEM LEVELING GUIDE FOR MORE INFO

https://www.linkedin.com/pulse/ot-siem-leveling-guide-0-60-zakhar-
bernhardt-7fczf/

Zakhar bernhardt Security Tree Level 2 - Kali