Throughout this book we cover tools for many different operating systems. To use the full gamut of tools, many users build workstations with multiple operating systems installed on them. If they are running Windows and need to use a Unix tool, then a quick reboot puts them in a Unix environment. This seems like a satisfactory solution, but loading more than two operating systems can get tricky. Making several operating systems coexist and cooperate peacefully on the same system can sometimes be difficult because of partitioning issues on your hard drive. Also, continuous reboots to switch operating systems is a hassle.
VMware Workstation enables you to run multiple operating systems concurrently. You need install only one operating system to serve as the host (either Windows or Linux). VMware allows you to create virtual, or guest, machines to run an operating system on virtual hardware.
You can "power on" a virtual machine and you'll see the operating system's familiar boot sequence within VMware, just as it would on real hardware. The virtual machine supports almost any operating system that installs on Intel-based hardware, from DOS 4.1 to Windows to Linux to FreeBSD. Creating a new virtual machine merely takes up disk space on your host system; no partitioning or modification of boot sectors is necessary.
Although this book exhibits a heavy bias towards free (and open-source) tools, VMware is a commercial product available for download at http://www.vmware.com/. You can register with VMware for a 30-day trial license key. The download for version 5.0 is a bit hefty, weighing in at around 60–70MB depending on which operating system you choose for the host.
Once you've obtained VMware's setup program from the web site or from CD, the Windows installation process is rather simple. VMware wants to disable the CD-ROM Autorun feature because it may interfere with guest systems. As a general practice, it's a good idea to disable CD-ROM Autorun unless you trust the creator of every CD you put in your computer. Allowing Autorun to blindly run an application on a CD (that may or may not be trustworthy) is equivalent to executing an unknown e-mail attachment. Given these two reasons, you should probably click Yes. Tip VMware Workstation is officially supported on Windows (NT, 2000, or XP) and Linux platforms; however, you can also run VMware on Unix systems that support Linux emulation (like FreeBSD). The OS on which VMware is installed is called the host OS. VMware installs some network utilities that help manage virtual machines. Since the virtual machines under VMware are supposed to behave like individual systems, each virtual machine needs to have its own network adapter and IP address. VMware has several different networking options, which we'll cover later. VMware is mostly agnostic towards Linux distributions; the real constraint is the kernel version of the host. VMware should run on the most recent 2.4 and 2.6 versions. If the install process does not detect a precompiled module for your Linux flavor and kernel version, then it prompts you to compile one on the fly. Make sure you have the kernel source installed. The kernel source will have to at least be configured identically to the kernel into which you're installing VMware. This doesn't mean you'll necessarily have to recompile your kernel. Mandrake, for example, places its kernel's config text files in the /boot directory. Look for a file like config-2.6.11-6mdk-i686-up-4GB or whatever matches your system's
VMware greets you with the screen shown in Figure 3-1. You'll need a valid license key (trial keys last for 30 days) in order to create or use a VMware virtual machine.
Figure 3-1: VMware welcome screen
A virtual machine must be prepared before it can be used. Use the VM wizard to create a virtual machine's profile. The options enable VMware to select the most appropriate hardware devices to accommodate the operating system to be installed in the virtual machine. VMware will prompt you for the guest operating system you intend to install into the virtual machine. The list contains most operating systems and provides an "Other" choice if you're trying a less-known OS. The biggest reason for this prompt is so VMware can provide correct drivers to the guest system.
One important option is choosing the initial network environment that the guest operating system will see. Bridged networking sets up the guest so that it is a peer of the host system. A NAT configuration places the guest system "virtually behind" the host. It can access the network, but cannot be directly accessed from other systems on the network. Host-only networking means that the guest system can only access its host, regardless of the presence of other systems on the network. Figure 3-2 shows these options. Whatever option you choose at this step can be changed if you later decide to try a different configuration.
Figure 3-2: VMware network options
Another important consideration is choosing the disk configuration to use with the machine. Virtual disks are basically huge (multiple gigabyte) files that reside on the host's operating system. Yet to the guest operating system in the virtual machine, these files appear to be clean, new hard drives. This is typically the best option if you are testing operating systems or creating a restricted environment in which to test unknown or potentially malicious software. The other disk management choice is to use one or more partitions that already physically exist on the host computer. This option is useful for hosts that have already been configured to boot into multiple systems. The wizard provides these options, as shown in Figure 3-3.
Figure 3-3: Virtual disk management options
Once you have completed the wizard, the virtual machine's skeleton will be ready. Note that no operating system has been installed yet. At this point, the virtual machine just has a BIOS to handle the boot sequence and access the virtual hardware. Devices can be added or removed at any time, but this might impact the guest operating system. If you were to start the machine, you would see the BIOS check memory, disks, and then complain that no operating system is installed. A virtual machine, ready for a guest system, is shown in Figure 3-4.
Figure 3-4: VMware virtual machine fully configured
Before we install a guest system onto the virtual machine, let's examine the hard disk options in the Configuration Editor, accessible by clicking the Virtual Disk device. You can change the disk file that a device uses as well as size limits. By default, virtual disks are considered persistent; that is, changes to the operating system are written directly to the virtual machine. A useful feature of VMware is that you can make a disk file undoable or nonpersistent. Making a disk nonpersistent lets you wipe out any disk changes since powering on the system. You could even format the entire nonpersistent virtual hard drive and restore it to the original state at a later time. Undoable mode is probably the most popular mode, because it gives you a choice of saving changes to the disk or discarding them.
In addition to virtual hard drives, you can use the Add Hardware Wizard to create virtual floppy disks and CD-ROMs. By default, VMware will install floppy and CD devices based on the actual physical drives it finds on your system. In addition to using the physical drives, you can have VMware use floppy, CD, DVD, or ISO images. The files appear as physical disks to the guest system. They can be mounted, unmounted, written to, and ejected as any other disk. You can even take an ISO and burn it to a physical CD for use by other systems.
Operating systems are installed into virtual machines in the identical manner they would be on real hardware. In fact, you could even run Gnoppix (covered later in this chapter) from its ISO image within VMware. One thing to note is that the VMware window won't gain the mouse or keyboard focus (accept user input) until it receives a mouse-click in the window. Tip Use CTRL-ALT to release mouse control from the guest operating system to the host. If you install guest tools, then you may be able to simply move the mouse into and out of the guest. VMware tools are a collection of drivers and utilities specifically designed for maximum performance within the guest operating system. VMware tools must be installed after the operating system is installed. If your virtual machine desires lie more with experimentation than 100 percent emulation, you may wish to check out the Bochs, plex86, or Wine projects. Bochs (http://bochs.sourceforge.net) strives for full x86 CPU emulation. Thus, it would serve as a test environment for installing any operating system designed for the x86 platform. It has a few drawbacks due to this. First, the project, although actively maintained, is not complete and can run only Linux, Windows 95, or Windows NT somewhat reliably. Second, the code is designed for completeness, not efficiency—guest systems will suffer noticeable performance impacts. Plex86 (http://plex86.sourceforge.net) also aims for x86 CPU emulation, but it takes a different route from Bochs. Plex86 focuses on the core CPU instructions necessary to run a Linux installation. Thus, performance improves at the cost of comprehensiveness. Wine (http://www.winehq.com) does not emulate the x86 CPU. Instead, the Wine project attempts to create a Windows API on top of Linux (or BSD). The goal of Wine is not to provide an environment for arbitrary operating systems, but to provide a Windows-like environment on Linux in which native Windows applications can be executed. Each of these alternatives provides useful functionality but not robust CPU and hardware emulation needed to run virtual machines without error. Nevertheless, they are community projects that will only benefit from use, bug reports, and more developers. If a commercial emulator is not an option, one of these may solve your virtual machine problems. Virtual PC is quite similar to VMware Workstation. It provides a virtual hardware environment based on an Intel platform. What distinguishes it, though, is its support for the Mac OS X platform. Microsoft recently acquired the software, so Virtual PC is supported on Windows as well as OS X platforms. It is a commercial product, so you'll have to shell out some money to take advantage of its capability. This section highlights the Mac edition. Virtual machines are prepared with the help of a wizard, shown in Figure 3-5. Virtual PC does not support direct disk access. Any guest system you create will be a large file on the order of several gigabytes, depending on the operating system. Devices are added, removed, and managed via a simple, clear interface common with the Apple applications. Figure 3-6 shows a device list for a Windows 2003 guest system. A virtual machine can be networked as a peer system on the network (Virtual Switch) or by using Network Address Translation (NAT). If you have a Windows-based guest system, then you have the additional options of integrating the Start menu into the OS X dock and sharing folders between the guest and the host. If all you will be doing is setting up virtual machines for testing, then you'll probably just be focusing on the choice of disk space, RAM, and networking options. An operating system is installed in a virtual machine in the identical way you would install it on real hardware. You needn't worry about BIOS settings or devices. Virtual PC handles this for you. Plus, you can add devices to the operating system at a later time. Like VMware, Virtual PC allows you to assign floppy images and CD, DVD, or ISO images to a virtual machine as if it were a physical disk. Disks are mounted and unmounted by using the appropriate icon on the bottom bar of the virtual machine. For example, Figure 3-7 shows a virtual machine in which OpenBSD 3.7 is to be installed. The floppy disk icon was used to capture the floppy37.fs file that contains the boot image for new OpenBSD installs. From this point on the installation process follows the standard OpenBSD procedure. Case Study: Creating Practice Targets If you perform many penetration tests or you administer a network with many different systems, having a suite of virtual machines at your disposal is a valuable asset. Virtual machines provide quick, easy access for testing patches, new software, or configuration changes. It's simple to roll back or undo configuration changes, or just copy an image for modification. Shown here is a list of guest systems in Virtual PC, three of which are currently running. Imagine you're conducting a penetration test and you come across a Mandrake 9.2 system that you suspect to be vulnerable to an exploit in your testing tool kit. Rather than blindly trying the exploit, which might have nasty side effects like crashing the system, you could try it out on the virtual machine first. It also enables you to customize the exploit for your target. An OpenSSH exploit designed for a RedHat system will probably work against an SSH daemon running on Mandrake, but you might have to tweak offset values or other properties of the exploit. It's best to do such work in a lab rather than against a live system. Creating an image of the target also helps you determine what information to retrieve from the system and perhaps even automate the attack. Of course, a fresh installation will not have the same user accounts or the exact number of patches, but it will let you know command paths, location of configuration files, and even likely security measures available by default. Thus, you can verify that a Python or Perl information collection script will execute in the specific target environment. The same can be said from a Windows perspective. While most penetration tests can be done from a BSD, Linux, or OS X platform, there are occasional needs for a Windows-based client or utility. You could install this utility in a virtual machine and have a complete attack platform at your disposal. Additionally, all of the profiling and testing steps described in the previous paragraph apply to Windows targets as well. Exploits may behave differently between Windows XP with and without Service Pack 2. In the end, the best exploits work against the largest possible set of targets, but you need to develop this some way—virtual machines help immensely. Tip Hold down the Apple key and move the mouse to release its focus from a virtual machine. GNOPPIX Gnoppix is a Linux distribution that is designed to be a complete, self-contained operating system that runs from a CD. In other words, you need not worry about re-partitioning a hard drive or verifying sufficient disk space is present for a virtual disk. Gnoppix boots from a CD and creates a virtual disk drive based on memory. It is available from http://www.gnoppix.com/. Since Gnoppix is a CD-based operating system environment, you can only create files that exist temporarily in memory. Thus, it's not a good choice for word processing or games. There are other uses for which Gnoppix is better suited. That isn't to say that running OpenOffice isn't viable. It merely means that you'll need a storage device for documents you wish to create or edit. Such a device might be a hard drive, an NFS share, a Samba share, a USB token, or something similar. You could even save the files to Gnoppix's RAM-based disk, but be sure to move them somewhere else before you shut down the system. Gnoppix, or any other CD-based operating system, is a great way to experiment with Linux without reformatting a hard drive, dealing with multiple boot managers, or worrying about hardware support. If you've ever thought about giving Linux a try but didn't want to dedicate a laptop or Desktop to it, or you don't feel confident in partitioning a hard drive, then check out Gnoppix. The Gnoppix developers and user community have put great effort into creating a kernel that supports the widest possible range of hardware. It uses a 2.6 series kernel and the latest GNOME applications. Ideally, Gnoppix's only limitation is that it must be run on an Intel (or compatible) processor. During the initial boot sequence you will be prompted for language, keyboard, and video information. It is possible to access and tweak other options if you boot with the expert mode. Most of the time, those options are only necessary for troublesome hardware. Tip Gnoppix requires at least 128MB of RAM. Gnoppix boots into an X Window environment (based on Xorg) with a nonroot user account named ubuntu. Note that by design Gnoppix is not intended to be a permanent, multi-user system. You can execute root-privilege programs with the
Figure 3-5: Virtual PC configuration wizard
Figure 3-6: Virtual PC device management
Figure 3-7: Using a floppy image with Virtual PC
Figure 3-8: Gnoppix welcome screen
Press CTRL-ALT-F1 (or any of F1 through F6) to obtain a text prompt if you'd rather avoid the GUI. Pressing CTRL-ALT-F7 brings you back to the GNOME Desktop.
Perhaps one of the most useful things Gnoppix can do for you is retrieve data from a corrupted disk or an operating system that refuses to boot. The prerequisites for Gnoppix to successfully boot do not include a working disk drive. It also has menu options that enable the user to mount the disk drive and access its partitions. Since Gnoppix uses the Linux kernel, it supports most file systems, including NTFS read access.
File system permissions are enforced by the operating system. Take the case of files on an NTFS structure that are read-only by the Administrator account. Windows 2003 ensures that only users with administrator privileges may access those files. However, if the disk drive can be mounted by a different operating system, such as Gnoppix, then the file permissions are not enforced. Properly implemented encryption is the only countermeasure for mitigating unauthorized physical access to a drive.
Open the Applications menu and select System Tools, then Root Terminal. You could do the same thing with the ubuntu user (default account) using the sudo command. Next, make a directory in which to mount your Windows file system. Now, mount the partition. Tip Most Windows partitions will appear on the /dev/hda1 device. Multiple disks, operating systems, or partition schemes will affect this value.
root@ubuntu:~# mkdir /mnt/win32
root@ubuntu:~# mount /dev/hda1 /mnt/win32
root@ubuntu:~# cd /mnt/win32
root@ubuntu:~# ls
AUTOEXEC.BAT BACKUP boot.ini
BOOTSECT.DOS Config.Msi CONFIG.SYS
Documents and Settings DOS IO.SYS
MSDOS.SYS NTDETECT.COM ntldr
pagefile.sys Program Files Recycled
RECYCLER System Volume Information
WINNT WUTemp
At this point you have full access to the Windows file system, regardless of the NTFS permissions associated with the files and directories. Consequently, you can retrieve files from the disk if it refuses to boot or has otherwise been corrupted. Note that Linux's file system support will attempt to suppress errors and corrupted files. If the disk is too damaged, then you may have to mount it as a raw device—something that we'll cover more in depth in the forensics chapters.
|
VMware is a great tool for running multiple operating systems (or multiple virtual machines) from the same Windows- or Linux-based OS, but for those who want to have the best of both Windows and Unix worlds, Cygwin might be a simpler, less expensive alternative. Cygwin is a free Unix subsystem that runs on top of Windows. Cygwin uses a single dynamic-link library (DLL) to implement this subsystem, allowing the community to develop "Cygwin-ized" Unix tools that use the DLL to run on Windows. Imagine running vi, bash, GCC, tar, sed, and other Unix favorites while still having the power of Windows. While some organizations will port these applications or variations of these applications to a native Windows OS, Cygwin makes the transition process of porting a bit easier.
For system administrators and network professionals, Cygwin is a cheaper alternative to getting some of the more important Unix utilities for system analysis (md5sum, strace, strings, and so on) onto a Windows box. Another point of favor for Cygwin is that it enables you to create simple (or complex) programs quickly. Cygwin includes a free compiler for C and C++ (and even Fortan and some other languages, if you're adventurous) and has a mostly complete Unix API. This is a great advantage for penetration testing or just developing some useful programs.
The Cygwin environment and its associated tools are all freely available under the GNU General Public License. You can begin the installation process by going to http://cygwin.com/ and downloading the setup program. The setup program downloads the files it needs from a Cygwin mirror site of your choosing and installs them into a specified location by default. You can choose between Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Rsync download methods.
You will be asked a few questions, such as whether or not you want the text files generated by Cygwin applications to be in DOS or Unix format. DOS file lines end with a newline and a carriage return while Unix file lines only end with the newline; if you've seen ⁁M characters at the end of your text files, chances are they were transferred between a Unix and Windows system in binary format rather than ASCII. If you are running on a multi-user Windows box, you will also be asked if you want to install the application for your user ID alone or for everyone on the system.
The Cygwin installer will also ask you which tools you want to install by presenting you with a screen like the one shown in Figure 3-9.
Figure 3-9: Cygwin setup
You can use the Prev, Curr, and Exp options to have the installer automatically install older, current, or experimental versions of the software. Be careful: if you go through the list and choose to install certain applications and then click one of these buttons, your other selections will get wiped out.
Use the View button to cycle between different lists of the available packages. Full view is probably the easiest to work with and is shown in Figure 3-10.
Figure 3-10: Cygwin setup full view
Full view displays all available packages alphabetically. Click a field in the New column in order to select an option for the package. The options will be to install, reinstall, keep, or remove a package. If you also wish to have the source code available, check the Src? field. Tip If you omit a package and wish to install it at a later time, rerun the Cygwin setup program; it will update currently installed packages and let you select new ones to install. After you select the desired packages and their options, Cygwin retrieves and installs them. This can take some time depending on the speed of your Internet connection and the number of packages you choose. The Cygwin environment is ready for business once this stage completes. Double-click the Cygwin icon. You'll see a screen similar to the following: The cygwin.bat script runs from a DOS command prompt, sets up the Cygwin environment, and starts a bash shell in Windows. Cygwin does its best to set up intelligent Unix-like environment variables based on your Windows environment. Depending on the packages you installed, you can now run Unix utilities with ease. If you're a Unix user, you've undoubtedly wished that Windows had a
PID PPID PGID WINPID TTY UID STIME COMMAND
3193213 0 0 4291774083 ? 0 Dec 31 C:\WINDOWS\SYSTEM\KERNEL32.DLL
63753 0 0 4294903543 ? 0 Dec 31
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
60569 0 0 4294906727 ? 0 Dec 31
C:\WINDOWS\SYSTEM\MPREXE.EXE
77349 0 0 4294889947 ? 0 Dec 31
C:\WINDOWS\SYSTEM\RPCSS.EXE
196093 0 0 4294771203 ? 0 Dec 31
C:\WINDOWS\SYSTEM\mmtask.tsk
191237 0 0 4294776059 ? 0 Dec 31 C:\WINDOWS\EXPLORER.EXE
237709 0 0 4294729587 ? 0 Dec 31 C:\WINDOWS\TASKMON.EXE
230713 0 0 4294736583 ? 0 Dec 31
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
217533 0 0 4294749763 ? 0 Dec 31
C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE Tip Cygwin assumes the .exe extension whenever you run a program. Typing foo on the command line will execute the "foo" binary, if it exists, or the "foo.exe" if it is within your current path variable.
Directory Structure and File Permissions
Cygwin mounts the system's local drives under the /cygdrive directory. This permits the normal Unix file system hierarchy to coexist with Windows. The cygdrive mount point includes hard-drive partitions, floppy drives, CD drives, and USB drives. Here is the example output of the df command, which reports disk usage for the file system's mount points:
istar@Kaitain ~
$ df
Filesystem 1K-blocks Used Available Use% Mounted on
C:\cygwin\bin 15358108 7873952 7484156 52% /usr/bin
C:\cygwin\lib 15358108 7873952 7484156 52% /usr/lib
C:\cygwin 15358108 7873952 7484156 52% /
c: 15358108 7873952 7484156 52% /cygdrive/c
d: 36033760 25047516 10986244 70% /cygdrive/d
e: 20482872 9193980 11288892 45% /cygdrive/e
f: 2149896 2149896 0 100% /cygdrive/f
By default, Cygwin installs into the C:\cygwin\ directory, although you can change this upon the first install. Cygwin makes this directory the root mount point. It then mounts C:\cygwin\bin on /usr/bin and C:\cygwin\lib on /usr/lib. The /usr/bin, /bin, and /usr/local/bin directories are added to the Cygwin path, but not your Windows path. The directories in your Windows path are imported into your Cygwin path so that you have the same access.
istari@Kaitain ~
$ echo $PATH
/usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/cygdrive/c/WINDOWS/
system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:.:
/cygdrive/c/Program Files/Common Files/GTK/2.0/bin:/bin
Cygwin also uses sensible file permissions for the "Unix" files, although it can't mirror the granularity of Windows Access Control Lists. Thus, files and directories have user and group ownership that you would expect to see. In fact, the chmod and chown commands work quite well on the NTFS file system. Let's run an ls –al command on some Windows files to find the answer.
istari@Kaitain /cygdrive/c/cygwin
$ ls -al
total 9
drwxrwx---+ 10 istari Users 0 Aug 9 11:57 .
drwxrwxr-x+ 14 Administrators SYSTEM 0 Sep 19 18:01 ..
drwxrwx---+ 3 istari Users 0 Sep 12 09:07 bin
-rwxr-x---+ 1 istari Users 57 Mar 14 2005 cygwin.bat
-rwxr-x---+ 1 istari Users 7022 Sep 12 09:07 cygwin.ico
drwxrwx---+ 22 istari Users 0 Sep 21 15:22 etc
drwxrwxrwx+ 3 istari None 0 Sep 19 17:27 home
drwxrwx---+ 38 istari Users 0 Sep 12 09:07 lib
drwx------+ 3 istari None 0 Aug 9 11:57 srv
drwxrwxrwt+ 2 istari Users 0 Sep 21 15:23 tmp
drwxrwx---+ 20 istari Users 0 Sep 12 09:07 usr
drwxrwx---+ 9 istari Users 0 Sep 21 15:22 var
Cygwin maps user and group ownership from the /etc/passwd and /etc/group files, which in turn are based on information pulled from the Windows host or domain. These files are created when Cygwin is first installed, but are not automatically updated when Windows users are deleted, modified, or added. In order to regenerate the /etc/passwd and /etc/group files, use the mkpasswd and mkgroup commands. Most of the time, it's best to work with Cygwin when it is associated with the local accounts on the Windows system; use the –l option to create the files based on local accounts rather than domain accounts (which can take a while to query).
istari@Kaitain /cygdrive/c/cygwin
$ mkpasswd -l | tee /etc/passwd
Administrators:*:544:544:,S-1-5-32-544::
Guest:unused_by_nt/2000/xp:501:513:Kaitain\Guest,S-1-5-21-1942068853
-1930885892-63110221-501:/home/Guest:/bin/bash
IUSR_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1000:513:Internet Guest
Account,Kaitain\IUSR_NTO-3JOKPSBH7KT,S-1-5-21-1942068853-1930885
892-63110221-1000:/home/IUSR_NTO-3JOKPSBH7KT:/bin/bash
IWAM_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1001:513:Launch IIS
Process Account,Kaitain\IWAM_NTO-3JOKPSBH7KT,S-1-5-21-1942068853
-1930885892-63110221-1001:/home/IWAM_NTO-3JOKPSBH7KT:/bin/bash
istari:unused_by_nt/2000/xp:500:513:Kaitain\istari,S-1-5-21-19420688
53-1930885892-63110221-500:/home/istari:/bin/bash
root:unused_by_nt/2000/xp:1011:513:root,U-SHUTTLE\root,S-1-5-21-1942
068853-1930885892-63110221-1011:/home/root:/bin/bash
sshd_server:unused_by_nt/2000/xp:1010:513:sshd server account,
Kaitain\sshd_server,S-1-5-21-1942068853-1930885892-63110221-1010
:/var/empty:/bin/bash
$ mkgroup -l | tee err
SYSTEM:S-1-5-18:18:
None:S-1-5-21-1942068853-1930885892-63110221-513:513:
Administrators:S-1-5-32-544:544:
Guests:S-1-5-32-546:546:
Power Users:S-1-5-32-547:547:
Remote Desktop Users:S-1-5-32-555:555:
Users:S-1-5-32-545:545:
If you're brave (and patient) enough to create these files from the domain, use the –d option instead of –l. Tip Unix-style user IDs are handled slightly differently in the Cygwin environment. The Windows equivalent of the root user is the system's Administrator account. Whereas the root user has UID 0, the Administrator will have a UID 500. This corresponds to the Relative Identifier (RID) of the user. Ultimately, what you can do with Cygwin depends on what packages you choose to install. But let's take a look at some of the more interesting uses. Running Windows Applications Not only can you run Unix-based applications, but you can run native Windows applications from the command line, as shown here.
istari@Kaitain ~
$ ipconfig
Windows IP Configuration
Ethernet adapter VMware Network Adapter VMnet8:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.244.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
Ethernet adapter VMware Network Adapter VMnet1:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 192.168.235.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
You can do the same thing with graphical applications like Notepad or, of course, more useful programs. After all, Cygwin provides both the vi and emacs text editors!
Building Programs in Windows What else can you do? If you install gcc, gdb, make, and the binutils, you now have a Windows C/C++ development environment. Granted, it's not as fancy as Microsoft's Visual Studio, but it's free and open source! Here's an example of compiling Netcat from the Unix tarball:
istari@kaitain /usr/local/src/nc
$ gcc -s -static -o nc netcat.c -lresolv
Info: resolving _h_errno by linking to __imp__h_errno (auto-import)
Info: resolving _optarg by linking to __imp__optarg (auto-import)
Info: resolving _optind by linking to __imp__optind (auto-import)
pyretta@shuttle /usr/local/src/nc
$ ./nc -h
[v1.10]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
Cygwin provides a mostly complete API for developers used to Unix environments. For more information on developing under Cygwin, check out http://cygwin.com/cygwin-api/cygwin-api.html. There are also some gcc extensions that allow you to bypass the Cygwin emulation libraries and build native Win32 applications. Tip If you're looking for an Open Source developer environment, check out Anjuta (http://anjuta.sourceforge.net/). Anjuta relies heavily on the GNOME project. It will run under Cygwin, but only after some significant effort and the installation of several GNOME libraries. Running Perl Scripts Even though Perl distributions are available for Windows, many of them are not free. Cygwin includes a port of the Perl engine, which enables you to run Perl scripts in a Windows environment. For example, the Nikto tool covered in Chapter 7 runs in Cygwin's Perl environment. You can even use the Perl CPAN utility to update packages. Helpful Unix Tools You now have access to a myriad of useful Unix tools from within Windows, many of which can be helpful to the system administrator or network security professional for system analysis. Here are a few:
- sed Command-line stream editor; good for things like search and replace.
- strings Extract printable ASCII strings from a binary file; good for Word documents when you don't have Office installed.
- strace Trace system calls and signals; see what system calls and signals an application is making and receiving.
- md5sum Perform a checksum on a file to ensure its authenticity and protect against tampering.
- diff Compare two files for differences.
- patch Use the output from a diff command to make file1 look like file2.
You can go to v to find other Cygwin packages available for download. You'll find popular applications like Apache, smbclient and even CD-burning software (including the mkisofs), which lets you create ISO file images of CD-ROMs.
No comments:
Post a Comment