CYGWIN

VMware is a great tool for running multiple operating systems (or multiple virtual machines) from the same Windows- or Linux-based OS, but for those who want to have the best of both Windows and Unix worlds , Cygwin might be a simpler, less expensive alternative. Cygwin is a free Unix subsystem that runs on top of Windows. Cygwin uses a single dynamic-link library (DLL) to implement this subsystem, allowing the community to develop "Cygwin-ized" Unix tools that use the DLL to run on Windows. Imagine running vi, bash, GCC, tar, sed, and other Unix favorites while still having the power of Windows. While some organizations will port these applications or variations of these applications to a native Windows OS, Cygwin makes the transition process of porting a bit easier.

For system administrators and network professionals, Cygwin is a cheaper alternative to getting some of the more important Unix utilities for system analysis (md5sum, strace, strings, and so on) onto a Windows box. Another point of favor for Cygwin is that it enables you to create simple (or complex) programs quickly. Cygwin includes a free compiler for C and C++ (and even Fortan and some other languages, if you're adventurous) and has a mostly complete Unix API. This is a great advantage for penetration testing or just developing some useful programs.

Download and Installation

The Cygwin environment and its associated tools are all freely available under the GNU General Public License. You can begin the installation process by going to http://cygwin.com/ and downloading the setup program. The setup program downloads the files it needs from a Cygwin mirror site of your choosing and installs them into a specified location by default. You can choose between Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Rsync download methods .

You will be asked a few questions, such as whether or not you want the text files generated by Cygwin applications to be in DOS or Unix format. DOS file lines end with a newline and a carriage return while Unix file lines only end with the newline; if you've seen M characters at the end of your text files, chances are they were transferred between a Unix and Windows system in binary format rather than ASCII. If you are running on a multi-user Windows box, you will also be asked if you want to install the application for your user ID alone or for everyone on the system.

The Cygwin installer will also ask you which tools you want to install by presenting you with a screen like the one shown in Figure 3-9.


Figure 3-9: Cygwin setup

You can use the Prev, Curr, and Exp options to have the installer automatically install older, current, or experimental versions of the software. Be careful: if you go through the list and choose to install certain applications and then click one of these buttons , your other selections will get wiped out.

Use the View button to cycle between different lists of the available packages. Full view is probably the easiest to work with and is shown in Figure 3-10.


Figure 3-10: Cygwin setup full view

Full view displays all available packages alphabetically . Click a field in the New column in order to select an option for the package. The options will be to install, reinstall, keep, or remove a package. If you also wish to have the source code available, check the Src? field.

Tip 

If you omit a package and wish to install it at a later time, rerun the Cygwin setup program; it will update currently installed packages and let you select new ones to install.

After you select the desired packages and their options, Cygwin retrieves and installs them. This can take some time depending on the speed of your Internet connection and the number of packages you choose. The Cygwin environment is ready for business once this stage completes.

Implementation

Double-click the Cygwin icon. You'll see a screen similar to the following:

The cygwin.bat script runs from a DOS command prompt, sets up the Cygwin environment, and starts a bash shell in Windows. Cygwin does its best to set up intelligent Unix-like environment variables based on your Windows environment.

Depending on the packages you installed, you can now run Unix utilities with ease. If you're a Unix user, you've undoubtedly wished that Windows had a ps command so that you could see the currently running Windows processes from the command line without bothering with Task Manager. If you use the aW flag, you can see Windows processes as well as any Cygwin processes that are running. The following view shows Windows processes, accessed by running the Cygwin command ( ps aW less ):

 PID  PPID  PGID     WINPID  TTY  UID    STIME COMMAND 3193213     0     0 4291774083    ?    0   Dec 31 C:\WINDOWS\SYSTEM\KERNEL32.DLL   63753     0     0 4294903543    ?    0    Dec 31 C:\WINDOWS\SYSTEM\MSGSRV32.EXE   60569     0     0 4294906727    ?    0    Dec 31 C:\WINDOWS\SYSTEM\MPREXE.EXE   77349     0     0 4294889947    ?    0    Dec 31 C:\WINDOWS\SYSTEM\RPCSS.EXE  196093     0     0 4294771203    ?    0    Dec 31 C:\WINDOWS\SYSTEM\mmtask.tsk  191237     0     0 4294776059    ?    0   Dec 31 C:\WINDOWS\EXPLORER.EXE  237709     0     0 4294729587    ?    0   Dec 31 C:\WINDOWS\TASKMON.EXE  230713     0     0 4294736583    ?    0    Dec 31 C:\WINDOWS\SYSTEM\SYSTRAY.EXE  217533     0     0 4294749763    ?    0    Dec 31 C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE 
Tip 

Cygwin assumes the .exe extension whenever you run a program. Typing foo on the command line will execute the "foo" binary, if it exists, or the "foo.exe" if it is within your current path variable.

Directory Structure and File Permissions

Cygwin mounts the system's local drives under the /cygdrive directory. This permits the normal Unix file system hierarchy to coexist with Windows. The cygdrive mount point includes hard-drive partitions, floppy drives, CD drives, and USB drives. Here is the example output of the df command, which reports disk usage for the file system's mount points:

 istar@Kaitain ~ $ df Filesystem           1K-blocks      Used Available Use% Mounted on C:\cygwin\bin         15358108   7873952   7484156  52% /usr/bin C:\cygwin\lib         15358108   7873952   7484156  52% /usr/lib C:\cygwin             15358108   7873952   7484156  52% / c:                    15358108   7873952   7484156  52% /cygdrive/c d:                    36033760  25047516  10986244  70% /cygdrive/d e:                    20482872   9193980  11288892  45% /cygdrive/e f:                     2149896   2149896         0 100% /cygdrive/f 

By default, Cygwin installs into the C:\cygwin\ directory, although you can change this upon the first install. Cygwin makes this directory the root mount point. It then mounts C:\cygwin\bin on /usr/bin and C:\cygwin\lib on /usr/lib. The /usr/bin, /bin, and /usr/local/bin directories are added to the Cygwin path, but not your Windows path. The directories in your Windows path are imported into your Cygwin path so that you have the same access.

 istari@Kaitain ~ $ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/cygdrive/c/WINDOWS/ system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:.: /cygdrive/c/Program Files/Common Files/GTK/2.0/bin:/bin 

Cygwin also uses sensible file permissions for the "Unix" files, although it can't mirror the granularity of Windows Access Control Lists. Thus, files and directories have user and group ownership that you would expect to see. In fact, the chmod and chown commands work quite well on the NTFS file system. Let's run an ls al command on some Windows files to find the answer.

 istari@Kaitain /cygdrive/c/cygwin $ ls -al total 9 drwxrwx---+ 10 istari        Users     0 Aug  9 11:57 . drwxrwxr-x+ 14 Administrators SYSTEM     0 Sep 19 18:01 .. drwxrwx---+  3 istari        Users      0 Sep 12 09:07 bin -rwxr-x---+  1 istari        Users     57 Mar 14  2005 cygwin.bat -rwxr-x---+  1 istari        Users   7022 Sep 12 09:07 cygwin.ico drwxrwx---+ 22 istari        Users      0 Sep 21 15:22 etc drwxrwxrwx+  3 istari        None       0 Sep 19 17:27 home drwxrwx---+ 38 istari        Users      0 Sep 12 09:07 lib drwx------+  3 istari        None       0 Aug  9 11:57 srv drwxrwxrwt+  2 istari        Users      0 Sep 21 15:23 tmp drwxrwx---+ 20 istari        Users      0 Sep 12 09:07 usr drwxrwx---+  9 istari        Users      0 Sep 21 15:22 var 

Cygwin maps user and group ownership from the /etc/passwd and /etc/group files, which in turn are based on information pulled from the Windows host or domain. These files are created when Cygwin is first installed, but are not automatically updated when Windows users are deleted, modified, or added. In order to regenerate the /etc/passwd and /etc/group files, use the mkpasswd and mkgroup commands. Most of the time, it's best to work with Cygwin when it is associated with the local accounts on the Windows system; use the l option to create the files based on local accounts rather than domain accounts (which can take a while to query).

 istari@Kaitain /cygdrive/c/cygwin $ mkpasswd -l  tee /etc/passwd SYSTEM:*:18:544:,S-1-5-18:: Administrators:*:544:544:,S-1-5-32-544:: Guest:unused_by_nt/2000/xp:501:513:Kaitain\Guest,S-1-5-21-1942068853     -1930885892-63110221-501:/home/Guest:/bin/bash IUSR_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1000:513:Internet Guest     Account,Kaitain\IUSR_NTO-3JOKPSBH7KT,S-1-5-21-1942068853-1930885     892-63110221-1000:/home/IUSR_NTO-3JOKPSBH7KT:/bin/bash IWAM_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1001:513:Launch IIS     Process Account,Kaitain\IWAM_NTO-3JOKPSBH7KT,S-1-5-21-1942068853     -1930885892-63110221-1001:/home/IWAM_NTO-3JOKPSBH7KT:/bin/bash istari:unused_by_nt/2000/xp:500:513:Kaitain\istari,S-1-5-21-19420688     53-1930885892-63110221-500:/home/istari:/bin/bash root:unused_by_nt/2000/xp:1011:513:root,U-SHUTTLE\root,S-1-5-21-1942     068853-1930885892-63110221-1011:/home/root:/bin/bash sshd_server:unused_by_nt/2000/xp:1010:513:sshd server account,     Kaitain\sshd_server,S-1-5-21-1942068853-1930885892-63110221-1010     :/var/empty:/bin/bash $ mkgroup -l  tee err SYSTEM:S-1-5-18:18: None:S-1-5-21-1942068853-1930885892-63110221-513:513: Administrators:S-1-5-32-544:544: Guests:S-1-5-32-546:546: Power Users:S-1-5-32-547:547: Remote Desktop Users:S-1-5-32-555:555: Users:S-1-5-32-545:545: 

If you're brave (and patient) enough to create these files from the domain, use the d option instead of l .

Tip 

Unix-style user IDs are handled slightly differently in the Cygwin environment. The Windows equivalent of the root user is the system's Administrator account. Whereas the root user has UID 0, the Administrator will have a UID 500. This corresponds to the Relative Identifier (RID) of the user.

Running Applications

Ultimately, what you can do with Cygwin depends on what packages you choose to install. But let's take a look at some of the more interesting uses.

Running Windows Applications Not only can you run Unix-based applications, but you can run native Windows applications from the command line, as shown here.

 istari@Kaitain ~ $ ipconfig Windows IP Configuration Ethernet adapter VMware Network Adapter VMnet8:    Connection-specific DNS Suffix  . :    IP Address. . . . . . . . . . . . : 192.168.244.1    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1:    Connection-specific DNS Suffix  . :    IP Address. . . . . . . . . . . . : 192.168.235.1    Subnet Mask . . . . . . . . . . . : 255.255.255.0    Default Gateway . . . . . . . . . : 

You can do the same thing with graphical applications like Notepad or, of course, more useful programs. After all, Cygwin provides both the vi and emacs text editors!

Building Programs in Windows What else can you do? If you install gcc, gdb, make, and the binutils, you now have a Windows C/C++ development environment. Granted, it's not as fancy as Microsoft's Visual Studio, but it's free and open source! Here's an example of compiling Netcat from the Unix tarball:

 istari@kaitain /usr/local/src/nc $ gcc -s -static  -o nc netcat.c -lresolv Info: resolving _h_errno by linking to __imp__h_errno (auto-import) Info: resolving _optarg by linking to __imp__optarg (auto-import) Info: resolving _optind by linking to __imp__optind (auto-import) pyretta@shuttle /usr/local/src/nc $ ./nc -h [v1.10] connect to somewhere:    nc [-options] hostname port[s] [ports] ... listen for inbound:      nc -l -p port [-options] [hostname] [port] 

Cygwin provides a mostly complete API for developers used to Unix environments. For more information on developing under Cygwin, check out http://cygwin.com/cygwin-api/cygwin-api.html. There are also some gcc extensions that allow you to bypass the Cygwin emulation libraries and build native Win32 applications.

Tip 

If you're looking for an Open Source developer environment, check out Anjuta (http:// anjuta . sourceforge .net/). Anjuta relies heavily on the GNOME project. It will run under Cygwin, but only after some significant effort and the installation of several GNOME libraries.

Running Perl Scripts Even though Perl distributions are available for Windows, many of them are not free. Cygwin includes a port of the Perl engine, which enables you to run Perl scripts in a Windows environment. For example, the Nikto tool covered in Chapter 7 runs in Cygwin's Perl environment. You can even use the Perl CPAN utility to update packages.

Helpful Unix Tools You now have access to a myriad of useful Unix tools from within Windows, many of which can be helpful to the system administrator or network security professional for system analysis. Here are a few:

  • grep Search files for regular expressions.

  • sed Command-line stream editor; good for things like search and replace.

  • strings Extract printable ASCII strings from a binary file; good for Word documents when you don't have Office installed.

  • strace Trace system calls and signals; see what system calls and signals an application is making and receiving.

  • md5sum Perform a checksum on a file to ensure its authenticity and protect against tampering.

  • diff Compare two files for differences.

  • patch Use the output from a diff command to make file1 look like file2.

You can go to v to find other Cygwin packages available for download. You'll find popular applications like Apache, smbclient (mentioned in Chapter 5), and even CD-burning software (including the mkisofs ), which lets you create ISO file images of CD-ROMs.



Anti-Hacker Tool Kit
Anti-Hacker Tool Kit, Third Edition
ISBN: 0072262877
EAN: 2147483647
Year: 2006
Pages: 175

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net