For system administrators and network professionals, Cygwin is a cheaper alternative to getting some of the more important Unix utilities for system analysis (md5sum, strace, strings, and so on) onto a Windows box. Another point of favor for Cygwin is that it enables you to create simple (or complex) programs quickly. Cygwin includes a free compiler for C and C++ (and even Fortan and some other languages, if you're adventurous) and has a mostly complete Unix API. This is a great advantage for penetration testing or just developing some useful programs.
Download and Installation
The Cygwin environment and its associated tools are all freely available under the GNU General Public License. You can begin the installation process by going to http://cygwin.com/ and downloading the setup program. The setup program downloads the files it needs from a Cygwin mirror site of your choosing and installs them into a specified location by default. You can choose between Hypertext Transfer Protocol (HTTP), File Transfer Protocol (FTP), and Rsync download methods.
You will be asked a few questions, such as whether or not you want the text files generated by Cygwin applications to be in DOS or Unix format. DOS file lines end with a newline and a carriage return while Unix file lines only end with the newline; if you've seen ⁁M characters at the end of your text files, chances are they were transferred between a Unix and Windows system in binary format rather than ASCII. If you are running on a multi-user Windows box, you will also be asked if you want to install the application for your user ID alone or for everyone on the system.
The Cygwin installer will also ask you which tools you want to install by presenting you with a screen like the one shown in Figure.
 |
| Cygwin setup |
You can use the Prev, Curr, and Exp options to have the installer automatically install older, current, or experimental versions of the software. Be careful: if you go through the list and choose to install certain applications and then click one of these buttons, your other selections will get wiped out.
Use the View button to cycle between different lists of the available packages. Full view is probably the easiest to work with and is shown in Figure.
 |
| Cygwin setup full view |
Full view displays all available packages alphabetically. Click a field in the New column in order to select an option for the package. The options will be to install, reinstall, keep, or remove a package. If you also wish to have the source code available, check the Src? field.
| Tip:- | If you omit a package and wish to install it at a later time, rerun the Cygwin setup program; it will update currently installed packages and let you select new ones to install.After you select the desired packages and their options, Cygwin retrieves and installs them. This can take some time depending on the speed of your Internet connection and the number of packages you choose. The Cygwin environment is ready for business once this stage completes. |
Implementation
The cygwin.bat script runs from a DOS command prompt, sets up the Cygwin environment, and starts a bash shell in Windows. Cygwin does its best to set up intelligent Unix-like environment variables based on your Windows environment.
Depending on the packages you installed, you can now run Unix utilities with ease. If you're a Unix user, you've undoubtedly wished that Windows had a ps command so that you could see the currently running Windows processes from the command line without bothering with Task Manager. If you use the –aW flag, you can see Windows processes as well as any Cygwin processes that are running. The following view shows Windows processes, accessed by running the Cygwin command (ps –aW | less):
PID PPID PGID WINPID TTY UID STIME COMMAND 3193213 0 0 4291774083 ? 0 Dec 31 C:\WINDOWS\SYSTEM\KERNEL32.DLL 63753 0 0 4294903543 ? 0 Dec 31 C:\WINDOWS\SYSTEM\MSGSRV32.EXE 60569 0 0 4294906727 ? 0 Dec 31 C:\WINDOWS\SYSTEM\MPREXE.EXE 77349 0 0 4294889947 ? 0 Dec 31 C:\WINDOWS\SYSTEM\RPCSS.EXE 196093 0 0 4294771203 ? 0 Dec 31 C:\WINDOWS\SYSTEM\mmtask.tsk 191237 0 0 4294776059 ? 0 Dec 31 C:\WINDOWS\EXPLORER.EXE 237709 0 0 4294729587 ? 0 Dec 31 C:\WINDOWS\TASKMON.EXE 230713 0 0 4294736583 ? 0 Dec 31 C:\WINDOWS\SYSTEM\SYSTRAY.EXE 217533 0 0 4294749763 ? 0 Dec 31 C:\PROGRAM FILES\DIRECTCD\DIRECTCD.EXE
| Tip:- | Cygwin assumes the .exe extension whenever you run a program. Typing foo on the command line will execute the "foo" binary, if it exists, or the "foo.exe" if it is within your current path variable. |
Directory Structure and File Permissions
Cygwin mounts the system's local drives under the /cygdrive directory. This permits the normal Unix file system hierarchy to coexist with Windows. The cygdrive mount point includes hard-drive partitions, floppy drives, CD drives, and USB drives. Here is the example output of the df command, which reports disk usage for the file system's mount points:
Tech@Inside ~ $ df Filesystem 1K-blocks Used Available Use% Mounted on C:\cygwin\bin 15358108 7873952 7484156 52% /usr/bin C:\cygwin\lib 15358108 7873952 7484156 52% /usr/lib C:\cygwin 15358108 7873952 7484156 52% / c: 15358108 7873952 7484156 52% /cygdrive/c d: 36033760 25047516 10986244 70% /cygdrive/d e: 20482872 9193980 11288892 45% /cygdrive/e f: 2149896 2149896 0 100% /cygdrive/f
By default, Cygwin installs into the C:\cygwin\ directory, although you can change this upon the first install. Cygwin makes this directory the root mount point. It then mounts C:\cygwin\bin on /usr/bin and C:\cygwin\lib on /usr/lib. The /usr/bin, /bin, and /usr/local/bin directories are added to the Cygwin path, but not your Windows path. The directories in your Windows path are imported into your Cygwin path so that you have the same access.
Tech@Inside ~ $ echo $PATH /usr/local/bin:/usr/bin:/bin:/usr/X11R6/bin:/cygdrive/c/WINDOWS/ system32:/cygdrive/c/WINDOWS:/cygdrive/c/WINDOWS/System32/Wbem:.: /cygdrive/c/Program Files/Common Files/GTK/2.0/bin:/bin
Cygwin also uses sensible file permissions for the "Unix" files, although it can't mirror the granularity of Windows Access Control Lists. Thus, files and directories have user and group ownership that you would expect to see. In fact, the chmod and chown commands work quite well on the NTFS file system. Let's run an ls –al command on some Windows files to find the answer.
Tech@Inside /cygdrive/c/cygwin $ ls -al total 9 drwxrwx---+ 10 Tech Users 0 Aug 9 11:57 . drwxrwxr-x+ 14 Administrators SYSTEM 0 Sep 19 18:01 .. drwxrwx---+ 3 Tech Users 0 Sep 12 09:07 bin -rwxr-x---+ 1 Tech Users 57 Mar 14 2005 cygwin.bat -rwxr-x---+ 1 Tech Users 7022 Sep 12 09:07 cygwin.ico drwxrwx---+ 22 Tech Users 0 Sep 21 15:22 etc drwxrwxrwx+ 3 Tech None 0 Sep 19 17:27 home drwxrwx---+ 38 Tech Users 0 Sep 12 09:07 lib drwx------+ 3 Tech None 0 Aug 9 11:57 srv drwxrwxrwt+ 2 Tech Users 0 Sep 21 15:23 tmp drwxrwx---+ 20 Tech Users 0 Sep 12 09:07 usr drwxrwx---+ 9 Tech Users 0 Sep 21 15:22 var
Cygwin maps user and group ownership from the /etc/passwd and /etc/group files, which in turn are based on information pulled from the Windows host or domain. These files are created when Cygwin is first installed, but are not automatically updated when Windows users are deleted, modified, or added. In order to regenerate the /etc/passwd and /etc/group files, use the mkpasswd and mkgroup commands. Most of the time, it's best to work with Cygwin when it is associated with the local accounts on the Windows system; use the –l option to create the files based on local accounts rather than domain accounts (which can take a while to query).
Tech@Inside /cygdrive/c/cygwin $ mkpasswd -l | tee /etc/passwd SYSTEM:*:18:544:,S-1-5-18:: Administrators:*:544:544:,S-1-5-32-544:: Guest:unused_by_nt/2000/xp:501:513:Inside\Guest,S-1-5-21-1942068853 -1930885892-63110221-501:/home/Guest:/bin/bash IUSR_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1000:513:Internet Guest Account,Inside\IUSR_NTO-3JOKPSBH7KT,S-1-5-21-1942068853-1930885 892-63110221-1000:/home/IUSR_NTO-3JOKPSBH7KT:/bin/bash IWAM_NTO-3JOKPSBH7KT:unused_by_nt/2000/xp:1001:513:Launch IIS Process Account,Inside\IWAM_NTO-3JOKPSBH7KT,S-1-5-21-1942068853 -1930885892-63110221-1001:/home/IWAM_NTO-3JOKPSBH7KT:/bin/bash Tech:unused_by_nt/2000/xp:500:513:Inside\Tech,S-1-5-21-19420688 53-1930885892-63110221-500:/home/Tech:/bin/bash root:unused_by_nt/2000/xp:1011:513:root,U-SHUTTLE\root,S-1-5-21-1942 068853-1930885892-63110221-1011:/home/root:/bin/bash sshd_server:unused_by_nt/2000/xp:1010:513:sshd server account, Inside\sshd_server,S-1-5-21-1942068853-1930885892-63110221-1010 :/var/empty:/bin/bash $ mkgroup -l | tee err SYSTEM:S-1-5-18:18: None:S-1-5-21-1942068853-1930885892-63110221-513:513: Administrators:S-1-5-32-544:544: Guests:S-1-5-32-546:546: Power Users:S-1-5-32-547:547: Remote Desktop Users:S-1-5-32-555:555: Users:S-1-5-32-545:545:
If you're brave (and patient) enough to create these files from the domain, use the –d option instead of –l.
| Tip:- | Unix-style user IDs are handled slightly differently in the Cygwin environment. The Windows equivalent of the root user is the system's Administrator account. Whereas the root user has UID 0, the Administrator will have a UID 500. This corresponds to the Relative Identifier (RID) of the user. |
Running Applications
Ultimately, what you can do with Cygwin depends on what packages you choose to install. But let's take a look at some of the more interesting uses.
Running Windows Applications Not only can you run Unix-based applications, but you can run native Windows applications from the command line, as shown here.
Tech@Inside ~ $ ipconfig Windows IP Configuration Ethernet adapter VMware Network Adapter VMnet8: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.244.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : Ethernet adapter VMware Network Adapter VMnet1: Connection-specific DNS Suffix . : IP Address. . . . . . . . . . . . : 192.168.235.1 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . :
You can do the same thing with graphical applications like Notepad or, of course, more useful programs. After all, Cygwin provides both the vi and emacs text editors!
Building Programs in Windows What else can you do? If you install gcc, gdb, make, and the binutils, you now have a Windows C/C++ development environment. Granted, it's not as fancy as Microsoft's Visual Studio, but it's free and open source! Here's an example of compiling Netcat from the Unix tarball:
Tech@Inside /usr/local/src/nc $ gcc -s -static -o nc netcat.c -lresolv Info: resolving _h_errno by linking to __imp__h_errno (auto-import) Info: resolving _optarg by linking to __imp__optarg (auto-import) Info: resolving _optind by linking to __imp__optind (auto-import) Tech2@Inside2 /usr/local/src/nc $ ./nc -h [v1.10] connect to somewhere: nc [-options] hostname port[s] [ports] ... listen for inbound: nc -l -p port [-options] [hostname] [port]
Cygwin provides a mostly complete API for developers used to Unix environments. For more information on developing under Cygwin, check out http://cygwin.com/cygwin-api/cygwin-api.html. There are also some gcc extensions that allow you to bypass the Cygwin emulation libraries and build native Win32 applications.
| Tip:- | If you're looking for an Open Source developer environment, check out Anjuta (http://anjuta.sourceforge.net/). Anjuta relies heavily on the GNOME project. It will run under Cygwin, but only after some significant effort and the installation of several GNOME libraries. |
Running Perl Scripts Even though Perl distributions are available for Windows, many of them are not free. Cygwin includes a port of the Perl engine, which enables you to run Perl scripts in a Windows environment. You can even use the Perl CPAN utility to update packages.
Helpful Unix Tools You now have access to a myriad of useful Unix tools from within Windows, many of which can be helpful to the system administrator or network security professional for system analysis. Here are a few:
- grep Search files for regular expressions.
- sed Command-line stream editor; good for things like search and replace.
- strings Extract printable ASCII strings from a binary file; good for Word documents when you don't have Office installed.
- strace Trace system calls and signals; see what system calls and signals an application is making and receiving.
- md5sum Perform a checksum on a file to ensure its authenticity and protect against tampering.
- diff Compare two files for differences.
- patch Use the output from a diff command to make file1 look like file2.
You can go to v to find other Cygwin packages available for download. You'll find popular applications like Apache, smbclient, and even CD-burning software (including the mkisofs), which lets you create ISO file images of CD-ROMs.
0 comments:
Post a Comment