Kali Linux Penetration Testing Bible. Gus Khawaja

Читать онлайн.
Название Kali Linux Penetration Testing Bible
Автор произведения Gus Khawaja
Жанр Зарубежная компьютерная литература
Серия
Издательство Зарубежная компьютерная литература
Год выпуска 0
isbn 9781119719076



Скачать книгу

the grep command to filter out the root account, and finally, we use the cut command to extract the password:

      There are two common ways to connect remotely to other operating systems. For Windows, it is the Remote Desktop Protocol (RDP), and for Linux, it's the Secure Shell (SSH). In the next sections, I will explain how to use each protocol to connect remotely to an OS (Windows or Linux).

      Remote Desktop Protocol

      RDP is used to connect remotely to a Windows OS. Let's suppose that during your engagement you encountered a remote desktop port 3389 open on a Windows host (e.g., during your port scanning phase). Then, you will need to try to connect to it with some basic credentials (e.g., a username of Administrator and a password of password123). There are many times during your engagements where you want to connect remotely to a Windows system to get the job done (from Kali Linux). In this case, you will need to use the rdesktop command.

      $rdesktop [Windows host IP address] -u [username in windows] -p [password in windows]

Snapshot of Windows Login.

      Secure Shell

      The SSH protocol is a secure connection that allows you to execute commands remotely on a Linux host (in this case, Kali). By default, the SSH is a TCP protocol that works on port 22 by default. There are two ways to connect to a remote SSH server:

       Using a username/password credentials

       Using public/private keys (passwordless)

      SSH with Credentials

      Let's start first with the method that uses the password. By default, all the user accounts except the root account can log in remotely to SSH:

      $ssh username@kaliIP

Snapshot of SSH with MobaXterm on Windows.

      To allow the root user to log in remotely to SSH, you will need to edit the configuration file of SSH under this directory:

      Make sure to add the following line to the SSH configuration file:

      PermitRootLogin Yes

      Now, we can try to connect to our Kali host remotely using the root account (it should work this time after the latest changes):

Snapshot of SSH root Connection.

      Before you start using the SSH service on your Kali Linux, you will need to start the SSH service first. To do this, you will need to execute the following command:

      $service ssh start

      If you want to stop it later, use the following command:

      $service ssh stop

      If you want the SSH server to persist (automatically start) even after you reboot your system, then you will need to execute the following command:

      $systemctl enable ssh

      $service ssh statusSnapshot of SSH Service Status.

      By default, the port number of SSH is 22, and if the remote Linux server has changed to another port, then you will need to specify it in your connection command:

      Passwordless SSH

      Using a public key and a private key, a remote user can log in using SSH. This method is more secure than the password way because no one will be able to use the brute‐force technique to enter your server remotely.

      There is a lot of misconception when it comes to the public/private keys mechanism. In the next steps, I developed an example from scratch so you can visualize how things happen in reality:

      Here's the client machine information:

       OS: Ubuntu Desktop Linux V20

       IP:10.0.0.186

      Here's the Kali Linux SSH Server host information:

       OS: Kali Linux 2020.1

       IP:10.0.0.246

      First, we will generate a public key and a private key on our client host (Ubuntu). Why? The goal is to perform the following steps:

      1 Generate a private key ( /home/[username]/.ssh/id_rsa ) on the client machine because it's the one that can decrypt the public key. If someone steals your public key, they can't hack into the remote host since they don't have the private key file.

      2 Generate a public key ( /home/[username]/.ssh/id_rsa.pub ) on the client machine. We need to send a copy of the public key to the server. After that, the server will store the client's public key in a file called authorized_keys .

      $ssh-keygen -t rsa -b 4096

      The previous command used two arguments:

       ‐t rsa : The t stands for the type of the key to generate. RSA is the most common one, but you have other options as well ( dsa , ecdsa , ecdsa‐sk , ed25519 , ed25519‐sk , and rsa ).

       ‐b 4096 : The b option specifies the number of bits in the key to create. In our case (RSA key), the minimum size is 1,024 bits, and the default is 3,072 bits.

      Take note that while performing the earlier steps, we've been asked to enter a passphrase. This password will be used to add more security when you log in remotely to SSH.

Snapshot of SSH Key Generation.