Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Intrusion and Exploitation Cookbook

You're reading from   Kali Linux Intrusion and Exploitation Cookbook Powerful recipes to detect vulnerabilities and perform security assessments

Arrow left icon
Product type Paperback
Published in Apr 2017
Publisher
ISBN-13 9781783982165
Length 512 pages
Edition 1st Edition
Arrow right icon
Authors (2):
Arrow left icon
Dhruv Shah Dhruv Shah
Author Profile Icon Dhruv Shah
Dhruv Shah
Ishan Girdhar Ishan Girdhar
Author Profile Icon Ishan Girdhar
Ishan Girdhar
Arrow right icon
View More author details
Toc

Table of Contents (18) Chapters Close

Title Page
Credits
About the Authors
About the Reviewers
www.PacktPub.com
Customer Feedback
Preface
1. Getting Started - Setting Up an Environment FREE CHAPTER 2. Network Information Gathering 3. Network Vulnerability Assessment 4. Network Exploitation 5. Web Application Information Gathering 6. Web Application Vulnerability Assessment 7. Web Application Exploitation 8. System and Password Exploitation 9. Privilege Escalation and Exploitation 10. Wireless Exploitation Pen Testing 101 Basics

Configuring remote connectivity services - HTTP, TFTP, and SSH


During penetration testing and auditing, we will be required to deliver payload on target machines from our Linux. For that purpose, we will leverage basic network services such as HTTP, FTP, and SSH. Services such as and SSH are installed by default in Kali Linux but Kali does not enable any network services to minimize detection.

In this recipe, we will show you to configure and start running services securely:

Getting ready

For this recipe, you will need a to the Internet with a valid IP address.

How to do it...

Perform the following steps for this recipe:

  1. Let's begin with starting an Apache webserver. To start the Apache service, use the following command:
      service apache2 start

You can verify that the service is by to the localhost using a as shown in the screenshot:

  1. To start the SSH service, SSH keys needs to be generated. Back in Backtrack r5, you used to generate SSH keys using the sshd-generate command, which is not available in Kali Linux. Using default SSH keys is a security risk and therefore a new SSH key should be generated. To generate SSH keys, you can either delete or backup your default keys generated by Kali Linux:
      # cd /etc/ssh
      # mkdir default_kali_keys
      # mv ssh_host_* default_kali_keys/
      # cd /root/
  1. First, we need remove run levels for SSH by issuing the following command:
      # update-rc.d -f ssh remove

 

  1. Now we need to the SSH run by issuing the command:
      # update-rc.d -f ssh defaults
  1. Regenerate the keys:
      # dpkg-reconfigure openssh-server 
      Creating SSH2 RSA key; this may take some time ...
      Creating SSH2 DSA key; this may take some time ...
      Creating SSH2 ECDSA key; this may take some time ...
      insserv: warning: current start runlevel(s) (empty) of script 
      `ssh' overrides LSB defaults (2 3 4 5).
      insserv: warning: current stop runlevel(s) (2 3 4 5) of script 
      `ssh' overrides LSB defaults (empty).
  1. You can check whether the SSH key hashes are different now:

  1. Start the SSH service using the following command:
      service ssh start

 

  1. You can verify the service is using the netstat command:
      netstat - antp | grep ssh
  1. Start the FTP server using the command:
      service pure-ftpd start
  1. To verify that the service is running, use the following command:
      netstat -ant | grep ftp
  1. To stop any service, you can the following command:
      service <servicename> stop

Here, <servicename> is the name of service required to terminate:

      service ssh stop

How it works...

In this recipe, we have configured and started basic network services, which we will be using to deliver payloads to our victim machines depending on the scenario. We have started HTTP service, FTP service, and we have backed up default SSH keys and generated new SSH keys, and started the SSH service.

You have been reading a chapter from
Kali Linux Intrusion and Exploitation Cookbook
Published in: Apr 2017
Publisher:
ISBN-13: 9781783982165
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image