Upload
waseem-najeh
View
218
Download
0
Embed Size (px)
Citation preview
8/7/2019 BackTrack in Your Back Pocket
1/28
BackTrack
in your back pocketorAccessing a BackTrack server via mobile phone
in some vaguely secure way
8/7/2019 BackTrack in Your Back Pocket
2/28
The Objective
Set up a Backtrack system that is accessible over the internet from thephone in my pocket. What can I say? I like to practice my metasploitsyntax while waiting in the doctor's office.
Oh, and I'd also like to do it as cheaply as possible and in somerelatively secure fashion.
8/7/2019 BackTrack in Your Back Pocket
3/28
The Solution
BT4 R2 under VMWareThis would allow me to move it around as well as maintain a Known Goodsnapshot
VNC and SSHThis would allow me to access the system from any computer that had atunneling ssh client, specifically my phone
Secure ita good password, changed frequently (even better to use certificate authentication for ssh)frequent reverts to the Known Good snapshottunnel VNC through SSHchanging the default SSH port from tcp/22port knocking in order to gain access
note: sample configuration files will be in the Speaker Notes where appropriate
8/7/2019 BackTrack in Your Back Pocket
4/28
First, you will need BackTrack
"BackTrack is a Linux security distribution."
"Whether youre hacking wireless, exploiting servers, performing a web applicationassessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for allof your security needs.
BackTrack is a Linux-based penetration testing arsenal that aids security professionals inthe ability to perform assessments in a purely native environment dedicated to hacking."
This was all cribbed directly from their website: http://www.backtrack-linux.orgThis is also where you can download the latest release. Make sure you download the onefor VMWare. (I know. I know. It doesn't really matter for you hardcore geeks)
http://www.backtrack-linux.org/8/7/2019 BackTrack in Your Back Pocket
5/28
Why VMWare?
VMWare allows us to not have to dedicate a whole system tojust BackTrack.
BackTrack has been kind enough to provide a VMWare virtual
appliance.
VMWare also provides us the the ability to take a "snapshot" ofthe system. This means if the system ever gets breached or
you screw up configuration you can always return to your"Known Good".
8/7/2019 BackTrack in Your Back Pocket
6/28
Booting up under VMWare
You can download VMWare Player for free (with registration)from: http://downloads.vmware.com/
Extract the BackTrack files and open up the one with the ".vmx"
extension.
Login with userid: root / password: toor
No need to start XWindows, but if you really want to, type: startx
http://downloads.vmware.com/http://downloads.vmware.com/8/7/2019 BackTrack in Your Back Pocket
7/28
'toor'? Really? You gonna keep that?
The default password is 'toor'. Change this immediately with:
passwd
8/7/2019 BackTrack in Your Back Pocket
8/28
Configure the local firewall
We want to setup the BackTrack firewall to block all but
necessary traffic. You will need to decide now which ports youare going to use for port knocking and ssh. In this example wewill use the following:
port knocking: tcp/1111, tcp/2222, udp/3333ssh: tcp/4444
Feed your config file to iptables-restoreiptables-restore < /etc/iptables.rules
* sample configuration file in the Speaker notes
8/7/2019 BackTrack in Your Back Pocket
9/28
Enable Networking
The BackTrack server is configured for DHCP, but the
interface is disabled by default. You can enable it with:
/etc/init.d/networking start
For static IP address you will need to edit:vi /etc/network/interfaces*
You can set networking to auto-start on a reboot with:
update-rc.d networking defaults
* sample configuration file in the Speaker notes
8/7/2019 BackTrack in Your Back Pocket
10/28
Update BackTrack
Now that we have internet access, it's a good time to get theOS up to date.
apt-get -y update
apt-get -y upgradeapt-get clean
8/7/2019 BackTrack in Your Back Pocket
11/28
Enable and configure SSHSSH will be your primary access to BackTrack. Luckily most of the tools you will
use in BackTrack are run from command-line anyway.
Edit the config file to change the default SSH port.vi /etc/ssh/sshd_config*
Generate your ssh encryption keys (Do not enter passphrases)
ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_keyssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
Start the ssh server and set it to auto-start on a reboot/etc/init.d/ssh startupdate-rc.d ssh defaults
* sample configuration file in the Speaker notes
Advanced configuration using certificate basedauthentication is at the end of this presentation
8/7/2019 BackTrack in Your Back Pocket
12/28
Port KnockingYou can think of port knocking as a "secret knock" used toremotely open and close the ssh port.
Backtrack will start with all ports closed. After you send it aspecial sequence of packets, the port knock server will issue acommand to open the ssh port. After you are finished using
ssh, you send it a different sequence to close the port again.
We will use knockd as our port knock server.
http://www.zeroflux.org/projects/knockhttp://www.portknocking.org/
http://www.zeroflux.org/projects/knockhttp://www.portknocking.org/http://www.zeroflux.org/projects/knock8/7/2019 BackTrack in Your Back Pocket
13/28
Port Knocking install and configuration
To install knockd:apt-get install knockd
Edit the config file to set-up the ports you want to use:
vi /etc/knockd.conf
Start knockd in daemon mode:knockd -d -i eth0
Is this just "security through obscurity"?
* sample configuration file in the Speaker notes
http://www.portknocking.org/view/about/obscurityhttp://www.portknocking.org/view/about/obscurity8/7/2019 BackTrack in Your Back Pocket
14/28
Start VNC
Even though we will rarely use a gui or XWindows, why nothave it? At the very least, it looks more impressive when youshow off.
Start VNC (you will be prompted to set a password):vncserver
We will access VNC through an SSH tunnel.
8/7/2019 BackTrack in Your Back Pocket
15/28
Take a picture, it'll last longer
Take a VMWare snapshot and call it "Known Good". Every nowand again you can restore this snapshot in VMWare and comeback to exactly this point in your configuration.
VM -> Snapshot -> Take Snapshot
8/7/2019 BackTrack in Your Back Pocket
16/28
Dynamic DNS
If you don't have a static IP address you will probably want tosetup dynamic DNS on host. This is a free service that will keepa hostname always registered to whatever your current, ISPassigned, IP address. You can run the client on any machine
behind your router. There are many options. Here are two:
http://www.dyndns.com/services/dns/dyndns/http://www.no-ip.com/
8/7/2019 BackTrack in Your Back Pocket
17/28
Configure the your Internet routerYour internet or wireless router will need to be configured to
forward external ports for both SSH and port knocking to theBackTrack system. This is usually available in your routeradministration.
8/7/2019 BackTrack in Your Back Pocket
18/28
Client side
That is it for the server. You now have it configured for portknocking, ssh, vnc and remote access over the internet.
Now it's time to configure the client. You will need two clients.
One for port knocking and one for ssh/vnc.My examples will be for the iPhone, but most smart phones willhave these types of clients available. Links for Android clientsare listed later.
8/7/2019 BackTrack in Your Back Pocket
19/28
iPhone:Install and configure KnockOnD
I chose KnockOnD as my port knocking client. Mainly because
it's free, ad free and it works.
http://bluezbox.com/knockond.html
http://bluezbox.com/knockond.html8/7/2019 BackTrack in Your Back Pocket
20/28
iPhone : Install and configure iSSH
iSSH is not free. As of this writing it's about 10$USD. But it has
benefits that the others do not have. Not the least of which isthat it allows for tunneling VNC.
http://www.zinger-soft.com/iSSH_features.html
http://www.zinger-soft.com/iSSH_features.html8/7/2019 BackTrack in Your Back Pocket
21/28
Android clients
For ssh/vnc use ConnectBot
ConnectBot
For port knocking use knock-androidKnock-Android
http://code.google.com/p/knock-android/downloads/detail?name=PortKnocking-0.2.6.apk&can=2&q=%20http://code.google.com/p/connectbot/8/7/2019 BackTrack in Your Back Pocket
22/28
Amaze your Friends and Family
Amaze yer friends with your incredible 500P3R L337 H4X0R skills
8/7/2019 BackTrack in Your Back Pocket
23/28
TroubleshootingFlush all iptables rules
/sbin/iptables --policy INPUT ACCEPT/sbin/iptables --policy OUTPUT ACCEPT/sbin/iptables --policy FORWARD ACCEPT/sbin/iptables -F
verify SSH is working without the rulesverify knockd, ssh, vnc are running
ps ax | grep knockd
8/7/2019 BackTrack in Your Back Pocket
24/28
Troubleshootingverify ports
netstat -anverify iptables
iptables -L -n
kill processeskillall knockdkillall sshdvncserver -kill :1
8/7/2019 BackTrack in Your Back Pocket
25/28
Advanced: SSH Certificate AuthenticationServer setup
Change into your local .ssh config directorycd /root/.ssh
Generate a RSA key pair (make sure to set a password)ssh-keygen -v -t rsa
Authorize the key for 'root' access to the ssh server
cp id_rsa.pub authorized_keys
8/7/2019 BackTrack in Your Back Pocket
26/28
Advanced: SSH Certificate AuthenticationClient setup
Copy your public key to an iPhone note.cat /root/.ssh/id_rsa
Sync your iPhone and copy the note to youriPhone clipboard.Import (Paste) it to iSSH from
General Settings > Configure SSH Keys> Import Key...
Change your Connection to "Use Key"authenticationVerify connectivity
8/7/2019 BackTrack in Your Back Pocket
27/28
Advanced: Disable Password AuthenticationServer setup
Edit the /etc/ssh/sshd_config*PasswordAuthentication noChallengeResponseAuthentication no
Edit the config file to change the default SSH port/etc/init.d/ssh restart
* sample configuration file in the Speaker notes
8/7/2019 BackTrack in Your Back Pocket
28/28
Thanks
I hope you found this useful. The original version of this presentation can befound at:
https://docs.google.com/present/view?id=djjg73z_45k2rdzkzt
https://docs.google.com/present/view?id=djjg73z_45k2rdzkzt