SSH Penetration Testing2
SSH Penetration Testing2
Author Web Penetration Testing Penetration Testing Courses We Offer My Books Donate us
SHARE
Requirement SUBSCRIBE
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Client: Window systems (install putty and putty genrator)
In this article we will secure SSH port so that even if it’s open no one will be able to exploit
it. First of all let’s install SSH server using following command:
sudo apt-get install openssh-server
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Categories
BackTrack 5 Tutorials
Best of Hacking
Browser Hacking
Cyber Forensics
Database Hacking
Con gure this port using PUTTY. For con guration in putty, give the IP address in host Domain Hacking
name along with port number and then select SSH and then nally click on Open.
Email Hacking
Footprinting
Hacking Tools
Kali Linux
Nmap
Others
Penetration Testing
Website Hacking
Wireless Hacking
Youtube Hacking
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Articles
Select Month
Facebook Page
Ignite Technolo…
5.2K likes
Like Page
Upon opening, it will ask for password, give the said password and press enter.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
SSH Banner Grabbing
As the service of SSH is started, scan it in your kali using nmap:
Scanning will show that on port 22 is open with the service of SSH.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Type msfconsole to Load metasploit framework and use given below exploit for fetching
SSH banner.
auxiliary/scanner/ssh/ssh_version
From given below image you can con rm that it has grab SSH banner.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Prevention against Banner Grabbing
As we had discussed above how a banner grabbing can expose loopholes of any software or
service running on remote system therefore after installing any service always hide their
software versions.
Admin should make following changes in their con guration le to prevent banner
information.
Open sshd_con g le
Add a new line “DebianBanner no” as shown in given image.
Save the whole text le after modi cation as shown in given image. Now it will not disclose
banner information and restart the service using following command.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Let’s verify version of running service after hiding banner through nmap version scan.
Wonderful!! We are successful in hiding banner which you can con rm from given image.
use auxiliary/scanner/ssh/ssh_login
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
msf auxiliary(ssh_login) > set userpass_ le /root/Desktop/ssh.txt
Great!! We had not only successfully found valid SSH credential raj: 123 but also got
victim command shell session 1 as unauthorized access in target system.
From given below image you can see we have check the victims network interface by
executing ifcon g command through session 1.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Now I had executed following command which converted command shell session in to
meterpreter session.
sessions -u 1
sessions
Hence you can see here I have owned two sessions 1st for command shell and 2nd for
meterpreter.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
SSH Connection using PGP Keys
This way we have applied our rst measure of security. Now for our second measure of
security download and install PUTTY Key Generator. Open it and click on Generate button
on low right side.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
This will generate a public and private key. Out of these save the private key.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
The private key will be saved as shown in following image. You can rename it at
convenience as I have named it ssh login key.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Now open terminal of your server and type:
ssh-keygen
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
The above command will create a folder named .ssh and then create an empty text le with
the name authorized_keys in the same folder.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Copy the “ssh login key.ppk” le which are created previously into the .ssh folder.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
In the terminal, move into .ssh folder and type the following command:
This command will generate a key. Copy this key in the empty le which we created
This command will generate a key. Copy this key in the empty le which we created earlier
with the authorized_keys.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Then in putty con guration tab, go to data and give Auto-login username.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
The open SSH>Auth and give the path of SSH login key (private key that was generated).
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
And then in session tab give the IP address and port number. And then click on open.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
It will open without asking for password as you have con gured the key.
But this doesn’t mean it can’t be open using password. And still we are vulnerable to
hackers.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Exploit SSH by Stealing PGP KEY
If you have already exploited target and have its meterpreter session as exploit above then
you can use following post exploit for stealing authorized keys.
This module will collect the contents of all users’ .ssh directories on the targeted machine.
Additionally, known_hosts and authorized_keys and any other les are also downloaded.
This module is largely based on refox_creds.rb.
use post/multi/gather/ssh_creds
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
msf post(ssh_creds) >exploit
From given below image you can see we have got all authorized keys store in /.ssh directory
now use those keys for login into SSH server.
Use post/linux/manage/sshkey_persistence
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
msf post(sshkey_persistence) >exploit
Now whenever host will alive attacker can connect to his system without exploiting again
and again due to this permanent backdoor.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Here, change password authentication from yes (as shown the image above) to no and
uncomment (as shown in image below).
And now that we have successfully applied three measures of security our port is safe from
anyone and everyone. To this port the hacker will require physical access to you hardware
which is impossible. And if you want to access SSH from another machine then just
con gure the same key in that PC too and it have access to it.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Prevention against Brute force attack
A threshold account lockout policy in windows which locked an account after certain
numbers of attempt that can be possible in UNIX also through Iptables chain rule.
Here admin can set iptable chain rules for certain number of login attempts and if user
crossed the de ne number then account will get locked for some time period as speci ed
by admin.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Type the given below command to set iptable chain rule for account lockout policy:
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –set
iptables -I INPUT -p tcp –dport 22 -i eth0 -m state –state NEW -m recent –update –
seconds 120 –hitcount 3 -j DROP
Now this above rule will allow only 3 chances for login into FTP server otherwise locked
the account for 120 seconds (2 minutes).
Let’s ensure iptable chain rule working by making brute force attack as above.
Great!! It has prevented by stopping brute force after 3 attempts but will get activated
after 2 minute therefore admin should locked the account for long period of time.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Now that SSH has been con gured. We can use our rst measure of security i.e. port
forwarding. In computer>etc>ssh you will nd a le with the name of “sshd_con g”.
Open this le and wherever it says port 22, change it to port 2222.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
This way we have forwarded SSH service from port 22 to port 2222. Let’s check it on nmap
to con rm.
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Author: AArti Singh is a Researcher and Technical Writer at Hacking Articles an
Information Security Consultant Social Media Lover and Gadgets. Contact here
Share this:
Like this:
Loading...
RAJ CHANDEL
Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking
Industry. At present other than his name he can also be called as An Ethical Hacker,
A Cyber Security Expert, A Penetration Tester. With years of quality Experience in
IT and software industry
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
← VNC PIVOTING THROUGH TELNET PIVOTING THROUGH
METERPRETER METERPRETER →
Leave a Reply
Your email address will not be published. Required elds are marked *
Comment
Name *
Email *
Website
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD
Save my name, email, and website in this browser for the next time I comment.
POST COMMENT
Create PDF in your applications with the Pdfcrowd HTML to PDF API PDFCROWD