Kali Linux Penetration Testing Bible. Gus Khawaja
Читать онлайн книгу.
target="_blank" rel="nofollow" href="#ulink_f0187e71-9497-58a4-9192-2d0bd05cafab">Figure 1.13 SSH Key Generation
Let's check out the folder where these files were saved on the client's host machine ( /home/gus/.ssh/ ):
gus@ubuntu:~/.ssh$ ls -la total 16 drwx------ 2 gus gus 4096 Oct 1 10:03 . drwxr-xr-x 15 gus gus 4096 Oct 1 09:57 .. -rw------- 1 gus gus 3369 Oct 1 10:03 id_rsa -rw-r--r-- 1 gus gus 736 Oct 1 10:03 id_rsa.pub
Now we're ready to send a copy of the public key file id_rsa.pub to the Kali host machine. You can send it in multiple ways (e.g., by e‐mail, SFTP, SCP, etc.)
There is an easy, secure method using the SSH client package that comes with the SSH tool:
$ssh-copy-id username_on_kalihost@kaliIP
In the following example, we will use the root username and password (also, you will be asked for the password of this account) to copy the public key file:
gus@ubuntu:~/.ssh$ ssh-copy-id [email protected] The authenticity of host '10.0.0.246 (10.0.0.246)' can't be established. ECDSA key fingerprint is SHA256:TA8zjlhAspZEc/3WZjyWRQBxzPfwJXE2X98JsMGnz6U. Are you sure you want to continue connecting (yes/no/[fingerprint])? yes /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
Now, let's verify that the authorized key has really been added on the Kali host machine:
root@kali:~/.ssh# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNfvP6zEnKn55pY5hN8N34myD1XwwhS9JisvcR0qtXzM2957h9xeQMVVrUASA/xdwRObUak7wARZl+FY3pby5k+askzIgPIfqvU0lZJEpBtjobk6SdBha122pR3a72+Vh7f9hdgGQoqXeF3pyXfYOhFEJZ0s0SCFGc/MfI38pBrXCgzHXS28QxzpZnIg3/IwAcBIjbPYnszWSDqHplSFMpETPbHvPwUMU3RDGpvSgoscfyWchXzb97lViSk/zD2TbN2eSbm8k8txxIIZHq7LrAYHB8smvlFEHK6CNvIU+HU0NvvcwXmXviSCGcMAsNxzvEzEJf4U6RDhzbL85Id43VghhDYp1I7/D4euxPfs+Xt/qj6qaL4T66+KvfML3loCRg9zBo0z6sZbOGOUu6iMYguVW/lTqC+Hui/SZUV9Zt3Z2/c/hC8r8+9/SsauWXtFNC4mRTLKyeEluIdLe9USgxwtHB3uD7BgYNaC1hbgXsGdM1CoDrQS4TOLMaiq4gpIZE80dKFJTw3+EbIIj7SEPTKC6BmWZluOfYjkHDJ19qLKEGWuWqfwp6U9CW+i4f5cLoMFssafqs/uSw/u0FA6jt+ykMZ7jvbYJhHmOa4dOGrOd9PyGw8/MM2qVo2VrATvk12oIQWZwdFA8Fj1oKaGK1pFcngR+At10jL2y1mI4fJw== gus@ubuntu
Next, I will edit the SSH config file ( /etc/ssh/sshd_config ) again on Kali to allow only public key authentication:
PubkeyAuthentication yes PasswordAuthentication no
TIP
To make sure that the changes are well propagated, it's better to restart the SSH server on Kali using this command:
$service ssh restart
It's time to test the SSH connection and see if it works remotely:
gus@ubuntu:~/.ssh$ ssh [email protected] Linux kali 5.5.0-kali1-amd64 #1 SMP Debian 5.5.13-2kali1 (2020-04-03) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Oct 1 12:04:15 2020 from 10.0.0.222 root@kali:~#
Kali Linux System Management
Since you will be using Kali Linux as a penetration testing arsenal, then you must know how to handle its system, including how to start an Apache web server or check its status. The examples are endless. Don't worry, we will cover the most common scenarios that you'll encounter as a penetration tester later.
Figure 1.14 Kali System Management Commands
Linux Host Information
To display the hostname of Kali Linux, you simply execute the hostname command in your terminal window:
$hostname root@kali:/# hostname kali
What if you want to change your Kali hostname? Then you will need to edit its configuration file /etc/hostname (enter the desired computer name and don't forget to save and reboot your host).
Linux OS Information
Knowing the OS information for a Linux host is crucial for privilege escalation. That's how you will know if the version used is vulnerable to privilege escalation (we will talk more about this topic in Chapter 10).
To display the operating system information of a Linux OS (which is Kali Linux in our case), I use the uname command, and along with it I display the contents of the /etc/issue configuration file:
$uname -a $cat /etc/issue root@kali:/# uname -a Linux kali 5.6.0-kali2-amd64 #1 SMP Debian 5.6.14-2kali1 (2020-06-10) x86_64 GNU/Linux root@kali:/# cat /etc/issue Kali GNU/Linux Rolling \n \l
Linux Hardware Information
From time to time, you will probably use special commands related to your PC or VM hardware.
To get the CPU information of your Linux host, you need to open /proc/cpuinfo :
root@kali:/# cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 158 model name : Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz stepping : 10 microcode : 0xd6 cpu MHz : 3192.001 cache size : 12288 KB […]
To get the RAM information of your Kali host, then you will need to open the configuration file /proc/meminfo :
root@kali:/# cat /proc/meminfo MemTotal: 8676820 kB MemFree: 6183876 kB MemAvailable: 7781928 kB Buffers: 55444 kB Cached: 1739668 kB SwapCached: 0 kB […]
To display the attached devices (e.g., disk drives, partitions, etc.), then you have a choice of two commands: either fdisk (which displays more information) or lsblk :
$fdisk -l root@kali:/# fdisk -l Disk /dev/sda: 80 GiB, 85899345920 bytes, 167772160 sectors Disk model: VMware Virtual S Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x4a6f3195 Device Boot Start End Sectors Size Id Type /dev/sda1 * 2048 163579903 163577856 78G 83 Linux /dev/sda2 163581950 167770111 4188162 2G 5 Extended /dev/sda5 163581952 167770111 4188160 2G 82 Linux swap / Solaris $lsblk root@kali:/# lsblk NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT sda 8:0 0 80G 0 disk ⌙sda1 8:1 0 78G 0 part / ⌙sda2 8:2 0 1K 0 part ⌙sda5 8:5 0 2G 0 part [SWAP] sr0 11:0 1 1024M 0 rom
To display the list of USB devices (e.g., mouse, keyboard, USB stick, etc.), then you have to execute the lsusb command:
$lsusb root@kali:/# lsusb Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Bus 002 Device 004: ID 0e0f:0008 VMware, Inc. VMware Virtual USB Mouse Bus 002 Device 003: ID 0e0f:0002 VMware, Inc. Virtual USB Hub Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
To display all the mounted directories into the file system, then you will need to execute the mount command:
$mount root@kali:/# mount sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) udev on /dev type devtmpfs (rw,nosuid,noexec,relatime,size=4308020k,nr_inodes=1077005,mode=755) […]
Managing Running Services
Services are servers