SSH Archives - Code, InfoSec and Server Stuff

This post will show you how to setup the Kali Linux distro to perform penetration testing of your systems

I have a number of guides on moving hasting away form CPanel, Setting up VM’s on AWS, Vultr or Digital Ocean along with installing and managing WordPress from the command line. Securing your systems is very important (don’t stop) and keep learning (securing ubuntu in the cloud, securing checklist, run a Lynis system audit etc)

snip from: https://www.kali.org/about-us/

“Kali Linux is an open source project that is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services. In addition to Kali Linux, Offensive Security also maintains the Exploit Database and the free online course, Metasploit Unleashed.”

Download Kali

I downloaded the torrent version (as the HTTP version kept stopping (even on 50/20 NBN).

After the download finished I checked the SHA sum to verify it’a integrity

cd /Users/username/Downloads/kali-linux-2018.1-amd64
shasum -a 256 ./kali-linux-2018.1-amd64.iso 
ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317  ./kali-linux-2018.1-amd64.iso

cd /Users/username/Downloads/kali-linux-2018.1-amd64

shasum -a 256 ./kali-linux-2018.1-amd64.iso

ed88466834ceeba65f426235ec191fb3580f71d50364ac5131daec1bf976b317 ./kali-linux-2018.1-amd64.iso

A least it matched the known (or hacked) hash here.

Installing Parallels in a VM on OSX

I use Parallels 11 on OSX to set up a VM os Demina Kali, you can use VirtualBox, VMWare etc.

Hardware: 2x CPU, 2048MB Ram, 32MB Graphics, 64GB Disk.

I selected Graphical Install (English, Australia, American English, host: kali, network: hyrule, New South Wales, Partition: Guided – entire disk, Default, Default, Default, Continue, Yes, Network Mirror: Yes, No Proxy, Installed GRUB bootloader on VM HD.

Post Install

Install Parallel Tools

Official Guide: https://kb.parallels.com/en/123968

I opened the VM then selected the Actions then Install Parallels Tools, this mounted /media/cdrom/, I copied all contents to /temp/

As recommended by the Parallels instal bash script I updated headers.

apt install linux-headers-4.14.0-kali1-amd64

1	apt install linux-headers-4.14.0-kali1-amd64

Then the following from https://kb.parallels.com/en/123968

apt-get clean
apt-get update
apt-get upgrade -y
apt-get dist-upgrade -y
apt-get install dkms kpartx printer-driver-postscript-hp

apt-get clean

apt-get update

apt-get upgrade -y

apt-get dist-upgrade -y

apt-get install dkms kpartx printer-driver-postscript-hp

Parallels will not install, I think I need to upgrade to parallel 12 or 12 as the printer driver detection is not detecting (even though it is installed).

Installing Google Chrome

I used the video below

I have to run chrome with

/usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir &

1	/usr/bin/gogole-chrome-stable %U --no-sandbox --user-data=dir &

It works.

Running your first remote vulnerability scan in Kali

I found this video useful in helping me scan and check my systems for exploits

Simple exploit search in Armitage (metasploit)

A quick scan of my server revealed three ports open and (22, 80 and 443). Port 80 redirects to 443 and port 22 is firewalled. I have WordPress and exploits I rued failed to work thanks to patching (always stay ahead of patching and updating of software and the OS.

Without knowing what I was doing I was able to check my WordPress against known exploits.

If you open the Check Exploits menu at the end of the Attacks menu you can do a bulk exploit check.

WP Scan

Kali also comes with a WordPress scanner

wpscan --url https://fearby.com

1	wpscan --url https://fearby.com

This will try and output everything from your web server and WordPress plugins.

/xmlrpc.php was found and I was advised to deny access to that file in NGINX. xmlrpc.php is ok but can be used in denial of service attacks.

location = /xmlrpc.php {
	deny all;
	access_log off;
	log_not_found off;
}

location = /xmlrpc.php {

deny all;

access_log off;

log_not_found off;

}

I had a hit for a vulnerability in a Youtube Embed plugin but I had a patched version.

TIP: Check your WordPress often.

More to come (Draft Post).

OWASP scanner
WPSCAN
Ethical Hacker modules
Cybrary training
Sent tips to @FearbySoftware

Tips

Don’t have unwanted ports open, securely installed software, Use unattended security updates in Ubuntu, update WordPress frequently and limit plugins and also consider running more verbose audit tools like Lynis.

More Reading

Read my OWASP Zap guide on application testing and Cloudflare guide.

I hope this guide helps someone.

Ask a question or recommend an article

Revision History

v1.2 added More Reading links.

v1.1 Added bulk exploit check.

v1.0 Initial post

Below is the way I connect to a remote server via SSH keys generated on OSX.

Setting up a server

When you set up an Ubuntu server on Vultr (read my guide on setting up a Vultr server for as low as $2.5 a month) or Digital Ocean (use this link to get two months free when you setup an Ubuntu server on digital ocean) you can specify an SSH key to use for remote connections during the server create stage (old guide here).

How to create an SSH key on OSX to use to connect to a remote server

Run the following command (“sudo ssh-keygen -t rsa“) to generate an ssh key paid in “~/.ssh/” on OSX.

cd ~/.ssh/
sudo ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/var/root/.ssh/id_rsa): test.rsa            
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in test.rsa.
Your public key has been saved in test.rsa.pub.
The key fingerprint is:
SHA256:sJtlhWremoved2IUp8 user@192.168.0.1
The key's randomart image is (edited):
+---[RSA 2048]----+
|    .   +o=+.    |
|   . o + =.o..   |
|  . . + o *o+ .  |
|   .   E B +.=   |
|      o S = +.   |
|       O o..+ o  |
|   * . .o * .    |
|   o  ..*        |
|   ..+..         |
+----[SHA256]-----+

cd ~/.ssh/

sudo ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/var/root/.ssh/id_rsa): test.rsa

Enter passphrase (empty for no passphrase):

Enter same passphrase again:

Your identification has been saved in test.rsa.

Your public key has been saved in test.rsa.pub.

The key fingerprint is:

SHA256:sJtlhWremoved2IUp8 user@192.168.0.1

The key's randomart image is (edited):

+---[RSA 2048]----+

| . +o=+. |

| . o + =.o.. |

| . . + o *o+ . |

| . E B +.= |

| o S = +. |

| O o..+ o |

| * . .o * . |

| o ..* |

| ..+.. |

+----[SHA256]-----+

TIP: It is a good idea to also generate a passphrase to use with the key (double protection). You will be prompted to enter this password to use the RSA key.

You can now see the generated keys in ~/.ssh/

ls test* -al
total 224
drwxr-xr-x+ 29 username  staff   928 26 Nov 17:07 .
drwxr-xr-x@ 89 username  staff  2848 25 Nov 19:03 ..
...
-rw-------   1 username   staff  1766 26 Nov 17:07 test.rsa
-rw-r--r--   1 username   staff   412 26 Nov 17:07 test.rsa.pub
...

ls test* -al

total 224

drwxr-xr-x+ 29 username staff 928 26 Nov 17:07 .

drwxr-xr-x@ 89 username staff 2848 25 Nov 19:03 ..

...

-rw------- 1 username staff 1766 26 Nov 17:07 test.rsa

-rw-r--r-- 1 username staff 412 26 Nov 17:07 test.rsa.pub

...

You can view the contents of the public file (you can use this when generating Digital Ocean, Vultr, AWS or Azure or other cloud servers).

fyi: Replace 123.123.123.123 with your remote serves ip.

sudo cat /~.ssh/test.rsa.pub
ssh-rsa AAAAB3NzaC...removed...1RL5hCG0lUn 123.123.123.123

1 2	sudo cat /~.ssh/test.rsa.pub ssh-rsa AAAAB3NzaC...removed...1RL5hCG0lUn 123.123.123.123

How to connect to a server (the old way).

As long as your host added the desired public ssh key file contents to the server (adding the public ssh key contents to “~/.ssh/authorized_keys” you will be able to connect to the server.

Run the following command on OSX command line to connect to the server via SSH.

sudo ssh -i ~/.ssh/test.rsa remoteuser@123.123.123.123

1	sudo ssh -i ~/.ssh/test.rsa remoteuser@123.123.123.123

You should see..

Enter passphrase for key '/Users/username/.ssh/test.rsa': 
> PASSPHRASECREATEDEARLIER
Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.

Last login: Sun Nov 26 08:47:20 2017 from 123.123.123.123

remoteuser@yourserver:~# ls -al
total 32
drwx------  5 remoteuser remoteuser 4096 Nov 25 12:07 .
drwxr-xr-x 24 remoteuser remoteuser 4096 Nov 25 12:15 ..
-rw-------  1 remoteuser remoteuser 1813 Nov 26 08:57 .bash_history
-rw-r--r--  1 remoteuser remoteuser 3106 Oct 22  2015 .bashrc
...

Enter passphrase for key '/Users/username/.ssh/test.rsa':

> PASSPHRASECREATEDEARLIER

Welcome to Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-101-generic x86_64)

* Documentation: https://help.ubuntu.com

* Management: https://landscape.canonical.com

* Support: https://ubuntu.com/advantage

Get cloud support with Ubuntu Advantage Cloud Guest:

http://www.ubuntu.com/business/services/cloud

0 packages can be updated.

0 updates are security updates.

Last login: Sun Nov 26 08:47:20 2017 from 123.123.123.123

remoteuser@yourserver:~# ls -al

total 32

drwx------ 5 remoteuser remoteuser 4096 Nov 25 12:07 .

drwxr-xr-x 24 remoteuser remoteuser 4096 Nov 25 12:15 ..

-rw------- 1 remoteuser remoteuser 1813 Nov 26 08:57 .bash_history

-rw-r--r-- 1 remoteuser remoteuser 3106 Oct 22 2015 .bashrc

...

Congratulations, you should now be able to connect to your server via SSH.

Securing your ubuntu Server

Read my guides here, here and here.

Don’t forget to add a firewall and set up an SSL certificate.

How to connect to a server (faster way).

todo: ~/.ssh/config method

Now we can connect to your remote server with the shorter method.

todo: ~/.ssh/config method

Donate and make this blog better

Ask a question or recommend an article

Revision History

v1.0 Initial Post

etc

Personal Development Blog

Coding for fun since 1996, Learn by doing and sharing.

Create your own server on UpCloud here

Follow me on Twitter: @FearbySoftware

View My Old Hobby /blog/

View All Posts.

SSH

Setting up the Debian Kali Linux distro to perform penetration testing of your systems

Connect to a remote server with ssh keys generated on OSX

Popular

Security

Code

Tech

Wordpress

General

SSH

Footer