Run Services (SSH, FTPD, HTTPD)

Introduction

If we are going to penetrate victim computers (in the test lab) and establish communication to and from those clients so that we may execute commands and transfer files we will need some network services like SSH and FTP.

SSH 

SSH or secure shell allows you to open a secure terminal connection to a remote host, or simply to login to a remote computer in order to execute commands. This is done through a client server model where a SSH client connects to a SSH server. This type of connection is typically used to securely exchange encrypted data with a remote host, with the data being commands but can even be files using SFTP and SCP which utilize the SSH protocol. SSH was developed to replace non secure remote connection protocols like rlogin, telnet and rsh. SSH typically runs on port 22. SSH should be installed by default in BackTrack.

Manual pages on SSH and the SSHDaemon
   #man ssh
#man sshd

Generate the secure keys for the host service
#sshd-generate
or
#ssh-keygen

Start the SSH server using the scripts in the init.d directory
#/etc/init.d/ssh start

Check to see if SSH is listening on Port 22
#netstat -antp

Since you are now running an SSH server, you could download PuTTY to your Windows client and SSH into your BackTrack machine. Try this, was it successful? If not, where might the block be? Are you VPN’d? Are there any firewalls on the client or on an intermediary network device?

Stop the SSH server using the scripts in the init.d directory
#/etc/init.d/ssh stop

If you want instructions on how to install SSHD in Ubuntu go here.

HTTPD (Apache)

Apache webserver is the most widely used webserver on the internet. From a network penetration perspective a webserver could be used an exploitation tool serving up malicious files and scripts that will execute against a victims browser and computer. It could also be used as a way of transferring files to a victim machine once access has already been accomplished. Webservers by their very public nature are great way for a hacker getting information or reconnaissance about a company or target. Apache webserver is usually run on port 80.

Start the Apache2 server using the scripts in the init.d directory
#/etc/init.d/apache2 start

Verify if Apache is listening on Port 80
#netstat -antp

Your server’s accessible web directory is located in /var/www/ and is where you would put your webpages.

If you want instructions on how to install HTTPD Apache in Ubuntu go here.

FTPD

FTP or file transfer protocol is a protocol that allows you to transfer files to and from a remote machine. BackTrack has pure-FTPd installed by default. FTP operates on port 21 and transfers files on port 20.

The steps to setting up pure-FTPd:

Installation (pure-ftpd is installed by default in BackTrack but in case you are using another Linux distribution)
  #apt-get install pure-ftpd
#yum install pure-ftpd

Configuration to add a FTP user and setup an FTP directory
#groupadd ftpgroup
#useradd -g ftpgroup -d /dev/null -s /etc ftpuser
#pure-pw useradd <your ftp username> -u ftpuser -d /home/ftp/pub/<your ftp username>
You will be prompted to input a password twice
#pure-pw mkdb
#cd /etc/pure-ftpd/auth
#ln -s ../conf/PureDB 60pdb
#mkdir /home/ftp
#mkdir /home/ftp/pub
#mkdir /home/ftp/pub/<your ftp username>
#chown -R ftpuser:ftpgroup /home/ftp/pub/<your ftp username>
#/etc/init.d/pure-ftpd restart

Test you install of Pure-FTPd by FTPing to your loopback ip address
#ftp 127.0.0.1
key in your <ftp username>
key in your <ftp password>

Author: Dan

Dan teaches computer networking and security classes at Central Oregon Community College.

Leave a Reply

Your email address will not be published. Required fields are marked *