If we are going to penetrate victim computers (in the test lab) and establish communication to and from those clients so that we may execute commands and transfer files we will need some network services like SSH and FTP.
SSH or secure shell allows you to open a secure terminal connection to a remote host, or simply to login to a remote computer in order to execute commands. This is done through a client server model where a SSH client connects to a SSH server. This type of connection is typically used to securely exchange encrypted data with a remote host, with the data being commands but can even be files using SFTP and SCP which utilize the SSH protocol. SSH was developed to replace non secure remote connection protocols like rlogin, telnet and rsh. SSH typically runs on port 22. SSH should be installed by default in BackTrack.
Manual pages on SSH and the SSHDaemon
Generate the secure keys for the host service
Start the SSH server using the scripts in the init.d directory
Check to see if SSH is listening on Port 22
Since you are now running an SSH server, you could download PuTTY to your Windows client and SSH into your BackTrack machine. Try this, was it successful? If not, where might the block be? Are you VPN’d? Are there any firewalls on the client or on an intermediary network device?
Stop the SSH server using the scripts in the init.d directory
If you want instructions on how to install SSHD in Ubuntu go here.
Apache webserver is the most widely used webserver on the internet. From a network penetration perspective a webserver could be used an exploitation tool serving up malicious files and scripts that will execute against a victims browser and computer. It could also be used as a way of transferring files to a victim machine once access has already been accomplished. Webservers by their very public nature are great way for a hacker getting information or reconnaissance about a company or target. Apache webserver is usually run on port 80.
Start the Apache2 server using the scripts in the init.d directory
Verify if Apache is listening on Port 80
Your server’s accessible web directory is located in /var/www/ and is where you would put your webpages.
If you want instructions on how to install HTTPD Apache in Ubuntu go here.
FTP or file transfer protocol is a protocol that allows you to transfer files to and from a remote machine. BackTrack has pure-FTPd installed by default. FTP operates on port 21 and transfers files on port 20.
The steps to setting up pure-FTPd:
Installation (pure-ftpd is installed by default in BackTrack but in case you are using another Linux distribution)
#apt-get install pure-ftpd
#yum install pure-ftpd
Configuration to add a FTP user and setup an FTP directory
#useradd -g ftpgroup -d /dev/null -s /etc ftpuser
#pure-pw useradd <your ftp username> -u ftpuser -d /home/ftp/pub/<your ftp username>
You will be prompted to input a password twice
#ln -s ../conf/PureDB 60pdb
#mkdir /home/ftp/pub/<your ftp username>
#chown -R ftpuser:ftpgroup /home/ftp/pub/<your ftp username>
Test you install of Pure-FTPd by FTPing to your loopback ip address
key in your <ftp username>
key in your <ftp password>