Kali Linux Penetration Testing Bible. Gus Khawaja
Чтение книги онлайн.

Читать онлайн книгу Kali Linux Penetration Testing Bible - Gus Khawaja страница 18

СКАЧАТЬ the password of the root in the /etc/shadow file (you can print the whole thing first so you can visualize the difference of before and after):

       root@kali:/# awk '/root/' /etc/shadow root:$6$uf2Jy/R8HS5Tx$Vw1wHuBV7unq1hImYGTJdNrRwMwRtf0yd/aSH0zOhhdzWofAT5WUSduQTjWj8AbdmT62rLbcs6kP3xwdiLk.:18414:0:99999:7::: root@kali:/# awk -F ':' '/root/{print $2}' /etc/shadow $6$uf2Jy/R8HS5Tx$Vw1wHuBV7unq1hImYGTJdNrRwMwRtf0yd/aSH0zOhhdzWofAT5WUSduQTjWj8AbdmT62rLbcs6kP3xwdiLk.

      We know that the shadow file is using the : delimiter to separate the sections, so we use ‐F ':' to get the job done. Then, we tell the tool to print only the second part of the delimiter {print $2} , which is the hashed password contents.

      Another popular way to extract substrings is the cut command. In the following example, we use the cat command to open the shadow file; then we use the grep command to filter out the root account, and finally, we use the cut command to extract the password:

      There are two common ways to connect remotely to other operating systems. For Windows, it is the Remote Desktop Protocol (RDP), and for Linux, it's the Secure Shell (SSH). In the next sections, I will explain how to use each protocol to connect remotely to an OS (Windows or Linux).

      Remote Desktop Protocol

      RDP is used to connect remotely to a Windows OS. Let's suppose that during your engagement you encountered a remote desktop port 3389 open on a Windows host (e.g., during your port scanning phase). Then, you will need to try to connect to it with some basic credentials (e.g., a username of Administrator and a password of password123). There are many times during your engagements where you want to connect remotely to a Windows system to get the job done (from Kali Linux). In this case, you will need to use the rdesktop command.

      $rdesktop [Windows host IP address] -u [username in windows] -p [password in windows]

Snapshot of Windows Login.

      Secure Shell

      The SSH protocol is a secure connection that allows you to execute commands remotely on a Linux host (in this case, Kali). By default, the SSH is a TCP protocol that works on port 22 by default. There are two ways to connect to a remote SSH server:

       Using a username/password credentials

       Using public/private keys (passwordless)

      SSH with Credentials

      Let's start first with the method that uses the password. By default, all the user accounts except the root account can log in remotely to SSH:

      $ssh username@kaliIP

Snapshot of SSH with MobaXterm on Windows.

      To allow the root user to log in remotely to SSH, you will need to edit the configuration file of SSH under this directory:

      Make sure to add the following line to the SSH configuration file:

      PermitRootLogin Yes

      Now, we can try to connect to our Kali host remotely using the root account (it should work this time after the latest changes):

Snapshot of SSH root Connection.

      Before you start using the SSH service on your Kali Linux, you will need to start the SSH service first. To do this, you will need to execute the following command:

      $service ssh start

      If you want to stop it later, use the following command:

      $service ssh stop

      If you want the SSH server to persist (automatically start) even after you reboot your system, then you will need to execute the following command:

      $systemctl enable ssh

      $service ssh statusSnapshot of SSH Service Status.

      By default, the port number of SSH is 22, and if the remote Linux server has changed to another port, then you will need to specify it in your connection command:

      Passwordless SSH

      Using a public key and a private key, a remote user can log in using SSH. This method is more secure than the password way because no one will be able to use the brute‐force technique to enter your server remotely.

      There is a lot of misconception when it comes to the public/private keys mechanism. In the next steps, I developed an example from scratch so you can visualize how things happen in reality:

      Here's the client machine information:

       OS: Ubuntu Desktop Linux V20

       IP:10.0.0.186

      Here's the Kali Linux SSH Server host information:

       OS: Kali Linux 2020.1

       IP:10.0.0.246

      First, we will generate a public key and a private key on our client host (Ubuntu). СКАЧАТЬ