Kali Linux Penetration Testing Bible. Gus Khawaja
Чтение книги онлайн.

Читать онлайн книгу Kali Linux Penetration Testing Bible - Gus Khawaja страница 19

СКАЧАТЬ goal is to perform the following steps:

      1 Generate a private key ( /home/[username]/.ssh/id_rsa ) on the client machine because it's the one that can decrypt the public key. If someone steals your public key, they can't hack into the remote host since they don't have the private key file.

      2 Generate a public key ( /home/[username]/.ssh/id_rsa.pub ) on the client machine. We need to send a copy of the public key to the server. After that, the server will store the client's public key in a file called authorized_keys .

      $ssh-keygen -t rsa -b 4096

      The previous command used two arguments:

       ‐t rsa : The t stands for the type of the key to generate. RSA is the most common one, but you have other options as well ( dsa , ecdsa , ecdsa‐sk , ed25519 , ed25519‐sk , and rsa ).

       ‐b 4096 : The b option specifies the number of bits in the key to create. In our case (RSA key), the minimum size is 1,024 bits, and the default is 3,072 bits.

      Take note that while performing the earlier steps, we've been asked to enter a passphrase. This password will be used to add more security when you log in remotely to SSH.

Snapshot of SSH Key Generation.

      gus@ubuntu:~/.ssh$ ls -la total 16 drwx------ 2 gus gus 4096 Oct 1 10:03 . drwxr-xr-x 15 gus gus 4096 Oct 1 09:57 .. -rw------- 1 gus gus 3369 Oct 1 10:03 id_rsa -rw-r--r-- 1 gus gus 736 Oct 1 10:03 id_rsa.pub

      Now we're ready to send a copy of the public key file id_rsa.pub to the Kali host machine. You can send it in multiple ways (e.g., by e‐mail, SFTP, SCP, etc.)

      There is an easy, secure method using the SSH client package that comes with the SSH tool:

      $ssh-copy-id username_on_kalihost@kaliIP

      In the following example, we will use the root username and password (also, you will be asked for the password of this account) to copy the public key file:

      Now, let's verify that the authorized key has really been added on the Kali host machine:

      root@kali:~/.ssh# cat authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNfvP6zEnKn55pY5hN8N34myD1XwwhS9JisvcR0qtXzM2957h9xeQMVVrUASA/xdwRObUak7wARZl+FY3pby5k+askzIgPIfqvU0lZJEpBtjobk6SdBha122pR3a72+Vh7f9hdgGQoqXeF3pyXfYOhFEJZ0s0SCFGc/MfI38pBrXCgzHXS28QxzpZnIg3/IwAcBIjbPYnszWSDqHplSFMpETPbHvPwUMU3RDGpvSgoscfyWchXzb97lViSk/zD2TbN2eSbm8k8txxIIZHq7LrAYHB8smvlFEHK6CNvIU+HU0NvvcwXmXviSCGcMAsNxzvEzEJf4U6RDhzbL85Id43VghhDYp1I7/D4euxPfs+Xt/qj6qaL4T66+KvfML3loCRg9zBo0z6sZbOGOUu6iMYguVW/lTqC+Hui/SZUV9Zt3Z2/c/hC8r8+9/SsauWXtFNC4mRTLKyeEluIdLe9USgxwtHB3uD7BgYNaC1hbgXsGdM1CoDrQS4TOLMaiq4gpIZE80dKFJTw3+EbIIj7SEPTKC6BmWZluOfYjkHDJ19qLKEGWuWqfwp6U9CW+i4f5cLoMFssafqs/uSw/u0FA6jt+ykMZ7jvbYJhHmOa4dOGrOd9PyGw8/MM2qVo2VrATvk12oIQWZwdFA8Fj1oKaGK1pFcngR+At10jL2y1mI4fJw== gus@ubuntu

      Next, I will edit the SSH config file ( /etc/ssh/sshd_config ) again on Kali to allow only public key authentication:

      PubkeyAuthentication yes PasswordAuthentication no

      TIP

       To make sure that the changes are well propagated, it's better to restart the SSH server on Kali using this command:

       $service ssh restart

      It's time to test the SSH connection and see if it works remotely:

      gus@ubuntu:~/.ssh$ ssh [email protected] Linux kali 5.5.0-kali1-amd64 #1 SMP Debian 5.5.13-2kali1 (2020-04-03) x86_64 The programs included with the Kali GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Kali GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Thu Oct 1 12:04:15 2020 from 10.0.0.222 root@kali:~#

Snapshot of Kali System Management Commands.

      Figure 1.14 Kali System Management Commands

      Linux Host Information

      To display the hostname of Kali Linux, you simply execute the hostname command in your terminal window:

      $hostname root@kali:/# hostname kali

      What if you want to change your Kali hostname? Then you will need to edit its configuration file /etc/hostname (enter the desired computer name and don't forget to save and reboot your host).

      Linux OS Information

      Knowing the OS information for a Linux host is crucial for privilege escalation. That's how you will know if the version used is vulnerable to privilege escalation (we will talk more about this topic in Chapter 10).

      To display the operating system information of a Linux OS (which is Kali Linux in our case), I use the uname command, and along with it I display the contents of the /etc/issue configuration file:

      $uname -a $cat /etc/issue root@kali:/# uname -a Linux kali 5.6.0-kali2-amd64 #1 SMP Debian 5.6.14-2kali1 (2020-06-10) x86_64 GNU/Linux root@kali:/# cat /etc/issue Kali GNU/Linux Rolling \n \l

      Linux Hardware Information

      From time to time, you will probably use special commands related to your PC or VM hardware.

      To get the CPU information of your Linux host, you need to open /proc/cpuinfo :