System Hacking

How to create ssh tunnel to by pass firewall

September 27, 2017 System Hacking

In this example we will look how to create ssh tunnel to by pass firewall restriction. We will look into forwarding ssh and rdp traffic on different ports.
Tunnelling is very much like port forwarding. UDP and TCP port is created that forwards traffic to another machine. The huge advantage of using this technique is that traffic will be completely encrypted.

Assumptions
1. We have home Linux based system with IP address 192.168.8.10 located on our home private network.
2. We have linux based jump box in the office with public ip address 10.10.1.1 – connection may be NATed via firewall to private IP.
3. We have 2 servers that we will use as examples for creating tunnel for Remote Desktop RDP to Windows server(192.168.0.11) and ssh connection for Linux system(192.168.0.10)
Making ssh connection via port 5555 to internal network

ssh -L 5555:192.168.0.10:22 root@10.10.1.1

ssh localhost -p 5555

Making RDP connection via port 5556 to internal network

ssh -L 5556:192.168.0.11:3389 root@10.10.1.1

rdesktop localhost:5556

Spoofing DNS

December 8, 2016 System Hacking

DNS is extremely important service running on the network. In the example below we will spoof DNS server and provide victim with face record to redirect to our own web server. In our case web server will be running on the same system from which attacks will be lunched but this does not have to be the case. In some cases when victim’s system points for DNS resolution to external DNS – outside firewall, attack may not work as expected.
(more…)

Determining type of firewall

November 22, 2016 System Hacking

Before looking into different methods of determining what type of firewall victim is running. Lets take a look at different firewall configurations and type of firewalls.
(more…)

Man-in-the-Middle Attack

October 26, 2016 System Hacking

Man in the middle attack for SSL connection
During this type of attack two parties are communicating with one another and hacker inserts itself into the conversation and attempts to alter or eavesdrop on the conversation. The attacker has to be able to sniff traffic between the two parties. We will look at performing man in the middle attack using utility called SSLStrip. We are using kali linux distribution as it already comes with all necessary tools installed.
(more…)

Password Cracking Linux

October 17, 2016 System Hacking

During password cracking you try to obtain password for know user to get access to system. Lets look at some examples of good and bad password and also some techniques that can be used for attacking password.
Bad passwords
Only use numbers
Only use letters
All in upper or lower cases
Use names
Use dictionary words
Fewer then eight characters

Good practice for creating password

Do not use passwords that contain only letters, special characters and numbers
Do not use passwords that contain only numbers
Do not use passwords that contain only special characters
Do not use passwords that contain only letters and numbers
Do not use passwords that contain only letters
Do not use passwords that contain only letters and special characters
Do not use passwords that contain only special characters and numbers

Following this guidelines minimizes the threat but not eliminates it. To enhance your security you can move to 2 factor authentication using smartcards, RSA tokent or other mechanisms.

Password Attack Types
Dictionary Attacks – program uses dictionary file that contains words to try to find match and crack the password
Nontechnical Attacks – this is non technical attacks that uses techniques like shoulder surfing , dumpster diving and so on
Offline Attacks – attacks against places where passwords stored. Network attacks ,rainbow attacks
Active Online Attacks – password guessing, hash injection, phishing and so on. Very effective against week passwords
Passive Online Attacks – uses sniffing with wireshark for example.
Rule-Based Attack – assumes that user created a password using information attacker has some knowledge of.
Syllable Attack – combination of brute force and dictionary attack
Hybrid Attack – modified password attack
Brute-Force Attack – attack where different character combinations are tried until password is guessed