In this example we will look how to create ssh tunnel to by pass firewall restriction. We will look into forwarding ssh and rdp traffic on different ports.
Tunnelling is very much like port forwarding. UDP and TCP port is created that forwards traffic to another machine. The huge advantage of using this technique is that traffic will be completely encrypted.
1. We have home Linux based system with IP address 192.168.8.10 located on our home private network.
2. We have linux based jump box in the office with public ip address 10.10.1.1 – connection may be NATed via firewall to private IP.
3. We have 2 servers that we will use as examples for creating tunnel for Remote Desktop RDP to Windows server(192.168.0.11) and ssh connection for Linux system(192.168.0.10)
Making ssh connection via port 5555 to internal network
ssh -L 5555:192.168.0.10:22 email@example.com
ssh localhost -p 5555
Making RDP connection via port 5556 to internal network
ssh -L 5556:192.168.0.11:3389 firstname.lastname@example.org
DNS is extremely important service running on the network. In the example below we will spoof DNS server and provide victim with face record to redirect to our own web server. In our case web server will be running on the same system from which attacks will be lunched but this does not have to be the case. In some cases when victim’s system points for DNS resolution to external DNS – outside firewall, attack may not work as expected.
Before looking into different methods of determining what type of firewall victim is running. Lets take a look at different firewall configurations and type of firewalls.
Man in the middle attack for SSL connection
During this type of attack two parties are communicating with one another and hacker inserts itself into the conversation and attempts to alter or eavesdrop on the conversation. The attacker has to be able to sniff traffic between the two parties. We will look at performing man in the middle attack using utility called SSLStrip. We are using kali linux distribution as it already comes with all necessary tools installed.
During password cracking you try to obtain password for know user to get access to system. Lets look at some examples of good and bad password and also some techniques that can be used for attacking password.
Only use numbers
Only use letters
All in upper or lower cases
Use dictionary words
Fewer then eight characters
Good practice for creating password
Do not use passwords that contain only letters, special characters and numbers
Do not use passwords that contain only numbers
Do not use passwords that contain only special characters
Do not use passwords that contain only letters and numbers
Do not use passwords that contain only letters
Do not use passwords that contain only letters and special characters
Do not use passwords that contain only special characters and numbers
Following this guidelines minimizes the threat but not eliminates it. To enhance your security you can move to 2 factor authentication using smartcards, RSA tokent or other mechanisms.
Password Attack Types
Dictionary Attacks – program uses dictionary file that contains words to try to find match and crack the password
Nontechnical Attacks – this is non technical attacks that uses techniques like shoulder surfing , dumpster diving and so on
Offline Attacks – attacks against places where passwords stored. Network attacks ,rainbow attacks
Active Online Attacks – password guessing, hash injection, phishing and so on. Very effective against week passwords
Passive Online Attacks – uses sniffing with wireshark for example.
Rule-Based Attack – assumes that user created a password using information attacker has some knowledge of.
Syllable Attack – combination of brute force and dictionary attack
Hybrid Attack – modified password attack
Brute-Force Attack – attack where different character combinations are tried until password is guessed