Professional Documents
Culture Documents
20 Points
A computer running BackTrack 4 R2, with Internet access. This can be either a real or virtual machine. I know it works on older Linux versions too, such as BackTrack 4 R 2 8.04. A second computer on the same LAN running any version of Windows. In S214, the simplest way to do this is to use Win 7 as the host operating system, and BackTrack 4 R2 in a virtual machine on the Win 7 host. Log in with the user name root and a password of toor Start the GUI with startx Click the black Terminal icon to open a Terminal window. In the Terminal window, type this command, and then press the Enter key: /etc/init.d/networking start In the Terminal window, type this command, and then press the Enter key: ping google.com Make sure you get replies, then stop the pinging with Ctrl+C. If you don't get replies, you need to troubleshoot your networking. You need iptables for this port knocking technique. It's included in BackTrack 4 R 2 by default. In your BackTrack machine, in the Terminal window, type this command, and then press the Enter key: iptables -L This will show the current iptables firewall rules, as shown to the right on this page. There are no rules now. This allows all trafficthe firewall is running, but not blocking anything. On your BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: ifconfig Your IP address should appear in the eth0 line, as shown to the right on this page. Write your eth0 IP address in the box shown to the BackTrack 4 R 2 IP: right on this page. __________________
9.
11. 12.
Page 1 of 11
Project 10: Port Knocking on BackTrack Linux Starting SSH on the BackTrack 4 R 2 Machine
13. 14.
20 Points
15.
16.
SSH is a secure way to connect remotely to your BackTrack 4 R 2 machine. And we'll make it even more secure by adding port knocking to it. On your BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: sshd-generate This creates a public/private keypair to uniquely identify your BackTrack machine. On your BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: /etc/init.d/ssh start This starts ssh listening on port 22. On your BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: netstat -an | grep 22 You should tcp listening on 0.0.0.0:22, as shown below on this page. You won't see tcp6 listening also unless your BackTrack machine is connected via IPv6 also.
18.
19.
20. 21.
Page 2 of 11
20 Points
In the Zenmap window, in the Target: box, enter the BackTrack 4 R 2 machine's IP address. Click the Scan button. You should see port 22/tcp open, as shown below on this page. You may have other ports open too, depending on what services you are running.
27.
Page 3 of 11
20 Points
29.
30.
In the "Connect to Remote Host" box, put your BackTrack 4 R 2 machine's IP address in the "Host Name" box. In the "User Name" box, enter root, as shown to the right on this page. Click Connect. In the "Host Identification" box, click Yes. The fingerprint shown here gives you protection from a man-in-the-middle attack, but we aren't worrying about that right now. In the Password box, enter toor and click OK.
Page 4 of 11
20 Points
36.
37. 38.
This rule will allow the machine to act as a client, like the Windows firewalltraffic initiated by the machine will be allowed. Of course, this won't make any immediate difference because right now all traffic is allowed anyway.
Page 5 of 11
Project 10: Port Knocking on BackTrack Linux Configuring the iptables Firewall to Block All Other Traffic
39.
20 Points
40.
On the BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: iptables -A INPUT -j DROP This rule will cause all traffic to be dropped, except the traffic that was allowed by the previous rule. In the Terminal window, type this command, and then press the Enter key: iptables -L You should see two rules, one beginning with ACCEPT, followed by one beginning with DROP, as shown below on this page.
Page 6 of 11
20 Points
Page 7 of 11
Project 10: Port Knocking on BackTrack Linux Opening a SSH Session from the Windows Machine
45. 46. 47.
20 Points
48.
On the Windows machine, click Start, "All Programs", "SSH Secure Shell", "Secure Shell Client". In the "- default SSH Secure Shell" window, click the "Quick Connect" button. In the "Connect to Remote Host" box, put your BackTrack 4 R 2 machine's IP address in the "Host Name" box. In the "User Name" box, enter root Click Connect. After a pause of 30 seconds or so, a "Connection Failure" box appears, as shown to the right on this page. The firewall is not allowing SSH to connect, because all connections originating from the outside are denied. On the BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: apt-get install knockd It should download and install from the BackTrack 4 R 2 archives. When the installation is complete, you will see this message: "Not starting knockd. To enable it edit /etc/default/knockd".
Installing knockd
49.
Page 8 of 11
Project 10: Port Knocking on BackTrack Linux Customizing the knockd Configuration File
50.
20 Points
51.
52.
53.
On the BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: nano /etc/knockd.conf The file opens in the nano file editor, as shown below on this page. The portion we are most interested in is the [OpenSSH] section. For right now, leave the sequence as it is, but change the seq_timeout to 50. That will give us plenty of time to complete the port knocking50 seconds. You also need to change the command in the [OpenSSH] section to this (thanks to Artem for pointing this out to me): command = /sbin/iptables I INPUT 1 s %IP% -p tcp --dport 22 j ACCEPT Your knockd.conf file should now look like the example below.
54.
Press Ctrl+X. Respond to the "Save modified buffer" message by pressing Y. Respond to the "File Name to write" message by pressing the Enter key. On the BackTrack 4 R 2 machine, in the Terminal window, type this command, and then press the Enter key: knockd There will be no response, and no $ prompt. knockd is runningjust leave the Terminal window open.
Starting knockd
55.
Page 9 of 11
Project 10: Port Knocking on BackTrack Linux Showing the knockd Log
56. 57.
20 Points
On the BackTrack 4 R 2 machine, in the Terminal window, click Session, "New Shell". This opens a second tab with a second Terminal session. In the new Terminal session type this command, and then press the Enter key: tail f /var/log/knockd.log This will show the knockd log file, continuously updated, as shown below on this page.
59. 60.
61.
62. 63.
64. 65.
On the Windows machine, in the Zenmap window, enter this line into the Command: field: nmap p8000 -PN -sS --max-retries 0 192.168.11.11 Replace the IP address at the end of the command with the IP address of your BackTrack 4 R 2 machine. Click the Scan button. This will send a SYN packet to port 8000 on the BackTrack 4 R 2 machine. On the Windows machine, in the Zenmap window, enter this line into the Command: field: nmap p9000 -PN -sS --max-retries 0 192.168.11.11 Replace the IP address at the end of the command with the IP address of your BackTrack 4 R 2 machine. Click the Scan button. This will send a SYN packet to port 9000 on the BackTrack 4 R 2 machine. Look at your BackTrack 4 R 2 machine. You should see that all three stages of knocking are complete, and that the iptables command has been run to open the port, as shown below on this page.
20 Points
On the Windows machine, click Start, "All Programs", "SSH Secure Shell", "Secure Shell Client". If you see an error message saying a directory could not be opened for a configuration file, just close it. That always happens the first time you use this program. In the "- default SSH Secure Shell" window, click the "Quick Connect" button. In the "Connect to Remote Host" box, put your BackTrack 4 R 2 machine's IP address in the "Host Name" box. In the "User Name" box, enter root. Click Connect. In the Password box, enter toor and click OK. You should connect successfully, and see the banner "SSH Secure Shell", ending with a # prompt. The knocking opened the port! On the Windows machine, widen the SSH Secure Shell window, so that longer lines are visible. in the SSH Secure Shell window, after the $ prompt, type this command, and then press the Enter key: ps aux | grep knockd You should see a knockd process, as shown below on this page.
73.
Page 11 of 11