Time Scheduling on SSH Port

This article is related to network securities which help the network administrator to secure running service on any server through scheduling task.  We are going to schedule task for SSH service in order to add another layer in security in network , in simple word we are going to set timing limit for SSH service on the server .

Cron is a UNIX like computer utility which schedules a command or script on your server to run automatically at a specified time and date. A cron job is the scheduled task itself. 

Service ssh start

Service ssh status

As you can see from given below image the service SSH is running.

We are going to schedule SSH services using crontab, crontab is built in service of linux to schedule task.

User required root permission to open the crontab, now type following command:

Sudo crontab -e

We had open crontab using nano, the given below image shows crontab interface.

Crontab uses the format of “m h dommondow [command]”, Following table will help you in writing schedule for crontab:

Field	value
’m’ stands for minute	0-59
h’ for hour	0-23
‘dom’ for date	1-31
‘mon’ stands for month	1-12
‘dow’ stands for day of week	1-7[1 stands for Monday]
command	the required command to be

Now if we need to schedule a task at 8:00 am on Monday we will write the command as following:

0 8 * * 1 [command]

Now we are going to use crontab to schedule “ssh service”. We are going to schedule ssh service for 3 minutes and get stop after 4 minutes of use when it is activated.

We use the command for scheduling task:

* * * * * sleep 180;/usr/sbin/service ssh start

Above command will schedule the task for only 3 minutes where 180 is equal to 3 minute and to stop this service ssh after that, type given below command where 240 is equal to 4 minute.

* * * * * sleep 240;/usr/sbin/service ssh stop

Let’s check whether above command is working or not.

Wait for service to reboot. Using nmap we scan port 22

nmap  -p 22 127.0.0..1

After scanning you will observe that ssh service is running port 22 is open.

Nmap  -p 22 127.0.0..1

Now if our command is working properly it should stop itself after 4 minutes get finished, we again check using nmap.

The port is now closed at 4^th minute .

Now if I want to schedule a task at a particular time, let’s say I want to schedule my ssh service to start at 5:00 am and close at 5 pm, we use this command:

0 5 * * * /usr/sbin/service ssh start

0 17 * * * /usr/sbin/service ssh stop

This command schedules the ssh service to start every day at 5:00 am and stop the ssh service at 5:00 pm.

Author: Sayantan Bera is a technical writer at hacking articles and cyber security enthusiast.

Beginner Guide to Website Footprinting

In our previous article we have discussed a brief introduction of footprinting for gathering information related to the specific person. As we had discussed that there are so many type of footprinting and today we are going to talk about DNS footprinting, website footprinting and whois footprinting.

Browsing the target Website may Providing

Whos is Details

Software used and version

OS Details

Sub Domains

File Name and File Path

Scripting Platform & CMS Details

Contact Details

Let’s start!!

Whois footprinting

WHOIS (pronounced as the phrase who is) is a query and response protocol and whois footprinting is a method for glance information about ownership of a domain name as following:

·         Domain name details

·         Contact details contain phone no. and email address of owner

·         Registration date for domain name

·         Expire date for domain name

·         Domain name servers

From Wikipedia

Whois Lookup:

It is broadly used in support of querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system, but is also used for a wider range of other information. The protocol stores and delivers database content in a human-readable format.

Browse given URL http://whois.domaintools.com/in browser and type any domain name.

For example: let’s search pentestlab.in

Now you can see it has created a whois record for pentestlab.in where it contains details like: email address,IP, registrant Org. From given record anyone can guess that this domain have some connection to raj chandel. Then attacker needs to perform footprinting on raj chandel taking help from previous article.

There is so many other tools use for whois footprinting for example:

Ø  Caller IP

Ø  Whois Analyzer pro

Ø  Whois lookup multiple address

DNS Footprinting

Attacker performs DNS footprinting in order to enumerate DNS record details and type of servers. There are 10 type of DNS record which provide important information related to target location.

1.      A/AAAA

2.      SVR

3.      NS

4.      TXT

5.      MX

6.      CNAME

7.      SOA

8.      RP

9.      PTR

10.  HINFO

Domain Dossier: it is an online tool use for complete DNS footprinting as well as whois footprinting.

There are so many online tool use for DNS footprinting , using domain dossier we will check for DNS records of penetstlab.in, select the check box for DNS records and traceroute  and then click on go.

You can observe that, the data which we received from whois lookup and from domain dossier is same in some extent. It has given same email ID as above i.e. rrajchandel@gmail.comand moreover details of DNS records TXT, SOA, NS, MX, A and PTR.

DNS Dumpster: it is also an online use for DNS footprinting.

DNSdumpster.com is a FREE domain research tool that can discover hosts related to a domain. Enumerate a domain and pull back up to 40K subdomains, results are available in a XLS for easy reference.

Repeating same process for pentestlab.in, it will search for its DNS record. From given screenshot you can observe we have received same details as above. More it will create a copy as output file in from XLS. 

You get signal: it is also an online tool use for DNS footprinting as well as for Network footprinting

A reverse IP domain check takes a domain name or IP address pointing to a web server and searches for other sites known to be hosted on that same web server. Data is gathered from search engine results, which are not guaranteed to be complete

Hence we get the IP 72.52.229.111 for pentestlab.inmoreover it dumped the name of 14 other domain which are hosted on same web server.

 Website Footprinting

It is technique use for extracting the details related to website as following

1.      Archived description of website

2.      Content management system and framework

3.      Script and platform of the website and webserver

4.      Web crawling  

5.      Extract meta data and contact details from website

6.      Website and web page monitoring and analyzer

Archive.org: It is an online tool use for visiting archived version of any website.

Archive.org has search option as wayback machine which is like a time machine for any website. It contains entire information from past till present scenario of any website either their layout or content everything related to website is present inside. In simple words it contains history of any website.

For example I had search for hackingarticles.in archived record of 2012.

Built With: It is an online tool use for detecting techniques and framework involved inside running website.

BuiltWith.com technology tracking includes widgets, analytics, frameworks, content management systems, advertisers, content delivery networks, web standards and web servers to name some of the technology categories.

 Taking example of hackingarticles.in again we found following things:

·         Content Management system: wordPress

·         Framework: PHP

Whatweb

Whatweb can identify all sorts of information about a live website, like: Platform, CMS platform, Type of Script, Google Analytics, Webserver Platform, and IP address Country. A pentester can use this tool as both a recon tool & vulnerability scanner.

Open the terminal in kali Linux and type following command

Whatweb www.pentestlab.in

As result we receive same information as above

Web crawling

HTTrack is a free and open source Web crawler and offline browser, developed by Xavier Roche

It allows you to download a World Wide Web site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site’s relative link-structure. 

Give target URL for copy the web site as www.pentestlab.in which starts downloading the website.

http://www.hackingarticles.in/5-ways-crawl-website/

Web Data Extractor

Web Data Extractor Pro is a web scraping tool specifically designed for mass-gathering of various data types. It can harvest URLs, phone and fax numbers, email addresses, as well as meta tag information and body text. Special feature of WDE Pro is custom extraction of structured data.

Start new project Type target URL as ignitetechnologies.in and select folder to save the output and click on ok.

Now this tool will extract meta data, email contact no. and etc from inside the target URL.

From given screenshot you can see it found 40 meta tags1 email 84-phone number from ignitetechnologies.in website.

Similarly there other tool use as web data extractor:

 Web spider

 Competitive Intelligence

Website-Watcher is a powerful yet simple website-monitoring tool, perfectly suited to the beginner and advanced user alike.  You can download it fromhere.

Using new tab and enter target URL which start monitoring the target website.

For example I enter URL hackingarticles.in for monitoring this website.

Similarly there are some other tool uses for monitoring:

On web change

Follow that page

Informinder

Beginner Guide to HTML Injection

From W3schools

HTML is the standard Hyper Text Markup Language which use for designing Web pages

·         HTML describes the structure of Web pages using markup.

·         HTML elements are the building blocks of HTML pages.

·         HTML elements are represented by tags.

·         HTML tags label pieces of content such as "heading", "paragraph", "table", and so on.

·         Browsers do not show the HTML tags, but utilize them to submit the content of the page.

HTML Tags

HTML tags are element names surrounded by angle brackets. Their two types of tag starting also known as opening tag and end tag also known as closing tag.

HTML Elements

An HTML element usually consists of a start tag and end tag, with the content inserted in between:

HTML Attributes

Attributes provide additional information about HTML elements. Attributes generally come in form of name/value pairs like: name="value"

Create web page using html

Generally “Notepad” is use for writing HTML code and save the text file with .html/.htm extension for example “test.html” then open the saved file using any web browser.

To create a simple web page type following code inside notepad and save test.html

When you will open test.html in web browser you will see given below image.

HTML injection is the vulnerability inside any website that occurs when the user input is not correctly sanitized and the output is not encoded and attacker is able to inject valid HTML code into a vulnerable web page. There are so many techniques which could be use element and attributes to submit HTML content.

If these methods are provided with an untrusted input, then there is a high risk of XSS, specifically an HTML injection one. If strings are not correctly sanitized the problem could lead to XSS based HTML injection.

This vulnerability can have many consequences, like disclosure of a user's session cookies that could be used to impersonate the victim, or, more generally, it can allow the attacker to modify the page content seen by the victims.

Their two type of html injection as following:

·         Stored HTML

·         Reflected HTML

Stored HTML

A stored HTML also known as Persistence because through this vulnerability the injected malicious script get permanently stored inside the webserver and the application server give out it back to the user when he visits the respective website. Hence when the client will click on payload which appears as an official part of the website, the injected HTML code will get execute by the browser. The most common example is comment option on blogs, which allow the users to POST their comment for administer or other user.

Example:

An example of a web application vulnerable to stored HTML injection which allow users to submit their entry in blog as shown in the screenshot.

Firstly user “raj” had made a normal entry as attacker which is successfully added in web server database.

Enter following html code inside given text area for making HTML attack.  

Above HTML code will generate a payload to create user login page on targeted web page and forward that credential to attacker’s IP.

You can see given below login page look valid to user and get stored inside web server.

Now when victim will open the malicious login page he will receive above web page which looks official to him and he will submit his credential in that page. As he will do so the request will be forward on attacker IP address.

nc -vlp 80

Attacker will receive users credential as response on natcat. From screenshot you can read username=bee & password=bug

Now attacker will use these credential for login.

Reflected HTML

The reflected HTML HTML is also known as Non Persistence is occurs when the web application respond immediately on user’s input without validating the inputs this lead an attacker to injects browser executable code inside the single HTML response. It’s named as “non-persistent” since the malicious script does not get stored inside the web server, therefore attacker will send the malicious link through phishing to trap the user.

The most common applying of this kind of vulnerability is in Search engines in website: the attacker writes some arbitrary HTML code in the search textbox and, if the website is vulnerable, the result page will return the result of these HTML entities.

Example:

Following web page allow user to submit his first and last name but these text field are vulnerable to HTML injection.

Now type following html code in the text field given for first name which create a link for hackingarticles.in when you click on “RAJ”

RAJ

Similarly type following code in given text field for last name:

CHANDEL

Click on Go tab to execute this as first and last name.

From given screenshot you can see it has submitted RAJ CHANDEL and the word “RAJ” contains a link for hackingarticles.in, when you will click on link it will forwarded to hackingarticles.in

How to setup SSH Pentest Lab

Probing through every open port is practically the first step hackers take in order to prepare their attack. And in order to work one is required keep their port open but at the same time they are threatened by the fear of hackers. Therefore, one must learn to secure their ports even if they are open.

In this article we will secure SSH port so that even if it’s open no one will be able to exploit it. First of all let’s install SSH server using following command:

sudo apt-get install openssh-server

Once the server is installed start SSH service by typing :

service ssh start

To confirm the working of SSH, use the following command :

service ssh status

As the service of SSH is started, scan it in your kali’s terminal using nmap:

nmap -sV 192.168.1.17

Scanning will show that on port 22 is open with the service of SSH. Configure this port using PUTTY. For configuration in putty, give the IP address in host name along with port number and then select SSH and then finally click on Open.

Upon connecting, it will ask for password, give the said password and press enter.

How to Secure SSH Connection

Now that SSH has been configured. We can use our first measure of security i.e. port forwarding. In computer>etc>ssh you will find a file with the name of “sshd_config”.

Open this file and wherever it says port 22, change it to port 2222.

This way we have forwarded SSH service from port 22 to port 2222. Let’s check it on nmap to confirm.

nmap -sV 192.168.1.17

SSH Connection using PGP Keys

This way we have applied our first measure of security. Now for our second measure of security download and install PUTTY Key Generator. Open it and click on Generate button on low right side.

This will generate a public and private key. Out of these save the private key.

The private key will be saved as shown in following image. You can rename it at convenience as I have named it ssh login key.

Now open terminal of your server and type:

ssh-keygen

The above command will create a folder named .ssh and then create an empty text file with the name authorized_keys in the said folder.

 Copy the “ssh login key.ppk” file which are created previously into the .ssh folder.

In the terminal, move into .ssh folder and type the following command:

puttygen –L “ssh login key.ppk”

This command will generate a key. Copy this key in the empty file which we created earlier with the authorized_keys.

Then in putty configuration tab, go to data and give Auto-login username

The open SSH>Auth and give the path of SSH login key (private key that was generated). 

And then in session tab give the IP address and port number which is now 2222 due to our first measure of security.

And then click on open. It will open without asking for password as you have configured the key.

But this doesn’t mean it can’t be open using password. And still we are vulnerable to hackers. Therefore we are going to apply third measure of security i.e. to disable password completely. For this, go to computer>etc>sshd_config.

Here, change password authentication from yes (as shown the image above) to no and uncomment (as shown in image below).

 

And now that we have successfully applied three measures of security our port is safe from anyone and everyone. To this port the hacker will require physical access to you hardware which is impossible. And if you want to access SSH from another machine then just configure the same key in that PC too and it have access to it.