Understanding the True Security Posture of the Network Environment being Tested

0
83
4 min read

(For more resources on Open Source, see here.)

Getting files to and from victim machines

Getting root on a remote machine can be interesting and is definitely a major step in the right direction (and depending on your scope and the purpose of the test, could be the only step necessary). If your task is not complete, then you will need to find methods of transferring data to and from your victim machines. There are several tools that will assist in this task; here are a few that may make your life easier in the long run.

Installing and starting a TFTP server on BackTrack 5

TFTP can be very handy at times. Many systems will already have a TFTP client installed and using this protocol is quick and easy.

# apt-get install atftpd

Be sure that your BackTrack machine is Internet enabled during the installation. To familiarize yourself with the atftpd server type atftpd at the command prompt without any additional input.

Starting TFTP as a standalone daemon pointing to /tmp on the standard port and bound to IP address 192.168.75.12 can be accomplished by typing:

# atftpd --daemon --port 69 --bind-address 192.168.75.12 /tmp

You can check to see if the daemon started correctly by invoking netstat and grepping for 69.

# netstat -anu |grep 69

If everything started correctly you should see something similar to:

udp        0      0 192.168.75.12:69        0.0.0.0:*

Installing and confguring pure-ftpd

If your version of Backtrack does not have pure-ftpd installed it may be added by using the apt-get install pure-ftpd command. For full functionality of pure-ftpd you will need to add users and perform other minor confguration changes prior to use.

# echo /etc/pure-ftpd/pureftpd.pdb > PureDB

Adds /etc/pure-ftpd/pureftpd.pdb to the PureDB confguration fle:

# ln -s /etc/pure-ftpd/conf/PureDB /etc/pure-ftpd/auth/50pure

Creates a symbolic link to the 50pure fle:

# groupadd -g 7777 ftpz

Adds a group to the BackTrack guest machine:

# useradd -u 7777 -s /bin/false -d /dev/null -c "pureFTP" -g ftpz Testerz

Create folders that will be used:

# mkdir /var/ftp /var/ftp/public /var/ftp/public/ftplogin

Modify the ownership:

# chown -R Testerz:ftpz /var/ftp/public/ftplogin

Adds the account to the system:

# pure-pw useradd ftplogin -u Testerz -d /var/ftp/public/ftplogin Password: password Enter it again: password

Sets up a virtual account that can be used with FTP connections:

# pure-pw mkdb

Reloads the database:

# pure-pw show ftplogin

Performs a quick lookup in the Pure-FTP database to let us know the user statistics.

Login              : ftplogin Password           : $1$/NF5jAg0$I0oRJKViA5NYs455Afelr1 UID                : 7777 (Testerz) GID                : 7777 (ftpz) Directory          : /var/ftp/public/./ Full name          :  Download bandwidth : 0 Kb (unlimited) Upload   bandwidth : 0 Kb (unlimited) Max files          : 0 (unlimited) Max size           : 0 Mb (unlimited) Allowed local  IPs : Denied  local  IPs :  Allowed client IPs :  Denied  client IPs :  Time restrictions  : 0000-0000 (unlimited) Max sim sessions   : 0 (unlimited)

Starting pure-ftpd

The following command will start pure-ftpd:

#/etc/init.d/pure-ftpd start

You will be presented with the following output:

Starting ftp server: Running: /usr/sbin/pure-ftpd -l pam -8 UTF-8 -E  -u 1000 -O clf:/var/log/pure-ftpd/transfer.log -B

This server can be tested by connecting to localhost:

# ftp 127.0.0.1

The output should be similar to the following:

Connected to 192.168.75.12. 220---------- Welcome to Pure-FTPd [privsep] [TLS] ---------- 220-You are user number 1 of 50 allowed. 220-Local time is now 17:02. Server port: 21. 220-IPv6 connections are also welcome on this server. 220 You will be disconnected after 15 minutes of inactivity. Name (192.168.75.12:root): ftplogin 331 User ftplogin OK. Password required Password: 230-User ftplogin has group access to:  7777       230 OK. Current directory is / Remote system type is UNIX. Using binary mode to transfer fles. ftp>

Production versus a controlled test lab environment: Consider setting up a dedicated user account and appropriate security measures on your production BackTrack instance. Make certain to provide FTP accounts with the necessary permissions to write files otherwise; expect to receive errors when making these attempts from victim machines.

LEAVE A REPLY

Please enter your comment!
Please enter your name here