BackTrack in your back pocket pps

a good password, changed frequently even better to use certificate authentication for ssh frequent reverts to the “Known Good” snapshot tunnel VNC through SSH changing the default SSH p

BackTrack

in your back pocket

or Accessing a BackTrack server via mobile phone

in some vaguely secure way

The Objective

Set up a Backtrack system that is accessible over the internet from the phone in my pocket What can I say? I like to practice my metasploit syntax while waiting in the doctor's office.

Oh, and I'd also like to do it as cheaply as possible and in some

relatively secure fashion.

a good password, changed frequently (even better to use certificate authentication for ssh)

frequent reverts to the “Known Good” snapshot tunnel VNC through SSH

changing the default SSH port from tcp/22 port knocking in order to gain access

note: sample configuration files will be in the Speaker Notes where appropriate

First, you will need BackTrack

"BackTrack is a Linux security distribution."

"Whether you’re hacking wireless, exploiting servers, performing a web application

assessment, learning, or social-engineering a client, BackTrack is the one-stop-shop for all

of your security needs.

BackTrack is a Linux-based penetration testing arsenal that aids security professionals in the ability to perform assessments in a purely native environment dedicated to hacking." This was all cribbed directly from their website: http://www.backtrack-linux.org

This is also where you can download the latest release Make sure you download the one for VMWare (I know I know It doesn't really matter for you hardcore geeks)

Booting up under VMWare

You can download VMWare Player for free (with registration) from: http://downloads.vmware.com/

Extract the BackTrack files and open up the one with the ".vmx" extension

Login with userid: root / password: toor

No need to start XWindows, but if you really want to, type:

startx

'toor'? Really? You gonna keep that?

The default password is 'toor' Change this immediately with:

passwd

Configure the local firewall

We want to setup the BackTrack firewall to block all but

necessary traffic You will need to decide now which ports you are going to use for port knocking and ssh In this example we will use the following:

port knocking: tcp/1111, tcp/2222, udp/3333

Enable Networking

The BackTrack server is configured for DHCP, but the

interface is disabled by default You can enable it with:

/etc/init.d/networking start

For static IP address you will need to edit:

You can set networking to auto-start on a reboot with:

update-rc.d networking defaults

* sample configuration file in the Speaker notes

Enable and configure SSH

SSH will be your primary access to BackTrack Luckily most of the tools you will use in BackTrack are run from command-line anyway

Edit the config file to change the default SSH port.

Generate your ssh encryption keys (Do not enter passphrases)

ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key

Start the ssh server and set it to auto-start on a reboot

/etc/init.d/ssh start

update-rc.d ssh defaults

* sample configuration file in the Speaker notes Advanced configuration using certificate based authentication is at the end of this presentation

Port Knocking

You can think of port knocking as a "secret knock" used to

remotely open and close the ssh port

Backtrack will start with all ports closed After you send it a

special sequence of packets, the port knock server will issue a command to open the ssh port After you are finished using

ssh, you send it a different sequence to close the port again

We will use knockd as our port knock server

http://www.zeroflux.org/projects/knock

http://www.portknocking.org/

Port Knocking install and configuration

To install knockd:

apt-get install knockd

Edit the config file to set-up the ports you want to use:

vi /etc/knockd.conf

Start knockd in daemon mode:

knockd -d -i eth0

Is this just "security through obscurity"?

* sample configuration file in the Speaker notes

Start VNC

Even though we will rarely use a gui or XWindows, why not have it? At the very least, it looks more impressive when you show off

Start VNC (you will be prompted to set a password):

vncserver

We will access VNC through an SSH tunnel

Take a picture, it'll last longer

Take a VMWare snapshot and call it "Known Good" Every now and again you can restore this snapshot in VMWare and come back to exactly this point in your configuration

VM -> Snapshot -> Take Snapshot

Dynamic DNS

If you don't have a static IP address you will probably want to setup dynamic DNS on host This is a free service that will keep

a hostname always registered to whatever your current, ISP

assigned, IP address You can run the client on any machine behind your router There are many options Here are two:

http://www.dyndns.com/services/dns/dyndns/

http://www.no-ip.com/

Configure the your Internet router

Your internet or wireless router will need to be configured to forward external ports for both SSH and port knocking to the BackTrack system This is usually available in your router administration

Client side

That is it for the server You now have it configured for port

knocking, ssh, vnc and remote access over the internet

Now it's time to configure the client You will need two clients One for port knocking and one for ssh/vnc

My examples will be for the iPhone, but most smart phones will have these types of clients available Links for Android clients are listed later

iPhone:Install and configure KnockOnD

I chose KnockOnD as my port knocking client Mainly because it's free, ad free and it works

http://bluezbox.com/knockond.html

iPhone : Install and configure iSSH

iSSH is not free As of this writing it's about 10$USD But it has benefits that the others do not have Not the least of which is that it allows for tunneling VNC

http://www.zinger-soft.com/iSSH_features.html

Amaze your Friends and Family

Amaze yer friends with your incredible 500P3R L337 H4X0R skills

Flush all iptables rules

/sbin/iptables policy INPUT ACCEPT/sbin/iptables policy OUTPUT ACCEPT/sbin/iptables policy FORWARD ACCEPT/sbin/iptables -F

verify SSH is working without the rules

verify knockd, ssh, vnc are running

ps ax | grep knockd

Advanced: SSH Certificate Authentication Server setup

Change into your local ssh config directory

Advanced: SSH Certificate Authentication Client setup

Copy your public key to an iPhone note.

cat /root/.ssh/id_rsa Sync your iPhone and copy the note to your

iPhone clipboard.

Import (Paste) it to iSSH from

General Settings > Configure SSH Keys

Advanced: Disable Password Authentication

I hope you found this useful The original version of this presentation can be found at:

https://docs.google.com/present/view?id=djjg73z_45k2rdzkzt