IPTables:
sudo apt-get install iptables
- show iptables rules:
sudo iptables -L -n -v
-L = list its rules
-n = numerical
-v = verbose
- INPUT, OUTPUT and FORWARD speak for themselves.
- in our example we will block port 4545 with netcat!
First rule is to block anything coming from a remote IP address:
sudo iptables -A INPUT -s 10.1.1.15 -j DROP
- A = the rule is appended
- s = source IP address
- j = action type
We can block based on port numbers:
sudo iptables -R INPUT 1 -s 10.1.1.15 -p tcp --dport 4545 -j DROP
-R = replaces the existing command 1
with the rule to block port 4545
Let's clean the rules above with the -D command:
sudo iptables -D INPUT 1
- it deleted INPUT rule 1!
The normal configuration for a firewall is to allow all outgoing traffic and block all incoming, except for the protocols we know that we want.
Let's configure iptables to do that!
- the rule here is to allow port 4545 from a certain IP, but drop every other IP address!
sudo iptables -A OUTPUT -j ACCEPT
//this accepts all outgoing connections
sudo iptables -A INPUT -s 10.1.1.3 -p tcp --dport 22 -j ACCEPT
//this allows us to use the ssh port to connect from the -s source IP address.
sudo iptables -A INPUT -s 10.1.1.15 -p tcp --dport 4545 -j ACCEPT
//this allow the source IP address 10.1.1.15 to connect on the local machine on port 4545
sudo iptables -A INPUT -p tcp -j DROP
//drops all other incoming connection requests
NMap:
nmap -sn 10.1.1.10-51
//we do a ping sweep to detect live machines
sudo nmap -sn 10.1.1.0/26
//to scan a subnet of /26
sudo nmap -PS 10.1.1.51
//nmap is checking the most common 2200 services on the remote IP.
sudo nmap -p22 -sV 10.1.1.51
//checking port 22 on remote IP
We can now check in the link below for any vulnerabilities:
https://nvd.nist.gov/vuln/search
sudo nmap -sU -P0 -F 10.1.1.51
//-P0 = assumes the remote IP is online and doesn't need host discovery
//-F = fast scan of limited number of ports
//-sU = list all UDP ports
sudo nmap -sSU -p U:53,111,137,T:21-25,80,139,8080 10.1.1.51
//this scans for UDP and TCP ports specified, on the remote IP
//-sSU = means UDP and TCP
//the U: = UDP and T: = TCP ports
sudo nmap -PS -O 10.1.1.3
//-O = to check the operating system of the remote IP
//-PS = TCP port scan option
Netcat
//to send text or to test communication
nc -lp 4545
nc 10.1.1.51 4545
//use it for file transfer
sudo nano testfile.txt
Type something inside.
Local:
nc -lp 4545 > incoming.txt
Remote:
nc -w3 10.1.1.51 4545 < testfile.txt
Connect to a web server:
nc -v google.com 80
GET index.html
nc -v ftp.kernel.org
user anonymous
pass test@test.org
or we can create a text file with all the login settings above, such as:
user anonymous
pass test@test.org
help
quit
//now we can send it:
nc -v ftp.kernel.org 21 < ftpsession.txt
Quick honeypot
mkdir honeyport
touch honeypot/25.log
sudo chmod 777 honeyport/25.log
//create a banner which is a bash script
sudo nano honeypi.sh
#####################
#!/bin/bash
PORT = $1
DIR = "/home/pi/honeypot"
while:
do
echo "" >> $DIR/$PORT.log;
sudo nc -v -n -lp $PORT < $DIR/$PORT.txt 1>> $DIR/$PORT.log 2>> $DIR/$PORT.log
echo $(date) >> $DIR/$PORT.log;
sleep 2
done
#####################
sudo chmod 555 honeypi.sh
./honeypi.sh 25
- go to the remote IP and try to connect in
nmap -sV -p25 10.1.1.51
- we can now take a look at the log to see any connection attempts!
Learn Nessus!
Create a folder!
Create a Policy, under Policies, and select from the 12 policies available!
Choose a username/password that has access on the remote computers!
Click the policy you create and find the Advanced Mode new options now available!
You are interested to check the Plugins!
Go to Scans, choose New Scans, give it a name, choose the folder name you created!, the target IPs and click Launch!
Wait for the scan...
Once finished, you can choose Export to export the results, in HTML format!
Remember that you can also setup Schedules to automate the scans for you!
Networking Basics
Application Layer HTTP, FTP, DNS
Transport Layer TCP, UDP
Internet Layer IP
Physical Layer Ethernet, ATM, DECnet
Learn WireShark!
Tuesday, February 8, 2022
Lynda Practical CyberSecurity notes
