Hacking: Tapping into the Matrix: Step by Step Guide on How to Hack, including Tips, Secrets, Steps, and Hidden Traps! (2014)
Chapter 5. Hacking SSH (Secure Shell)
Next, you can try hacking Secure Shell, also known as TCP Port 22. This is generally used to authenticate and encrypt shell lessons. However, most people forget what else it could do—and what makes it amazing to hack! SSH makes it easy to:
1. set up local or per-host configurations;
2. using key-based or powerless log-in;
3. setting up SOCKS proxy for Firefox;
4. accessing remote service—even through firewall;
5. export services through firewall;
6. triggering admin scripts—even through phone;
7. mouting filesystems, and;
8. executing remote script commands
Proper Configuration
Take note that before doing anything else, it’s best that you configure SSH first. You can do this in three different ways, which are:
1. System-wide daemon configuration (/etc/ssh/sshd_config.)
2. System-wide client configuration (/etc/ssh/ssh_config)
3. Per-user configuration system (~/.ssh/config;/)
Also, don’t forget:
1. Set Password Authentication to No so that it would be disallowed.
2. Set Permit Root Login to No, and then go ahead and configure sudo. This will make security even better, or write without-password, and then you can go and find the root.
3. Finally, set Port to SSHD so that it would start running. Always keep this on 22.
Execute Remote Commands
One of the first things you can do with SSH is that you can hack into the system to execute remote commands. Remote commands are those that are not natural to the system, but that you can now use even when you’re on another computer. Here are those commands:
1. $ ssh host df – this makes it easy for you to check disk space
2. $ ssh host command – This helps you run commands on remote systems, even without logging in
3. $ dd if=/dev/dsp | ssh -C user@host dd of=/dev/dsp – Now, just tweak this and enter the commands you need to make sure that you’re able to make SSH do what you want.
Passwordless and Key-Based Authentication
Imagine getting into systems even without passwords! It would make a whole world of difference! With this scripts won’t overcome programs and vice versa.
Here’s how you can set this up:
Type $ ssh-keygen -t dsa or ~/.ssh/id_dsa.pub. to log-in to the client machine.
Then type:
$ cat .ssh/id_dsa.pub | ssh host 'cat >> ~/.ssh/authorized_keys'
This will append the contents of the log-in client, and then you can guard the private key, but make sure not to copy original key over—especially on Linux.
Copying Files
Now type the following:
$ cat file | ssh -e none remote-host 'cat > file'
$ scp .bash_profile john@example.com:~/.bash_profile
The first one works for small files, and the other works for the larger ones. Always use the –C flag if you’re working on larger files, just to make sure that you’ll get all the files that you need. If it doesn’t work right away, replace FTP with SFTP.
Local Port Forwarding
Now, you can make use of secure Port Forwarding by hacking the SSH! This connects servers A and B together, and would keep traffic only on C. Here’s how:
Run A and then type:
A$ ssh C -L localport:B:remoteport
Now type:
B:remoteport, connect to localhost:localport.
This will then connect the two ports together and also help you evade firewall—even on web applications!
This will then give you the command:
# ssh yourserver -L 80:reddit.com:80
Host redditfw
HostName yourserver
LocalForward 80 reddit.com:80
Remote Port Forwarding
Now, it’s time for you to work on the Remote Port.
Go on C and run the following:
C$ ssh B -R remoteport:A:targetport
This way, traffic is kept on C, and A and B could just be connected together.
SSH as File System
You can also make use of SSH as a remote file system. This is usually done on the Mac. Just install:
$ sudo port install sshfs
After doing that, run the command given below and you’re all set:
$ sshfs remote-host: local-mount-directory
Pre-Host SSH Client Configuration
Finally, you can also configure the command per host type. For this, you have to set user and private key on a per-host basis. Try the commands below:
Host my-server.com
User admin
IdentityFile ~/.ssh/admin.id_dsa
BatchMode yes
EscapeChar none
Host mm
User john
HostName might.net
IdentityFile ~/.ssh/john.id_dsa
Host *.lab.ucaprica.edu
User u8193
This will help enable batch mode—and you would never be asked for password or patch again. Open escape sequences are also opened, and subdomains will also be opened for your liking!
PuTTY—or SSH from Windows
You can also hack SSH from Windows itself. This trick is known as puTTY. Here are the various kinds of puTTY files that you should know about:
1. puTTY (SSH and Telnet Client)
2. PSFTP (This is a FTP Client, and makes use of general transfer file sessions)
3. PSCP (SCP Client that secures file copies through command line)
4. puTTYgen (This is a generation authority command)
5. Pageant (This is authentication for all puTTY commands)
6. Plink (command line interface)
7. puTTYtel (Telnet only client)
Now, there are different binaries that you can use for these different commands. For these, here are the keys that you can use:
Help Files
Zip file: putty.zip (or by FTP) (RSA sig) (DSA sig)
Windows Intel on x86
Pageant: pageant.exe (or by FTP) (RSA sig) (DSA sig)
Plink: plink.exe (or by FTP) (RSA sig) (DSA sig)
PSCP: pscp.exe (or by FTP) (RSA sig) (DSA sig)
PSFTP: psftp.exe (or by FTP) (RSA sig) (DSA sig)
PuTTY: putty.exe (or by FTP) (RSA sig) (DSA sig)
PuTTYgen: puttygen.exe (or by FTP) (RSA sig) (DSA sig)
PuTTYtel: puttytel.exe (or by FTP) (RSA sig) (DSA sig)
puTTYtel Installer
Installer: putty-0.65-installer.exe (or by FTP) (RSA sig) (DSA sig)
Take note that all of these can be used for puTTY Utilities on Windows, but if you are going to use the Unix Source Code, you cannot use zip or 7-zip because only .gz or .tar to get the installers you need.
Use:
putty-<version>.tar.gz or putty-0.65.tar.gz
And do not forget the README.TXT file that you’ll be getting from it.
To check if the programs are running, don’t forget to run the following:
MD5: md5sums (signature)
SHA-1: sha1sums (signature)
SHA-256: sha256sums (signature)
SHA-512: sha512sums (signature)
That’s it. You’re now able to hack SSH in various ways!