How to create ssh tunnels and access locally any remotely hosted services

Wassup y’all,

I want to start off by saying that this is my very first time writing an article of any sort. Thanks to Rosen for letting me write as a guest on his awesome website. Anyhow, I hope you find the information below useful and practical as much as I have. Enjoy!

SSH tunnels

Several months ago, I quit Tech Support and started working as a Sys Admin for a storage company (still learning, there’s a looong way to go…). I knew about the power of SSH before, but on several occasions, I found out that creating SSH tunnels can be super useful and it gives you the freedom to quickly access devices from anywhere you want.
In my particular situation, I have a Raspberry Pi 3 sitting at home, up and running all the time, which I use for pretty much anything that I want to experiment with, whenever I get the chance… That last part is key: I want to be able to access the little gadget whenever I feel like it, and not be restricted by my location or the computer I’m accessing it from.

After I set up proper port forwarding in my home router (check the web if you don’t know how to do that yet, it’s very useful), I had to SSH to my external IP address and the specific port, which would in turn forward that to port 22 on my Raspberry Pi, allowing me to type my password at the prompt. Pretty basic procedure but I wasn’t really happy with the fact that I have to specify and address, a port, and type a password. I wanted to create some sort of an alias which would include all that information. I wanted the process to be as automated as possible, and after quite some time digging around on the web, here are the possible solutions that I found:

Simple SSH with an SSH key

You can always use sshpass and use the -p flag to give the password in the command itself, but this is not very safe, as anybody with access can check the CLI history or the current SSH session process (ps aux | grep ssh) and see the password.

Continue reading “How to create ssh tunnels and access locally any remotely hosted services”

Linux Mint website got HACKED!

Beware of hacked ISOs if you downloaded Linux Mint on February 20th! Or at least what they (from Mint) say.

What happened?

Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.

Does this affect you?

As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition.

If you downloaded another release or another edition, this does not affect you. If you downloaded via torrents or via a direct HTTP link, this doesn’t affect you either.

Finally, the situation happened today, so it should only impact people who downloaded this edition on February 20th.

How to check if your ISO is compromised?

If you still have the ISO file, check its MD5 signature with the command “md5sum yourfile.iso” (where yourfile.iso is the name of the ISO).

The valid signatures are below:

6e7f7e03500747c6c3bfece2c9c8394f linuxmint-17.3-cinnamon-32bit.iso
e71a2aad8b58605e906dbea444dc4983 linuxmint-17.3-cinnamon-64bit.iso
30fef1aa1134c5f3778c77c4417f7238 linuxmint-17.3-cinnamon-nocodecs-32bit.iso
3406350a87c201cdca0927b1bc7c2ccd linuxmint-17.3-cinnamon-nocodecs-64bit.iso
df38af96e99726bb0a1ef3e5cd47563d linuxmint-17.3-cinnamon-oem-64bit.iso

If you still have the burnt DVD or USB stick, boot a computer or a virtual machine offline (turn off your router if in doubt) with it and let it load the live session.

Once in the live session, if there is a file in /var/lib/man.cy, then this is an infected ISO.

What to do if you are affected?

Delete the ISO. If you burnt it to DVD, trash the disc. If you burnt it to USB, format the stick.

If you installed this ISO on a computer:

Put the computer offline.
Backup your personal data, if any.
Reinstall the OS or format the partition.
Change your passwords for sensitive websites (for your email in particular).

Is everything back to normal now?

Not yet. They took the server down while fixing the issue.

Who did that?

The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com.

Both lead to Sofia, Bulgaria, and the name of 3 people over there.

 

So as you can see, Bulgarian hackers did this. Not so proud right now 🙂 If my people are gonna hack something, there are tons of websites that need to be removed. But Linux Mint .. come on 🙂

 

EDIT: infected backdoor file exposed on GitHub. Malicious Linux Mint iso file can be searched: find / -iname man.cy

[Quicks]How to hack RDP max sessions allowed

Hello, friends!

I have found a new workaround in order to walk through the annoying message:

1

Basically, you have to hack your own configuration if you don’t want to change your settings on the terminal server.

If using RDP 6 client or above:
mstsc /v IPADDRESS /admin
If using older than RDP 6:
mstsc /v IPADDRESS /console

With this command you can open one extra session. But if administrator is logged you cannot kick him our. This is valid only for regular users.

Open CMD/PowerShell:

net use \\server

2

or

net use /user:[username] \\server\share

Now we are executing commands for the server name/IP we have just enter info about.

Then:

query session /server:servername

With this command you will review all active sessions. You have to choose which user/administrator to kick out of the server in order to take his place inside. Once you did this, enter the following command:

reset session [ID] /server:servername

Other possible commands for session reset:

qwinstra /server:servername
rwinsta session [ID] /server:servername

 

“The Mentor” hacker’s manifesto (by Phrack magazine)

==Phrack Inc.==

                    Volume One, Issue 7, Phile 3 of 10

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
The following was written shortly after my arrest...

                       \/\The Conscience of a Hacker/\/

                                      by

                               +++The Mentor+++

                          Written on January 8, 1986
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

        Another one got caught today, it's all over the papers.  "Teenager
Arrested in Computer Crime Scandal", "Hacker Arrested after Bank Tampering"...
        Damn kids.  They're all alike.

        But did you, in your three-piece psychology and 1950's technobrain,
ever take a look behind the eyes of the hacker?  Did you ever wonder what
made him tick, what forces shaped him, what may have molded him?
        I am a hacker, enter my world...
        Mine is a world that begins with school... I'm smarter than most of
the other kids, this crap they teach us bores me...
        Damn underachiever.  They're all alike.

        I'm in junior high or high school.  I've listened to teachers explain
for the fifteenth time how to reduce a fraction.  I understand it.  "No, Ms.
Smith, I didn't show my work.  I did it in my head..."
        Damn kid.  Probably copied it.  They're all alike.

        I made a discovery today.  I found a computer.  Wait a second, this is
cool.  It does what I want it to.  If it makes a mistake, it's because I
screwed it up.  Not because it doesn't like me...
                Or feels threatened by me...
                Or thinks I'm a smart ass...
                Or doesn't like teaching and shouldn't be here...
        Damn kid.  All he does is play games.  They're all alike.

        And then it happened... a door opened to a world... rushing through
the phone line like heroin through an addict's veins, an electronic pulse is
sent out, a refuge from the day-to-day incompetencies is sought... a board is
found.
        "This is it... this is where I belong..."
        I know everyone here... even if I've never met them, never talked to
them, may never hear from them again... I know you all...
        Damn kid.  Tying up the phone line again.  They're all alike...

        You bet your ass we're all alike... we've been spoon-fed baby food at
school when we hungered for steak... the bits of meat that you did let slip
through were pre-chewed and tasteless.  We've been dominated by sadists, or
ignored by the apathetic.  The few that had something to teach found us will-
ing pupils, but those few are like drops of water in the desert.

        This is our world now... the world of the electron and the switch, the
beauty of the baud.  We make use of a service already existing without paying
for what could be dirt-cheap if it wasn't run by profiteering gluttons, and
you call us criminals.  We explore... and you call us criminals.  We seek
after knowledge... and you call us criminals.  We exist without skin color,
without nationality, without religious bias... and you call us criminals.
You build atomic bombs, you wage wars, you murder, cheat, and lie to us
and try to make us believe it's for our own good, yet we're the criminals.

        Yes, I am a criminal.  My crime is that of curiosity.  My crime is
that of judging people by what they say and think, not what they look like.
My crime is that of outsmarting you, something that you will never forgive me
for.

        I am a hacker, and this is my manifesto.  You may stop this individual,
but you can't stop us all... after all, we're all alike.

                               +++The Mentor+++

Sex, Drugs, and .. CODE! The story of GREEN HATS

This article is something different. It’s not the typical cybercrime. This is next level hacking activity. Just .. read 🙂

The article is not mine, unfortunately. You will find the source on the bottom of this page. Now, ENJOY 🙂

 

They’d been high all weekend long — on Ecstasy, coke, mushrooms and acid — so there seemed little harm in doing one last bump of Special K while they packed up to leave their $5,000-a-night duplex in South Beach. For the past three days, the three friends had barely bothered leaving their hotel, as a dozen club kids in town for Winter Music Conference, the annual festival that draws DJs and ravers from all over the world, flocked to their luxury suite to partake of the drug smorgasbord laid out on the coffee table. But even stoned on industrial-grade horse tranquilizers, Albert Gonzalez remained focused on business — checking his laptop constantly, keeping tabs on the rogue operators he employed in Turkey and Latvia and China, pushing, haranguing, issuing orders into his cellphone in a steady voice. “Let’s see if this Russian asshole has what I need,” he’d say calmly. Then he would help himself to glass plates of powder, each thoughtfully cut into letters for easy identification: “E” for Ecstasy, “C” for coke.

Albert’s two friends were in no shape to think about work. Stephen Watt, a freakishly tall bodybuilder, was planted on the big leather sofa, immobile as the hotel suite’s potted palm. Only 23, Watt was the group’s coding genius, who until recently had been employed in the IT department at Morgan Stanley, the giant Wall Street investment bank. Patrick Toey, 22, Albert’s most loyal foot soldier, was lazing around the suite, staring at the Miami seascape through the two-story picture windows, letting his thoughts drift.

“Listen, I need you to do this now,” Albert was saying in a firm voice as he set his laptop on the desk in the master bedroom upstairs. For weeks, he had been badgering Stephen, known in hacker circles as the “Unix Terrorist,” to refine a crucial bit of code for him. They were in the midst of pulling off the biggest cybercrime ever perpetrated: hacking into the databases of some 250 companies — including Barnes & Noble, OfficeMax, 7-Eleven, Boston Market, Sports Authority and DSW — and stealing 170 million credit-card numbers. But unless Albert could get Stephen to focus, the whole thing was in danger of falling apart.

“Now that I’ve got you here, I need you to do it, or it’s never gonna happen,” Albert urged. The whites of his brown eyes had gone veiny from the K, but he was still the ringleader, still in control. Continue reading “Sex, Drugs, and .. CODE! The story of GREEN HATS”

Firewall enterprise architecture v1

Nowadays understanding the data control from/to internal-external traffic is pretty much compulsary. Today I will try to explain this as detailed as I can. First of all how one enterprise traffic architecture looks like?
ASD

So .. we have external server/data center connected to a router which is leading to the internal servers/data center.

arrows

The arrows show that the traffic flow is passing freely (you can zoom the pictures by clicking on them). This is why we need to secure and to filter the incoming traffic. Usually the outcome is not a problem, let’s say never. But the real threat is the income.

The best practise in my opinion is putting two firewalls – internal and external + DMZ. The drama is where to put the DMZ? In this case we will design our topology with INTERNAL DMZ. Reasons why I choose this:

 

  • traffic from the external and untrusted source passes through two firewalls thus meeting the intention of dual firewalls.
  • traffic to the internal network is always more complicated, and has more flows. Consider all of the administration traffic to the servers in the DMZ. Therefore, passing internal traffic through a single firewall reduces the cost of ownership by reducing the numbers rules needed in the firewalls.
  • its easier to understand. Because all external flows pass through the external firewalls, it is consistent with operational troubleshooting.

 

Here is the diagram:
intfire

 

 

This is only one way for protecting an enterprise network. Later we will review DMZ bridge, external firewall DMZ, DMZ between the firewalls and so on. I will try to explain all the cases but I must note that for me this is the best practise.

 

Securing the network v2

First let’s start with a diagram of possible IO threats.

 

threats

 

Securing a network involves protocols, technologies, devices, tools, and techniques to secure data and mitigate threats. Many external network security threats today are spread over the Internet. The most common external threats to networks include:

  • Viruses, worms, and Trojan horses – malicious software and arbitrary code running on a user device
  • Spyware and adware – software installed on a user device that secretly collects information about the user
  • Zero-day attacks, also called zero-hour attacks – an attack that occurs on the first day that a vulnerability becomes known
  • Hacker attacks – an attack by a knowledgeable person to user devices or network resources
  • Denial of service attacks – attacks designed to slow or crash applications and processes on a network device
  • Data interception and theft – an attack to capture private information from an organization’s network
  • Identity theft – an attack to steal the login credentials of a user in order to access private data 

    It is equally important to consider internal threats. There have been many studies that show that the most common data breaches happen because of internal users of the network. This can be attributed to lost or stolen devices, accidental misuse by employees, and in the business environment, even malicious employees. With the evolving BYOD strategies, corporate data is much more vulnerable. Therefore, when developing a security policy, it is important to address both external and internal security threats.

So .. What are the security solutions to all these threats?

No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution. If one security component fails to identify and protect the network, others still stand.

A home network security implementation is usually rather basic. It is generally implemented on the connecting host devices, as well as at the point of connection to the Internet, and can even rely on contracted services from the ISP.

In contrast the network security implementation for a corporate network usually consists of many components built into the network to monitor and filter traffic. Ideally, all components work together, which minimizes maintenance and improves security.

Network security components for a home or small office network should include, at a minimum:

  • Antivirus and antispyware – to protect user devices from malicious software
  • Firewall filtering – to block unauthorized access to the network. This may include a host-based firewall system that is implemented to prevent unauthorized access to the host device, or a basic filtering service on the home router to prevent unauthorized access from the outside world into the network.

In addition to the above, larger networks and corporate networks often have other security requirements:

  • Dedicated firewall systems – to provide more advanced firewall capability that can filter large amounts of traffic with more granularity
  • Access control lists (ACL) – to further filter access and traffic forwarding
  • Intrusion prevention systems (IPS) – to identify fast-spreading threats, such as zero-day or zero-hour attacks
  • Virtual private networks (VPN) – to provide secure access to remote workersSo let’s summarize ..Networks must be reliable. This means the network must be fault tolerant, scalable, provide quality of service, and ensure security of the information and resources on the network. Network security is an integral part of computer networking, regardless of whether the network is limited to a home environment with a single connection to the Internet, or as large as a corporation with thousands of users. No single solution can protect the network from the variety of threats that exist. For this reason, security should be implemented in multiple layers, using more than one security solution.

    The network infrastructure can vary greatly in terms of size, number of users, and number and types of services that are supported on it. The network infrastructure must grow and adjust to support the way the network is used. The routing and switching platform is the foundation of any network infrastructure.

Securing the network v1

The Internet has evolved from a tightly controlled internetwork of educational and government organizations to a widely accessible means for transmission of business and personal communications. As a result, the security requirements of the network have changed. The network infrastructure, services, and the data contained on network attached devices are crucial personal and business assets. Compromising the integrity of these assets could have serious consequences, such as:

  • Network outages that prevent communications and transactions from occurring, with consequent loss of business
  • Intellectual property (research ideas, patents, or designs) that is stolen and used by a competitor
  • Personal or private information that is compromised or made public without the users consent
  • Misdirection and loss of personal or business funds
  • Loss of important data that takes a significant labor to replace, or is irreplaceable
  • There are two types of network security concerns that must be addressed: network infrastructure security and information security.

Securing a network infrastructure includes the physical securing of devices that provide network connectivity, and preventing unauthorized access to the management software that resides on them.

Information security refers to protecting the information contained within the packets being transmitted over the network and the information stored on network attached devices. Security measures taken in a network should:

  • Prevent unauthorized disclosure
  • Prevent theft of information
  • Prevent unauthorized modification of information
  • Prevent Denial of Service (DoS)

In order to achieve the goals of network security, there are three primary requirements:

  • Ensuring confidentiality – Data confidentiality means that only the intended and authorized recipients – individuals, processes, or devices – can access and read data. This is accomplished by having a strong system for user authentication, enforcing passwords that are difficult to guess, and requiring users to change them frequently. Encrypting data, so that only the intended recipient can read it, is also part of confidentiality.
  • Maintaining communication integrity – Data integrity means having the assurance that the information has not been altered in transmission, from origin to destination. Data integrity can be compromised when information has been corrupted – willfully or accidentally. Data integrity is made possible by requiring validation of the sender as well as using mechanisms to validate that the packet has not changed during transmission.
  • Ensuring availability – Availability means having the assurance of timely and reliable access to data services for authorized users. Network firewall devices, along with desktop and server antivirus software can ensure system reliability and the robustness to detect, repel, and cope with such attacks. Building fully redundant network infrastructures, with few single points of failure, can reduce the impact of these threats.

    In the v2 article we will review the most used cyber attacks and how to defense our network and computer.