Here I am again with day 3 of my journey towards OSCP. Documenting everything each day isn’t convenient, but got to keep the promise to myself. Anyways, today I’ll cover the primary Kali Linux services, which we’ll be using most of the time later on while doing some real-world penetration tests.
Apache HTTP Service
Let’s start with the service we’ll often use during penetration tests, the “apache HTTP service“. That is mostly used as a platform for downloading files to the victim machine. With the apache HTTP service, we can host our web server locally without any hassle, but a single command. The “apache HTTP service” is TCP-based and listens by default on port 80.
First, let’s find out our private IPv4 address from the command line by running “ifconfig“, same as “ipconfig” in Windows. Let’s copy and paste it to the web browser, after redirecting to it make sure it says http:// and not https:// followed by your IPv4 address.
You should see a message saying “Unable to connect“, which means nothing is running now, let’s bring up our apache webserver with “sudo systemctl start apache2“.
By default, Kali doesn’t show output on the terminal. Now refresh the page on your web browser, and there you have a locally running web server. The alternative command is “sudo service apache2 start“. We can also specify a different port, but more on it later.
┌──(kali㉿kali)-[~] └─$ sudo systemctl start apache2 #refresh your page now
┌──(kali㉿kali)-[~] └─$ sudo systemctl stop apache2 #refresh your page again
We can also verify that the HTTP service is running and listening on TCP port 80 with the “ss” & “grep” commands, the older command being “netstat“, “ss” works much faster and shows more information. The default command shows which ports are open and what they’re connected to.
Let’s type “sudo ss -antlp | grep apache“. However, I still like using the “netstat” command because sometimes I find it more human-readable. We basically run the command and pipe the output using the ” | ” symbol into grep to search the output for “apache“. More on grep and piping on Day 6.
Another useful command to check the status of the service is “service apache2 status“.
┌──(kali㉿kali)-[~] └─$ sudo netstat -antlp | grep apache tcp6 0 0 :::80 :::* LISTEN 63762/apache2
┌──(kali㉿kali)-[~] └─$ sudo systemctl enable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable apache2 Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
┌──(kali㉿kali)-[~] └─$ sudo systemctl disable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable apache2 Removed /etc/systemd/system/multi-user.target.wants/apache2.service.
Meaning of the -antlp option (you can make your own combinations):
-a listing all ports (both TCP and UDP)
-n shows the port number
-t enables listing of TCP ports
-l prints only listening sockets/ports
-tp displaying service name with their PID number, using option ss -tp will display “PID/Program Name.”
-u enables listing of UDP ports
-lx listing all active UNIX listening ports
If you want the service to start at boot, use the command “sudo systemctl enable apache2“, again, you won’t see an output. To stop replace enable with disable.
The Secure SHell
The Secure SHell (SSH) service is most commonly used to remotely access a computer, using a secure, encrypted protocol. The SSH service is TCP-based and listens by default on port 22, but can also be changed (more on it later on). Make sure to change the default password on your machine, before using the service to avoid someone else connecting to your machine with the default credentials.
To start the SSH service in Kali, we run “sudo systemctl start ssh“, alternative “sudo service ssh start“. Again the command doesn’t return any output when it completes successfully. We need to verify using the “sudo ss -antlp | grep sshd” or “service ssh status” command. To run or stop the ssh service at startup “sudo systemctl enable or disable ssh“.
┌──(kali㉿kali)-[~] └─$ sudo ss -antlp | grep sshd LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=65357,fd=3)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=65357,fd=4))
┌──(kali㉿kali)-[~] └─$ sudo netstat -antlp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 65357/sshd: /usr/sb tcp6 0 0 :::22 :::* LISTEN 65357/sshd: /usr/sb
┌──(kali㉿kali)-[~] └─$ sudo systemctl stop ssh
┌──(kali㉿kali)-[~] └─$ sudo systemctl enable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable ssh Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service. Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service.
┌──(kali㉿kali)-[~] └─$ sudo systemctl disable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable ssh Removed /etc/systemd/system/sshd.service. Removed /etc/systemd/system/multi-user.target.wants/ssh.service.
Most services in Kali Linux are managed in much the same way as SSH and HTTP, through their service or init scripts.
To see a table of all available services, run “systemctl list-unit-files“.
To see all running or disabled services run “service –status-all“.
You can view a list of different applications and port/protocol combination in /etc/services file in Linux using the “cat” command (covered in Day 1):
cat /etc/services | less
Below are the different categories of ports:
0-1023 – the Well Known Ports, also referred to as System Ports.
1024-49151 – the Registered Ports, also known as User Ports.
49152-65535 – the Dynamic Ports, also referred to as the Private Ports.
|FTP (21)||DNS (53) DEFAULT|
|SSH (22)||DHCP (67,68)|
|Telnet (23)||TFTP (69)|
|SMTP (25)||SNMP (161)|
|DNS (53) FALLBACK|
|HTTP (80) / HTTPS (443)|
|SMB (139 + 445)|