Day 3 OSCP | Kali Linux Services

Reading Time: ( Word Count: )

December 8, 2020

Here I am again with day 3 of my journey towards OSCP. Documenting everything each day isn’t convenient, but got to keep the promise to myself. Anyways, today I’ll cover the primary Kali Linux services, which we’ll be using most of the time later on while doing some real-world penetration tests.

 

Apache HTTP Service

Let’s start with the service we’ll often use during penetration tests, the “apache HTTP service“. That is mostly used as a platform for downloading files to the victim machine. With the apache HTTP service, we can host our web server locally without any hassle, but a single command. The “apache HTTP service” is TCP-based and listens by default on port 80.

First, let’s find out our private IPv4 address from the command line by running “ifconfig“, same as “ipconfig” in Windows. Let’s copy and paste it to the web browser, after redirecting to it make sure it says http:// and not https:// followed by your IPv4 address.

You should see a message saying “Unable to connect“, which means nothing is running now, let’s bring up our apache webserver with “sudo systemctl start apache2“.

By default, Kali doesn’t show output on the terminal. Now refresh the page on your web browser, and there you have a locally running web server. The alternative command is “sudo service apache2 start“. We can also specify a different port, but more on it later. 

  ┌──(kali㉿kali)-[~]      └─$ ifconfig eth0: flags=4163 mtu 1500 inet 192.168.117.128 netmask 255.255.255.0 broadcast 192.168.117.255 ...
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl start apache2 #refresh your page now
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl stop apache2 #refresh your page again

 

We can also verify that the HTTP service is running and listening on TCP port 80 with the “ss” & “grep” commands, the older command being “netstat“, “ss” works much faster and shows more information. The default command shows which ports are open and what they’re connected to.

Let’s type “sudo ss -antlp | grep apache“. However, I still like using the “netstat” command because sometimes I find it more human-readable. We basically run the command and pipe the output using the ” ” symbol into grep to search the output for “apache“. More on grep and piping on Day 6.

Another useful command to check the status of the service is “service apache2 status“.

 

  ┌──(kali㉿kali)-[~]      └─$ sudo ss -antlp | grep apache LISTEN 0 511 *:80 *:* users:(("apache2",pid=63768,fd=4),
("apache2",pid=63767,fd=4),("apache2",pid=63766,fd=4),("apache2",pid=63765,fd=4),
("apache2",pid=63764,fd=4),("apache2",pid=63762,fd=4))
  ┌──(kali㉿kali)-[~]      └─$ sudo netstat -antlp | grep apache tcp6 0 0 :::80 :::* LISTEN 63762/apache2
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl enable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable apache2 Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl disable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable apache2 Removed /etc/systemd/system/multi-user.target.wants/apache2.service.

 

Meaning of the -antlp option (you can make your own combinations):

-a listing all ports (both TCP and UDP)
-n shows the port number
-t enables listing of TCP ports
-l prints only listening sockets/ports
-tp displaying service name with their PID number, using option ss -tp will display “PID/Program Name.”
-u enables listing of UDP ports
-lx listing all active UNIX listening ports

If you want the service to start at boot, use the command “sudo systemctl enable apache2“, again, you won’t see an output. To stop replace enable with disable.

 

 

The Secure SHell

The Secure SHell (SSH) service is most commonly used to remotely access a computer, using a secure, encrypted protocol. The SSH service is TCP-based and listens by default on port 22, but can also be changed (more on it later on). Make sure to change the default password on your machine, before using the service to avoid someone else connecting to your machine with the default credentials.

To start the SSH service in Kali, we run sudo systemctl start ssh“, alternative “sudo service ssh start“. Again the command doesn’t return any output when it completes successfully. We need to verify using the “sudo ss -antlp | grep sshd” or “service ssh status” command. To run or stop the ssh service at startupsudo systemctl enable or disable ssh“.

  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl start ssh
  ┌──(kali㉿kali)-[~]      └─$ sudo ss -antlp | grep sshd LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=65357,fd=3)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=65357,fd=4))
  ┌──(kali㉿kali)-[~]      └─$ sudo netstat -antlp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 65357/sshd: /usr/sb tcp6 0 0 :::22 :::* LISTEN 65357/sshd: /usr/sb
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl stop ssh
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl enable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable ssh Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service. Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service.
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl disable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable ssh Removed /etc/systemd/system/sshd.service. Removed /etc/systemd/system/multi-user.target.wants/ssh.service.

 

Most services in Kali Linux are managed in much the same way as SSH and HTTP, through their service or init scripts.

To see a table of all available services, run “systemctl list-unit-files.
To see all running or disabled services run “service –status-all“.

You can view a list of different applications and port/protocol combination in /etc/services file in Linux using the “cat” command (covered in Day 1):

cat /etc/services

OR

cat /etc/services | less

 

Extra:

Below are the different categories of ports:

0-1023 – the Well Known Ports, also referred to as System Ports.
1024-49151 – the Registered Ports, also known as User Ports.
49152-65535 – the Dynamic Ports, also referred to as the Private Ports.

Common Ports and Protocols

TCP UDP
 FTP (21)  DNS (53) DEFAULT
 SSH (22)  DHCP (67,68)
 Telnet (23)  TFTP (69)
 SMTP (25)  SNMP (161)
 DNS (53) FALLBACK
 HTTP (80) / HTTPS (443)
 POP3 (110)
 SMB (139 + 445)
 IMAP (143)

 

Other interesting articles

How Many Types of Penetration Testing are There?

How Many Types of Penetration Testing are There?

A penetration test is a deliberate attack on a software or hardware system with the goal of exposing security ...
5 Types of Social Engineering Attacks and How to Prevent Them

5 Types of Social Engineering Attacks and How to Prevent Them

The term "social engineering" refers to a wide range of malevolent behaviours carried out through human ...
What are Some Risks and Benefits of Performing Penetration Testing?

What are Some Risks and Benefits of Performing Penetration Testing?

In the world of cyber security, various methods and tests are conducted to ensure the security barrier of a ...
How to Hire the Best IT Security Consultant: 4 Simple Tips

How to Hire the Best IT Security Consultant: 4 Simple Tips

Whether you run an online business or an offline store, your business needs to be secure. You might be surprised, ...
0 Comments

Submit a Comment

Your email address will not be published.

error: Alert: Content is protected !!