Day 3 OSCP | Kali Linux Services

Reading Time: ( Word Count: )

December 8, 2020
Nextdoorsec-course

Here I am again with day 3 of my journey towards OSCP. Documenting everything each day isn’t convenient, but got to keep the promise to myself. Anyways, today I’ll cover the primary Kali Linux services, which we’ll be using most of the time later on while doing some real-world penetration tests.

 

Apache HTTP Service

Let’s start with the service we’ll often use during penetration tests, the “apache HTTP service“. That is mostly used as a platform for downloading files to the victim machine. With the apache HTTP service, we can host our web server locally without any hassle, but a single command. The “apache HTTP service” is TCP-based and listens by default on port 80.

First, let’s find out our private IPv4 address from the command line by running “ifconfig“, same as “ipconfig” in Windows. Let’s copy and paste it to the web browser, after redirecting to it make sure it says http:// and not https:// followed by your IPv4 address.

You should see a message saying “Unable to connect“, which means nothing is running now, let’s bring up our apache webserver with “sudo systemctl start apache2“.

By default, Kali doesn’t show output on the terminal. Now refresh the page on your web browser, and there you have a locally running web server. The alternative command is “sudo service apache2 start“. We can also specify a different port, but more on it later. 

  ┌──(kali㉿kali)-[~]      └─$ ifconfig eth0: flags=4163 mtu 1500 inet 192.168.117.128 netmask 255.255.255.0 broadcast 192.168.117.255 ...
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl start apache2 #refresh your page now
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl stop apache2 #refresh your page again

 

We can also verify that the HTTP service is running and listening on TCP port 80 with the “ss” & “grep” commands, the older command being “netstat“, “ss” works much faster and shows more information. The default command shows which ports are open and what they’re connected to.

Let’s type “sudo ss -antlp | grep apache“. However, I still like using the “netstat” command because sometimes I find it more human-readable. We basically run the command and pipe the output using the ” ” symbol into grep to search the output for “apache“. More on grep and piping on Day 6.

Another useful command to check the status of the service is “service apache2 status“.

 

  ┌──(kali㉿kali)-[~]      └─$ sudo ss -antlp | grep apache LISTEN 0 511 *:80 *:* users:(("apache2",pid=63768,fd=4),
("apache2",pid=63767,fd=4),("apache2",pid=63766,fd=4),("apache2",pid=63765,fd=4),
("apache2",pid=63764,fd=4),("apache2",pid=63762,fd=4))
  ┌──(kali㉿kali)-[~]      └─$ sudo netstat -antlp | grep apache tcp6 0 0 :::80 :::* LISTEN 63762/apache2
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl enable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable apache2 Created symlink /etc/systemd/system/multi-user.target.wants/apache2.service → /lib/systemd/system/apache2.service.
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl disable apache2 Synchronizing state of apache2.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable apache2 Removed /etc/systemd/system/multi-user.target.wants/apache2.service.

 

Meaning of the -antlp option (you can make your own combinations):

-a listing all ports (both TCP and UDP)
-n shows the port number
-t enables listing of TCP ports
-l prints only listening sockets/ports
-tp displaying service name with their PID number, using option ss -tp will display “PID/Program Name.”
-u enables listing of UDP ports
-lx listing all active UNIX listening ports

If you want the service to start at boot, use the command “sudo systemctl enable apache2“, again, you won’t see an output. To stop replace enable with disable.

 

 

The Secure SHell

The Secure SHell (SSH) service is most commonly used to remotely access a computer, using a secure, encrypted protocol. The SSH service is TCP-based and listens by default on port 22, but can also be changed (more on it later on). Make sure to change the default password on your machine, before using the service to avoid someone else connecting to your machine with the default credentials.

To start the SSH service in Kali, we run sudo systemctl start ssh“, alternative “sudo service ssh start“. Again the command doesn’t return any output when it completes successfully. We need to verify using the “sudo ss -antlp | grep sshd” or “service ssh status” command. To run or stop the ssh service at startupsudo systemctl enable or disable ssh“.

  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl start ssh
  ┌──(kali㉿kali)-[~]      └─$ sudo ss -antlp | grep sshd LISTEN 0 128 0.0.0.0:22 0.0.0.0:* users:(("sshd",pid=65357,fd=3)) LISTEN 0 128 [::]:22 [::]:* users:(("sshd",pid=65357,fd=4))
  ┌──(kali㉿kali)-[~]      └─$ sudo netstat -antlp | grep sshd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 65357/sshd: /usr/sb tcp6 0 0 :::22 :::* LISTEN 65357/sshd: /usr/sb
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl stop ssh
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl enable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable ssh Created symlink /etc/systemd/system/sshd.service → /lib/systemd/system/ssh.service. Created symlink /etc/systemd/system/multi-user.target.wants/ssh.service → /lib/systemd/system/ssh.service.
  ┌──(kali㉿kali)-[~]      └─$ sudo systemctl disable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install disable ssh Removed /etc/systemd/system/sshd.service. Removed /etc/systemd/system/multi-user.target.wants/ssh.service.

 

Most services in Kali Linux are managed in much the same way as SSH and HTTP, through their service or init scripts.

To see a table of all available services, run “systemctl list-unit-files.
To see all running or disabled services run “service –status-all“.

You can view a list of different applications and port/protocol combination in /etc/services file in Linux using the “cat” command (covered in Day 1):

cat /etc/services

OR

cat /etc/services | less

 

Extra:

Below are the different categories of ports:

0-1023 – the Well Known Ports, also referred to as System Ports.
1024-49151 – the Registered Ports, also known as User Ports.
49152-65535 – the Dynamic Ports, also referred to as the Private Ports.

Common Ports and Protocols

TCP UDP
 FTP (21)  DNS (53) DEFAULT
 SSH (22)  DHCP (67,68)
 Telnet (23)  TFTP (69)
 SMTP (25)  SNMP (161)
 DNS (53) FALLBACK
 HTTP (80) / HTTPS (443)
 POP3 (110)
 SMB (139 + 445)
 IMAP (143)

 

Aydan Arabadzha

Aydan Arabadzha

Author

Aydan, a cybersecurity ace and AI visionary, thrives on the frontlines of offensive security. His passion birthed NextdoorSec, a groundbreaking cybersecurity firm. A relentless pioneer, Aydan is persistently pushing boundaries, shaping the future of the digital world one byte at a time.

Other interesting articles

Automated vs Manual Penetration Testing

Automated vs Manual Penetration Testing

Pentesting is largely divided into two methodologies: Automated vs Manual Penetration Testing. Both have ...
8 Steps in Penetration Testing You Should Know

8 Steps in Penetration Testing You Should Know

Mastering the art of penetration testing has become a critical ability for security experts to combat cyber ...
Spear Phishing vs Whaling: What is the Difference

Spear Phishing vs Whaling: What is the Difference

Spear phishing is a particularly devious type of phishing assault in which the individual targeted plays a ...
How Often Should Penetration Testing Be Done

How Often Should Penetration Testing Be Done

Penetration testing is a crucial technique that involves simulating a cyberattack on networks, computer systems, ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *