Tag Archives: Ubuntu

14Dec/13

How to use Nmap to identify what a server is running

Whether you are attacking a computer or protecting it, proper intelligence about a computer is important.  A very powerful option for learning about a given system is Nmap.  According to Nmap’s website:

Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. It was designed to rapidly scan large networks, but works fine against single hosts. Nmap runs on all major computer operating systems, and official binary packages are available for Linux, Windows, and Mac OS X.

I would like to take a look at a few of the things you can do with Nmap.  For these examples, my target is going to be jastreich.com (a server run by a friend and former coworker) .  This is definitely not a comprehensive guide but it will cover some high points.

 

Determine what domain names use that server (without pinging anything)

This scan does not ping the server in any way.  It simply does a reverse-DNS lookup.  The nmap website says that this scan is a “good sanity check” since it lets you verify the identity of your target.  I would have to agree.

nmap -sL [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 03:55 UTC

Nmap scan report for jastreich.com (192.81.210.134)

rDNS record for 192.81.210.134: piggyandmoo.com

Nmap done: 1 IP address (0 hosts up) scanned in 0.05 seconds

 

Trace path to the server (traceroute)

This sends packets to the server with decrementing TTL, in an attempt to elicit ICMP time-exceeded messages.  The goal is to identify every computer between you and your target.  This could help to identify alternate attack vectors.  Beware: traceroute requires root on your local machine.

nmap –traceroute [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:37 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00092s latency).

rDNS record for 192.81.210.134: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE

25/tcp open  smtp

80/tcp open  http

TRACEROUTE (using port 554/tcp)

HOP RTT      ADDRESS

1   11.49 ms 192.81.212.1

2   0.95 ms  piggyandmoo.com (192.81.210.134)

Nmap done: 1 IP address (1 host up) scanned in 2.60 seconds

 

Application Version Detection

So, you know where your target is.  Next, you probably want to know what services your target is running.  This will tell you exactly what it is running (to the best of it’s ability).  Once you know what daemons are running and what versions are running, you can start looking for exploits that can be leveraged.

nmap -A [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:43 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00061s latency).

rDNS record for 192.81.210.133: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE VERSION

25/tcp open  smtp    Postfix smtpd

|_smtp-commands: localhost, PIPELINING, SIZE 10240000, VRFY, ETRN, STARTTLS, ENHANCEDSTATUSCODES, 8BITMIME, DSN,

| ssl-cert: Subject: commonName=stkfactory

| Not valid before: 2012-10-17 21:47:37

|_Not valid after:  2022-10-15 21:47:37

80/tcp open  http    Apache httpd 2.2.22 ((Ubuntu))

|_http-title: J. A. Streich Home Page

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=6.00%E=4%D=12/14%OT=25%CT=1%CU=44180%PV=N%DS=2%DC=T%G=Y%TM=52ABE1

OS:FA%P=i686-pc-linux-gnu)SEQ(SP=FE%GCD=1%ISR=104%TI=Z%CI=Z%II=I%TS=8)OPS(O

OS:1=M5B4ST11NW6%O2=M5B4ST11NW6%O3=M5B4NNT11NW6%O4=M5B4ST11NW6%O5=M5B4ST11N

OS:W6%O6=M5B4ST11)WIN(W1=3890%W2=3890%W3=3890%W4=3890%W5=3890%W6=3890)ECN(R

OS:=Y%DF=Y%T=41%W=3908%O=M5B4NNSNW6%CC=Y%Q=)T1(R=Y%DF=Y%T=41%S=O%A=S+%F=AS%

OS:RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y

OS:%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=Y%DF=Y%T=41%W=0%S=A%A=Z%F=R

OS:%O=%RD=0%Q=)T7(R=Y%DF=Y%T=41%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%DF=N%T=

OS:41%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=41%CD=S

OS:)

Network Distance: 2 hops

Service Info: Host:  localhost

TRACEROUTE (using port 80/tcp)

HOP RTT     ADDRESS

1   0.82 ms 192.81.212.1

2   1.01 ms piggyandmoo.com (192.81.210.134)

OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 20.82 seconds

 

TCP SYN Scan

This is a good first scan when analyzing a server.  It is fast and stealthy because it never completes a TCP connection.  It uses something called a half-open scan.

nmap -sS [Insert Host Here]

Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-14 04:57 UTC

Nmap scan report for jastreich.com (192.81.210.134)

Host is up (0.00031s latency).

rDNS record for 192.81.210.134: piggyandmoo.com

Not shown: 998 closed ports

PORT   STATE SERVICE

25/tcp open  smtp

80/tcp open  http

Nmap done: 1 IP address (1 host up) scanned in 0.18 seconds

 

 

11May/13

How do I protect my Linux web server from viruses?

So, you want to run a web server and you are not the only person who will have the ability to upload files to it?  You might want to think about installing an antivirus scanner.  If you are running Linux (like I am), Clam AntiVirus is a good option.

So, how do you install it?

sudo apt-get install clamav

How do you update the virus definitions?

sudo freshclam

How do you scan the whole server for viruses?

clamscan -r /

If you want to scan the whole server for viruses and move any infected files, how do you do that?

clamscan -r –move=/home/administrator/quarantine /

So, the next step would be to set this task up in crontab, so it happens automatically, on a regular basis.

21Jan/13

How to add a new user in Ubuntu Linux

So, you have installed a fresh copy of Ubuntu and you need to start setting things up.  What is the first priority? You need to create new user accounts.  To add a new account, you can use useradd.

sudo useradd -d [user’s home folder] -m [username]

The above command creates the user’s account and their home folder but you still need to create their password.  For that, you want to use passwd.

sudo passwd [username]

So, now that we have created the account, how do you delete it?  For removal of user accounts, there is deluser.

deluser [username]

Now, let us check out a real-world example.

Ubuntu Linux useradd and passwd commandsdeluser Ubuntu Linux CommandIt’s as easy as that.  Just remember that deluser won’t remove the user’s home folder.  You will need to do that yourself.

30Nov/11

How to install Ubuntu Server 10.04

So, you are looking to install Ubuntu?  Ubuntu is a great foundation to run a server upon.  This post will step you through the initial installation of Ubuntu Server 10.04.  As of the writing of this, version 10.04 is the latest LTS release.  Please keep in mind that these steps will get a functional operating system onto your computer but you may still need to perform additional steps (like installing services, setting up accounts, and securing the server).  Also keep in mind that these instructions assume that you are only running the one operating system on your server.

Step 1: Burn (or acquire) a copy of the Ubuntu install media.  It is freely downloadable from the Ubuntu website.  For a production server, I would recommend using the current LTS version.  Whether you should pick 64-bit or 32-bit depends on if you are running 64-bit or 32-bit hardware.  When in doubt, you can always pick 32-bit.

Step 2: Boot the server to the install media (CD, DVD, USB thumb drive, etc).  The first prompt you will see will ask what language you would like to proceed in, for the install process.

Step 3: Select “Install Ubuntu Server”

Step 4:  Select your preferred language again.

Step 5:  If you live within the US and speak English, you easiest to select no at this point.

Step6:  Select “USA”

Step 7:  Select “USA”

Step 8:  Next, you need to pick a hostname for the machine.  It should ideally be something memorable and short.

Step 9:  Select your time zone.  For me, the installer was able to determine it automatically.

Step 10:  Select “Guided – Use entire disk and set up LVM”

Step 11:  Select the hard drive that you would like to install Ubuntu on

Step 12:  Select “yes”

Step 13:  Specify how much of the hard drive you want Ubuntu to use.  If it is the only thing on the hard drive, you will want it to use all of the hard drive.

Step 14:  Select “yes”

Step 15:  Supply your full name.

Step 16:  Supply a username that you would like to use.  This is the username you will be using to log into the computer.

Step 17:  Pick a password to use with the username (from step 16).

Step 18:  Retype the password you entered in step 17.

Step 19:  Choose whether or not you want to encrypt your home directory.  I never store anything within the home directory, so I said no.  You can if you want to.  It helps prevent theft of your data if the actual hard drive is stolen.

Step 20:  Specify your http proxy, if you use one.  My employer uses one but, chances are, you can leave this blank.

Step 21:  Select “Install security updates automatically”.  It’s just a good idea.

Step 22:  Here, you are going to select which services you want the installer to install.  You can install any of these later but you may want to elect to install them now.  I chose to install the OpenSSH server at this point, because I will definitively need it in the future.  Without it, I won’t be able to SSH into the computer.

Step 23:  Assuming that Ubuntu is the only thing installed on this server (you aren’t dual-booting), select “yes”.

Step 24:  Congratulations.  Ubuntu Server is now installed on your server.  Now you can log into it and start getting down to business.

  

I will be trying to do a few more “how-to” posts regarding setting up a linux server.  This post is meant to be a foundation.  If you have any questions, please feel free to ask them in the comments.