Setting up Free VPN in Linux
Internet security enthusiasts and penetration testers all know how critical security protocols and privacy tools are. If you browse the Internet without them, your data could easily be intercepted by governmental institutions or common hackers. The good news is that the modern miracle of encryption technologies makes it possible to protect your data, and allows you to browse the web with the peace of mind that there isn’t anyone snooping through your data. This is even better when it is a free vpn product on linux. But there are a couple problems with common VPN services, as we’ll discuss next.
Shortfalls of Commercial VPN Services
The VPN industry is actually very competitive. In fact, there are at least tens of VPN service providers, if not hundreds. And they are a great solution for end users who just want to unlock geo-restricted content or ensure that the government isn’t tracking their online activities. Furthermore, they cheap, dirt cheap. I saw one service advertising their pricing for as little as $2.08 per month. Because they’re so affordable, secure, and convenient, a lot of people are tempted to sign up for their service. But there’s a few drawbacks, as we’ll soon discover.
First of all, a user doesn’t have any control over the service. Sure, some VPN providers allow users to select which VPN algorithm or protocol at their own discretion, but some providers only allow PPTP connections (especially the free services). The problem with PPTP is that it only offers weak security, and it has been proven to be crackable. Furthermore, the end users don’t have any visibility into the VPN service providers network, and they don’t know what goes on behind the scenes. While it is pretty common for these types of providers to have no-logging policies, but even with these policies in place, many providers still make provisions in the privacy policy to reserve the right to log metadata, IP addresses, and which servers a user connects to. Also, how do we truly know that they aren’t logging any of our data?
Secondly, you also need to take great caution when selecting a VPN provider, because many of them are based in the United States. Ever since Edward Snowden blew the whistle, most people are rightfully distrustful of US-based digital services because the NSA was found to be wiretapping legitimate corporations such as Microsoft, Apple, Google, and many others in their PRISM program. Now people just don’t want to risk their data ending up on a governmental database if their VPN service is coerced into forfeiting information by the federal government.
Thirdly, you need to understand that a commercial VPN service does nothing to protect data that your are hosting at your home. For example, a lot of us geeks like to setup our own mini-networks, complete with services like a file server, NAS device, and other local services. It’s great hosting your own file server because you don’t run the risk of a data leak, infringement of privacy, or data loss. The problem is that you can’t access your home file server securely when using a commercial VPN service.
After your data reaches the VPN server, it is decrypted and sent on to your home network. This leaves data vulnerable for an entire leg of the data’s path, and when it’s unencrypted, there’s no telling who might be able to snoop through your data. The good news is that you can easily create your own VPN server using Linux…for free! If you want to, you can even route your Internet data through your home’s VPN server when your on an unsecure network, such as the Wi-Fi at an airport or coffee shop.
Prerequisites
In order to setup your own home brewed VPN server, you’re going to need a few things. First of all, you’re going to need hardware capable of running Linux. Ideally, you’d like to have a desktop computer that you can leave running for long periods of time to provide round the clock access, but you could use a desktop or other device. Secondly, you’re going to need the latest version of Ubuntu, and you’ll also need a router (but most home networks already have a SOHO wireless router). Once you’ve gathered all the resources necessary, you can proceed to use the following guide to setup up your very own VPN server. Naturally, you will want to be the root user when running through this guide.
Step 1: Setting up OpenVPN
The first thing you’ll need to do is setup OpenVPN on your Ubuntu machine. But before we do, we’ll first need to update the repository data. Start by running the following command:- apt-get update
Next, we’ll want to go ahead and install Easy-RSA and OpenVPN with the following command:
- apt-get install openvpn easy-rsa
Let’s go ahead and extract the example VPN server configuration file to /etc/openvpn using the following command:
gunzip -c /usr/share/doc/openvpn/examples/sample-config-files/server.conf.gz > /etc/openvpn/server.conf
After the data has been extracted, you’re going to need to open up the server.conf file in your text editor of choice. I’m partial to vim, but you can use any editor you wish. Use the following command:
vim /etc/openvpn/server.conf
We’re gong to make a few changes to this file. First, we’re going to double the RSA length to increase security. Look for the line with the text “
dh1024.pem” and change it to say “dh2048.pem” and then look for the line that says “ redirect-gateway def1 bypass-dhcp.” Simply uncomment this line of text. Now we need to uncomment the following two lines of code:push "dhcp-option DNS 208.67.222.222"push "dhcp-option DNS 208.67.220.220"
Basically, this will help prevent DNS leaks. If you want, you can use DNS servers that aren’t the OpenVPN resources. Last but not least, uncomment the lines that say “user nobody” and “group nobody.” You see, OpenVPN defaults to using the root account, but we’ll want to restrict it to the user ‘nobody’ and the group ‘nogroup.’ Be sure to save your changes as you exit vim.
Setting Up Packet Forwarding
Now we’re going to edit asysctlsetting the changes IP forwarding rules. Enable packet forwarding with the following commands:
echo 1 > /proc/sys/net/ipv4/ip_forwardvim /etc/sysctl.conf
Now we simply need to remove the number sign to uncomment another line of code. Uncomment the line that says “net.ipv4.ip_forward=1.” Yet again, save your configurations and exit the text editor.Firewall ConfigurationFirst things first, let’s go ahead and make ufw use SSH for better security with the following commands:
ufw allow sshufw allow 1194/udpvim /etc/default/ufw
Now find the line that is labeled DEFAULT FORWARD POLICY. It should already be set toDROP, but we need to change it toACCEPT. Save your changes and exit, and edit the following file:
vim /etc/ufw/before.rules
Make sure the top of your file looks the same as the following lines of code:# ufw-before-input# ufw-before-output# ufw-before-forward# START OPENVPN RULES# NAT table rules*nat:POSTROUTING ACCEPT [0:0]# Allow traffic from OpenVPN client to eth0-A POSTROUTING -s 10.8.0.0/8 -o eth0 -j MASQUERADECOMMIT# END OPENVPN RULES# Don't delete these required lines, otherwise there will be errors
Now, simply enable the firewall with the following command:ufw enable
It will ask if you want to continue, so enter a ‘y’ into the terminal. It should give you confirmation that the firewall is active and running.Step 2: Creating the Keys and CertificateNow we need to setup the keys and CA certificate. Start by copying the Easy-RSA keys as follows:cp -r /usr/share/easy-rsa/ /etc/openvpnmkdir /etc/openvpn/easy-rsa/keysvim /etc/openvpn/easy-rsa/vars
You’ll want to edit this file and enter in credentials between the quotations as they pertain to you. The file should contain the following information.export KEY_COUNTRY="___"export KEY_PROVINCE="___"export KEY_CITY="___"export KEY_ORG="___"export KEY_EMAIL="___"export KEY_OU="___"
Also make sure that you name the key, but for the sake of keeping things simple, we’ll just call it ‘server.’export KEY_NAME="server"Now run the following commands:
openssl dhparam -out /etc/openvpn/dh2048.pem 2048cd /etc/openvpn/easy-rsa. ./vars./clean-all./build-ca
Creating the Server’s CertificateMake sure that your current working directory is still /etc/openvpn/easy-rsa, and issue the following command:
./build-key-server server
If you named your key something different than ‘server,’ you’ll need to change the command appropriately.Keep pressing enter through the prompt and make sure you leave the challenge password blank. However, near the end, it will ask if you want to sign the certificate and commit the changes. Make sure you enter ‘y’ for both prompts. Next, we’ll copy the keys into the correct directory:
cp /etc/openvpn/easy-rsa/keys/[server.crt, server.key, ca.crt] /etc/openvpn
And now it’s finally time to start the OpenVPN service. Also, you’ll want to verify that it’s actually running with the second command:
service openvpn startservice openvpn status
Step 3: Making Keys for the ClientsBy now your OpenVPN server should be up and running and our server should have its own CA certificate. But now we’ll need to build and copy the keys for the clients. The files we create will need to be installed on each device that wants to connect to the VPN tunnel. Also understand that you’ll need to reiterate these steps for each additional host you connect to the VPN. You should still be in the /etc/openvpn/easy-rsa directory, so run the following command
./build-key client1
Yet again, make sure you sign the certificate and commit the changes. Now we’re going to copy the RSA template and rename it. It was originally called client.conf, but we’ll give it a name of client.ovpn.cp /usr/share/doc/openvpn/examples/sample-config-files/client.conf /etc/openvpn/easy-rsa/keys/client.ovpn
Note that you will need to copy both the certificate and the key contained in the /etc/openvpn/easy-rsa/keys/ directory to each client device. Also, copy over the following two files:/etc/openvpn/easy-rsa/keys/client.ovpn/etc/openvpn/ca.crt
In summary, each client that wants to connect to the VPN needs the following four files:
client1.crtclient1.keyclient.ovpnca.crt
Step 4: Creating a Global OpenVPN Profile
The next thing we should do is to edit the client.ovpn template to add the CA certificate as well as they key. That way only a single, unified client.ovpn profile will need to be added to the client’s OpenVPN installation. You can name it anything you want, but the name does need to be changed. Henceforth, we’ll refer to our file as example.ovpn. The first thing we need to edit within the file is near the top, and simply substitute the IP address of your VPN server in the field in bold.
# The hostname/IP and port of the server.# You can have multiple remote entries# to load balance between the servers.remote[IP ADDRESS OF YOUR VPN SERVER]1194Yet again, find the lines that say ‘user nobody’ and ‘group nogroup,’ and be sure that are uncommented. Conversely, make sure the following three lines of code are commented out:#ca ca.crt#cert client.crt#key client.key
Now make sure that the xml at the end of the file reads as follows, remembering to insert the names of your certificates and keys:
<ca>(putca.crt here)</ca><cert>(putclient1.crt here)</cert><key>(putclient1.key here)</key>
Save the changes you have made and exit your editor. Congratulations, your client profile has now been configured.
Step 5: Installing the Client Profile
All that remains is to install the client profile on your operating system of choice, but this can vary greatly between different operating systems like OS X, Windows, iOS, or Android. Fortunately, OpenVPN has verydetailed documentation that will show you how to install client profiles on just about any operating system you can imagine. We won’t get into the details of how to setup a client profile for every single operating system, however, since it’s a bit outside the scope of our tutorial. However, after downloading your free vpn product on linux and following the instructions on the OpenVPN site, you should be able to connect securely to your home’s VPN tunnel.
SSH for Penetration Testing
SSH for Penetration Testing
SSH stands for Secure shell and works on Port 22 . As penetration testers we are aware of the uses and power of SSH on remote access of systems . During Penetration testing SSH might come handy as a powerful tool .
This post will explain some of the techniques that can be used during a penetration test .
Local Forwarding using SSH
Sometimes we come across scenarios where we need the services on the remote host accessible to the host via Local Network . Root is required .
ssh -L 127.0.0.1:10521:127.0.0.1:1521 user@192.168.1.10
~/.ssh/config:
LocalForward 127.0.0.1:10521 127.0.0.1:1521
Remote Forwarding using SSH
Well this technique is complete opposite of the previous one . Remote forwarding on using SSH comes to rescue in those penetration testing scenarios where we need the services on a local machine / Local Network accessible to remote host via a remote listener . This might sound odd … why would I want my machine accessible on a remote host , but lets face it , we all need to expose a service that lets us download our penetration testing tools.
For the practical information here is an example :
The SSH server will be able to access TCP port 80 on SSH client by connecting to 127.0.0.1:8000 on the SSH Server .
ssh -R 127.0.0.1:8000:127.0.0.1:80 192.168.1.10
~/.ssh/config:
RemoteForward 127.0.0.1:8000 127.0.0.1:80
SOCKS Proxy using SSH
Here we set up a SOCKS Proxy on 127.0.0.1:8000 that lets you pivot through the Remote Host 192.168.1.10
ssh -D 127.0.0.1:8000 192.168.1.10
~/.ssh/config:
Host 192.168.1.10 DynamicForward 127.0.0.1:8000
X11 Forwarding using SSH
If your SSH client is also an X-Server then you can launch X-clients (e.g. Firefox) inside your SSH session and display them on your X-Server. This works well with from Linux X-Servers and from cygwin‘s X-server on Windows.
SSH -X 10.0.0.1 SSH -Y 10.0.0.1 # less secure alternative - but faster
~/.ssh/config:
ForwardX11 yes ForwardX11Trusted yes # less secure alternative - but faster
SSH Authorized Keys :
SSH stands for Secure Shell … well to be secure , its always advisable to use Keys for encrypting the SSH communication . This helps to avoid unwanted hosts to take advantage of the penetration test and keep the penetration testing secure .
That being said , it is a good practice to add an authorized_keys file that will allow you to log in using an SSH key .
Authorized_keys File : This file is present in the User’s Home Directory on the SSH server . This file basically holds the public keys of the users allowed to login into that user account of SSH Server .
For this the first step is to Generate PUBLIC KEY / PRIVATE KEY pairs .
sh-keygen -f mysshkey cat mykey.pub # to copy this to authorized_keys
To connect to the Remote host using the authorized key :
ssh -i mykey user@10.0.0.1
Some Cool SSH Configuration Tweeks
Finally here are some cool modifications you can do to your SSH Client system , this will make it easier to use other penetration testing tools that are using SSH .
Host 10.0.0.1 Port 2222 User ptm ForwardX11 yes DynamicForward 127.0.0.1:1080 RemoteForward 80 127.0.0.1:8000 LocalForward 1521 10.0.0.99:1521
#Please Share and Comment if you like this Post .
What are Rainbow Tables?
Do you know what’s a Rainbow table. Well if you are an amateur hacker like i once was, a rainbow table is a huge pre-computed list of hash values for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm that transformed it into something absolutely foreign and when i mean foreign i mean it looks like some hieroglyphics stuff that you would see on those egyptian pyramids, well that was when i just started out but don’t worry if you’re a amateur you will pass that stage soon. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very common hashing algorithm used as security to store passwords in website databases is MD5.
If you are confused like i once was couple years ago well here is a scenario, Let’s say you are registering for a website which I did couple weeks ago. You put in a username and password. Now when you submit, your password goes through the MD5 algorithm and the outcome hash is stored in a database. Now since you can’t get the password from the hash, you may be wondering how they know if your password is right when you login. Well when you login and submit your username and password, a script takes your password and runs it through the md5 algorithm. The outcome hash is compared to the hash stored in the database. If they are the same, you are admitted plain and simple.
If I were to run the word “cheese” through the md5 algorithm, the outcome would be (fea0f1f6fede90bd0a925b4194deac11) yep that’s what called those weird looking stuff. Having huge tables of every possible character combination hashed is a much better alternative to brute-force cracking. Once the rainbow tables are created, cracking the password is a hundred times faster than brute-forcing it. You can avoid rainbow table cracking by simply making your password extremely long. Creating tables for passwords that are long takes a very long time and a lot of resources. That is why there aren’t many of these tables available.
Constructing a rainbow table requires two things, a hashing function and a reduction function. The hashing function for a given set of Rainbow Table must match the hashed password you want to recover if it don’t well you already the drill. The reduction function must transform a hash into something usable as a password. A simple reduction function is to Base64 encode the hash, then truncate it to a certain number of characters.
Rainbow tables are constructed of “chains” of a certain length: 100,000 for example. To construct the chain, pick a random seed value. Then apply the hashing and reduction functions to this seed, and its output, and continue iterating 100,000 times. Only the seed and final value are stored. Repeat this process to create as many chains as desired.
To recover a password using Rainbow Tables, the password undergoes the above process for the same length: in this case 100,000 but each link in the chain is retained. Each link in the chain is compared with the final value of each chain. If there is a match, well the chain can be reconstructed, keeping both the output of each hashing function and the output of each reduction function. That reconstructed chain will contain the hash of the password in question as well as the password that produced it.
Rainbow Tables have the benefit, the person constructing those tables can choose how much storage is required by selecting the number of links in each chain. The more links between the seed and the final value, the more passwords are captured. One weakness is that the person building the chains doesn’t choose the passwords they capture so Rainbow Tables can’t be optimized for common passwords. Also, password recovery involves computing long chains of hashes, making recovery an expensive operation. The longer the chains, the more passwords are captured in them, but more time is required to find a password inside.So there you have it i hope you learnt something valuable.
Secure Sockets Layer Tutorial | What is SSL | SSL Hackers Guide
Secure Sockets Layer or SSL Hackers Guide : You might have heard some times that not to give your password or credit card information or any other sensitive information on public computers or on Facebook, yahoo etc chats.The reason why you might have heard that the Hackers have some ways to you would have probably heard that hackers have a way to steal your your credit card numbers , passwords etc.
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information.
Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.
If two users want to have a secure communication they can also use cryptography to accomplish it
For example:
TFDVSF=Encrypted Text
SECURE= Decrypted Text
You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is “1“, What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video –
So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data.
Suppose there exists two communication parties A (client) and B (server)
When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say “Password” it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.
This scenario is illustrated using the following figure –
In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.
This scenario is illustrated using the following figure –
A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.
The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate.
In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.
If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.
 |
| Secure Sockets Lock Tutorial | What is SSL | SSL Hackers Guide |
A hacker can use different types of attacks such as Packet sniffing or ARP Poisoning to steal your sensitive information.
Secure Sockets Layer (SSL) is the most widely used technology for creating a secure communication between the web client and the web server. You must be familiar with http:// protocol and https:// protocol, You might be wondering what they mean. HTTP protocol is used for standard communication between the Web server and the client. HTTPS is used for a secure communication.
Cryptography
If two users want to have a secure communication they can also use cryptography to accomplish it
For example:
TFDVSF=Encrypted Text
SECURE= Decrypted Text
You might be wondering how i Decrypted it, Here i have used Algorithm=+ for the communication and the key is “1“, What comes after S is T so as you can see that S is converted into T, What comes After E is F to letter E from the word secure if converted into F and so on, To help you understand this more better I am adding a Video –
So If the hacker starts sniffing from between he will get Encrypted text and as the Hacker does not know the keys so he cant decrypt it, but if the attacker or hacker is sniffing from the starting point so he will get the key and can easily Decrypt the data.
Standard Communication VS Secure communication
Suppose there exists two communication parties A (client) and B (server)
Standard communication(HTTP)
When A will send information to B it will be in unencrypted manner, this is acceptable if A is not sharing Confidential information, but if A is sending sensitive information say “Password” it will also be in unencrypted form, If a hacker starts sniffing the communication so he will get the password.
This scenario is illustrated using the following figure –
 |
| Standard Communications HTTP |
Secure communication(HTTPS)
In a secure communication i.e. HTTPS the conversation between A and B happens to be in a safe tunnel, The information which a user A sends to B will be in encrypted form so even if a hacker gets unauthorized access to the conversion he will receive the encrypted password (“xz54p6kd“) and not the original password.
This scenario is illustrated using the following figure –
 |
| Secure communication(HTTPS) |
How is HTTPS implemented?
A HTTPS protocol can be implemented by using Secure Sockets Layer (SSL), A website can implement HTTPS by purchasing SSL certificate.
Which websites need SSL Certificate?
The websites where a private conversation is occurred, Websites related to online transactions or other sensitive information needs to be protected needs to SSL Certificate.
How to identify a Secure Connection?
In Internet Explorer and google chrome, you will see a lock icon in the Security Status bar. The Security Status bar is located on the right side of the Address bar. You can click the lock to view the identity of the website.
If you are making an online transaction through Credit card or any other means you should check if https:// secured communication is enabled.
No comments:
Post a Comment