Download HD Download MP4

SSH Remote Forwarding: Relay local apache server through tunnel

# install apache server
darren@dk10$ sudo apt-get install apache2
# browse to http://localhost
# Relay port 8080 on remote host to 80 on local host
darren@dk10$ ssh -R 8080:localhost:80 aardwolf@relay.wifipineapple.com
# browse to http://relay.wifipineapple.com:8080

SSH Local Forward: Relay remote VNC server through tunnel

# install vnc client
darren@dk10$ sudo apt-get install vncviewer
# vnc to server without SSH (bad idea)
darren@dk10$ vncviewer rrs5204q6n.hak5.org:1
# setup SSH local forward
darren@dk10$ ssh -L 5901:localhost:5901 aardwolf@rrs5204q6n.hak5.org
# vnc to server through ssh tunnel
darren@dk10$ vncviewer localhost:1

Maintaining Persistent SSH tunnels in Linux

AutoSSH is a simple and effective utility for monitoring and maintaining persistent SSH connections, restarting the session as necessary. It can be downloaded from http://www.harding.motd.ca/autossh/ and is available for most *nix platforms. On Ubuntu:

# Install autossh
darren@dk10$ sudo apt-get install -y autossh
# The autossh -M option specifies which port to monitor the connection from
# The -N option is a regular openssh parameter which is passed from autossh to ssh, specifying that there is no remote command to execute.
# The & tells the shell, bash in our example, to run the command in the background.
darren@dk10$ autossh -M 20000 -N aardwolf@relay.wifipineapple.com &
# To find the process ID where autossh is running
darren@dk10$ pidof autossh
# And finally to stop autossh
darren@dk10$ kill `pidof autossh`

Maintaining Persistent SSH tunnels in Linux

• First of all we need to cover Plink. Short for Putty Link, the plink utility is the command-line equivalent to Putty on Windows. We'll be using this today along with another to in order to keep an SSH tunnel persistent.
• Here's an example of a plink SSH tunnel. We start by launching pageant and entering our passphrase. Now that our private key is in memory we can use plink to start an SSH tunnel from the command line.
• So open up CMD, navigate to where your plink utility is. For me that's by running "cd putty"
• Now run plink.exe -- you'll be greeted by a whole list of options for this command line utility.
• To start a simple Dynamic SOCKS proxy I'll enter:
• plink -D 8080 snubsie@peanut.hak5.org -agent
• The -D says make it a Dynamic SOCKS proxy on my local port 8080 and the -agent says to use pageant for the private key file.
• And there we go, a command to start our SOCKS proxy for all our tunneling enjoyment. Of course if the SSH connection is dropped we'll be all sad pants -- especially if we're using the tunnel to watch the BBC or something.
• And while autossh *is* available for Windows, sort of, it isn't exactly the easiest to setup. AutoSSH, the Linux program, can be run in Windows using Cygwin -- a Linux environment for Windows. If that suits your fancy, have at it. There's a decent tutorial for setting that up.
• That said I'm more interested in using native Windows programs. Thankfully a similar setup to autossh can be achieved using plink with the help of a little utility called MyEnTunnel.
• Short for My Encrypted Tunnel, MyEnTunnel is a windows utility that lives in the system tray, or can be run as an NT service in the background, that quietly watches Plink sessions and restarts them as necessary.
• MyEnTunnel is available from http://nemesis2.qx.net/pages/MyEnTunnel as freeware.

Download HD Download MP4

In this episode Darren and Shannon break down reverse shells via proxy. The network scenario is that of two devices on disparate networks who's firewalls won't allow inbound connections. Typically this is a NAT router that you haven't access to. Assuming both devices can create outbound connections, which is commonly the case, we'll configure an SSH server to act as a relay for our reverse shell.

In this scenario three hosts are involved. First is our WiFi Pineapple, which is the device we'll be getting the reverse shell from -- meaning we'll be able to login to a terminal on this machine. In our example it is connected to the Internet by way of a 3G/4G modem which our carrier firewalls. Using AutoSSH -- a tool to maintain a persistent SSH connection -- we establish a connection back to our second host, relay.hak5.org. In turn our third host, my laptop (hostname: dk10) connects to relay.hak5.org as well.

## browse to 172.16.42.1/ssh.php (WiFi Pineapple) and Generate Key
##SSH Into WiFi Pineapple
## Establish connection to relay adding key fingerprint to known_hosts on pineapple
root@pineapple# ssh user@relay.wifipineapple.com
## Refresh ssh.php showing known_hosts. Copy RSA key string from "rsa" to "root@pineapple"
## From new session on relay, paste RSA key into authorized_keys file
user@relay$ echo "" >> ~/.ssh/authorized_keys
## Logout of the relay
user@relay$ exit
## Demonstrate how without the -i option ssh on the pineapple will still prompt for password
root@pineapple# ssh user@relay.wifipineapple.com #this will prompt for passwd
## Demo how to properly SSH into a host with a dropbear RSA key
root@pineapple# ssh user@relay.wifipineapple.com -i /etc/dropbear/id_rsa
user@relay$
## Configure SSHD to allow TCP Forwarding **Necessary for Server Admin Only**
## Become root
user@relay$ sudo -i
## Add settings to sshd config file
root@papaya# echo "AllowTcpForwarding yes" >> /etc/ssh/sshd_config
root@papaya# echo "GatewayPorts yes" >> /etc/ssh/sshd_config
## Restart SSH Daemon
root@papaya# /etc/init.d/ssh restart
## Logout of root
root@papaya# exit
## Logout of relay completely
user@relay$ exit
## Update SSH Connection Command from 172.16.42.1/ssh.php to reflect username and host
## Enable SSH on boot and SSH keepalive, then click Connect
## From localhost (your laptop) SSH into the newly configured WiFi Pineapple via the relay
## Demonstrate technique one: SSH from SSH (not as sexy)
darren@dk10$ ssh user@relay.wifipineapple.com
user@relay$ ssh root@localhost -p 4255
## Logout of both pineapple and relay
root@pineapple# exit
user@relay$ exit
## Demonstrate technique two: Single SSH session
darren@dk10$ ssh root@relay.wifipineapple.com -p 4255

SSH and SOCKS5 Proxy Follow-up

MetalX1000 writes regarding SSHFS from the command line in Linux

OK, I love that you showed how to do it this way. But, for the Shannon's of the world who need a GUI, you can always just open Nautilus and in the location bar type ""sftp://user@server"" and then make a short cut to that in the left side bar of Nautilus.

Thanks for the tip MetalX1000. We demonstrated on the show one more technique. From Gnome2's "Places" menu click Connect to Server and select SSH.

Spectrakid writes regarding setting up an SSH Server on Linux and "apt-get install ssh"

I thought you needed the ""openssh-server"" package to set up a ssh server in Debian based systems........ssh is a metapackage that simply depends on openssh-server & openssh-client

There are about as many ways to skin a cat in Linux as there are dependency issues ;-)

wirerat1 writes regarding keeping connections alive

ClientAliveCountMax 0 does not do what he thinks it does.

True, it doesn't do what it claims to do.

From the MAN Page:

ClientAliveCountMax sets the number of client alive messages (see below) which may be sent without sshd receiving any messages back from the client. If this threshold is reached while client alive messages are being sent, sshd will disconnect the client, terminating the session. It is important to note that the use of client alive messages is very different from TCPKeepAlive (below). The client alive messages are sent through the encrypted channel and therefore will not be spoofable. The TCP keepalive option enabled by TCPKeepAlive is spoofable. The client alive mechanism is valuable when the client or server depend on knowing when a connection has become inactive.
The default value is 3. If ClientAliveInterval (see below) is set to 15, and ClientAliveCountMax is left at the default, unresponsive ssh clients will be disconnected after approximately 45 seconds.

Meaning a ClientAliveCountMax 0 should continue sending Keep Alive messages over the SSH connection for every ClientAliveInterval forever, but in practice, it doesn't. I've started using 99999 as my value of choice, however I'm sure there's a better way.

Steven writes regarding Pageant and Putty

In Putty you don't need the pageant program to use the private key. Select your profile and hit load so that you can edit the profile. On the right go to SSH -> Auth. There you will find ""Private file for authentication"", hit browse and select your private key. Go back to Session. Select your profile and hit save. Next time you open a connection putty will automatically use the key. Note: The key will not be stored in memory so you'll need to enter the passphrase each time you connect to the server.

Download HD Download MP4

SSHFS on Linux

As Darren demonstrates in Linux the setup is quite simple. Begin by installing SSHFS. From ubuntu that's "sudo apt-get install sshfs". Once installed your user will need to be added to the fuse group, so issue "sudo gpasswd -a $USER fuse". The $USER is an environment variable which will be replaced with your username on execution. Issue "whoami" if you're not sure of your username.

Once SSHFS has been installed and your user added to the fuse group you're nearly ready to mount the remote file system. Begin by making a directory. This directly will act as the mount point for the remote file system. Issue "sudo mkdir ~/sshfs" to make an sshfs directory in your user's home.

Finally we're ready to mount the remote file system. If you've been following along thus far and have setup authentication key pairs for your SSH server the following should be pretty seamless. Issue "sshfs -o idmap=user username@host: ~/sshfs". Replace username and host as appropriate. The colon (:) after the host specifies the location on the remote server to mount. For example, if permissions allowed, /var/www/ could be mounted. Leaving the location as colon (:) defaults to the user's home directory. Now navigate to ~/sshfs on your local system and behold the remote file system!

SSHFS on Windows

As Shannon demonstrates, ExpanDrive offers SSHFS for Windows. In addition ExpanDrive will mount virtual drives from Amazon S3 and even FTP. The software is $40 with a 30-day trial. It supports SSH public keys directly or with pageant.

Youtube Description (No HTML):

Continuing with SOCKS5, SSH, Public Key Pairs and fingerprints, Darren and Shannon use SSH to create a secure remotely mounted network filesystem with implementations in both Windows and Linux.

Using the SSHFS utility we're able to mount a remote filesystem. Since we already have a secure tunnel to our server over SSH, which we've been thus far using as a SOCKS5 proxy, we're now able to store files securely online with the same mechanism. Using FUSE, or File System in User Space, we're able to achieve this without the need to load kernel modules -- a process which would require superuser privileges.

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out http://www.revision3.com/haktip

Whether you're a beginner or a pro, http://www.revision3.com/haktip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more.

And let's not forget to mention that you can follow us on http://www.twitter.com/hak5 and http://www.facebook.com/technolust, http://revision3.com/hak5/follow to the show and get all your Hak5 goodies, including the infamous wifi-pineapple over at http://hakshop.com . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. ]]> http://Hak5.org/episodes/hak5-1111/feed 8 http://Hak5.org/episodes/hak5-1110 http://Hak5.org/episodes/hak5-1110#comments Thu, 26 Apr 2012 22:09:10 +0000 Darren Kitchen http://Hak5.org/?p=4760 ]]>

Continuing with Proxies, SOCKS5 and SSH, Darren and Shannon cover SSH Public Key Fingerprints, then build a free Windows SSH Server and configure Key Pairs for a Linux client.

Download HD Download MP4

SSH Public Key Fingerprints and known_hosts

Typical SSH Servers user 128-bit MD5 hashes as Public Key Fingerprints. These are used to verify the authenticity of a server. These key fingerprints are short sequences of bytes used to authenticate a much longer public key. Like we discussed last week regarding key pairs for user authentication, SSH servers have key pairs for server authentication.

On a Linux OpenSSH server for example these key pairs will be found in /etc/ssh/*key*. The public keys will be world readable while the private keys can only be read by a superuser.

On a Linux client for example the key fingerprints of remembered servers are stored in ~/.ssh/known_hosts. Since SSH version 4 the username and hostnames associated with these servers are hashed.

To remotely verify the key fingerprint of an SSH server

ssh-keyscan -t rsa,dsa REMOTEHOSTNAME > /tmp/ssh_host_rsa_dsa_key.pub
ssh-keygen -l -f /tmp/ssh_host_rsa_dsa_key.pub

Alternatively, on the remote server the key fingerprints can be found by:

cd /etc/ssh
ls *key*
cat ssh_host_key # this is the private key
# permission will be denied if not superuser
cat ssh_host_key.pub # this is the public key
ssh-keygen -lf ssh_host_rsa_key.pub
# field 1 = bit length of key
# field 2 = fingerprint of key
# field 3 = name of key

Setting up a Windows SSH Server with Bitvise (+ A few other software recommendations)

Setting up the SSH Server Windows Using BitVise WinSSHd

• Download BitVise

• Creating a server on laptop or pc at home...
• Auto config router (UPnP) - BAD!! No Universal Plug-n-Play
• Open Port to Any Computer
• Uncheck 'Allow Any Logon', Click add.
• Enter Username - Run 'whoami' from CMD to find out your username.
• Want to add account for a friend? Do a virtual account.

SSH Servers for Windows

FreeSSHd - http://www.freesshd.com/

• Nice but lacks advanced security controls. The server starts
  sessions with security in the context of the service itself, meaning
  since it needs to be run as administrator or system those are the
  privileges available to the users.

• Not open source so it can't be vetted, improved upon by the community
• Hasn't been updated since 2009
• Difficult to get working on Windows 7
• Free and easy to setup

Bitvise WinSSHD - http://www.bitvise.com/winsshd

• Free for non-commercial / personal use

• License costs $100, unlocks Active Directory feature for enterprises
• Easy to install and update, nice GUI
• Supports Active Directory, Kerberos or it's own user database
• Works fine in Windows 7
• Supports AES 128 and 256 bit encryption
• Not open source so it can't be vetted, improved upon by the community
• Can be configured to use Power Shell instead of CMD as the default
  shell for users

• Supports OpenSSH public key files
• Configure account and group permissions per IP and DNS
• Automation API, logging

OpenSSH for Windows - SSHWindows.sf.net

• Free, open source implementation of OpenSSH with Cygwin

• Hasn't been updated since 2004
• Enough said

Copssh - https://www.itefix.no/i2/copssh

• Package of portable OpenSSH for Cygwin

• GUI for administartion

KpyM SSH Server - http://www.kpym.com/2/kpym/index.htm

• Free, open source

• Uses Windows identification (Windows user accounts)
• Automated install and setup
• Nag screen. Single license is $35

Setting up Key Pair Authentication in Linux with OpenSSH

On the remote host:

mkdir .ssh
chmod 700 .ssh
cd .ssh

On the local host:

ssh-keygen -t rsa
scp ~/.ssh/id_rsa.pub user@host:.ssh/authorized_keys2

Back on the remote host:

ls -la authorized_keys2
chmod 600 authorized_keys2
exit

On the local host:

ssh user@host

Bonus: Transfer SSH public keys from one machine to another

Now that we've done it the long way, let's take a moment to appreciate a convenient shortcut -- ssh-copy-id.

ssh-keygen; ssh-copy-id user@host; ssh user@host

Download HD Download MP4

Before getting into public key crypto we should first take a moment to gather a basic understanding of the SSH-2 protocol layers. In a nutshell the three layers of SSH-2 are:

The first is the Transport Layer. This layer is responsible for handling key exchanges, the servers authenticity (server authentication), compression, encryption and re-keying (typically after 1 GB of traffic or 1 Hour have elapsed). We'll get into more detail on this next week when we focus on key fingerprints.

Second is the User Authentication Layer, which handles client authentication, or authentication of the user trying to log-in. This process is client driven, meaning that the connecting client chooses which method they would like to authenticate with. Accepted methods vary by server but typically these include:

• Password Authentication - we used this last week by interactively typing in our password at the prompt when logging in

• Public Key - this is the method we'll be using today and going forward
• Keyboard Interactive - a process that can be used for one-time-passwords.
• GSSAPI (Generic Security Services Application Programming Interface) - this is actually a library used by commercial vendors, usually to implement single-sign-on services in enterprises and integrating with existing security services such as NTLM or Kerberos.

Finally there is the Connection Layer. This layer defines the channels, or asymmetric communications supported by SSH, including:

• Shell Channel for Shells, SFTP, SCP
• Direct-TCP/IP Channel for Client-to-Server forwards
• Forwarded-TCP/IP Channel for Server-to-Client forwards

Understanding Public Key Cryptography

Authentication via Asymmetric Key Cryptography (aka Public Key Crypto) is the method for generating a key pair -- both public and private (aka secret) -- and publishing one or the other in order to initiate secure communication. In our example we'll be protecting our private key on the client while publishing the public key on the SSH server. With this setup anything encrypted with the public key can be decrypted with our own private key. The oversimplification of this is that the key pairs are linked mathmatically allowing for encryption with the public key and decryption with the private key. The idea is that it's impractical to figure out the private key based on only knowledge of the public key. This is the basis for SSL, PGP, GPG, Bitcoin and many other protocols.

SSH-2 supports at least two methods for Public Key authentication

• RSA Key Pairs, which are named after creators Rivest, Shamir and Adleman and published in 1978 is an algorithm based on the difficulty of factoring large integers. Again the oversimplification is that the public key is based on the product of two large primes (along with an aux value) and the private key is derived from prime factors used to create the public key.

• DSA Key Pairs, or Digital Signature Algorithm, have been a Federal Information Processing Standard since 1993. Originally pantented by former NSA employee David Kravitz this technology is now freely available for anyone to use worldwide.

Setting up a Linux OpenSSH Server
On a Debian based Linux machine setting up ssh can be as simple as issuing "sudo apt-get install ssh". In this segment Darren goes over some of the configuration lines you would find useful to modify in /etc/ssh/sshd_config.

AllowTcpForwarding yes
GatewayPorts       yes
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile      %h/.ssh/authorized_keys
AllowUsers bob alice
PermitRootLogin no
Protocol 2
Port 222
LoginGraceTime 1m
ListenAddress
ClientAliveInterval 60
ClientAliveCountMax 0

Be sure to restart the SSH deamon after editing the configuration. stop ssh;start ssh;service ssh restart;/etc/init.d/ssh restart #one of these should do it! :)

SSH Key Authentication On Windows with Putty for a Linux Server

This'll create key pair- an authorization to log on to server for authentication. Begin by downloading the Putty KeyGen tool. Click Generate and move mouse to generate key pair, and save both. Now open the server via Putty.

On the server go ahead and create a user if you haven't already done so. Typically this is achieved using the "adduser username" then "passwd username" commands.

Now, while logged in as your user, make a directory called .ssh in the your home. For example "mkdir ~/.ssh"

You'll want to change the mode to 700 so that only you have access to it. In the world of Unix there are 3 levels of permissions for files and directories. The Owner, Groups and World (everyone). The first 10 characters are the file's attributes. The first character represents what type of file it is. If it's a dash (-) it's a regular file. A (d) represents a directory, and there are a few others for special stuff like symbolic links. The next 9 characters specify the Read (r), Write (w) and Execute (x) permissions for the file's Owner, Groups and World (everyone). Change the mode of the directory with "chmod 700 .ssh/" The "chmod" command stands for Change Mode and allows you to easily modify a file or directory's permissions. Chmod will accept an octal representation of the modes. We're not going to get into them all but in this case 700 changes the file to be Readable, Writeable and Executable by the file's Owner, and nothing else for any Groups and the World.

Next change to the newly created directory with "cd .ssh" and create a file called authorized_keys2 with the public key on one line saved in file. Add ""ssh-rsa "" to the beginning.

Finally you'll want to again change the mode of the file so that only you can read and write to it. In this case the command would be "chmod 600 authorized_key2".

Now back on the Windows machine ppen pageant.exe and select 'add key'. Add the private key created in the initial setup. Pageant works as a passphrase keeper. With Pageant in memory and your private key loaded go ahead and test your connection. Just as before login with putty being sure to include "username@" before the hostname in the connection dialog.

You should now login without a password needed! Hooray! ]]> http://Hak5.org/episodes/hak5-1109/feed 8 http://Hak5.org/blog/backstage/the-new-ipad-shannons-review http://Hak5.org/blog/backstage/the-new-ipad-shannons-review#comments Tue, 17 Apr 2012 01:25:48 +0000 Shannon Morse http://Hak5.org/?p=4728

Howdy! So I bought a new iPad about a month ago when they first came out, and I figured it was time for me to review it. Better late than never, eh?

I decided to buy the 4G Verizon LTE 32GB one in Black. It was about $750 before taxes (and before I sold my old one on eBay, ha!).

I upgraded from the first generation iPad, which I bought about 2 years ago.

I had several reasons for wanting to upgrade and stick with the Apple product line instead of going with an awesome Android tablet.
We use an app with Hak5 called PrompterPro- it was $10 and enables us to use our iPad as a cheap teleprompter. We use an iPad prompter dock with our cameras then connect via bluetooth / wireless to a iPhone or iPod that the hosts’s use during the segments. It’s great for bullet points and breaking down really obscure concepts that we’ve researched previously.
I also wanted to be able to accept credit cards at conventions without the need to connect to wireless or AT&T (service on my phone) since those aren’t very secure! This was why I chose Verizon LTE. And of course, 32GB for sharing media with other guests at cons while I work at our Hak5 booth.

On to the pros and cons of the new iPad!

Pros:

It’s beautiful- not just the screen but the tablet itself. Seriously, even if you don’t want to buy an iPad EVER, just walk in an Apple store and pick one up. It’s a pretty piece of technology. The screen really is surprising. You can’t see pixels. It’s weird.

The LTE service is FAST. Like, crazy fast. I installed the Speedtest.net app for iPhone/iPad and these were my results, sitting next to my router in my computer room. The first image is Verizon, the second test is Comcast Wireless.

The new iPad is still lightweight, like my first one. I don’t feel an overall difference.
iOS is extremely responsive. I can type and multitask pretty quickly on it without much of any delay.
After you’ve gone through the easy setup, it works out of the box. Although, I suggest plugging it in to iTunes instead of wirelessly updating your sync with the iCloud because iCloud takes way too long.
LTE can be turned on or off at anytime by just going to the settings, with no contract. This is great, because I only intend to use it at conventions. I don’t want to pay $20-$30 USD every month for that extra service if I’m just going to be sitting at home on my PC!
The front camera takes great photos with good lighting. It’s nice having such a large screen to see your photography on, and having the photos actually appear the way they should.
Apparently I can take my AT&T iPhone SIM card and stick it in my Verizon iPad and it’ll work- I haven’t tried this, but I have unlimited data with AT&T so.. maybe!

Cons:

I didn’t set up LTE service for a few weeks after getting it, and the iPad pinged me saying “You haven’t set this up yet, would you like to?”. It only happened once, but I didn’t like feeling like they were trying to upsell me on cellular usage.
I’ve noticed the charge still lasts as long as my first generation iPad with normal usage (maybe an hour or two a day, sometimes more) but I have to charge it all night to get the full charge once it’s died.
It does get hot in one corner, but it’s not scary, just obvious. It’s like having a laptop on your lap.
The new iPad is expensive! Holy Batman, if you aren’t using this for work or you already have a laptop / ebook reader, why get one? Smartphones do everything this can, so it seems like a waste of money if just bought as a toy.
The back camera is terrible. It’s blurry and pixelated in any kind of lighting.
I had trouble with Facetime. I wasn’t receiving audio out of my iPad from my friend. A restore should fix this problem.
Reading ebooks on this gives me a headache. Black and white epaper Kindle’s are way better for reading for long periods of time.

So generally- the problems I have with it are things that I can live with, but they’re still problems non-the-less. I love the iPad, I don’t regret paying what I did for it (specially after I sold my first generation iPad), and I plan to get a lot of use out of this tablet for at least a few years. I’m normally not an early adopter but in this case it was a well needed upgrade.

Not to mention, since I bought it from the local Apple store, they’ve been incredibly friendly with ‘helping me get started’. I haven’t needed any help, but this is a great add-on service I wasn’t expecting that would make anyone’s day if they really needed some extra help.

Shannon Morse hosts Hak5 on Revision3 and she co-hosts the audio podcast Bite Club Show. You can find her guest hosting various other internet shows now and then. When not geeking out with work, Shannon enjoys video games, anime, manga, traveling, building computers, and spending time with family and friends. Find more info about Shannon here.

Thursday, May 3rd at 8:00 PM

Join us for our Season 11 episode 11 party at the Baltic Pub in Point Richmond, CA! There won’t be another binary episode number of Hak5 until Season 100 in 2057!!

All ages welcome. Special nerdcore performance by Dale Chase!

The Baltic Pub, 135 Park Pl Richmond, CA 94801.

RSVP on Facebook or Add to Google Calendar.

Download HD Download MP4

Basically a proxy is a technology that enables one to bounce their Internet traffic off, or tunnel Internet traffic through, a third party server. Typically this is a linux box running a daemon, but there are plenty of types of proxies, as well as reasons to use 'em. So why do we have proxies? Well, this won't cover everything, but here's a few examples:

Why would you want to proxy?

Security - keep your web traffic encrypted
For me it's all about security. Most proxies employ encryption, encapsulating each packet into a private tunnel so that would be eavesdroppers can't peer in on your surfing. I don't care if it's open wifi at the airport or a wired hotel LAN -- if it isn't my network I don't trust it.

Filtering

I hate it when network operators do this, and I'm sure you've encountered it. It turns out there's porn on the Internet. That, um, isn't what I've encountered -- I'm talking about when sysops use Proxies to filter content. Whether it's a DNS blacklist or content keywords, proxies can be used to shut down browsing to sites the operator deems inapproporiate. Whether that's porn or blogs criticizing a draconian government.

Bypassing Censorship

Likewise proxies are a great weapon against censorship. During the 2011 Egyptian Revolution, and following the January 25th protest, access to Twitter and Facebook from within the country were blocked.

Caching

Speed up web browsing with a caching proxy like Squid which is implemented in a lot of the more advanced open source routers we like, including Smoothwall and Untangle. The idea being that it holds copies of a web page or other resource in its cache, so if Darren visits Zombo.com in the morning then I go there in the afternoon I grab a local copy, thus saving bandwidth and speeding up the network.

Eavesdropping

Like a WiFi Honeypot or a Man-in-the-middle attack, a proxy can facilitate eavesdropping by routing traffic from a client, or victim in this case, through an eavesdropper's server. This enables the kind of packet sniffing mischeif you might imagine -- password snooping, URL snarfing, stealing of cookies and session hijacking, even altering content in transit. You know, the same kind of stuff your ISP could do - but doesn't... Or do they? Nah.... But SRSLY.

Private Networks

Traveling abroad and need access to resources on your office network? There's a proxy for that. Basically bridging two or more networks a proxy can enable access to stuff like printers, internal web servers, even private peer to peer networks or Darknets. Who doesn't like a little privacy with their file sharing?

Anonymity

Network Proxies can provide some level of anonymity by making it difficult to trace internet activity. The most notable examples include The Onion Router and I2P or the Invisible Internet Project. We're working up a special episode on these, but suffice it to say if you're a fan of freedom and privacy these are for you. Just, be aware that they aren't fool proof. In design these networks don't account for a global passive adversary, you know - like the NSA.

There are more proxy types and implementations than you can shake a stick at, but we’ll cover a few of the more popular ones and get into the practice soon.

Types of Proxies

Forwarding Proxies: Typically speaking a forwarding proxy is a private service setup for one or more users that forwards or relays Internet traffic. An example would be a SOCKS proxy setup on a Virtual Private Server that you maintain and only you have access to. Use of this proxy requires authentication and once connected some or all of your Internet traffic is routed through this host.

Open Proxies: which is similar to a forwarding proxy, except that authentication isn’t required. These open proxies or anonymous proxies are generally available to anyone on the Internet. Most HTTP or web based proxies don’t require a whole lot of skill or network configuration to use. For example visiting the open proxy darkbrowsing.com allows a user to pull up pages like twitter and facebook without actually going to those domains. As far as a network operator is concerned the user is only visiting the proxy, and the subsequent web pages are requested on the proxies behalf.

Reverse Proxies: one that facilitates connections between two networks, often making it possible to access an internal resources which is otherwise inaccessible from the Internet. A good example of this would be a WiFi Pineapple in the wild connecting back to my VPS in the cloud allowing me to proxy through the VPS and into my pineapple. We’ll get into this in practice soon.

The nice thing about your reverse proxy setup is that it’s able to overcome NAT.

NAT, or Network Address Translation, is a gateway (typically your home router) which assigns private IP addresses to each connected client, then allows all of those clients to access the Internet through a single public IP address. Since each machine on a NAT’ed network doesn’t actually have it’s own public IP address it makes it more difficult to run a server, like SSH. Typically port forwarding is necessary to allow incoming connections to get routed to the right machine inside the network. But outgoing traffic doesn’t have this limitation. Thus the reverse proxy is able to establish its connection without any special network configuration, a lovely technique we know as "NAT Traversal".

SOCKS Proxy: Our favorite implementation

SOCKS stands for SOCKet Secure and it’s an Internet protocol that allows you to route your network traffic through a proxy server.

• Originally developed by David Koblas, a sysadmin at MIPS in ‘92
• Later extended to version 4 by Ying-Da Lee at NEC
• And finally version 5 was approved by the Internet Engineering Task Force in ‘96
• Can be used with Secure SHell - a network protocol for secure communication to remote shells
• Operates at a lower level than HTTP proxying
• Able to be used for any TCP or UDP connection
• Two mainstream types of SOCKS proxies, SOCKS4 and 5
• SOCKS5 allows for use of IPv6, UDP and DNS lookups so it is preferred

Basic Client Setup in Linux

ssh -D 8080 user@host

The -D option, from the man pages

-D [bind_address:]port

Specifies a local dynamic application-level port forwarding. This works by allocating a socket to listen to port on the local side, optionally bound to the specified bind_address. Whenever a connection is made to this port, the connection is forwarded over the secure channel, and the application protocol is then used to determine where to connect to from the remote machine

.

Keep in mind this option requires superuser privileges so you may need to use sudo or similar root execution utility.

Warning: The basic client setup illustrated here uses password based authentication, which goes against security best practices. The next episode in this series will address this setup. Use of password based authentication is not advised.

Basic Client Setup in Windows

Begin by downloading putty, the gold standard in SSH on Windows.

Open putty, enter your host information, then expand SSH > Tunnels. Enter a port between 1025 and 65535, check Dynamic and enter localhost or 127.0.0.1 as the IP address. Click Add, then Open. An SSH session will open, typically prompting for username and password. Note: We will expand on this shortly with key based authentication.

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out HakTip!

Whether you're a beginner or a pro, HakTip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let's not forget to mention that you can follow us on Twitter and Facebook, Subscribe to the show and get all your Hak5 goodies, including the infamous WiFi Pineapple over at HakShop.com. If you have any questions or suggestions please feel free to contact us at feedback@hak5.org.

Youtube Description (No HTML):

This time on Hak5: We begin a special series on proxies. Caching, filtering, security or anonymity -- whatever your reasons may be Darren and I are exploring the in's and out's of this great technology from the ground up. All that and more, this time on Hak5!

If you're into Hak5 you'll love our new show by hosts Darren Kitchen and Shannon Morse. Check out http://www.revision3.com/haktip

Whether you're a beginner or a pro, http://www.revision3.com/haktip is essential viewing for current and aspiring hackers, computer enthusiasts, and IT professionals. With a how-to approach to all things Information Technology, HakTip breaks down the core concepts, tools, and techniques of Linux, Wireless Networks, Systems Administration, and more

And let's not forget to mention that you can follow us on http://www.twitter.com/hak5 and http://www.facebook.com/technolust, http://revision3.com/hak5/subscribe to the show and get all your Hak5 goodies, including the infamous http://hakshop.com/collections/frontpage/products/wifi-pineapple over at http://hakshop.com . If you have any questions or suggestions please feel free to contact us at feedback@hak5.org. ]]> http://Hak5.org/episodes/hak5-1108/feed 21 http://Hak5.org/episodes/hak5-1107 http://Hak5.org/episodes/hak5-1107#comments Wed, 04 Apr 2012 19:13:58 +0000 Jason http://Hak5.org/?p=4705 ]]>

This time on the show, automating interactive tasks in Linux, preventing your browser sessions from being tracked, graphical command line disk usage utilities, and pushing hex over TCP with Echo. All that and more this time on Hak5!

Download HD Download MP4

Empties Source Forge page at empty.sf.net describes the utility as one that provides an interface to execute and interact with processes under pseudo-terminal sessions. This is pretty cool because you can use it to program shell scripts which communicate with interactive programs like telnet, ftp or ssh.

And while TCL/Expect does the same thing, empty may be a better choice because it can be invoked directly from the shell, it doesn't require TCL, perl, python or any other language, it's super small and simple and has already been ported to most *nix flavors.

Installation is pretty simple, either download the source from empties website, untar it and ""make all install clean"", or grab it from your repo. In ubuntu that's apt-get install empty-expect

The cool thing about the way it works is that everything is based on files.

empty -f -i input.fifo -o output.fifo -p empty.pid -L empty.log ssh
root@localhost
empty -w -i output.fifo -o input.fifo continue 'yn'
empty -w -i output.fifo -o input.fifo assword 'lamepasswordn'
empty -w -i output.fifo -o input.fifo root@ 'topn'

Disconnect.me

With all the privacy issues we've been hearing about lately, (Facebook's always strange updates; Google's new policy, etc), it almost seems impossible to keep your private data private!

We always hear about those problems we face with third party advertisers, cookies, and social search results, but it seems like everyone gets all up in arms about it, but almost no one goes on the defense and stops it from happening. Sure, people like you and me know how to disable cookies and we've deleted our cache's and search results in Google but we still have to teach the masses how to do it as well.

We still have a friend in the world who cares by the name of Disconnect, a company that was founded by a couple of ex-Googlers, Brian Kennish and Austin Chau, with Casey Oppenheim.

So what are they doing? Well, Disconnect is working on making your private data private again by disabling sharing with third parties and soon customizing your ability to share with whom you want.

How does it work? Disconnect is a small add-on for your browser (for me, Chrome) that you can find in your browser's webstore. Disconnect works in the background, seemlessly blocking the collection of your searches, sites visited, etc from Google, Twitter, Facebook, Digg, and Yahoo. It'll even let you depersonalize searches on Google and Yahoo by blocking cookies while you're still logged in.

You can unblock services too, just by clicking on the icon, in case you want to play a game on facebook that requires it or you have trouble getting to certain services when they're blocked. They've been having some bugs with Google accounts not working right when blocked, but so far I haven't had any problems myself. But this extension does peak my interest as well as suspicions. Does it really block cookies and private data sharing? According to their privacy policy it does.

Hex over TCP with Echo and Netcat

Ever needed to send some hex in TCP form over to a port on an IP?
Well, you can do that with Echo and Netcat.