Book Image

Practical Linux Security Cookbook - Second Edition

By : Tajinder Kalsi
Book Image

Practical Linux Security Cookbook - Second Edition

By: Tajinder Kalsi

Overview of this book

Over the last few years, system security has gained a lot of momentum and software professionals are focusing heavily on it. Linux is often treated as a highly secure operating system. However, the reality is that Linux has its share of security ?aws, and these security ?aws allow attackers to get into your system and modify or even destroy your important data. But there’s no need to panic, since there are various mechanisms by which these ?aws can be removed, and this book will help you learn about different types of Linux security to create a more secure Linux system. With a step-by-step recipe approach, the book starts by introducing you to various threats to Linux systems. Then, this book will walk you through customizing the Linux kernel and securing local files. Next, you will move on to managing user authentication both locally and remotely and mitigating network attacks. Later, you will learn about application security and kernel vulnerabilities. You will also learn about patching Bash vulnerability, packet filtering, handling incidents, and monitoring system logs. Finally, you will learn about auditing using system services and performing vulnerability scanning on Linux. By the end of this book, you will be able to secure your Linux systems and create a robust environment.
Table of Contents (20 chapters)
Title Page
Copyright and Credits
Contributors
Packt Upsell
Preface
Index

Gaining root on a vulnerable Linux system


When trying to learn how to scan and exploit a Linux machine, one major problem we encounter is where to try. For this purpose, the Metasploit team has developed and released a virtual machine called Metasploitable. This machine has been made vulnerable purposefully, having many services running unpatched. Due to this, it has become a great platform for practicing or developing penetration testing skills. In this section, we will learn how to scan a Linux system and then, using the scanning result, how to find a service that is vulnerable. Using that vulnerable service, we shall gain root access to the system.

Getting ready

Kali Linux and the Metasploitable VMware system will be used in this section. The image file of Metasploitable can be downloaded from these links:

How to do it...

The Metasploit Framework is an open source tool used by security professionals globally to perform penetration tests by executing exploit code on target systems from within the framework. It comes pre-installed with Kali Linux (the preferred choice of distribution for security professionals).

Follow these steps to gain root access to a vulnerable Linux system:

  1. First open the Metasploit console on the Kali system by running the following command:
service postgresql start
msfconsole
  1. At the bottom of the screen, you should get the Metasploit framework prompt denoted by msf>.
  2. Next, we need to scan the target, which is 192.168.0.102 in this example, using Nmap:

The following screenshot shows the output of the command:

  1. In the previous command, you can see there are many services running on different ports. Among them you can see FTP is also running on port 21.
  2. We will focus on the FTP service for now. From the output shown, you can see that the FTP service is provided by the vsftpd application version 2.3.4.
  3. Now lets try to find an exploit forvsftpdwithin the Metasploit framework by simply executing the command searchvsftpd. Here is the output:
  1. The search results are showing a module, VSFTPD Backdoor Command Execution, with an excellent rating, which means that this exploit will work perfectly fine.
  1. Now run the following commands to use the exploit and check its options:
  1. As you can see from the screenshot, you need to set the value of RHOST, which is 192.168.1.102 in our case.
  2. Set the value for RHOST and then run the exploit as shown here:
  1. Once the exploit runs successfully, you will get root access, as shown in the preceding screenshot.

How it works...

We first did an Nmap scan to check for running services and open ports and found the FTP service running. Then we tried to find the version of the FTP service. Once we got the information, we searched for any exploit available for VSFTPD. The VSFTPD backdoor module that was found in the search result is actually a code that is being sent to the target machine by the Metasploit framework. The code gets executed on the target machine due to a module of the VSFTPD being improperly programmed. Once the code gets executed, we get a root shell access on our Kali machine

Using the exploit found for VSFTPD, we tried to attack the target system and got the root shell on it.

There's more...

Let's learn about a few more exploits and attacks that are common in Linux.