SSH Penetration Testing

Prevention against Brute force attack

A threshold account lockout policy in windows which locked an account after certain numbers of attempt that can be possible in UNIX also through Iptables chain rule.

Here admin can set iptable chain rules for a certain number of login attempts and if user crossed the defined number then the account will get locked for some time period as specified by admin.

Type the given below command to set iptable chain rule for account lockout policy:

sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --set
sudo iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent --update --seconds 120 --hitcount 3 -j DROP




[email protected]:/etc$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
DROP       tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: UPDATE seconds: 120 hit_count: 3 name: DEFAULT side: source mask: 255.255.255.255
           tcp  --  anywhere             anywhere             tcp dpt:ssh state NEW recent: SET name: DEFAULT side: source mask: 255.255.255.255

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
sudo service ssh restart

Install iptables-persistent:

sudo apt-get install iptables-persistent
sudo su
iptables-save > /etc/iptables.rules

Linux Find Large Files

RedHat / CentOS / Fedora Linux

find {/path/to/directory/} -type f -size +{size-in-kb}k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

50MB ‘dan büyük dosyaların listelenmesi için;
$ find . -type f -size +50000k -exec ls -lh {} \; | awk ‘{ print $9 “: ” $5 }’

Debian / Ubuntu Linux

find {/path/to/directory/} -type f -size +{size-in-kb}k -exec ls -lh {} \; | awk '{ print $9 ": " $5 }'

50MB ‘dan büyük dosyaların listelenmesi için;
$ find . -type f -size +50000k -exec ls -lh {} \; | awk ‘{ print $8 “: ” $5 }’

Arch linux is patched : KRaCK

Verify like this: If you don’t sync your package databases you will likely pull an old version.

$ sudo pacman -Q wpa_supplicant
wpa_supplicant 1:2.6-8

This should go without saying, but for anyone new to arch make sure you run:
$ sudo pacman -Syu wpa_supplicant

verify like this:
$ sudo pacman -Q wpa_supplicant
wpa_supplicant 1:2.6-11

HOWTO: Delete all hidden .swp files from terminal

E325: ATTENTION
Found a swap file by the name ".swp"
owned by: subhrcho dated: Wed Dec 26 05:54:45 2012
file name: ~subhrcho/
modified: YES
user name: subhrcho host name: slc04lyo
process ID: 26176
While opening file ".vimrc"
dated: Mon Jan 28 22:45:16 2013
NEWER than swap file!

(1) Another program may be editing the same file.
If this is the case, be careful not to end up with two
different instances of the same file when making changes.
Quit, or continue with caution.

(2) An edit session for this file crashed.
If this is the case, use ":recover" or "vim -r "
to recover the changes (see ":help recovery").
If you did this already, delete the swap file ".swp"
to avoid this message.

Swap file ".swp" already exists!

find . -type f -name “.*.swp” -exec rm -f {} \;

Arch Linux – Creating BIOS and UEFI Bootable USB

Bootable USB disk oluştururken bazı programlar efi bölümü oluşturmuyor. En sağlıklı yöntem dd komutu ile oluşturmaktır. Aşağıdaki yönergeleri uygulayabilirsiniz.

Bootable usb oluşturmadan önce mutlaka usb disk’i unmount etmeniz gerekmektedir.

lsblk
sdb 8:16 1 3.8G 0 disk
`-sdb1 8:17 1 3.7G 0 part /run/media/xxxx/e54c4ce0-9def-4183-a415-c0d98
sr0 11:0 1 1024M 0 rom

sudo umount /dev/sdb1

lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 223.6G 0 disk
|-sda1 8:1 0 512M 0 part /boot
|-sda2 8:2 0 215G 0 part /
`-sda3 8:3 0 8.1G 0 part [SWAP]
sdb 8:16 1 3.8G 0 disk
`-sdb1 8:17 1 3.7G 0 part
sr0 11:0 1 1024M 0 rom

Not : Bootable iso oluştururken (/dev/sdb1) olarak yazmayın.

dd bs=4M if=/path/to/archlinux.iso of=/dev/sdx status=progress && sync &