Basic Networking Part 4 — What is Port?

CyberSecurity Updates, Kali Linux / By CyberArk

Introduction

In our many previous articles we had referred the word “port“. In our this Basic Networking Series, we are going to cover about port. Here without being much technical, we just learn the basics of port with a cybersecurity point of view. This will be understanding port for absolute beginners.

What is Port?

The theory behind port is hard to explain for beginners (excuse us), but we will try our best. In a computer network port is a end point of communication. For an example, we had installed IP camera on our driveway, which is connected on our network. Now it can be accessed from our computer, here IP address and network ports used. Our router is dependent on ports to route data and we can access our camera from our computer. To understand this better let’s jump on little bit technical shit.

In computer networking, a port is a virtual end point of communication. A port is a 16 bit number, i.e. it can go from 1 to 65535. A modern day device can do a lot of things at a particular time. For each type of service there will be a different port, for the same destination IP.

Mainly, there are two protocols in the networking that uses port numbers, they are, Transmission Control Protocol (TCP) and User Datagram Protocol (UDP).

TCP:- TCP handles transmissions. It sends information from one computer to another by a direct connection. Both computers stays connected during this process.

UDP:- With the help of UDP, the computer hardware are can create data packets and send them on the network. It didn’t make connection during transfer.

TCP is slower than UDP, but TCP can retransmit the lost data due to the connection between the devices.

What is Port Numbers ?

Well, as we discussed earlier, port number is a logical address assigned for each process that uses networking for communication.

Network based on TCP and UDP mostly use port numbers up to 65535. The application it self can change it’s port number, but generally it uses common global port numbers, like port number 80 is for HTTP, port 23 for telnet, port 25 for email, port number 3389 generally used for remote desktop protocol. There is a list for all port number and their uses.

What is Port Forwarding ?

When a remote system/computer wants to make a connection with our computer then we need to allow this by opening required port of that service, so the data packets can enter on our system. Remember that port is the end point! This is the very basic concept of port forwarding. We can manage our port forwarding from our router’s settings. Various routers have various type of settings so we need to check our router. We can easily learn how to forward our port by searching internet “How to port forward on router name“. We have discussed about SSH port forwarding, but that is different thing which uses SSH tunneling.

Summary

Cybersecurity learners must have a clear idea on port forwarding. Remote desktop, ssh, exploiting machines etc usually requires port forwarding. IP addresses and ports are very useful things of networking. These are the most basic things of ports.

Love our articles? Make sure to follow us on Twitter and GitHub, we post article updates there. To join our KaliLinuxIn family, join our Telegram Group. We are trying to build a community for Linux and Cybersecurity. For anything we always happy to help everyone on the comment section. As we know our comment section is always open to everyone. We read each and every comment and we always reply.

Free Port Forwarding without Router

CyberSecurity Updates, Kali Linux / By CyberArk

Previously, in our some articles like, SSH port forwarding and Portmap we discussed that how we can use port forwarding without router, and access our localhost site on the internet. In our this article we are going to cover another method to forward port without router.

Why we need this? specially when we have router and we use static IP or using NO-IP services.

This is a very good question. Well, we are in cybersecurity field where anonymity matters a lot. In real world during penetration testing smart attackers didn’t use routers and static IP. It increase chances to get traced. Port forwarding using SSH or tunnels also might be traces (not fully anonymous) but it will be a little bit tough. So we can use VPN, proxychains and TOR to get anonymous.

Free Port Forwarding without Router Kali Linux

Now coming to the article, in this tutorial we are going to use localtunnel service. Using this service is very easy, we don’t need to mess with DNS and firewall settings.

Installing localtunnel on Kali Linux

We can easily install localtunnel using Node Package Manager. So, we need to install Node Package Manager (npm) on our Kali Linux or any other Debian based Linux distribution. We use following command to do this:

sudo apt install npm

Because localtunnel uses Node JS that because we need to install npm. This will install some packages and complete the process in couple of minutes, dependig on our system performance and internet speed.

After installing npm we use this package manager to install localtunnel. We use following command to install localtunnel:

sudo npm install -g localtunnel

In the following screenshot we can see that localtunnel installed on our system in some seconds.

installing localtunnel using node package manager

Port Forwarding using LocalTunnel

We have installed localtunnel on our system. Now we just need to forward our localhost on the internet.

Here we have a localhost service running on our localhost using apache2. This is a simple webpage for showing an example.

sample webpage on running on localhost

This is running on our port 80, so we need to forward our port 8- using localtunnel to access our localhost on the internet.

A very tiny command will do this,

lt --port 80

We just put lt for localtunnel then specify our –port number (in our case it is 80). After applying the above command we get a URL.

By opening this URL we can access our localhost from anywhere in the internet. Before that we got a warning page (first time only) to prevent spamming or misusing the service.

In the above screenshot we can see the warning page for first time when we open the localtunnel link. When we click on “Click to Continue” we reach to our localhost page, as we can see it in the following screenshot:

We can open this page from any device or network until the localtunnel connection open. We also have open this link on our phone and reach to that web page, shown in the following screenshot:

Localtunnel will be not very much useful for phishing etc for the warning page. But this is a very easy method for port forwarding without router. This might be very handy to show a project to client remotely. We can easily forward port by using this on our Kali Linux or any other Debian based Linux distribution.

Warning:- This tutorial is written for pure educational purpose only. If anyone do any illegal activity then we are not responsible for that.

Pivoting to Access Networks in Penetration Testing

CyberSecurity Updates, EC-Council, Knowledge Base / By CyberArk

Pivoting to Access Networks in Penetration Testing | David Tidmarsh |Penetration Testing Penetration testing is the process of simulating a cyberattack against a computer system or network to identify and fix vulnerabilities. Pivoting in penetration testing is a technique in which the ethical hackers—also known as white-hat hackers—simulating the attack can move from one system…

The post Pivoting to Access Networks in Penetration Testing appeared first on Cybersecurity Exchange.

Pastejacking — Exploiting Remote Machines

CyberSecurity Updates, Kali Linux / By CyberArk

In pastejacking attacks, hackers use a malicious program to replace the contents of the user’s clipboard with a different set of data, such as a malicious URL, password or other sensitive information. When the user attempts to paste the original content, they end up pasting the malicious data instead, which can lead to various types of cyber threats, such as phishing attacks, malware infections, or stealing sensitive data.

In today’s detailed tutorial we are going to learn a dangerous exploitation called pastejacking. In this article we learn

What is pastejacking.
How to avoid pastejacking.
Practical of pastejacking in our Kali Linux.

What is pastejacking ?

Pastejacking is a dangerous attack technique with the help of this attacker can control victim’s clipboard and paste malicious codes in targeted machine, then attacker get control victim’s machine.

pastejacking and pastejacker in kali linux 2020

Pastejacking or clipboard hijacking is a method that malicious websites use to gain control of the clipboard on victim’s computer and change that content into malicious content without victim’s knowledge. Pastejacking is an exploit in which a person’s clipboard’s content is replaced by malicious lines, like a link to malicious web server, malicious code or commands.
Example: User surfing web and he got some useful command for him. The command is copied by the user, but if it is a pastejacking then the user not copied the normal looking useful command. User even don’t know that he have copied some malicious command in the place of the normal looking useful command.
When he paste and run the the command in Linux terminal or Windows powershell his machine will be compromised.

How to avoid pastejacking?

Avoiding from this kind of attacks is very easy. We shouldn’t copy and paste commands from websites to terminal directly. It is a good practice to type our required commands.
In case if we must need to copy commands from websites we then can copy it, but before pasting it on terminal we should paste it on text editor like notepad, mousepad, leafpad etc.
If it is a pastejacking then in text editor will show us that what command we have pasted. The terminal also can show us but we shouldn’t try it on terminal for security reasons.
This is the process to be safe from pastejacking attacks:

We should not copy command from websites better type by own
For very long commands, before pasting on terminal or powershell we check the command by paste it on text editor.
Turn on clipboard notifications: Some operating systems allow us to turn on clipboard notifications, which will notify we every time something is copied to our clipboard. This can help you catch any suspicious activity and protect our sensitive information.
Use a password manager with autofill: Password managers like LastPass or 1Password have autofill features that can fill in login information for you without the need to copy and paste.
Use a fun password generator: Instead of using the same old boring password, use a fun and quirky password generator that creates passwords like “UnicornPizza88!” or “JellyfishRainbow123#”. This can make the password creation process more enjoyable and less of a hassle.

By taking these steps, we can protect ourself from pastejacking attacks while also having some fun along the way!

How to use pastejacking ?

So basically it can be triggered from websites so, good knowledge in web development can implement this or we can simply use automated scripts like PasteJacker in our Kali Linux machine.
To use the PasteJacker tool we need to clone it from it’s GitHub repository by using following command:

git clone https://github.com/D4Vinci/PasteJacker

The following screenshot shows the output of the preceding command:

git clone git clone https://github.com/D4Vinci/PasteJacker

Then we install PasteJacker with the following command:

sudo python3 -m pip install ./PasteJacker

Then it will install all required python packages for PasteJacker tool. This automated script also install PasteJacker tool in our Kali Linux, as we can see in the following screenshot:

Then we can run PasteJacker tool anywhere in our terminal by applying command:

sudo pastejacker

After applying the above command PasteJacker tool’s main menu will appear as following screenshot:

Now we can use PasteJacker tool.

The menu shows us two options. If we are going to use against a Windows target then we can go with option 1, for using it against Linux we can choose 2. Here for an example we choose 2 and press enter.

Here the first option will create a hidden bash command that download our and execute our msfvenom payload in victim’s system using wget (do your own research on wget, we are not going to spoon-feed).
The second option will create a reverse connection of victim’s computer using netcat.

In the third one we can create our one-liner malicious commands and use it to perform pastejacking.

We can use the first or second option those are also easy and automated, but we are not going to harm anyone so we write a non-malicious one-liner custom pastejacking for just proof of concept. So we choose option 3.The screenshot is following:

Here we need to type our one line command. We can use any harmful command for Linux users but we have typed an simple command to display a text.

Here we need to choose a template for pastejacking. Here it have 3 types of pastejacking methods. For our those example we choose option 2 , i.e. pastejacking using javascript.

Then PasteJacker tool will prompt for the port we can leave it blank and press enter because the default port will be 80.

Here we need to type the text and we need to press enter double time to finish it. This will be the normal looking command, we can type anything to attract victim’s attention.

PasteJacker tool starts a localhost server in port 80. We open a browser and go to our localhost or 127.0.0.1 and we can see the normal looking command. If we paste and run it will change in to our that one-liner command.

Here we have opened our localhost and copied the command and paste it on mousepad text editor and see what we have got in the following screenshot:

We can even modify the webpage, and give it to a real life website look. To do that we open a terminal our root user directory:

sudo su

Then we type cd and enter to go to the root user’s directory:

cd

Then we can modify the html page by using following command:

sudo mousepad .pastejacker/index.html

In the above screenshot we can see the locally hosted webpage’s html codes. We can modify it is as we want like we have modify it a little bit.

This is how we can do pastejacking on our local network. Now we can use port forwarding using SSH or host our this HTML webpage to any hosting site to use pastejacking attack over the internet. Here is a demo.

So, in this tutorial we have learned about pastejacking. What is it and how to be safe from it. We have also learned how to use it in our Kali Linux system.

Stay updated with our articles by following us on Twitter and GitHub. Be a part of the KaliLinuxIn community by joining our Telegram Group, where we focus on Linux and Cybersecurity. We’re always available to help in the comment section and read every comment, ensuring a prompt reply.

CEHv12 Module 3 : NetBIOS, SNMP & LDAP Network Enumeration

Leave a Comment / CEHv12, Cyber Security, CyberSecurity Updates, EC-Council / By CyberArk

This article is based on NetBIOS, SNMP & LDAP Network Enumeration which comes module 3 of certified ethical hacker. Learning Outcomes In this module, you will complete the following exercises: After completing this module, you will be able to: After completing this module, you will have further knowledge of: Lab Duration It will take approximately 1 …

CEHv12 Module 3 : NetBIOS, SNMP & LDAP Network Enumeration Read More »

Search Results for: SSH port forwarding

Introduction

What is Port?

What is Port Numbers ?

What is Port Forwarding ?

Summary

Installing localtunnel on Kali Linux

Port Forwarding using LocalTunnel

What is pastejacking ?

How to avoid pastejacking?

How to use pastejacking ?