Friday, 6 January 2012

Remote Administration of BackTrack

As a next step I wanted to install a remote adminstration software to BackTrack that is supporting a client running natively on Mac OS X. I don't want to start everytime my Windows VM to use Vsphere Client to connect to my ESXi and then jump to the console of BackTrack just to get the GUI of it. SSH is sufficient for most of the tasks in pentesting, but some tools as Burp or Nessus for example need a GUI so I had to choose a remote  administration software.

I did choose (Free-)NX as it is tunneled via ssh and available for a lot of operating systems and is providing a native client for Mac OS X. Another feature of NX are "seamless connections". This means you can reconnect to a previous connection you already closed.

First I installed the latest stable server, version 3.5 that can be downloaded on I downloaded the client, the server and node packages for Debian and installed everything with dpkg on my BackTrack 5 R1 VM. My client is a MacBook with the latest Mac OS X Lion and after downloading the client (also version 3.5) and installing it, this message appeared:

So the Client didn't work, because is still compiling PPC binaries for Mac OS X m(. Fortunately there is a new version of NX-Server available, with a native Intel Client for Mac OS X that can be used with Lion.

Finally I deinstalled the whole NX-Server apps in my BackTrack VM with apt-get autoremove, and installed everything with the latest NX Virtual Desktop Workstation for Linux version 4.0.132-7 (still a preview).

root@bt:~# dpkg -i nxserver_vdw_4.0.132-7_i386.deb

After installation the nxserver service is already running and no update-rc.d has to be executed as this was already done during installation.

The new client is also working on my Intel-Mac. Now it just runs as a charme, and I'm on bleeding edge :-)

To activate sshd in Backtrack when booting up, that is mandatory when using NX, just do the following:

root@bt:~# update-rc.d -f ssh defaults

Before you can start ssh you should generate the dsa and rsa key:

root@bt:~# ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
root@bt:~# ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key

To activate sshd immediately do the following:

root@bt:~# /etc/init.d/ssh start


If you want to configure a secure login to NX via a authentication key instead of username and password you have to do the following steps:

1. Generate a new user in BackTrack (the same username as you are using on your client machine to log in):
#adduser <Username>

2. Create the .ssh directory and authorized_keys2 file in the home directory of the new user in BackTrack:
#su <Username>
#mkdir ~/.ssh
#touch ~/.ssh/authorized_keys2

3. Generate a key-pair on your client machine:
#ssh-keygen -t rsa

4. Copy the content of ~/.ssh/ on your client machine to ~/.ssh/authorized_keys2 in the home directory in BackTrack
#cat ~/.ssh/ | ssh "cat - >> /home/<Username>/.ssh/authorized_keys2"

5. ssh to BackTrack. It should work now after entering your password for your key, or you just have been logged in if you have not provided a password for you key ;-)

If the authentication via your key is working you just have to place your private key in the NX Player on your client. This can be done when creating a new connection by clicking on the three dots after "Use the system login".

Then you just have to select the private key and the login should work. The private key should end with the file extension "key" otherwise you can't select it:

#mv ~/.ssh/id_rsa ~/.ssh/id_rsa.key

When you can't see ".ssh" directory you have to show hidden files.

If you don't mind about login as root via NX you just have to configure step 1 to 5 for the user root. Then you just have to change /usr/NX/etc/server.cfg in BackTrack and set "EnableAdministratorLogin" to 1 and restart nxserver with

#service nxserver restart

Then you are able to login as root via NX. Have fun :-)

Linux Server: NX Virtual Desktop Workstation for Linux (Version 4.0.132-7, 06-01-2012)
NX Player for Mac OS X

No comments:

Post a Comment