Before we start the course you have to ask yourself
Why Do I Need A Pen Test Lab?
Hacking and or scanning machines without consent is against the law in most countries
To become an effective penetration tester or ethical hacker you need to practice to enhance your skills
Freedom to install, run, and configure any tool you like
Now that we know the why let’s define the requirements:
Assumption: You are using a single computer for this activity.
Hardware Requirements
Hard Disk - 200GB of disk space or more depending on the number of guest operating systems you plan on installing. A good use of an external hard drive.
CPU - I recommend the latest technology but any of the I3/I5/I7 families are ok. The more processing power you have the better
Memory - 2 GB minimum, I recommend 8GB or 16GB. Memory is critical. The more memory you have the more virtual systems you will be able to have running at one time
Virtualization Software
You will also have to decide what virtualization software you plan to use (Virtual Box or VMPlayer). Select one and follow what we are doing in class with the other so you learn how to use both
Definitions
Kali Linux – Is the most advanced Penetration Testing environment available and is based on the Linux operating system. It has a large number of pen testing tools included. It includes tools for information gathering, vulnerability analysis, wireless attacks, web applications, exploitation tools, forensics tools, stress testing tools, sniffing and spoofing, password attacks, maintaining access, reverse engineering, reporting tools, and hardware hacking. For more information visit the website at https://www.kali.org/
UBUNTU – Is an open source desktop operating system which is based on the Debian Linux. It includes all the basic tools you need and could be used instead of Windows...
Metasploitable2 – Per Rapid7’s website, "The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMware, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network."
Bee-Box – Is an open source virtual machine with numerous web application vulnerabilities: • SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections • Blind SQL injection and Blind OS Command injection • Boolean-based and time-based Blind SQL injections • Drupal SQL injection (Drupageddon) • AJAX and Web Services issues (JSON/XML/SOAP) • Heartbleed vulnerability (OpenSSL) + detection script included • Shellshock vulnerability (CGI) • Cross-Site Scripting (XSS) and Cross-Site Tracing (XST) • phpMyAdmin BBCode Tag XSS • Cross-Site Request Forgery (CSRF) • Information disclosures: favicons, version info, custom headers,... • Unrestricted file uploads and backdoor files • Old, backup & unreferenced files • Authentication, authorization and session management issues • Password and CAPTCHA attacks • Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations • Arbitrary file access with Samba • Directory traversals and unrestricted file access • Local and remote file inclusions (LFI/RFI) • Server Side Request Forgery (SSRF) • XML External Entity attacks (XXE) • Man-in-the-Middle attacks (HTTP/SMTP) • HTTP parameter pollution and HTTP verb tampering • Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,... • POODLE vulnerability • BREACH/CRIME/BEAST SSL attacks • HTML5 ClickJacking and web storage issues • Insecure iFrame (HTML5 sandboxing) • Insecure direct object references (parameter tampering) • Insecure cryptographic storage • Cross-Origin Resource Sharing (CORS) issues • Cross-domain policy file attacks (Flash/Silverlight) • Local privilege escalations: udev, sendpage • Cookie and password reset poisoning • Host header attacks: password reset poisoning en cache pollutions • PHP CGI remote code execution • Dangerous PHP Eval function • Local and remote buffer overflows (BOF) • phpMyAdmin and SQLiteManager vulnerabilities • Nginx web server vulnerabilities • HTTP response splitting, unvalidated redirects and forwards • WSDL SOAP vulnerabilities • Form-based authentication and No-authentication modes • Active Directory LDAP integration • Fuzzing possibilities • and much more...
Now for some hands on:
Directory Structure
Open up a command prompt (get used to the command line we will be using it throughout the course. We will also make use of my documents or file explorer as well.
cd\ (to get to the root of the drive where you will store your virtual images and run your virtual machines)
mkdir Vms (This is where you will store your virtual Machines)
mkdir “Virtual Images” (Be sure to use the quotes or you will have a directory called virtual)
cd Virtual Images (Change directory to Virtual Images)
mkdir VirtualBox (Where you will store all your VirtualBox images)
mkdir VMPlayer (Where you will store all your VMPlayer images)
When you look at the structure from my computer it will look like this:
Now you will create the directory structure for your actual VMs.
CD Vms
Mkdir KaliLinux
Mkdir Ubuntu
Mkdir Metasploitable
Mkdir BeeBox
When you look at the structure from my computer or file explorer it will look like this:
At this point you need to download your images. This is going to take a while as some of these images are 2.5gbs in size.
Open your browser and connect to http://www.osboxes.org/. OS Boxes is a great place to get both VMware and VirtualBox images.
Select VM Images
Now you have to make a decision as to whether you are going to use VirtualBox or VMPlayer. We will start with VirtualBox. You can skip to VMPlayer if that is your selection.
VirtualBox
Select VirtualBox Images
Select Kali Linux
Download VirtualBox (VDI) image
Select the OS version you have: either 32bit or 64bit
Select download (It’s 2.5GBs so it will take a while). Time to go get a snack and read the latest eForensics magazine
Once the download is complete hit the back button on your browser and select Ubuntu
Select the VirtualBox (VDI) Image
Again select 32bit or 62bit image and download (835MB) …have your eForensics magazine handy…
Move the images from your downloads directory to your \Virtual Images\VirtualBox folder
Select the download that matches your system either 32 bit or 64 bit
Run the installer once the download is complete
Accept all the defaults.
Once the installation is complete run the application. You should have a screen similar to this (once you select Virtual Images\Virtualbox from the folder search):
VirtualBox File Extraction (Skip to VMPlayer if that is your choice)
BeeBox
Select the Virtual Images\VirtualBox folder and you will see 3 7z files and a zip file
Select bee-box_v1.6.7z
Hit the extract button and specify Vms\Beebox as your location
Hit OK and OK again and watch as the files are extracted
KaliLinux
Select the Virtual Images\VirtualBox\Kali_Linux_1.1.0-32 or 64bit.7z file
Hit the extract button and specify Vms\KaliLinux as your location
Hit OK and OK again and watch as the files are extracted
Metasploitable
Select the Virtual\Images\VirtualBox\metasploitable-linux-2.0.0.zip file
Hit the extract button and specify Vms\Metasploitable as your location
Hit OK and OK again and watch as the files are extracted
Ubuntu
Select the Virtual\Images\VirtualBox\Ubuntu_15.04-64 or32bit.7z file
Hit the extract button and specify Vms\Ubuntu as your location
Hit OK and OK again and watch as the files are extracted
That completes the extraction of all your VirtualBox images.
VMPlayer File Extraction
BeeBox
Select the Virtual Images\VMPlayer folder and you will see 3 7z files and a zip file
Select bee-box_v1.6.7z
Hit the extract button and specify Vms\Beebox as your location
Hit OK and OK again and watch as the files are extracted
KaliLinux
Select the Virtual Images\VMPlayer\Kali_Linux_1.1.0-32 or 64bit.7z file
Hit the extract button and specify Vms\KaliLinux as your location
Hit OK and OK again and watch as the files are extracted
Metasploitable
Select the Virtual\Images\VMPlayer \metasploitable-linux-2.0.0.zip file
Hit the extract button and specify Vms\Metasploitable as your location
Hit OK and OK again and watch as the files are extracted
Ubuntu
Select the Virtual\Images\VMPlayer \Ubuntu_15.04-64 or 32bit.7z file
Hit the extract button and specify Vms\Ubuntu as your location
Hit OK and OK again and watch as the files are extracted
This completes the extraction of all your VMPlayer images.
This completes the Pre-Course Material. Can’t wait to see you in Module 1 where the real fun begins...
Before we start the course you have to ask yourself
Why Do I Need A Pen Test Lab?
Now that we know the why let’s define the requirements:
Assumption: You are using a single computer for this activity.
Hardware Requirements
Virtualization Software
Definitions
Kali Linux – Is the most advanced Penetration Testing environment available and is based on the Linux operating system. It has a large number of pen testing tools included. It includes tools for information gathering, vulnerability analysis, wireless attacks, web applications, exploitation tools, forensics tools, stress testing tools, sniffing and spoofing, password attacks, maintaining access, reverse engineering, reporting tools, and hardware hacking. For more information visit the website at https://www.kali.org/
UBUNTU – Is an open source desktop operating system which is based on the Debian Linux. It includes all the basic tools you need and could be used instead of Windows...
Metasploitable2 – Per Rapid7’s website, "The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Version 2 of this virtual machine is available for download and ships with even more vulnerabilities than the original image. This virtual machine is compatible with VMware, VirtualBox, and other common virtualization platforms. By default, Metasploitable's network interfaces are bound to the NAT and Host-only network adapters, and the image should never be exposed to a hostile network."
Bee-Box – Is an open source virtual machine with numerous web application vulnerabilities:
• SQL, HTML, iFrame, SSI, OS Command, PHP, XML, XPath, LDAP and SMTP injections
• Blind SQL injection and Blind OS Command injection
• Boolean-based and time-based Blind SQL injections
• Drupal SQL injection (Drupageddon)
• AJAX and Web Services issues (JSON/XML/SOAP)
• Heartbleed vulnerability (OpenSSL) + detection script included
• Shellshock vulnerability (CGI)
• Cross-Site Scripting (XSS) and Cross-Site Tracing (XST)
• phpMyAdmin BBCode Tag XSS
• Cross-Site Request Forgery (CSRF)
• Information disclosures: favicons, version info, custom headers,...
• Unrestricted file uploads and backdoor files
• Old, backup & unreferenced files
• Authentication, authorization and session management issues
• Password and CAPTCHA attacks
• Insecure DistCC, FTP, NTP, Samba, SNMP, VNC, WebDAV configurations
• Arbitrary file access with Samba
• Directory traversals and unrestricted file access
• Local and remote file inclusions (LFI/RFI)
• Server Side Request Forgery (SSRF)
• XML External Entity attacks (XXE)
• Man-in-the-Middle attacks (HTTP/SMTP)
• HTTP parameter pollution and HTTP verb tampering
• Denial-of-Service (DoS) attacks: Slow Post, SSL-Exhaustion, XML Bomb,...
• POODLE vulnerability
• BREACH/CRIME/BEAST SSL attacks
• HTML5 ClickJacking and web storage issues
• Insecure iFrame (HTML5 sandboxing)
• Insecure direct object references (parameter tampering)
• Insecure cryptographic storage
• Cross-Origin Resource Sharing (CORS) issues
• Cross-domain policy file attacks (Flash/Silverlight)
• Local privilege escalations: udev, sendpage
• Cookie and password reset poisoning
• Host header attacks: password reset poisoning en cache pollutions
• PHP CGI remote code execution
• Dangerous PHP Eval function
• Local and remote buffer overflows (BOF)
• phpMyAdmin and SQLiteManager vulnerabilities
• Nginx web server vulnerabilities
• HTTP response splitting, unvalidated redirects and forwards
• WSDL SOAP vulnerabilities
• Form-based authentication and No-authentication modes
• Active Directory LDAP integration
• Fuzzing possibilities
• and much more...
Now for some hands on:
Directory Structure
When you look at the structure from my computer it will look like this:
Now you will create the directory structure for your actual VMs.
When you look at the structure from my computer or file explorer it will look like this:
Now you have to make a decision as to whether you are going to use VirtualBox or VMPlayer. We will start with VirtualBox. You can skip to VMPlayer if that is your selection.
VirtualBox
VMPlayer
Nessus Licensing and Activation Codes
• Before you can install Nessus you will need valid activation codes
• Connect to: https://www.tenable.com/products/nessus/nessus-plugins/obtain-an-activation-code
• Select Nessus Home Free Register Now:
Do not use the codes in this picture as the codes can only be used once.
File Extraction
If you don't have WinZip you can use its open source counterpart 7-zip. 7-zip will extract and compress 7z and zip files amongst many others.
VirtualBox File Extraction (Skip to VMPlayer if that is your choice)
BeeBox
KaliLinux
Metasploitable
Ubuntu
That completes the extraction of all your VirtualBox images.
VMPlayer File Extraction
BeeBox
KaliLinux
Metasploitable
Ubuntu
This completes the extraction of all your VMPlayer images.
This completes the Pre-Course Material. Can’t wait to see you in Module 1 where the real fun begins...
Attachments31