craig-m-unsw/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Linux pentest lab

Install Vagrant and VirtualBox (MacOS, Windows, Linux).
Start the virtual machines:
vagrant validate Vagrantfile
vagrant up
use

Hopefully the two machines can see each other and we are good to go.
vagrant ssh attack
tmux
msfconsole
nmap -v -sT -sU -p- -oX /tmp/host.xml 192.168.56.22 
db_import /tmp/host.xml
hosts
services
When session is done detach from tmux with <Ctrl> + b  d  and then:
exit
vagrant suspend
When finished vagrant destroy to clean up.
Docs

stack

Vagrant: https://www.vagrantup.com/docs/multi-machine
VirtualBox: https://www.virtualbox.org/wiki/Documentation
Kali Linux: https://www.kali.org/docs/
MSF: https://docs.metasploit.com/
Metasploitable: https://github.com/rapid7/metasploitable3

techniques

https://github.com/ihebski/A-Red-Teamer-diaries
https://github.com/NoorQureshi/kali-linux-cheatsheet


## Vagrantfile
# VirtualBox linux pentest lab with Kali and Metasploitable3

$script_prov_kali = <<-SCRIPT
if [ ! -f /home/vagrant/.hushlogin ];
  touch -f /home/vagrant/.hushlogin
fi
SCRIPT

$script_prov_kali_root = <<-SCRIPT
if [ ! -f /root/.hushlogin ];
then
  logger 'running provision setup'
  systemctl enable postgresql.service
  systemctl start postgresql.service
  msfdb init
  msfdb status
  touch -f /root/.hushlogin
fi
SCRIPT

$script_prov_box0 = <<-SCRIPT
touch /home/vagrant/ctf.txt
echo "token" > /home/vagrant/ctf.txt
SCRIPT

$script_prov_box0_root = <<-SCRIPT
touch /root/ctf.txt
echo "r00t" > /root/ctf.txt
chmod 700 /root/ctf.txt
SCRIPT

Vagrant.configure("2") do |config|

  config.ssh.keep_alive = true
  config.ssh.compression = false
  config.ssh.forward_agent = false
  config.ssh.insert_key = true
  config.vm.box_check_update = false
  config.vm.synced_folder '.', '/vagrant', disabled: true

  #
  # Kali Linux VM
  # https://app.vagrantup.com/kalilinux/boxes/rolling
  # https://www.kali.org/get-kali/#kali-virtual-machines
  #
  config.vm.define "attack" do |attack|
    attack.vm.box = "kalilinux/rolling"
    attack.vm.box_version = "2023.4.0"
    attack.vm.hostname = "attack"
    attack.vm.network "private_network", ip: "192.168.56.20"
    attack.vm.provider :VirtualBox do |vb|
      #vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
      #vb.memory = 4096
    end
    attack.trigger.after :provision do |trigger|
      trigger.run_remote = {inline: $script_prov_kali, :privileged => false}
      trigger.run_remote = {inline: $script_prov_kali_root, :privileged => true}
    end
    attack.vm.post_up_message = "----- Kali linux up -----"
  end

  #
  # Metasploitable 3 VM
  # https://app.vagrantup.com/rapid7/boxes/metasploitable3-ub1404
  #
  config.vm.define "box0" do |box0|
    box0.vm.box = "rapid7/metasploitable3-ub1404"
    box0.vm.box_version = "0.1.12-weekly"
    box0.vm.hostname = "box0"
    box0.ssh.insert_key = true
    box0.ssh.username = "vagrant"
    box0.ssh.password = "vagrant"
    box0.vm.network "private_network", ip: "192.168.56.22"
    box0.vm.provider :VirtualBox do |vb|
      vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
      #vb.memory = 4096
    end
    box0.trigger.after :provision do |trigger|
      trigger.run_remote = {inline: $script_prov_box0, :privileged => false}
      trigger.run_remote = {inline: $script_prov_box0_root, :privileged => true}
    end
    box0.vm.post_up_message = "----- Metasploitable3 up -----"
  end

end

# -*- mode: ruby -*-
# vi: ft=ruby :
	# VirtualBox linux pentest lab with Kali and Metasploitable3

	$script_prov_kali = <<-SCRIPT
	if [ ! -f /home/vagrant/.hushlogin ];
	touch -f /home/vagrant/.hushlogin
	fi
	SCRIPT

	$script_prov_kali_root = <<-SCRIPT
	if [ ! -f /root/.hushlogin ];
	then
	logger 'running provision setup'
	systemctl enable postgresql.service
	systemctl start postgresql.service
	msfdb init
	msfdb status
	touch -f /root/.hushlogin
	fi
	SCRIPT

	$script_prov_box0 = <<-SCRIPT
	touch /home/vagrant/ctf.txt
	echo "token" > /home/vagrant/ctf.txt
	SCRIPT

	$script_prov_box0_root = <<-SCRIPT
	touch /root/ctf.txt
	echo "r00t" > /root/ctf.txt
	chmod 700 /root/ctf.txt
	SCRIPT

	Vagrant.configure("2") do \|config\|

	config.ssh.keep_alive = true
	config.ssh.compression = false
	config.ssh.forward_agent = false
	config.ssh.insert_key = true
	config.vm.box_check_update = false
	config.vm.synced_folder '.', '/vagrant', disabled: true

	#
	# Kali Linux VM
	# https://app.vagrantup.com/kalilinux/boxes/rolling
	# https://www.kali.org/get-kali/#kali-virtual-machines
	#
	config.vm.define "attack" do \|attack\|
	attack.vm.box = "kalilinux/rolling"
	attack.vm.box_version = "2023.4.0"
	attack.vm.hostname = "attack"
	attack.vm.network "private_network", ip: "192.168.56.20"
	attack.vm.provider :VirtualBox do \|vb\|
	#vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
	#vb.memory = 4096
	end
	attack.trigger.after :provision do \|trigger\|
	trigger.run_remote = {inline: $script_prov_kali, :privileged => false}
	trigger.run_remote = {inline: $script_prov_kali_root, :privileged => true}
	end
	attack.vm.post_up_message = "----- Kali linux up -----"
	end

	#
	# Metasploitable 3 VM
	# https://app.vagrantup.com/rapid7/boxes/metasploitable3-ub1404
	#
	config.vm.define "box0" do \|box0\|
	box0.vm.box = "rapid7/metasploitable3-ub1404"
	box0.vm.box_version = "0.1.12-weekly"
	box0.vm.hostname = "box0"
	box0.ssh.insert_key = true
	box0.ssh.username = "vagrant"
	box0.ssh.password = "vagrant"
	box0.vm.network "private_network", ip: "192.168.56.22"
	box0.vm.provider :VirtualBox do \|vb\|
	vb.customize ["modifyvm", :id, "--nicpromisc2", "allow-all"]
	#vb.memory = 4096
	end
	box0.trigger.after :provision do \|trigger\|
	trigger.run_remote = {inline: $script_prov_box0, :privileged => false}
	trigger.run_remote = {inline: $script_prov_box0_root, :privileged => true}
	end
	box0.vm.post_up_message = "----- Metasploitable3 up -----"
	end

	end

	# -- mode: ruby --
	# vi: ft=ruby :