Last active
August 14, 2020 08:01
-
-
Save gouthampacha/2bd8625e17caf7986518a72c807b8e7c to your computer and use it in GitHub Desktop.
CISC 661 ProjectTasks
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
VirtualBox: this program will help you create and manage virtual machines. | |
Begin with three VMs: | |
* Metasploitable 2: This virtual machine will be your "target" box, running a vulnerable web application called Mutillidae II that can be exploited in various ways. | |
* Kali Linux: You will use this virtual machine to connect to and exploit the web app being served from the Metasploitable box. Kali comes preloaded with lots of useful penetration testing tools. | |
* Ubuntu 18.04 LTS (Bionic Beaver): This VM will also be a target box. | |
Task 1: Setup the environment: | |
* Download and install Virtualbox | |
* Download all the images we need: | |
* Ubuntu Bionic Beaver: https://www.ubuntu.com/download/desktop | |
* Kali Linux: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ | |
* Metasploitable2: https://sourceforge.net/projects/metasploitable/files/latest/download?source=files | |
* Create a Host-Only network on Virtualbox if one is not available | |
* Create metaspoitable VM to boot directly from image, RAM: 1024 MB should be good | |
* Before you launch metasploitable, ensure host-only network is chosen | |
* Launch and grab IP address | |
* Username/Password: msfadmin | |
* Create Kali Linux VM | |
* Double click on the Vbox ova file to import into VirtualBox | |
* Set network to “Host only Network" (vboxnet0) before starting the VM | |
* You might have to disable USB support because it was baked into the VM | |
* Launch | |
* Username/Password: root/toor | |
* Create Ubuntu Bionic VM | |
* Same procedure as above | |
* Except, you want a NAT network for a little bit so you can use the internet | |
* Samhain setup needs it | |
* Make sure you setup the Guest Additions stuff correctly |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Task 2: Use Metasploit and Armitage on your Kali machine to find a successful exploit. | |
* Armitage is a GUI attack tool, equivalent attacks can be achieved with msfconsole | |
* Open Armitage on Kali Linux (Either from teh terminal, or the menu on the left on the desktop) | |
* “Connect” with default database parameters (Ignore all the “Connection Refused” errors) | |
* Provide IP of Metasploitable2 VM (192.168.56.101) | |
* Provide IP of Ubuntu Bionic (192.168.56.102) | |
* TIP: Clear Database from the GUI will reset everything: attacks/hosts etc. | |
* Inspect “Services” on the ports -> Right-Click each host and check what’s running on it | |
* Attacks->"Find Attacks” will tell you what attacks can be performed on each host, and you can then go ahead and perform each attack serially | |
* “Check Exploit” against each category of exploits will tell you if an “exploit” can be used, some exploits don’t support a “Check Exploit”, you’ll have to fire the attack and find out if that vulnerability exists | |
* Attacks-> “Hail Mary” -> the old db_pwned replacement (Kali’s own “auto_pwned" implementation) | |
* Go through attacks, explain a little bit about each | |
* Show “Meterpreter” and actions | |
MSFConsole: | |
* Start “msfconsole” from Kali Linux’s terminal | |
* Command: “help” - list of features / options that you can use | |
* “hosts” - lists all hosts | |
* “hosts -d <HOST_IP>” - deletes specific hosts | |
* “set” and “setg” LHOST, RHOST, LPORT, RPORT | |
* “show exploits” | |
* https://www.tutorialspoint.com/metasploit/metasploit_quick_guide.htm |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Task 3 - Samhain and Host IPS protection: Install Samhain on the Ubuntu VM, configure it to create alerts | |
* Host intrustion detection system - useful to set up honeypots | |
* File and Folder integrity - checksums, signatures etc. | |
* Samhain - Opensource HIDS with centralized management | |
* https://www.la-samhna.de/samhain/Samhain.pdf | |
* Uses ^^: | |
* File integrity verification | |
* Logfile monitoring | |
* Login/logout monitoring | |
* Hidden process detection | |
* Open port detection | |
* Server authenticates clients, stores configuration+logs+alerts+baseline data+reports from clients | |
* Server uses an rdbms - sql, postgreSQL, oracle | |
* Clients perform integrity checks - report anamolies to server | |
On the Ubuntu Bionic | |
# Samhain installation is recommended to be done as root | |
sudo su - | |
# Set the hostname | |
hostnamectl set-hostname gouthamr-bionic.local | |
# Lets install vim | |
# Lets install apache | |
apt install -y apache2 | |
# Lets install and configure mysql | |
apt install -y mysql-server | |
apt install -y mysql-client libmysqlclient-dev | |
mysql_secure_installation # Remember the root password (test1234) | |
# test the installation | |
mysql -u root -p | |
# Create a yule user with gpg key | |
sudo useradd -s /bin/bash -m yule | |
echo "yule ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/yule | |
passwd yule. # optional | |
su - yule | |
gpg --full-generate-key # old cmd: gpg --gen-key | |
# Set a good password (test1234) | |
# If you get a permission denied error: | |
# ls -la $(tty) | |
# sudo chown yule /dev/pts/<NUMBER> | |
# and retry | |
exit | |
# As root user again: | |
wget https://www.la-samhna.de/samhain/samhain-current.tar.gz | |
gunzip samhain-current.tar.gz | |
tar -xf samhain-current.tar | |
# Verify Samhain | |
gpg --keyserver pgp.mit.edu --recv-key 0F571F6C | |
gpg --fingerprint 0F571F6C | |
gpg --verify samhain-4.3.1.tar.gz.asc samhain-4.3.1.tar.gz | |
# Unzip and process second stage tar file | |
gunzip samhain-4.3.1.tar.gz | |
tar -xf samhain-4.3.1.tar | |
cd samhain-4.3.1 | |
# Install Samhain | |
# Configure installation with ./configure [options] | |
# Some interesting options are: | |
# ./configure --enable-install-name=<NAME> -> Renames Samhain! | |
# ./configure --enable-nocl=<PASSWORD>. -> Requires password to interact with CLI (Empty Password = Disable CLI) | |
# First, lets configure and make with no opts so we can get the ability to perform a TIGER192 checksum. | |
./configure | |
# Notice the output: | |
# samhain has been configured as follows: | |
# System binaries: /usr/local/sbin | |
# Configuration file: /etc/samhainrc | |
# Manual pages: /usr/local/man | |
# Data directory: /var/lib/samhain | |
# Database file: /var/lib/samhain/samhain_file | |
# PID file: /run/samhain.pid | |
# Log file: /var/log/samhain_log | |
# Base key: 1614151854,1084170124 | |
# Selected rc file: samhainrc.linux | |
make | |
# Now the real deal: | |
# 0 = Root, 102 = syslog, 1001 = yule (# id yule —> to check) | |
./configure --with-gpg=/usr/bin/gpg --enable-network=server --with-database=mysql --enable-xml-log --with-port=50888 --enable-identity=yule —with-trusted=0,102,1001 | |
# Output: | |
# samhain has been configured as follows: | |
# System binaries: /usr/local/sbin | |
# Configuration file: /etc/yulerc | |
# Manual pages: /usr/local/man | |
# Data directory: /var/lib/yule | |
# Database file: /var/lib/yule/yule_file | |
# PID file: /run/yule.pid | |
# Log file: /var/log/yule/yule_log | |
# Base key: 542842942,1086046077 | |
# | |
# Selected rc file: yulerc | |
make | |
make install | |
# Enter gpg-key password | |
# Sign the configuration file, this will create a /etc/yulerc.asc file | |
gpg --homedir /home/yule/.gnupg --clearsign /etc/yulerc | |
# Rename the /etc/yulerc.asc as /etc/yulerc | |
# Copy the other file over if you want to be safe: cp /etc/yulerc /root/yulerc | |
mv /etc/yulerc.asc /etc/yulerc | |
# Create boot-init script | |
make install-boot | |
# MYSQL Configuration: | |
mysql -p < sql_init/samhain.mysql.init | |
# These commands will ask for your root MySQL password. | |
echo "grant select, insert on samhain.log to samhain@localhost IDENTIFIED BY 'samhain';" | mysql -p | |
echo "FLUSH PRIVILEGES;" | mysql -p | |
# Set the ownership of some files: | |
chown yule:yule /var/log/yule | |
chown yule:yule /etc/yulerc | |
chown yule:yule /var/lib/yule | |
# Set yule to start at boot | |
update-rc.d yule defaults | |
# Start yule | |
/etc/init.d/yule start | |
# if that errors out about missing key: | |
# cp -Rp /home/yule/.gnupg/pubring.kbx /home/yule/.gnupg/pubring.gpg | |
# Apache Configuration | |
vi /etc/apache2/apache2.conf | |
<Directory "/var/log/yule/"> | |
AllowOverride None | |
Order allow,deny | |
Allow from all | |
</Directory> | |
Alias /yule.html "/var/log/yule/yule.html" | |
<Directory /var/log/yule> | |
Options ExecCGI | |
Options Indexes FollowSymLinks | |
AllowOverride None | |
Require all granted | |
</Directory> | |
alias /yule.html /var/log/yule/yule.html | |
# Client Side configuration instructions still necessary |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Task 4 - Install pFSense on Ubuntu VM & block UDP traffic | |
* Download pFSense from https://www.pfsense.org/download/ | |
* Steps: https://samuraihacks.com/install-pfsense-in-virtualbox/ | |
* Keep a Ubuntu VM around to configure pFSense. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment