gouthampacha/SetupInstructions.txt

## SetupInstructions.txt
VirtualBox: this program will help you create and manage virtual machines.

Begin with three VMs:

* Metasploitable 2: This virtual machine will be your "target" box, running a vulnerable web application called Mutillidae II that can be exploited in various ways.
* Kali Linux: You will use this virtual machine to connect to and exploit the web app being served from the Metasploitable box. Kali comes preloaded with lots of useful penetration testing tools.
* Ubuntu 18.04 LTS (Bionic Beaver): This VM will also be a target box.

Task 1: Setup the environment:
* Download and install Virtualbox
* Download all the images we need:
    * Ubuntu Bionic Beaver: https://www.ubuntu.com/download/desktop
    * Kali Linux: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
    * Metasploitable2: https://sourceforge.net/projects/metasploitable/files/latest/download?source=files
* Create a Host-Only network on Virtualbox if one is not available
* Create metaspoitable VM to boot directly from image, RAM: 1024 MB should be good
    * Before you launch metasploitable, ensure host-only network is chosen
    * Launch and grab IP address
        * Username/Password: msfadmin
* Create Kali Linux VM
    * Double click on the Vbox ova file to import into VirtualBox
    * Set network to “Host only Network" (vboxnet0) before starting the VM
    * You might have to disable USB support because it was baked into the VM
    * Launch
        * Username/Password: root/toor
* Create Ubuntu Bionic VM
    * Same procedure as above
    * Except, you want a NAT network for a little bit so you can use the internet
    * Samhain setup needs it
    * Make sure you setup the Guest Additions stuff correctly

## Task2.txt
Task 2: Use Metasploit and Armitage on your Kali machine to find a successful exploit.
* Armitage is a GUI attack tool, equivalent attacks can be achieved with msfconsole
* Open Armitage on Kali Linux (Either from teh terminal, or the menu on the left on the desktop)
* “Connect” with default database parameters (Ignore all the “Connection Refused” errors)
* Provide IP of Metasploitable2 VM (192.168.56.101)
* Provide IP of Ubuntu Bionic (192.168.56.102)
* TIP: Clear Database from the GUI will reset everything: attacks/hosts etc.
* Inspect “Services” on the ports -> Right-Click each host and check what’s running on it
* Attacks->"Find Attacks” will tell you what attacks can be performed on each host, and you can then go ahead and perform each attack serially
    * “Check Exploit” against each category of exploits will tell you if an “exploit” can be used, some exploits don’t support a “Check Exploit”, you’ll have to fire the attack and find out if that vulnerability exists
* Attacks-> “Hail Mary” -> the old db_pwned replacement (Kali’s own “auto_pwned" implementation)
* Go through attacks, explain a little bit about each
* Show “Meterpreter” and actions

MSFConsole:
* Start “msfconsole” from Kali Linux’s terminal
* Command: “help” - list of features / options that you can use
* “hosts” - lists all hosts
* “hosts -d <HOST_IP>” - deletes specific hosts
* “set” and “setg” LHOST, RHOST, LPORT, RPORT
* “show exploits”
* https://www.tutorialspoint.com/metasploit/metasploit_quick_guide.htm

## Task3.txt
Task 3 - Samhain and Host IPS protection: Install Samhain on the Ubuntu VM, configure it to create alerts

* Host intrustion detection system - useful to set up honeypots
* File and Folder integrity - checksums, signatures etc.
* Samhain - Opensource HIDS with centralized management
* https://www.la-samhna.de/samhain/Samhain.pdf
* Uses ^^:
    * File integrity verification
    * Logfile monitoring
    * Login/logout monitoring
    * Hidden process detection
    * Open port detection
* Server authenticates clients, stores configuration+logs+alerts+baseline data+reports from clients
* Server uses an rdbms - sql, postgreSQL, oracle
* Clients perform integrity checks - report anamolies to server


On the Ubuntu Bionic
# Samhain installation is recommended to be done as root

sudo su -

# Set the hostname
hostnamectl set-hostname gouthamr-bionic.local

# Lets install vim


# Lets install apache
apt install -y apache2

# Lets install and configure mysql
apt install -y mysql-server
apt install -y mysql-client libmysqlclient-dev
mysql_secure_installation # Remember the root password (test1234)
# test the installation
mysql -u root -p


# Create a yule user with gpg key
sudo useradd -s /bin/bash -m yule
echo "yule ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/yule
passwd yule. # optional

su - yule
gpg --full-generate-key     # old cmd: gpg --gen-key
# Set a good password (test1234)

# If you get a permission denied error:
# ls -la $(tty)
# sudo chown yule /dev/pts/<NUMBER>
# and retry

exit

# As root user again:
wget https://www.la-samhna.de/samhain/samhain-current.tar.gz
gunzip samhain-current.tar.gz
tar -xf samhain-current.tar

# Verify Samhain
gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
gpg --fingerprint 0F571F6C
gpg --verify samhain-4.3.1.tar.gz.asc samhain-4.3.1.tar.gz

# Unzip and process second stage tar file
gunzip samhain-4.3.1.tar.gz
tar -xf samhain-4.3.1.tar
cd samhain-4.3.1

# Install Samhain
# Configure installation with ./configure [options]
# Some interesting options are:
#        ./configure --enable-install-name=<NAME> -> Renames Samhain!
#        ./configure --enable-nocl=<PASSWORD>.    -> Requires password to interact with CLI (Empty Password = Disable CLI)


# First, lets configure and make with no opts so we can get the ability to perform a TIGER192 checksum.
./configure
# Notice the output:
#  samhain has been configured as follows:
#       System binaries: /usr/local/sbin
#    Configuration file: /etc/samhainrc
#          Manual pages: /usr/local/man
#        Data directory: /var/lib/samhain
#         Database file: /var/lib/samhain/samhain_file
#              PID file: /run/samhain.pid
#              Log file: /var/log/samhain_log
#              Base key: 1614151854,1084170124
#      Selected rc file: samhainrc.linux
make


# Now the real deal:
# 0 = Root, 102 = syslog, 1001 = yule (# id yule —> to check)
./configure --with-gpg=/usr/bin/gpg --enable-network=server --with-database=mysql --enable-xml-log --with-port=50888 --enable-identity=yule —with-trusted=0,102,1001
# Output:
#  samhain has been configured as follows:
#      System binaries: /usr/local/sbin
#   Configuration file: /etc/yulerc
#         Manual pages: /usr/local/man
#       Data directory: /var/lib/yule
#        Database file: /var/lib/yule/yule_file
#             PID file: /run/yule.pid
#             Log file: /var/log/yule/yule_log
#             Base key: 542842942,1086046077
#
#     Selected rc file: yulerc
make
make install
# Enter gpg-key password
# Sign the configuration file, this will create a /etc/yulerc.asc file
gpg --homedir /home/yule/.gnupg --clearsign /etc/yulerc

# Rename the /etc/yulerc.asc as /etc/yulerc
# Copy the other file over if you want to be safe: cp /etc/yulerc /root/yulerc
mv /etc/yulerc.asc /etc/yulerc

# Create boot-init script
make install-boot


# MYSQL Configuration:

mysql -p < sql_init/samhain.mysql.init
# These commands will ask for your root MySQL password.
echo "grant select, insert on samhain.log to samhain@localhost IDENTIFIED BY 'samhain';" | mysql -p
echo "FLUSH PRIVILEGES;" | mysql -p

# Set the ownership of some files:
chown yule:yule /var/log/yule
chown yule:yule /etc/yulerc
chown yule:yule /var/lib/yule

# Set yule to start at boot
update-rc.d yule defaults

# Start yule
/etc/init.d/yule start
# if that errors out about missing key:
# cp -Rp /home/yule/.gnupg/pubring.kbx /home/yule/.gnupg/pubring.gpg


# Apache Configuration

vi /etc/apache2/apache2.conf

<Directory "/var/log/yule/">

   AllowOverride None
   Order allow,deny
   Allow from all
</Directory>
Alias /yule.html "/var/log/yule/yule.html"

<Directory /var/log/yule>
        Options ExecCGI
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>
alias /yule.html /var/log/yule/yule.html


# Client Side configuration instructions still necessary

## Task4.txt
Task 4 - Install pFSense on Ubuntu VM & block UDP traffic

* Download pFSense from https://www.pfsense.org/download/
* Steps: https://samuraihacks.com/install-pfsense-in-virtualbox/
* Keep a Ubuntu VM around to configure pFSense.
	VirtualBox: this program will help you create and manage virtual machines.

	Begin with three VMs:

	* Metasploitable 2: This virtual machine will be your "target" box, running a vulnerable web application called Mutillidae II that can be exploited in various ways.
	* Kali Linux: You will use this virtual machine to connect to and exploit the web app being served from the Metasploitable box. Kali comes preloaded with lots of useful penetration testing tools.
	* Ubuntu 18.04 LTS (Bionic Beaver): This VM will also be a target box.

	Task 1: Setup the environment:
	* Download and install Virtualbox
	* Download all the images we need:
	* Ubuntu Bionic Beaver: https://www.ubuntu.com/download/desktop
	* Kali Linux: https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
	* Metasploitable2: https://sourceforge.net/projects/metasploitable/files/latest/download?source=files
	* Create a Host-Only network on Virtualbox if one is not available
	* Create metaspoitable VM to boot directly from image, RAM: 1024 MB should be good
	* Before you launch metasploitable, ensure host-only network is chosen
	* Launch and grab IP address
	* Username/Password: msfadmin
	* Create Kali Linux VM
	* Double click on the Vbox ova file to import into VirtualBox
	* Set network to “Host only Network" (vboxnet0) before starting the VM
	* You might have to disable USB support because it was baked into the VM
	* Launch
	* Username/Password: root/toor
	* Create Ubuntu Bionic VM
	* Same procedure as above
	* Except, you want a NAT network for a little bit so you can use the internet
	* Samhain setup needs it
	* Make sure you setup the Guest Additions stuff correctly
	Task 2: Use Metasploit and Armitage on your Kali machine to find a successful exploit.
	* Armitage is a GUI attack tool, equivalent attacks can be achieved with msfconsole
	* Open Armitage on Kali Linux (Either from teh terminal, or the menu on the left on the desktop)
	* “Connect” with default database parameters (Ignore all the “Connection Refused” errors)
	* Provide IP of Metasploitable2 VM (192.168.56.101)
	* Provide IP of Ubuntu Bionic (192.168.56.102)
	* TIP: Clear Database from the GUI will reset everything: attacks/hosts etc.
	* Inspect “Services” on the ports -> Right-Click each host and check what’s running on it
	* Attacks->"Find Attacks” will tell you what attacks can be performed on each host, and you can then go ahead and perform each attack serially
	* “Check Exploit” against each category of exploits will tell you if an “exploit” can be used, some exploits don’t support a “Check Exploit”, you’ll have to fire the attack and find out if that vulnerability exists
	* Attacks-> “Hail Mary” -> the old db_pwned replacement (Kali’s own “auto_pwned" implementation)
	* Go through attacks, explain a little bit about each
	* Show “Meterpreter” and actions

	MSFConsole:
	* Start “msfconsole” from Kali Linux’s terminal
	* Command: “help” - list of features / options that you can use
	* “hosts” - lists all hosts
	* “hosts -d <HOST_IP>” - deletes specific hosts
	* “set” and “setg” LHOST, RHOST, LPORT, RPORT
	* “show exploits”
	* https://www.tutorialspoint.com/metasploit/metasploit_quick_guide.htm
	Task 3 - Samhain and Host IPS protection: Install Samhain on the Ubuntu VM, configure it to create alerts

	* Host intrustion detection system - useful to set up honeypots
	* File and Folder integrity - checksums, signatures etc.
	* Samhain - Opensource HIDS with centralized management
	* https://www.la-samhna.de/samhain/Samhain.pdf
	* Uses ^^:
	* File integrity verification
	* Logfile monitoring
	* Login/logout monitoring
	* Hidden process detection
	* Open port detection
	* Server authenticates clients, stores configuration+logs+alerts+baseline data+reports from clients
	* Server uses an rdbms - sql, postgreSQL, oracle
	* Clients perform integrity checks - report anamolies to server


	On the Ubuntu Bionic
	# Samhain installation is recommended to be done as root

	sudo su -

	# Set the hostname
	hostnamectl set-hostname gouthamr-bionic.local

	# Lets install vim


	# Lets install apache
	apt install -y apache2

	# Lets install and configure mysql
	apt install -y mysql-server
	apt install -y mysql-client libmysqlclient-dev
	mysql_secure_installation # Remember the root password (test1234)
	# test the installation
	mysql -u root -p


	# Create a yule user with gpg key
	sudo useradd -s /bin/bash -m yule
	echo "yule ALL=(ALL) NOPASSWD: ALL" \| sudo tee /etc/sudoers.d/yule
	passwd yule. # optional

	su - yule
	gpg --full-generate-key # old cmd: gpg --gen-key
	# Set a good password (test1234)

	# If you get a permission denied error:
	# ls -la $(tty)
	# sudo chown yule /dev/pts/<NUMBER>
	# and retry

	exit

	# As root user again:
	wget https://www.la-samhna.de/samhain/samhain-current.tar.gz
	gunzip samhain-current.tar.gz
	tar -xf samhain-current.tar

	# Verify Samhain
	gpg --keyserver pgp.mit.edu --recv-key 0F571F6C
	gpg --fingerprint 0F571F6C
	gpg --verify samhain-4.3.1.tar.gz.asc samhain-4.3.1.tar.gz

	# Unzip and process second stage tar file
	gunzip samhain-4.3.1.tar.gz
	tar -xf samhain-4.3.1.tar
	cd samhain-4.3.1

	# Install Samhain
	# Configure installation with ./configure [options]
	# Some interesting options are:
	# ./configure --enable-install-name=<NAME> -> Renames Samhain!
	# ./configure --enable-nocl=<PASSWORD>. -> Requires password to interact with CLI (Empty Password = Disable CLI)


	# First, lets configure and make with no opts so we can get the ability to perform a TIGER192 checksum.
	./configure
	# Notice the output:
	# samhain has been configured as follows:
	# System binaries: /usr/local/sbin
	# Configuration file: /etc/samhainrc
	# Manual pages: /usr/local/man
	# Data directory: /var/lib/samhain
	# Database file: /var/lib/samhain/samhain_file
	# PID file: /run/samhain.pid
	# Log file: /var/log/samhain_log
	# Base key: 1614151854,1084170124
	# Selected rc file: samhainrc.linux
	make


	# Now the real deal:
	# 0 = Root, 102 = syslog, 1001 = yule (# id yule —> to check)
	./configure --with-gpg=/usr/bin/gpg --enable-network=server --with-database=mysql --enable-xml-log --with-port=50888 --enable-identity=yule —with-trusted=0,102,1001
	# Output:
	# samhain has been configured as follows:
	# System binaries: /usr/local/sbin
	# Configuration file: /etc/yulerc
	# Manual pages: /usr/local/man
	# Data directory: /var/lib/yule
	# Database file: /var/lib/yule/yule_file
	# PID file: /run/yule.pid
	# Log file: /var/log/yule/yule_log
	# Base key: 542842942,1086046077
	#
	# Selected rc file: yulerc
	make
	make install
	# Enter gpg-key password
	# Sign the configuration file, this will create a /etc/yulerc.asc file
	gpg --homedir /home/yule/.gnupg --clearsign /etc/yulerc

	# Rename the /etc/yulerc.asc as /etc/yulerc
	# Copy the other file over if you want to be safe: cp /etc/yulerc /root/yulerc
	mv /etc/yulerc.asc /etc/yulerc

	# Create boot-init script
	make install-boot


	# MYSQL Configuration:

	mysql -p < sql_init/samhain.mysql.init
	# These commands will ask for your root MySQL password.
	echo "grant select, insert on samhain.log to samhain@localhost IDENTIFIED BY 'samhain';" \| mysql -p
	echo "FLUSH PRIVILEGES;" \| mysql -p

	# Set the ownership of some files:
	chown yule:yule /var/log/yule
	chown yule:yule /etc/yulerc
	chown yule:yule /var/lib/yule

	# Set yule to start at boot
	update-rc.d yule defaults

	# Start yule
	/etc/init.d/yule start
	# if that errors out about missing key:
	# cp -Rp /home/yule/.gnupg/pubring.kbx /home/yule/.gnupg/pubring.gpg


	# Apache Configuration

	vi /etc/apache2/apache2.conf

	<Directory "/var/log/yule/">

	AllowOverride None
	Order allow,deny
	Allow from all
	</Directory>
	Alias /yule.html "/var/log/yule/yule.html"

	<Directory /var/log/yule>
	Options ExecCGI
	Options Indexes FollowSymLinks
	AllowOverride None
	Require all granted
	</Directory>
	alias /yule.html /var/log/yule/yule.html




	# Client Side configuration instructions still necessary
	Task 4 - Install pFSense on Ubuntu VM & block UDP traffic

	* Download pFSense from https://www.pfsense.org/download/
	* Steps: https://samuraihacks.com/install-pfsense-in-virtualbox/
	* Keep a Ubuntu VM around to configure pFSense.