The virtual lab setup

As usual, we will need to set up our virtual lab to emulate this environment, as the penetration test we are performing is purely fictional. However, do not consider this effort to be in vain; many penetration testers will attempt to emulate the network of their client, in order to ensure the exploits they intend on using actually work and are stable (not to mention that this reduces the likelihood of diligent administrators and security professionals detecting your movements). Depending on the type of penetration test, this could prove critical.

AspenMLC Research Labs' virtual network

Refer to the following diagram; we will set up the following environment in VMware:

AspenMLC Research Labs' virtual network

Tip

If HDD space is at a premium, then try using pfsense-1 as a linked base. This can be accomplished by cloning pfsense-1 and choosing to link the devices. Check the box to reinitialize interface MAC addresses.

The following table shows the specifications for the various systems as seen in the previous diagram:

System

Specification/s

Debian 5.0

  • OS: Debian.
  • Users: John Dow (jdow), Password: 039Alts2010.
  • Virtual disk size: 6 GB.
  • RAM: 128 MB minimum. (512 MB recommended).
  • Packages to install:

    OpenSSH, lamp-server^.

  • One network adapters (VMnet9).
  • Download the distribution from https://www.debian.org/distrib/archive. The intent here is to use older distributions, so they can provide us with a number of findings; however, with the firewalls between us and the targets, the process will still be a challenge.

OWASP BWA

  • OS: Ubuntu
  • Users: John Dow (jdow), Password: 1A2b3C4d!
  • RAM: 128 MB minimum (256 MB recommended)
  • Network adapter (VMnet3):

    eth0 = DHCP (VMnet3)

  • The default applications that are installed will provide quite a number of challenges for your testing

Ubuntu-8.1

  • OS: Ubuntu 8.10
  • Users: John Dow (jdow), Password: 1A2b3C4d!
  • RAM: 128 MB minimum (256 MB recommended)
  • Network adapter (VMnet1):

    eth0 = 192.168.50.200

  • Install or enable the following services:

    OpenSSH, lamp-server^

  • Download the distribution here http://old-releases.ubuntu.com/releases/intrepid/

Metasploitable2

  • OS: Ubuntu 8.04.
  • Users: John Dow (jdow), Password: 1A2b3C4d!
  • RAM: 128 MB minimum (256 MB recommended).
  • Network adapter (VMnet1):

    eth0 = 192.168.50.200

  • Download the distribution from https://sourceforge.net/projects/metasploitable/files/Metasploitable2/.
  • The Metasploitable2 is another distribution that is excellent for us to practice with. In our AspenMLC site, we have the machine protected by a firewall with both Snort and a WAF installed. It will be a challenge for us to take advantage of the many vulnerabilities the machine has. This is how you learn!

CentOS

  • OS: CentOS 5
  • Users: John Dow (jdow), Password: 1A2b3C4d!
  • RAM: 128 MB minimum (256 MB recommended)
  • Network adapter (VMnet5):

    eth0 = DHCP

  • Download the distribution from https://wiki.centos.org/Download.
  • Install or enable the following services:

    OpenSSH, lamp-server^

Kioptrix Level 1

One network adapter on various subnets

This system will serve as a machine that we can connect at different points throughout the site architecture, and your goal will be to gain root on the Kioptrix machine from across the different network segments. In short, while we are testing the site, we have the option of connecting the Kioptrix machine into any of the subnets, thus providing us with a machine to pivot from into the other layers of the network.

Additional system modifications

Throughout the book, we have thoroughly covered the installation and configuration of operating systems such as pfSense and Kioptrix; thus, for the sake of brevity, we will focus only on those steps that make the systems in this exercise unique and different from the default installs. Luckily, we only have to worry about configuring the Ubuntu 8.10 server.

Ubuntu 8.10 server modifications

The system named Ubuntu-8.1 will need to have lamp-server^ installed and running. As previously noted, we also need to install and configure the latest edition of WordPress. The WordPress team has done an excellent job of providing the community with step-by-step detailed installation and configuration instructions that can be accessed on the Internet at http://codex.wordpress.org/Installing_WordPress. The usernames, databases, and passwords used are unimportant at this point, but should be easy to remember and yet strong. Remember that the administrator in this exercise intendeds on building out a secure environment. When you are testing this environment, you will need to forget that you know what the passwords and usernames are.

In addition to fully patching and updating this system, we also need to set up the SSH server to accept our jdow user from an external connection, which we emulate at 192.168.25.0/24 once WordPress, OpenSSH, and the static IPs have been configured.

Once WordPress is up and running, we need to replace the sample page with the following text:

AspenMLC Development and Research center
Thank you for visiting the AspenMLC Development and Research center where we focus on examining all sorts of rocks and minerals and hope to make your life easier and safer! Contact: John Dow at [email protected]

This will give us some information to work with on the site. We can now move on to the more interesting aspects of this chapter!

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset