Throughout the book, we discussed various techniques and methodologies that, with practice, continual research, and diligence, will allow you to perform a penetration test from start to finish. This chapter allows you to put some of that information to work and bring it into perspective.
We will discuss the following items in this chapter:
- Setting up the practice environment
- Using penetration testing techniques to move from one system to another
- An example of a penetration test in a fictional company
As we prepare for the challenge, we need to build the core firewalls; there will be three firewalls that we will use in this chapter. They are as follows:
- M0n0wall
- Pfsense-1
- Pfsense-2
The concept will be to create the network architecture and then connect machines to it. Follow the processes and steps we discussed throughout the book and perform a professional penetration test. The main point is, this architecture can support the majority of network types you might encounter and will be an excellent resource for building your skills. An example of the firewall architecture is shown in the following diagram:
As the diagram shows, we will configure three firewalls within our challenge environment and connect with six switches. This is an architecture that is representative of many of the networks that the author has encountered. There is a tendency to have two firewalls inline as we do here. One change that has been made is that the Debian 5 machine is placed outside pfsense-1. On most network designs this is not the case; it is normally placed inside the pfSense firewall. We made this change because it is one that is recommended with respect to defense, because it separates the public required data from that of the internal user network; furthermore, it allows the network administrator to configure only a minimal number of services on the firewall that has the internal network behind it. This design greatly reduces the attack surface.
We will begin with setting up the
m0n0wall firewall. If you used pfSense in previous chapters, you will note that the setup is very similar. Our m0n0Wall instance will have three adapters in this case: WAN, LAN, and OPT1. Begin by downloading m0n0wall at http://m0n0.ch/wall/downloads.php. We will be using the cdrom-1.8.1.iso release, although any future releases should be very similar in setup. m0n0wall is a well-established, small firewall that will work perfectly for our needs due to the limited resources required.
In VMware, use the following settings to set up a new virtual machine:
- Name:
m0n0wall - OS Type:
FreeBSD - Memory:
128 MB - Disk size:
20 GB
This machine will need three network adapters configured using the network manager:
- Network Adapter 1 should be configured to use
VMnet2, which will be our WAN connection - Network Adapter 2 needs to be configured for the internal network named
VMnet1, - Network Adapter 3 should be set up for the internal network named
VMnet9and will be tied to our internal network (the OPT device)
The m0n0wall will need to be installed on the new Virtual Machine.
Once you have reviewed the network configuration, we need to work through the process of creating the machine configuration. Let's get started with that now!
- Start
m0n0wallby clicking on Power on this virtual machine; once the system boots, choose the 7) Install on Hard Drive option. - When asked which hard drive to install on, choose your hard drive (in this case, it is
ad0). - Reboot when prompted and ensure that the system is booting from the hard disk install rather than the ISO.
Now that m0n0wall has been installed, we must configure the interfaces:
- Choose 1) Interfaces: assign network ports and press Enter.
- When prompted with a listing of available interfaces, continue by setting up your VLANs. Press Y to continue.
- Enter the parent interface name for the first adapter. This will be listed next to the MAC addresses on your display:
- Continue through the creation process for each adapter. In this case, our
em0adapter is assigned to VLAN 1,em1to VLAN2, andem2to VLAN 3. These VLANs can be any unused number between 1 and 4094. - When determining the LAN interface name, choose the adapter that is assigned to
VMnet1. The WAN adapter should be assigned to theVMnet2adapter, and theVMnet9adapter should be assigned as the OPT device:
- Reboot the firewall to save your changes.
The firewall has been installed on our hard drive and the adapters have been assigned to VLANs. Now, we need to set up the LAN IP address and connect to the web interface for further configuration. As an optional step, the default password can be changed. For the sake of simplicity, we will continue using the default password for the rest of this exercise.
- Select option 2) Set up LAN IP address and press Enter to continue.
- When prompted, type the IP address you would like your LAN to use. We will choose
192.168.50.10with a mask of24. - Do not start the DHCP server when prompted.
We can now boot up a Kali instance on the VMnet1 internal network and connect to the web interface of the firewall by first obtaining a new DHCP address on the appropriate range and then directing our web browser to http://192.168.50.10. Login with a username of admin and a password of mono:
We need to set up our other interfaces to perform the tasks we have in mind, which is to provide the 192.168.175.0/24 subnet with a firewalled route to our vulnerable host, which will be located at 192.168.175.100 (connect a Debian machine to VMnet9). Select the OPT1 interface from the navigation menu on the left of the screen and enable it by checking the appropriate box. Leave the Bridge with option as none, and type the IP address for this interface: 192.168.175.10. Ensure that the drop-down lists 24. Click on the Save button after applicable changes have been made.
We can enable the DHCP server on the OPT1 interface. Choose DHCP server from the left navigation menu and the OPT1 tab under Services: DHCP server. Check the box that enables the DHCP service on this port and enter the Range as 192.168.175.100 to 192.168.175.150. After your changes have been selected, click on the Save button to continue.
There are currently no default rules set up for the OPT1 interface. Let's set up some basic rules to allow our system in 192.168.50.0/24 to ping those in 192.168.175.0/24.
Click on the Firewall Rules option in the left-hand navigation bar and select the OPT1 tab. Selecting the icon that looks like a plus symbol within a circle will bring you to the screen that allows new rules to be configured. Click on this icon to continue.
In this initial rule, we want to allow ICMP packets to the OPT1 interface from everywhere. The following settings need to be selected:
- Action:
Pass - Interface:
OPT1 - Protocol:
ICMP - ICMP Type:
Any - All others: use the default settings
Save your settings, and click on the APPLY button to load the changes.
We can now traceroute from our Kali Machine to our Target Machine (in this case, a Debian machine).
Using m0n0wall allows us to use a lot of powerful options with very limited space. This can become very important when you want to place several firewalls in your virtual lab environment.
The next machine we will create is the pfsense-1 firewall. Create a virtual machine that matches the following:
- System name:
pfsense-1 - OS:
pfSense (FreeBSD) - Name:
pfsense-1 - OS Type:
FreeBSD - Memory:
256 MB - Disk size:
20 GB
This machine will need three network adapters configured using the network manager:
- Network Adapter 1 should be configured to use
VMnet2, which will be our WAN connection. - Network Adapter 2 needs to be configured for the internal network named
VMnet3, - Network Adapter 3 should be set up for the internal network named
VMnet4and will be tied to our internal network (the OPT device); pfsense will need to be installed on the new virtual machine. - OPT2:
VMnet8(this is an optional step to connect a network adapter, which allows you to easily download and install the necessary packages. This adapter should be disabled as soon as possible).
Now that the network adapters are defined it is time to perform the following additional steps:
- Start
pfsenseby clicking on Power on this virtual machine and once, the system boots, press the I key to install to the hard drive. - At the initial screen, assign the adapters to the appropriate interface and configure your VLANs if desired. An example of the assigned interfaces is shown in the following screenshot:
- Once you have completed the settings, the next thing to do is to assign the addresses. An example of the completed address assignment is shown in the following screenshot:
- Connect to one of the networks with Kali or another machine and configure the following settings:
- Enable the DHCP server on all interfaces with a range of
X.X.X.100-X.X.X.150 - Create a rule to allow ICMP,
80,443,53,161,25,22,23, and21TCP/UDP from the WAN net to the LAN net - While it is not common to allow these many services through the firewall, we need to have some things set so we can record the data while we are performing the assessment
- Create a rule that allows all traffic from the LAN to OPT1
- Create a rule that allows all traffic from LAN net to WAN net
- Enable the DHCP server on all interfaces with a range of
The following screenshot shows a work in progress of setting the firewall rules for pfsense-1:
The pfsense-1 firewall will have an IDS and a WAF installed. We can use the package manager that pfSense makes available to us to install this additional functionality on our system.
Tip
The pfSense-1 system will need temporary access to the Internet to be able to access and download these packages. This can be configured using VMnet8 on the OPT2 interface. Be sure to disable any of the other test machines before connecting to the Internet. Enabling the Internet on the WAN interface will enable all of the systems using pfsense-1 to access the Internet.
We install additional packages into the firewall by performing the following steps:
- Click on System | Packages and choose the Available Packages tab.
- Choose Proxy Server with mod_security and install it.
- Select the snort package and install it as well.
The next machine we will create is the pfsense-2 firewall. Create a virtual machine that matches the following:
- System name:
pfsense-2 - OS:
pfSense (FreeBSD) - Name:
pfsense-2 - OS Type:
FreeBSD - Memory:
256 MB - Disk size:
20 GB
This machine will need two network adapters configured using the network manager:
- Network Adapter 1 should be configured to use
VMnet4, which will be our WAN connection - Network Adapter 2 needs to be configured for the internal network named
VMnet5, which will represent our LAN connection
Once the network adapters are defined and configured, it is time to configure the firewall itself by performing the following steps:
- Start
pfsenseby clicking on Power on this virtual machine. Once the system boots, press I to install to the hard drive. - At the initial screen, assign the adapters to the appropriate interface, configure your VLANs if desired, and configure the address. We have done this with the previous firewall, so we will not list the steps again. An example of the assigned interfaces and IP addressing is shown in the following screenshot:
- The next thing we have to do is create the rules as required; for now, we will continue with the process of establishing the criteria of the challenge.