As usual, we will need to set up our virtual lab to emulate this environment, as the penetration test we are performing is purely fictional. However, do not consider this effort to be in vain; many penetration testers will attempt to emulate the network of their client, in order to ensure the exploits they intend on using actually work and are stable (not to mention that this reduces the likelihood of diligent administrators and security professionals detecting your movements). Depending on the type of penetration test, this could prove critical.
Refer to the following diagram; we will set up the following environment in VMware:
The following table shows the specifications for the various systems as seen in the previous diagram:
System |
Specification/s |
---|---|
|
|
|
|
|
|
|
|
|
|
Kioptrix Level 1 |
This system will serve as a machine that we can connect at different points throughout the site architecture, and your goal will be to gain root on the Kioptrix machine from across the different network segments. In short, while we are testing the site, we have the option of connecting the Kioptrix machine into any of the subnets, thus providing us with a machine to pivot from into the other layers of the network.
Throughout the book, we have thoroughly covered the installation and configuration of operating systems such as pfSense and Kioptrix; thus, for the sake of brevity, we will focus only on those steps that make the systems in this exercise unique and different from the default installs. Luckily, we only have to worry about configuring the Ubuntu 8.10 server.
The system named Ubuntu-8.1
will need to have lamp-server^
installed and running. As previously noted, we also need to install and configure the latest edition of WordPress. The WordPress team has done an excellent job of providing the community with step-by-step detailed installation and configuration instructions that can be accessed on the Internet at http://codex.wordpress.org/Installing_WordPress. The usernames, databases, and passwords used are unimportant at this point, but should be easy to remember and yet strong. Remember that the administrator in this exercise intendeds on building out a secure environment. When you are testing this environment, you will need to forget that you know what the passwords and usernames are.
In addition to fully patching and updating this system, we also need to set up the SSH server to accept our jdow
user from an external connection, which we emulate at 192.168.25.0/24
once WordPress, OpenSSH, and the static IPs have been configured.
Once WordPress is up and running, we need to replace the sample page with the following text:
AspenMLC Development and Research center Thank you for visiting the AspenMLC Development and Research center where we focus on examining all sorts of rocks and minerals and hope to make your life easier and safer! Contact: John Dow at [email protected]
This will give us some information to work with on the site. We can now move on to the more interesting aspects of this chapter!