If you have more experience with other software it is best to stick with that, after all our goal was to set up and ... want to use and IIS (Internet Information Server) as a web server to host .net web applications as targets. Since I do not .... Page 10 ...
How to set up a software hacking lab
Table of Contents How to set up a software hacking lab........................................................................................................1 Part 0 - introduction...................................................................................................................................2 Goals......................................................................................................................................................2 Hacking lab setup..................................................................................................................................3 Use open source software......................................................................................................................3 Conclusion.............................................................................................................................................4 Further reading......................................................................................................................................4 Part 1 - targets............................................................................................................................................5 Prerequisites..........................................................................................................................................5 Target selection......................................................................................................................................5 Distributions..........................................................................................................................................5 Software.................................................................................................................................................7 Custom Build.........................................................................................................................................7 On-line resources...................................................................................................................................7 Virtualbox settings.................................................................................................................................8 Part 2 - attack tools.....................................................................................................................................9 Attack tool selection..............................................................................................................................9 Distributions..........................................................................................................................................9 Software...............................................................................................................................................10 Custom Build.......................................................................................................................................10 Virtualbox settings...............................................................................................................................11 Part 3 - networking...................................................................................................................................12 Setting up internal networking in virtual box......................................................................................12 Moving data.........................................................................................................................................14 Update the virtual machines................................................................................................................14
How to set up a hacker lab
www.ihackforfun.eu
Part 0 - introduction This is the first in a series of articles on how to set up a software hacking lab. In this first article I will detail the goals and means to reach top goals. The hacking lab we are setting up is all about software, it does not lend itself for hardware hacking. As a personal goal I have set myself to become a (software) security tester. I wanted to start this without investing a huge amount of cash just in case I discover that this is not something I want to do ... This also means I will not start buying a lot of books and/or courses. I think I can get a basic level of knowledge using the information available on the internet. As soon as I decide that this is the 'thing' I want as a further career, I will of course need to do some investments but that is a point still far in the future.
Goals What do we want to achieve with a software hacking lab? In my case I wanted a place to train my skills and to eventually discover vulnerabilities in software. There were other considerations such as securing this lab from the outside world. In order of importance this is the list of requirements I set for my hacking lab: 1. 2. 3. 4.
Multiple systems to work from (as an attacker) Multiple targets to attack ranging from easy to hard The lab should be safe from attacks from the outside world It should be easy to maintain (both in updating systems as in adding/removing them
The choice of systems to attack and to work from will be discussed in subsequent articles. Since we will be hosting a multitude of vulnerable systems we want to make sure that we do not open things up to the outside world, after all we do not want to be hacked ourselves :-) Also we want to easily add and remove systems from our lab. When we look at all these requirements we can clearly see that installing a number of servers hosting all these systems in my living room or study would not be the most practical solution not to mention the difficulty of selling this top my wife ;-) We can however also go the virtual route and have all systems hosted on a powerful computer using multiple virtual machines. As luck has it I have a rather powerful laptop (Intel i7, 380 Gb HD and 8Gb of RAM) that I can use for this. As an added benefit to using virtual systems we add some security to our lab, as long as the vulnerable systems are not running they cannot be hacked. It will be a matter of discipline to disconnect myself from all networks before starting these vulnerable systems.
How to set up a hacker lab
www.ihackforfun.eu
Hacking lab setup Now that we have decided to go with virtual machines we need to decide on the hardware and software for our host of the hacking lab. Since we will be hosting A LOT of virtual systems we want each system and the hosting system to use no more resources then needed. We want to have as much of processing power and memory available for the hacking processes. This is needed mostly in case of doing brute force hacking. For my hosting system I decided to use Fedora 15. This is not the most lean of Linux distributions but it was already installed on my laptop and I did not want to re-install it. On my laptop I will be running a number of virtual systems so I will need some kind of software that makes this happen. I had some good experiences with Virtual Box from Oracle so I decided to stick with this. It does not really matter what you use as a hosting system or what software you use for the virtual systems. If you have more experience with other software it is best to stick with that, after all our goal was to set up and maintain a hacking lab and not to learn new ways of hosting virtual systems. You could use Windows or Mac as a hosting system and use Virtual Machine or other software for the virtual systems. In the end this does not matter as long as you can install any software you want on the virtual systems. I personally use open source software where I can and I will use free (as in gratis) where I can. There is just one exception, I will need to have at least one system that runs a Microsoft Windows version since as a software hacker I will want to try to use my ricks against any possible target. Also you probably want to use and IIS (Internet Information Server) as a web server to host .net web applications as targets. Since I do not own a copy of Windows at this moment this will not be included in my original lab setup. The same goes for Mac OS X since I do not own a Mac nor any Mac OS X license. I know that it is possible to run a Max OS X on a virtual system (often referred to as a 'hackintosh system'), I also think this is an interesting thing to do, at this moment I have no plans to go and buy a Mac OS X license. If ever I get such a license, the setting up of the 'hackintosh' system will certainly be good ground for an article on this blog :-)
Use open source software Although I'm not a fan of Windows and/or Mac OS, I also do not condone the stealing of software. It is a personal choice to use open source where possible. I will not install any pirate version of software, if I really do not want to pay for something like Windows then I will simply not use it in my lab even if this limits my choices of systems that I can use and train my skills on.
How to set up a hacker lab
www.ihackforfun.eu
Conclusion To conclude this article, we have a setup for our hosting system that meets the requirements. In the next articles I will detail the systems that will be installed and the software used in my hacking lab. Here are some of the things I will be able to do using my lab: • • • • • •
scan and attack web applications scan and attack supporting servers (such as web servers) scan and attack different operating systems test new tools as they are released by security researchers test and use security related distributions (such as Backtrack) use many different versions of a piece of software and familiarize myself with them
This will enable me to position myself in my company or on the job market as a security tester with already a certain knowledge. I hope this has tickled your interest enough to follow the other articles in this series of 'How to set up a software hacking lab'. In any case, if there are any questions and/or comments do not hesitate to use the comment function at the bottom of this blogpost.
Further reading • Open Source and freedom • Virtual Box website • Hackintosh
How to set up a hacker lab
www.ihackforfun.eu
Part 1 - targets
Prerequisites For the sake of keeping this article simple I will presume you are using virtualbox to run virtual machines, any other visualization software should work but the options might be called differently or not exist at all. This article turned out to be rather long so bear with me, after all if it was easy to learn how to be a security tester or penetration tester everyone would do it ;-)
Target selection Now it is time time look for some targets to install in our hacking lab. I will categorize the targets into three different types: 1. complete distribution: this is a complete OS and all software needed is already installed on it 2. software: these are targets that are programs that we need to install on an operating system 3. custom build: these are the programs you have written or customized yourself The three categories are ordered by ease of install, the complete distribution being the easiest to install in a virtualbox.
Distributions Depending on exactly hat you want to try out you will need to have different targets. I have compiled a small list of available distributions and what they can be used for, there is no need to install all of them right now, just install one that interests you to start with. To install any of these distributions you should follow the install guides on their respective websites, it would be pointless to repeat all of them here. They will all follow the same basic flow: 1. 2. 3. 4. 5.
create a new virtual machine boot with the CD install remove install media from boot list done :-)
You could of course run the live CD's in a virtual machine and simply boot from the CD as you start your virtual machine, then you do not even need to install the OS on the virtual machine and you can save yourself some disk space on your HD should that be needed. In case you are using virtualbox and you get stuck or cannot install any of these distributions then you should re-read the install instructions, if you are really unable to solve the problem, leave me a comment and I will try to see if I can solve your problem.
How to set up a hacker lab
www.ihackforfun.eu
De-ICE Several CD's with real life scenario's. Register on the forum http://forums.heorot.net/ How to use and test against the target is also explained in the forums just BUT do not read to much since it will ruin the experience if you see the answers! Metasploitable This one must be downloaded using a torrent so grab a copy here. OWASP Live CD The target here is WebGoat, a great beginner target. There are also a lot of tutorials and documentation available on this distribution. This CD also has a lot of attacker tools on it so if you just install this one you are ready to go ... Get it here. OWASP BWA OWASP Broken Web Applications provides an image with several vulnerable web applications to test against. Get it here. Samurai WTF framework Another CD with both targets and attacker tools. This distributions has several targets and is meant to learn to hack web applications. Get it here. Moth Another distribution that is targeting web applications. The applications are protected by PHP IDS and/or mod_security so you can vary the difficulty of the excercises. Get it here. LAMPSecurity This virtual image is designed to teach linux,apache,php,mysql security and has several targets. Get it here. BadStore Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. The implementation was done with Perl. Get it here. Hackxor The web application on this distribution tries to be more realistic and difficult then for example WebGoat. Get it here.
How to set up a hacker lab
www.ihackforfun.eu
Software There is a huge amount of targets that can be found on the net. Since I'm myself primarily involved in testing web applications I can provide a list of good targets for that purpose. This list is by no means exhaustive and some searches on google will certainly provide you with more targets to test on. Some of these web applications are already installed on one of the distributions mentioned before. I added also an indication of what programming languages are used so you can install something that is close to the application you want/need to test against in real live. • • • • • •
DVWA - Damn Vulnerable Web Application, based on PHP and mySQL. The butterfly project – based on PHP. Stanford SecuriBench – based on JAVA (J2EE). bodgeit – JAVA, JSP. Google Gruyere – the code can be downloaded and installed on a local server. Exploit KB – specific for SQLi, written in PHP and mySQL.
There are many others, if you have suggestions, please feel free to add them to the comments, I will personally try them as soon as I have time.
Custom Build If you are setting this lab up within a company then probably you want to test your companies web applications. You can either test this on a test server of your company but this could possible disrupt the server and other applications installed on it if you do aggressive attacks against the web application or the web server. You could set up a virtual machine with he application installed in there. Since all these applications are custom build I cannot tell you how to install them. Another thing you might want to do is test software from vendors or open source applications. I'm personally planning to test my blog software (I mean the software I use for blogging, I did not write that myself) so I will need to set up a machine with a standard web server and install the package on that. As soon as I get around to that I will post a detailed description on how that worked out and I will add the tests I did and my conclusions. I will use the same machine to make changes in the blog settings and for example the .htaccess file and check if how that stops certain attacks.
On-line resources There is also a plethora of online web applications that you can run tests against. Although these are valid targets I did not consider them in this series of articles because: 1. the are not under your control 2. you need to be online to run tests against them Both these points make the online test application invalid test subjects in a hacking lab. A lot of these web applications are used to test automated scanners so a valid comparison can be made for these products. This subject is very interesting but I will not go deeper into it in this article as it is quite long already :-)
How to set up a hacker lab
www.ihackforfun.eu
Virtualbox settings I create virtual machines in virtual box using dynamic storage, this can save a lot of disk space. If you use fixed space then the virtual machine will take up that amount of space even if it is not used within the virtual machine. With dynamic storage you have to be a bit careful not to add huge amounts of data to several virtual machines as they could grow beyond the capacity of your HD. In my experience using virtual machines for testing this has never happened since we never add a lot of data anyway. For each virtual machine I allocate between 1024 and 2048 Mb of RAM and 15 Gb of dynamic storage. Since I have an 8 core machine I also allocate 2 CPU's to most virtual machines. Allocation of RAM and CPU can be changed later on so if you do brute force password cracking you can temporary allocate more RAM and/or CPU's to that virtual machine.
How to set up a hacker lab
www.ihackforfun.eu
Part 2 - attack tools
Attack tool selection I use the same classification for attacker tools that I used for the targets: 1. complete distribution: this is a complete OS and all software needed is already installed on it 2. software: these are tools that we need to install on an operating system 3. custom build: these are the programs you have written or customized yourself The three categories are ordered by ease of install, the complete distribution being the easiest to install in a virtualbox.
Distributions When it comes to distributions with attack tools things get rather easy, there are a couple of well known ones that should provide you with all the tools you need. Whenever one of these does not have the right tool (or perhaps the latest version of a tool) you could install the tool itself in one of your vanilla virtual boxes (more on that later). For the sake of completeness I will repeat the distributions that were already mentioned as targets: OWASP Live CD There are also a lot tools such as the Zed Attack Proxy on this distribution. Get it here. Samurai WTF framework This distribution has very good attack tools that are also included in the Backtrack distribution and is meant to learn to hack web applications. Get it here. These are some of the most well known attack tool distributions: Backtrack Perhaps the most well know. There are tons of tutorials and videos on how to use the tools in this distribution and Backtrack is also used in courses (such as the Offensive Security course) that are well respected. All these things make me believe that you should at least have a virtual machine with Backtrack and use it from time to time. Backtrack is not the easiest distribution to start working with. Get it here. BlackBuntu Blackbuntu is distribution for penetration testing which was specially designed for security training students and practitioners of information security. It features regular updates and it is based on Ubuntu. I like the fact that there are regular automated updates. Get it here.
How to set up a hacker lab
www.ihackforfun.eu
Operator This distribution is based on Knoppix and has a strong focus on network related security and tools. Get it here. There are many other security distributions, however more important than the distribution is the tools that are in it. I think that Backtrack has quite a good collection and any tool missing on there could easily be installed on another virtual box or in your Backtrack distribution. I keep a few of the other distributions to use when a tool that I need does not work from the first try in backtrack.
Software There is a huge amount of tools and scripts written by security researchers and the like. Many of these do not appear on the security distributions. Once you start testing a web application more thoroughly you will need some of these specialized tools. Lets say you want to make sure your blog is secure, you have set up in a virtual machine a copy of your blog software (lets say using WordPress) on a similar server that your hosting is using. You have used all kinds of tools and automated scanners from the distributions but you want to take things a step further. In that case you will want to run ALL scripts/scanner that look for all kinds of problems on your blog. There are several of these to be found (through google of course) and many of these might not be on any distribution since they are very specialized. These are the tools you will install yourself in a separate virtual machine or add them to one of the distributions. Take into consideration that installing them on (or adding them to) a distribution also means that you will need to re-install these when a new version of the distribution is released. On the other hand, if you do add it to the distribution yourself then all your attack tools are neatly stored in one virtual machine. Personally I keep a ASCII text file with the extra tools I install, what version they are and on what virtual machine I installed them. If you put this list on Dropbox or (a private) Github then you will always have them ready.
Custom Build Whenever you write your own test scripts and/or tools you should consider where to put them. I advise against putting them on your host machine. You probably want to put all of them in virtual machines AND keep the code on Dropbox or (a private) Github. Of course software you create at your workplace might not actually belong to you, so make sure you are not doing anything illegal ;-) Another thing to think about is the use of those scripts/ tools. Perhaps you are not the only one that is interested in them and as such it might be good to open source them and give back to the community that we are all part of by using these open source tools. The same goes for improvements and/or change you make in any of the open source tools, the authors are usually very interested in how you use their tools and how they can improve them for you so why not help them out.
How to set up a hacker lab
www.ihackforfun.eu
Virtualbox settings When you decide on the amount of HDD space you will assign to the virtual machines, take into account that they might grow with each update and extra tool installed, also some of the tools will generate rather large amounts of data. I advise for each attack virtual machine to have a dynamic storage of at least 20 Gb. You will also need some 'vanilla' installs of for example an Ubuntu system where you can develop your own scripts and tools. Since you are developing these yourself you should know better then me what kind of specs you need so I give you my specs as a reference: • Xubuntu (less resources needed than Ubuntu • Dynamic HD storage of 15 Gb • 2 Gb RAM • 2 CPU's I have several of these such as one with ruby 1.8.7 and another with ruby 1.9.2, it is possible to run these side by side but I prefer to spend time in testing web applications and writing test tools instead of tweaking my system to run several version of ruby, perl, python, PHP etc ... This is just a matter of making a conscious decision to spend as much time as possible on adding to my skill set as a security tester.
How to set up a hacker lab
www.ihackforfun.eu
Part 3 - networking
Setting up internal networking in virtual box Now that we have a number of virtual machines installed we need to set up our environment. Some distributions set their own IP address (e.g. De-ICE) and in some distributions the network is default turned off (e.g. Backtrack). In case you use a virtual machines like the Samurai WTF and use the attack and target programs in that distribution itself you do not need to set up a network. The targets you have installed yourself such as BadStore.net however need to be attacked from another virtual machine (or from the host machine but I advise against that). Since this is a vulnerable application we want to make sure the outside world has no access to it. In virtual box this can be done using 'internal networking'. When a virtual machine is set to internal networking it cannot make connections to the outside world, this adds a layer of security to our host. Internal networking will work using an internal DHCP server to assign IP addresses to your virtual machines. Setting up internal networking in virtual box is a two step process, first you need to enable the option and assign a range of IP addresses that can be used by the virtual machines. This needs to be done on your hosting system. Open up a terminal window (in windows it should work in a DOS box but I have no experience with this) and type this command: VBoxManage dhcpserver add --netname intnet --ip 10.10.10.100 --netmask 255.255.255.0 --lowerip 10.1010.101 --upperip 10.10.10.254 --enable This will enable the virtual box server to assign IP addresses to virtual machines, the IP addresses will be between 10.10.10.101 and 10.10.10.254. For more information on setting up the DHCP server within virtual box have a look at the official website. You can use almost any range of IP addresses but I suggest to stick to the numbers suggest in the RFC 1918 - Address Allocation for Private Internets. Now we can assign the internal network to our virtual boxes, this is quite easy, in the Virtual Box Manager go to the settings of the virtual box you want to run (in my example I'm setting up a BlackBuntu and BadStore.net) and in the network section you just select 'Internal Network'. I left the default name since I used it in the previous step (in the –netname parameter).
How to set up a hacker lab
www.ihackforfun.eu
Now we open BadStore.net and Blackbuntu and wait until both have booted. I included a screen shot showing the BlackBuntu virtual machine. It has a terminal where I ran the ifconfig command to see the IP address of my BlackBuntu, I did a ping to 10.13.13.105 to see if the BadStore.net was up and I opened a web browser and navigated to the BadStore.net web page.
Hacking can start from here :-)
How to set up a hacker lab
www.ihackforfun.eu
Moving data Sometimes you may want to move data between virtual machines. You can use the build in virtual box options using shared folders for this but I think it is better to use tools you might actually need in real live. To move data between the different virtual machines in an internal network you can use the scp (secure copy) command, to log in to a virtual machine you can use the ssh command (in case it is a Linux box). Using these commands will help you a lot since these are things you might often need to use in real live, keeping these commands in memory can save you a lot of time.
Update the virtual machines When you are in internal networking mode in a virtual machine it cannot reach the outside world, this also means it cannot get updates (e.g. for the operating system). It can be useful to put the virtual machine back to NAT from time to time and update the OS or get updates for tools you might use. This is again quite easy, go to the settings of the desired virtual machine and switch the network settings back to NAT, do the updates and then shut down the virtual machine, change the settings back to internal networking and you're done. In theory this can be done without restarting the virtual machine by using the network options (at the bottom right of the virtual machine screen) but I have noticed this does not work for all distributions and when you switch back to internal networking the IP address is not always refreshed. Now that we have connected the different virtual machines together the software hacking lab is set up.
How to set up a hacker lab
www.ihackforfun.eu
![[PDF] Download Wireless Hacking: How to Hack Wireless Networks ...](https://m.moam.info/img/260x300/pdf-download-wireless-hacking-how-to-hack-wireless_6477f448097c4796708c4603.jpg)
