- Kali Linux Lite VM -


Goals


  1. Apply penetration testing knowledge using virtual machines.
  2. Explore tools such as metasploit and nmap for offensive and defensive security.
  3. Create penetration testing labs with vulnerable VMs and .

Quick introduction on Kali Linux and penetration testing


  1. Kali Linux, is an open source Linux distribution that includes a large collection of penetration testing tools. It is is maintained and funded by Offensive Security, a provider of world-class information security training and penetration testing services.
  2. We have prepared a light version of Kali Linux that you can use on GENI with your pen testing labs. Below you will find instructions on how to install it. The tools that it includes are:
    1. Nmap
    2. Metasploit
    3. John the Ripper
    4. Wireshark
    5. Scapy
    6. Hydra
    7. hping3
    8. recon-ng
    9. nikto
    10. burpsuite
    11. hashcat
    12. wordlists (txt files)
    13. aircrack-ng
    14. kismet
  3. Penetration testing is an authorized cyber attack with goal to evaluate the security of a system.


Prerequisites


  1. You will need basic command line knowledge to complete this lab. Codecademy has a great tutorial on this topic.
  2. Basic penetration testing techniques: We have put together the following set of slides that introduces penetration texting concepts, stages, and tools
  3. Where to find vulnerable vms to pen test: Vulnhub has a large collection of VMs to download and test. Some of these VMs have walkthroughs that can help you if you get stuck.

How to setup Kali Lite


  1. Reserve a single Xen VM with default settings
  2. Select your preferred site aggregate.
  3. Click on the node and then in the left-hand panel select the Disk Image pull-down and choose Other.
  4. In the URN slot paste the image URL: https://www.instageni.clemson.edu/image_metadata.php?uuid=ad8630d1-89c9-11e8-b707-000000000000.

Part 2: penetration testing of a vulnerable VM


  1. Penetration testing includes the following stages: i. reconnaissance, ii. scanning, iii. exploit, iv. cover tracks. Reconnaissance is using open source materials, such as google searches, social networks, etc. to find the weak points of the System Under Test (SUT). We will omit this fun phase since this is not a company with actual employees that we can gather information about and move to phase two: "Scanning"
  2. Login to the attacker node. Note that you will not be able to login to the test node, you will need to find a way to do this through your pen testing. Use the tool nmap, the "swiss army knife" of scanning, to scan your target. You may want to use this cheatsheet and learn some more about nmap from the official website nmap.org linked above.
  3. As many pen testers do, you may have two windows open on the attacker node. One window may be running long scans, the second may be trying exploits.
  4. Log carefully the information after your scan and study it in detail. There may be vulnerable services, vulnerable versions of an operating system, and other weaknesses that different nmap scans may reveal. If you do not know the services, ports, etc. just use open source intelligence, i.e., google search!
  5. You may look for vulnerable users using your second terminal connected to the attacker node. Back in the old day we would always try default user names and default passwords. Worse thing that can happen is that you get flagged, but in this case we do not need to worry about that. Can you find the default user? Find their password, ssh to the test VM and snoop around!
  6. Next we will use metasploit to exploit some vulnerabilities.

Part 3: Metasploit exploits


  1. Learn about Metasploit, a versatile framework for exploits.
  2. Specific modules that can be used to compromise the machine include auxiliary/dos/rpc/rpcbomb to perform a denial of service attack through the rpc connection and auxiliary/dos/http/nodejs_pipelining which can perform a powerful dos attack on the OWASP juice shop that disrupts normal functioning, even rendering it inaccessible . The wmap module inside metasploit can be used to scan the OWASP juice shop for vulnerabilities, including vulnerable directories. A session can be created using exploit/multi/ssh/sshexec with the information gained from previous sections including users and their passwords.
  3. Try some metasploit attacks based on the linked tutorial.
  4. While you are running a DDoS, save a packet capture. Explore the packets, how the attacks look from the network's point of view.
  5. There is a vulnerable website in the test machine. If you have found its port, use wmap to scan it for vulnerabilities.
  6. To access the website, we will need to use X11 server which will allow us to open firefox from the attacker VM. In the next subsections we provide information on how to setup X11 remote desktop on Windows, Mac OS, and Linux.

Part 4: Installing and enabling browser on GENI (Windows)

  1. Install the Xming software on your local operating system. Xming is an X11 display server for Microsoft Windows operating systems. Then, run it to start the X server. You should see the Xming icon in the taskbar if it is running.
  2. Then, use PuTTY to log onto the GENI node. Remember to click the option for X11 in addition to the other steps for logging in to a GENI node using PuTTY.
  3. Now when we execute the command firefox we should see a browser GUI displayed with the help of Xming.

Part 4: Installing and enabling a browser on GENI (MacOS)

  1. Install XQuartz on your Mac. XQuartz is an X server designed for MacOS.
  2. Right click on the XQuartz icon in the dock, and select Applications > Terminal. This should bring up a new xterm terminal window.
  3. Then, make an ssh connection to the GENI node in this terminal window. Make sure to include the "-Y" flag.
  4. Now execute the command "firefox", and with the help of XQuartz the a GUIt display of firefox should appear.

Part 4: Installing and enabling a browser on GENI (Linux)

  1. It is much simpler when you are using a Linux operating system. Just ssh into the Linux system of your choice using the “-Y” flag.
  2. Then simply run the "firefox" command