Kali Linux Cookbook - Second Edition

4.7 (6 reviews total)
By Corey P. Schultz , Bob Perciaccante
    Advance your knowledge in tech with a Packt subscription

  • Instant online access to over 7,500+ books and videos
  • Constantly updated with 100+ new titles each month
  • Breadth and depth in over 1,000+ technologies
  1. Installing Kali and the Lab Setup

About this book

Kali Linux is a Linux distribution designed for penetration testing and security auditing. It is the successor to BackTrack, the world’s most popular penetration testing distribution. Kali Linux is the most widely used platform and toolkit for penetration testing. Security is currently the hottest field in technology with a projected need for millions of security professionals.

This book focuses on enhancing your knowledge in Kali Linux for security by expanding your skills with toolkits and frameworks that can increase your value as a security professional.

Kali Linux Cookbook, Second Edition starts by helping you install Kali Linux on different options available. You will also be able to understand the lab architecture and install a Windows host for use in the lab. Next, you will understand the concept of vulnerability analysis and look at the different types of exploits. The book will introduce you to the concept and psychology of Social Engineering and password cracking. You will then be able to use these skills to expand the scope of any breaches you create. Finally, the book will guide you in exploiting specific technologies and gaining access to other systems in the environment. By the end of this book, you will have gained the core knowledge and concepts of the penetration testing process.

Publication date:
September 2017
Publisher
Packt
Pages
438
ISBN
9781784390303

 

Chapter 1. Installing Kali and the Lab Setup

In this chapter, we will cover the following topics:

  • Lab architecture and considerations
  • Installing VirtualBox
  • Installing Kali on VirtualBox
  • Using Kali Linux from bootable media
  • Upgrading Kali Linux
  • Understanding the advanced customization and optimization of Kali
  • Installing Windows machines
  • Installing Metasploitable
  • Installing OWASP-BWA
  • Understanding hack me and other online resources
 

Introduction


In order to set the stage for the rest of this book and to help you reproduce the recipes and their output, I strongly recommend that you create a test environment where you can run various tools that are included with Kali Linux. In this chapter, we will be focusing on building our testing environment based on free or low-cost applications to minimize cost.

Starting with installing the virtualization platform, VirtualBox, we will walk through a few common installation techniques for Kali Linux; you will also learn how to update and maintain your installation.

 

Lab architecture and considerations


In this section, we will discuss our lab design and provide some information that you can use to expand it in the future.

As we begin to set up our lab, we want to take some time to discuss the lab setup and some of the considerations that we will take when using the lab. Some of these considerations are designed to make the lab more effective, while others are used for the protection of the networks our lab is connected to. We also want you to be in a position to easily expand or grow this network with other test machines as you master the Kali recipes that follow.

How to do it...

In this section, we will be discussing general topics as opposed to specific recipes. 

The hypervisor selection

Today, there are many different hypervisors that will allow you to run multiple virtual machines on a single physical machine. For our specific purposes, we have chosen to show you how to setup the initial lab in VirtualBox due to several compelling factors. It's free to use, has multi-platform support, and it's able to run within your main operating system. However, as we progress past the first chapter, we will be switching to VMware ESXi. This will not affect recipes in any way between using VirtualBox and VMware ESXi. Our main reason for switching is the amount of compute resources that are available to us in our dedicated lab. We have the ability to run many virtual machines at once, and we will have the ability to insert firewalls and other security devices between our Kali instance and our testing hosts, as needed. We also have the flexibility to create more complex environments.

If, for any reason, you are looking to build a larger test network or have a different hypervisor of choice that better suits your purposes, feel free to use it, as we will assume you will be able to translate our instructions between the different hypervisors.

The hypervisor networking

In our lab, we are going to be using two networks within VirtualBox: a NAT network and a host-only network. Our Kali box will be connected to both the networks, so it can communicate with devices on the internet, download updates, and get software packages as needed. Our target machines will only be connected to the host-only network. The host-only network can only talk within the host and among other devices connected to the host-only network. It cannot communicate through your Ethernet or wireless networks. This setup is extremely critical to our testing environment, as we do not ever want to expose our testing hosts to the outside world, as they are very vulnerable and will be hacked rather quickly.

To further protect the networks that your lab is connected to, we would actually suggest disconnecting the virtual adapter of the Kali virtual machine that connects to the NAT network, unless specifically required for the recipe operation. This way, your network is protected from accidental exposures to any attacks you may be sourcing from Kali.

Vulnerable workstations

One of the many questions frequently asked is why we soften machines or use machines that have vulnerabilities. The fact is that a properly patched, properly configured, and properly hardened machine is quite difficult to get into. Penetration testing is not trying to get through to hardened devices but looking specifically for those devices that have vulnerabilities. In a typical engagement, you may find only one or two machines that have vulnerabilities. You can then use these machines to gain a foothold into an environment to compromise other more hardened machines. If you start doing regular engagements as a penetration tester, you will be surprised by just how many machines you may be able to find that have vulnerabilities. This is especially true with the proliferation of low cost Internet of Things (IoT) devices such as internet connected cameras, thermostats, automation systems, and monitoring. These devices often run Linux-type embedded operating systems and are rarely patched and often overlooked. More importantly, they are often riddled with bugs and vulnerabilities that we can use for our purposes.

 

Installing VirtualBox


To set the foundation for our lab, we will be using VirtualBox as a virtual hardware platform to host our images. This recipe will outline the steps necessary to do so. In the event that you wish to use an alternate virtualization platform, the same general principles will apply.

When it comes to learning a new set of skills or sharpening the ones you already have, the importance of a testing environment cannot be overstated. It is imperative that you have the means to test against systems in a known state so that you can validate the results of your tests.

One method of saving resources, both physical hardware and computing resources, is to utilize a virtual environment where your testing devices reside. One very popular example of a virtualization platform is Oracle's VirtualBox—a purpose build virtualization environment designed for use with x86 platforms that can host many virtual machines on one physical computer. This allows for the sharing of resources such as disk, RAM, CPU, and so on. Additionally, because VirtualBox supports importing and exporting virtual appliances, resources can be easily moved, shared, and so on.

Getting ready

To prepare for the use of VirtualBox for the remainder of this book, we will need to ensure that we have enough resources on our server to be able to run several of the virtual guests at the same time. The following chart highlights the amount of resources that each of our intended guest systems will require:

Name

Disk required

Memory required

CPU required

Chapters used

Kali Linux

80 GB

8 GB

2

1-10

Metasploitable

65 GB

4 GB

1

1,2,4-7,10

Ubuntu 16.4 LTS

15 GB

2 Gb

1

1,6,10

Windows XP SP3

10 GB

1 GB

1

1,2,4-7,10

Windows 7 - host 1

10 GB (thin)

2 GB

1

1-7

Windows 7 - host 2

10 GB (thin)

2 GB

1

1-7

Windows 2008 Server

25 GB (thin)

2 GB

1

1-7

OWASP-BWA

10 GB

1 GB

1

1,9

VulnOS

32 GB

1 GB

1

1,7

 

How to do it...

In this section, we will build out an environment that will allow you to perform security testing without the need for physical hardware:

  1. Ensure that you have the following resources free on your host machine to support the system combinations mentioned in preceding list. In totality, you will need the following in addition to the resources needed by VirtualBox itself:
    • 5 CPU
    • 1500+ GB free disk space
    • 16 GB free memory
  2. Download the appropriate version of VirtualBox for your lab environment from www.virtualbox.org.

Note

It would also be good to familiarize yourself with the detailed options available from the VirtualBox manual, which can be found at https://www.virtualbox.org/manual/ch01.html.

  1. Once you have downloaded the installer, locate it, and start the installation. As the application begins the installation, you will see the following dialog boxes. As of the time of writing this book, the version available was 5.1.8. When you are greeted with the dialog box seen in the following figure, select Next:

 Initial installation screen

  1. When given the option at the first Custom Setup screen, as seen in the following figure, leave the default options in place, and select Next:

 First custom setup screen

  1. At the second Custom Setup screen, as seen in the following figure, review the options and determine which are appropriate to your preferences, and select Next:

 Second custom setup screen

Note

If you leave Register file associations, this will configure your system to use VirtualBox, to open virtual disk images automatically.

  1. After the basic configuration options have been decided, the setup will now begin to make changes to the host computer. One such step is the installation of the dedicated virtual network adapters that allow VirtualBox to provide different options in regard to how your systems use networking. During the installation of these drivers, you may experience a brief loss of connectivity; so when prompted, acknowledge this fact by selecting Yes. 
  2. Once ready to kick off the installation, select Install from the next dialog box, and wait until the installation process is complete.

Note

During the installation process, you will be prompted to allow the installation of device drivers. These drivers are predominantly used for the virtual network devices. You may choose to trust device drivers signed by Oracle in the future, or leave that option unchecked.

  1. Once the installation is complete, you will be given the option to finish, or finish and then start VirtualBox.

Note

Depending on what other uses for this lab you may have in the future, this would be a good time to install the VirtualBox expansion set that includes support for the USB 2.0 and 3.0 USB controllers, host web camera, RDP services, and other features. It is recommended that you install these at this time before starting VirtualBox.

  1. Once you start VirtualBox, you will need to confirm the settings for network connectivity. You are going to want to find the Preferences item under the VirtualBox menu heading; now, select it. Then, select the network option along the top, and you will be presented with the following window:

VirtualBox preferences dialog - network

  1. By default, NatNetwork should already be created for you. However, if one is not displayed, click on the + button on the top right to add one.

Note

In the next section, we will be creating networks that exist only on your PC. Although these networks will only be seen on your PC, we strongly recommend that you use subnets that do not coincide with any of the existing networks that you may have access to.

  1. Once added, review the setup of the network by clicking on the wrench icon, on the lower-right part, and you will be presented with the following dialog box. You can modify the IP subnet as needed. Ensure that Enable Network is selected, and click on OK to continue:

NatNetwork configuration dialog

  1. Create our test network. Select Host-only Networks. By default, no network is created, so click on the + icon in the upper right-hand corner to create the vboxnet0 network:

Host-only networks dialog box

  1. Ensure that the vboxnet0 interface is highlighted, and click on the wrench icon in the lower-right part of the screen. An IPv4 address will already be populated for you. If you are putting this into an existing lab network, or if this range is used in other places in your existing environment, feel free to designate a different network if necessary, as this will be your dirty network for testing purposes:

 

Host-only network adapter dialog

  1. Let's review and modify the DHCP Server section by selecting it. The defaults should be fine, but you can adjust them as you feel appropriate. 

Note

Do not use the whole range for DHCP, as you may want to statically assign IP Addresses to servers on your dirty network.

  1. Once these steps have been completed, your VirtualBox environment is ready for the next section.

How it works...

In this section, we will download and install the virtual compute environment, VirtualBox, to build the base of our test lab. We configured the basic network configurations and set up DHCP to help with dynamic host networking.

 

Installing Kali on VirtualBox


In this section, we will install Kali Linux into a virtual host in the VirtualBox environment, as we described in the previous section.

Kali Linux (Kali) is based on the Debian operating system; and it is a self-contained environment that includes hundreds of tools that can be used for security auditing and testing purposes. It provides a platform, which you can use to build your penetration testing skills. It is one of the most widely used platforms for this purpose.

Kali comes in a variety of different flavors – we will be using the full Kali install using the Gnome windows manager, inside an Oracle VirtualBox environment. However, Kali can be installed on any hypervisor; it can be non-destructively run from a USB or CD drive, on Raspberry Pi's, or other similar single board computers. It supports installation on both the Intel and Arm processors.

When you first go to the Kali website and look at the downloads section (www.kali.org/downloads), it may be a bit overwhelming with all the options at first, so let's run through some of them, so you understand the differences.

With reference to the following image, you will note that the top two entries, the Kali 64 bit and the Kali 32 bit, are the default full install of the operating system using the Gnome windows manager.

The next two entries denoted by lightare a minimal install of Kali with the Gnome Windows manager for some space constrained systems. You can use this along with manually installing only the needed tools for your specific purposes.

The next four entries denoted with e17, Mate, Xfce, and LXDE are full installs of the Kali operating system, each using a different graphical windows manager for its desktop interface. If you happen to have an older device, consider running Kali with the XFCE interface, as it requires less resources than Gnome. I would only suggest these if you are familiar with them, and opt not to use the default Gnome windows manager or have a specific purpose to do so such as resource constraints.

The last two entries, armhf and armel, are for those two flavors of the arm architecture with armhf supporting the older ARMv4 instruction set, and the armel supporting the new version 7 instruction set.

Please also note that the sha256 value is displayed. This allows you to validate that you have downloaded an unaltered version of the image:

Kali.org download page, image section, as of May 2017

If you scroll down the page a bit more, you will see the section that allows you to download pre-prepared images that can automatically run without going through the setup process; in addition, it supports various hypervisors, or, in the case of ARM, has images and scripts for popular arm-based computers, such as Raspberry Pi's or other popular arm-based devices.

Note

We will not be using these images as we want to walk you through a full installation and setup of Kali, so you have a better understanding of the process.

 Kali.org download page, hypervisor and arm section, as of May 2017

Getting ready

Before installing Kali Linux, we need to ensure the minimum requirements are met:

  • Your computer is connected to the internet
  • You have a minimum of 4 GB of RAM (8 GB is recommended)
  • You have a minimum of 25 GB hard drive space available (80 GB is recommended for Chapter 3, Vulnerability Analysis)
  • VirtualBox installation is complete and currently running
  • Download the appropriate Kali disk image from https://www.kali.org/downloads/

For our purposes, we will be using the Kali 64 bit version. Please refer to the recipe introduction for more details about these options.

How to do it...

Let's begin the process of installing Kali:

  1. Click on New in the upper left-hand corner of the screen:

Main VirtualBox screen

  1. Name your virtual machine Kali Linux, select type as Linux, and select the version as Linux 2.6 / 3.x / 4.x (64-bit). Press the Continue button when complete:

 Name and operating system selection screen

  1. Memory size: You will be presented with a slider for memory size, with the ability to manually enter a value: in the box type in 4096. The 4 GB of memory will provide a smooth and responsive Kali install. Click on Continue.
  2. Hard disk: select Create a virtual hard disk now and press on Create.

Note

You will note that on this screen, it will refer to a recommended hard disk size of 8 GB. Please note that this is not sufficient for a full Kali install, and we will be allowed to change it in a future step.

  1. Hard disk file type: take the default file type of VDI (VirtualBox Disk Image). Select Continue.

Note

If you are interested in having easy compatibility with other hypervisors, you can select one of the other types available. Virtual Hard Disk (VHD) is widely used for Windows HyperV. Virtual Machine Disk (VMD) is widely used for VMware deployments.

  1. Regarding the storage on physical hard disk, leave the default of Dynamically allocated and click on Continue.

Note

If you are running an older spinning disk versus a solid state drive and have the available space on the disk, the recommendation would be to use Fixed size.

  1. File location and size: leave the name and location with the default, and either move the slider or enter 25.00 GB directly into the box. Click on Create.

Note

25 GB is a nice size for the install plus some extras. If you have limited space requirements please see our discussions of the various Kali image and installation options for more guidance in the introduction section of this recipe.

  1. Click on Kali Linux to highlight it; then click on Settings:

VirtualBox main screen - with Kali Linux VM shown

  1. From here, we will select the Storage option. Originally under Controller: IDE it will say Empty. Click to highlight Empty. Click on the circular disk icon to the right of IDE Secondary Master. An option dialog will be brought up, and select Choose Virtual Optical Disk File. This will bring up a file manager dialog, which will allow you to find and select the Kali image you downloaded previously. Once completed, your screen should look similar to the following:

 Kali Linux VirtualBox settings storage option

  1. Click on Network and verify that Adapter 1 shows attached to NAT Network with the name NatNetwork:

Kali Linux - network adapter 1

  1. Click on Adapter 2 and for Attached to select Host-only Adapter with the Name as vboxnet0, then click on OK:

Kali Linux - network adapter 2

  1. We are brought back to the main manager screen. Let's click on Kali Linux to highlight it, and then click on Start:

VirtualBox manager screen

  1. We will now be brought to the main Kali installation screen. Let's click on Graphical install:

 Kali main installation screen

  1. Select an appropriate language; for our use, we will select English and click on Continue: 

Select a language screen

Note

You may click on X on the boxes at the top, if any, as they are only informational.

  1. Select the proper keymap for your region. For our purposes, we will select American English. Then, click on Continue. The VM will then start by loading installer components. This should only take a moment or two based on the performance of your device. It will also detect and connect to your network automatically.
  2. You will be brought to a screen where you must enter the hostname. Let's simply call our install Kali and click on Continue:

Kali configure network screen

  1. The next screen will ask for your domain name. We will leave this blank, and simply click on Continue.
  2. Our next screen will ask us to enter a root password. Select a strong password. Enter it for a second time to validate it, and click on Continue. The install will continue through some further steps. 
  3. Once completed, you will be brought to a configure clock screen. Select the appropriate time zone; for our purposes, we will select Eastern, then click on Continue:

 Configure clock screen

  1. Partitioning disks: for simplicity, we will select Guided - use entire disk, and click on Continue

 Partition disks

Note

It's important to note that, for our example here, we want to just keep it straightforward. When actually setting this up for production testing, I have a dedicated laptop and use a fully encrypted LVM. This would be a recommendation when you move from working in a sandbox and go to actual engagements; as a pen tester, you need to protect your work as well as your client's information. Encryption, in that case, is paramount. 

Note

You may also want to keep in mind crossing borders with encrypted laptops and what the border security rights are. In the US, even for US citizens, they can ask for your passwords to get into the machines, remove them from your immediate control, and confiscate them. You may want to take situations like this into consideration; you can ship that encrypted laptop to and from the destination as needed, or complete your reports prior to leaving, and wipe the hard drive. Remember that deleting files is not securely wiping information - you can use a tool such as Darik's Boot and Nuke (DBAN) https://dban.org/ and use 5220.22-m wipe methods.

  1. You will be brought to a partition disks screen for confirmation. Click on the disk to highlight it, and click on Continue:

Partition disks

Note

Please note that as you are inside a virtual machine when it references, your disk will be erased; it is only talking about the virtual partition and not your disk. If you have decided to load this on your PC as the native operating system, it will erase the entire drive.

  1. Select All files in one partition (recommended for new users) and click on Continue:

Partition disks - screen 2

  1. Select Finish partitioning and write changes to disk. Click on Continue:

Partition disks - screen 3

  1. Click on Yes to write changes to disk. Click on Continue:

 Partition disks - screen 4

Note

Your system will begin installing further. This process will take several minutes, so please be patient.

  1. Upon the completion of the install, you will be asked whether you want to use a Network Mirror for your package manager. Select Yes and click on Continue.
  1. You will be asked to enter a proxy server if needed. Please enter any required information (for most installs, you will leave this blank). Click on Continue. Kali will continue to install packages.
  2. Select Yes to install the GRUB boot loader and click on Continue.
  3.  Select the single drive listed to highlight it, and then click on Continue. This will finish the installation:

Install GRUB boot loader

  1. After a short time, you will be brought back to the Finish the Installation screen. This will ask to boot your computer to ensure that you have removed the installation media. Under most circumstances, VirtualBox or other hypervisors will honor the disk eject command issued when Kali finishes installation, but we need to be sure. At this point in time, do nothing:

 Kali Linux: finish the installation

  1. Move the installation windows to the side to expose the main VirtualBox manager screen. Click on to highlight the Kali Linux VM. Click on Settings, and next click on Storage. If under Controller: IDE, you do not see Empty, click on the install media shown to highlight it. Click on the icon at the far right that looks like a disk, and select Remove Disk from Virtual Drive. Click on OK:

 VirtualBox manager

  1. Go back to the Kali Installation screen, and now click on Continue. It will finish a couple items up, and reboot the virtual machine bringing you to the login screen:

Kali Linux finish the installation

Note

Remember that when logging into the system, your username is root and the password that you created during installation.

 

Using Kali Linux from bootable media


As you will see in the pages that follow, there are a tremendous number of uses for Kali Linux, and for these uses, it is not always practical to dedicate a device to one particular use case, as this would be a tremendous waste of resources. To address this, you can use the Kali Linux installation ISO downloaded in the previous section as a live CD as well; or you can maintain persistence with a live USB drive with persistence (with or without Linux Unified Key Setup encryption).

We will show you how to create the Live USB (no persistence, no history maintained).

Additional options such as live USB with persistence, live USB with encrypted persistence, and custom rolled Kali Linux ISO (which can be incorporated into the bootable USB options) can be found on the Kali Linux documentation wiki at http://docs.kali.org under the section called 02. Kali Linux Live.

Getting ready

In order to be able to complete this section successfully, you will need the following:

  • USB Drive (8 GB or larger)
  • USB disk imager (Win32DiskImager)

How to do it...

Let's begin the process of creating a bootable Kali Linux USB device:

  1. Starting with the Kali Linux ISO file we downloaded in the earlier recipe, installing VirtualBox, we will use Win32DiskImager (https://sourceforge.net/projects/win32diskimager/) to create a bootable USB using the ISO. Download and install Win32DiskImager.
  2. Once installed, launch Win32DiskImager.

Note

In order to format the USB drive and to write the raw image, Win32DiskImager needs admin permissions to run. You will need to give permission for it to run when the user access control dialog is presented.

  1. Win32DiskImager will use IMG files, but we will tell it to use an ISO file as the source. From the application screen, click on the File Open button, and when presented with the File Open box, change the file filter to *.* in the lower right, and navigate to the Kali Linux ISO file.
  2. Select the drive letter of your USB device, and click on Write:

FW32 DiskImager example

  1. Once the image has been written to the USB drive, you will be able to boot from this device on machines that support the USB bootable media. In this configuration, you now have a bootable USB drive that will from which the Kali Linux operating system will boot, as if it were installed onto the local disk. Across reboots, you will lose any documents you may have created. If you choose it, you can create an additional partition on the USB drive that will be persistent, and keep files and documents you may wish to keep. The step-by-step instructions on how to extend this functionality can be found on the Kali Linux documentation wiki at http://docs.kali.org under 02. Kali Linux Live.
 

Upgrading Kali Linux


Now that we have a base install of Kali, let's run through any updates and upgrades required. This is something you want to do periodically with the system, to make sure you are using the most up-to-date information.

Getting ready

Before you start, ensure the following prerequisites:

  • Your computer is connected to the internet
  • Your installation of Kali is running
  • You are logged in as root

How to do it...

To bring an existing Kali Linux installation up to date, you will do the following:

  1. From the main Kali desktop, let's click on the terminal icon in the upper-left part of the screen:

 Kali Linux desktop

Note

Since we are already logged in as the root, we will not require any elevation of privileges using the su or sudo commands.

  1. From the Command Prompt, type this:
 apt-get update

 Kali Linux Command Prompt

Note

After the initial installation, this process could take several minutes to complete.

  1. Once complete, we will actually upgrade the system by entering the following at the Command Prompt:
 apt-get upgrade

Kali Linux Command Prompt

  1. After a minute or two, you will get a screen explaining what will be upgraded and what needs to be installed for the upgrades to occur. When ready to continue, type Y and press Enter:

Kali linux Command Prompt

Note

This process will take quite some time to complete, so please be patient as your system upgrades. 

  1. Once complete, we will reboot the system to ensure we have a fresh running environment. To continue, type this:
 shutdown -r now

Kali Linux Command Prompt

There's more..

During the upgrade, you may get prompted for a couple of items such as following:

apt-listchanges: news section

You may get paused at an apt-listchanges: news section, and you will be presented with a : sign at the bottom; you can use your arrow keys to read the notice, and then just press q to quit and continue.

The configuring macchanger

You can set up the system to change the mac automatically per boot. For our testing purposes, it's not required; however, if you are doing this in a live environment, you may want to configure it. Select No:

Configuring macchanger dialog box

The service restart

You maybe asked to restart services automatically to ease upgrades; select Yes:

 

Understanding the advanced customization and optimization of Kali


Now that we have our Kali Linux virtual machine installed and updated, let's do a bit of customization.

Getting ready

Before you start, ensure the following prerequisites:

  • Your computer is connected to the internet
  • Your installation of Kali is running
  • You are logged in as root

How to do it...

There are several customization and advanced settings that we can perform.

Upgrading the Linux kernel

To update the Linux kernel, you will do the following:

  1. Open a terminal window by selecting its icon on the left tool bar, and enter the following:
       apt-get dist-upgrade
  1. Follow the prompts to complete the installation, and reboot the virtual machine when complete.

Removing unneeded packages

To remove unneeded packages, we will do the following:

  1. Open a terminal window by selecting its icon on the left tool bar, and enter the following:
 apt autoremove 
 exit

Adjusting or disabling the screen lock

During the use of this book, you may find yourself leaving your system to run commands or in between sections. During this time, the screen may lock and force you to login in more frequently than you would prefer. To change this behavior, do the following:

  1. In the upper right-hand corner of the screen, click on the down arrow, which will provide various pieces of information about the current state of the computer. In the lower left-hand corner of that box, click on the settings icon:

System status box

  1. From the All Settings screen, click on the purple privacy icon in the first row to display the privacy dialog box, then select the Screen Lock entry:

 Privacy box

  1. Adjust the settings as desired; in the following example I have set the timer to 1 hour:

Screen Lock

  1. Finish by clicking on the Xs at the top until you are back at the main screen.

Correcting the Ethernet interface configuration

Since only one interface can be on at a time, we will set up networking as follows:

  1. In the upper right-hand corner of the screen, click on the down arrow, which will provide various pieces of information about the current state of the computer. In the lower left-hand corner of that box, click on the settings icon:

System status box

  1. Next to one of the interfaces, select the arrow icon, which will expose another level of menus. Click on Wired Settings:

System status box

  1. Select Add Profile from the bottom:

Network window

  1. From the New Profile window, select Identity on the left; and for Name, enter Host-Only Network:

New Profile window

  1. In the left column, click on IPv4 and scroll all the way to the bottom and put a check in the box labeled Use this connection only for resources on its network, and then click on Add:

New Profile window

  1. Assign eth1 to the host-only network that we just created by clicking on eth1 to highlight it. Click on host-only network. Verify that eth0 is assigned to the wired connection network by clicking on eth1. You should now be able to have both interfaces enabled simultaneously:

Network window

Connecting and disconnecting Ethernet interfaces

Kali Linux makes it easy to manage network connections using network manager. This is how you will connect and disconnect network interfaces:

  1. In the upper right-hand corner of the screen, click on the down arrow, which will provide various pieces of information about the current state of the computer:

System status box

  1. You will see entries for both your eth0 and eth1 interfaces. If you have followed our guide, the eth0 network is connected to the NAT network and allows access to the internet and networks outside of your virtual machine. The eth1 interface is the host-only network, which connects to your test machine. You can toggle these on and off as required.
 

Installing Windows machines


Creating a lab environment where we can safely perform security testing is key to being able to develop a repeatable set of skills. In this section, we will cover the installation and configuration of Windows desktop machines, as well as an active directory server.

As the Microsoft Windows operating system is the most commonly employed operating system, we will be looking to test the windows platform with Kali Linux in our lab.

Getting ready

To complete this section, you will need the following:

  1. Installation media for Windows 7 and Windows server 2008. Due to licensing restrictions, we are unable to provide installation media for Microsoft software products.

Note

These versions are preferable as they are old enough to have well-documented vulnerabilities and low resource requirements. Since Windows 7 for desktops and Windows server 2008 are most commonly seen as of the time of the writing of this book, we recommend these be used for your test lab, and will be used as examples in this book.

  1. A virtual machine platform such as VirtualBox which we configured in previous steps.
  1. Starting from your VirtualBox interface, select the New button from the upper-left corner to create a new virtual host for Windows to be installed into. You will need to use a system template that matches the version of Windows you are going to be installing:

Create new virtual machine

  1. Since this machine will be for testing only, assign it 1 or 2 gigabytes of memory, and use the default values for all of the remaining options by clicking on Next until you reach the end of the configuration section.
  2. Once the initial virtual host has been configured, you will need to go back into the settings to tell the virtual host to boot from the installation media. Right-click on the virtual system that you just created and go to settings. Once in the settings dialog window, select Storage from the menu on the left, highlight the topmost controller device, click on the Add Storage Attachment button, and select Add Optical Drive.
  3. From the next dialog box, select Use Existing when asked whether you would like to leave the storage option empty. When prompted, navigate to your Windows installation media, and click on Open; then complete the configuration session by clicking on OK.
  4. Start your new virtual machine by clicking on the parentheses start button.
  5. From this point, you will follow the default operating system installation process specific to the version of Windows you have selected. When given the option of installing additional services, use only the default options selected.
  1. During installation, we will name our systems something easy to remember. We will name the desktop clients Windows Desktop 1 and Windows Desktop 2, and the server AD Server.
  2. When prompted to configure the Windows update services, ensure that you do not enable the automatic installation of Windows updates:

 

De-selection of automatic Windows updates

Note

On certain platforms, you may select the option to download but not install updates if you so choose. This will allow you to evaluate the security of the system, both prior to and after the installation of Windows updates. You maybe asked to create a password for the administrative user. If this is the case, then create a user and password that will be easy to remember and refer to in future chapters.

  1. Once you have completed the installation of Windows 7, reboot the machine, and login when presented with the login screen.
  2. Once logged in, change the machine name to Win7_Desktop_1, and reboot.
  3. Go into the virtual host settings, and ensure that the network adapter is assigned to the host-only network that we created earlier in this section.
  4. Now that the machine has been properly configured, we will clone it to create a second instance of Windows 7 desktop. 

Note

Cloning of machines makes it very easy to create a gold image and working copies from this image. It is different than snapshots, which create point-in-time references that can be rolled back to if need be.

  1. To create a clone of the Windows desktop machine, you will need to power it up using the Start option. Once started, do not log into the machine; but rather from the desktop view, from the top menu bar, select Machine | Take Snapshot... to start the snapshot creation process:

Create snapshot

  1. In the next screen, you will be given the opportunity to name and provide details about the purpose of this snapshot. Since it is likely that we will be returning to this state frequently, name it Initial Installation, and in the description, indicate that this is a clean Windows build, and that the snapshot was taken before AD domain membership:

Creating a VirtualBox snapshot

  1. VirtualBox will now generate a snapshot. Depending on the system, this may take several minutes. Once complete, power down the system using the power buttons on the lower-right part of the login screen – do not login at this time.
  2. Now that the initial host has been set up, we will need to create the clone of this device. To do so, right-click on Windows 7 Desktop 1, and select Clone... from the dropdown menu:

Start cloning process

  1. When prompted, name this Windows Desktop 2, and select the option to reinitialize the MAC address of all available cards. Click on Next.
  2. When given the option to do so, select Full Clone as the clone type, and click on Next.
  3. Since we will be creating a new snapshot of this system in a subsequent step, choose the option for Current Machine State as the options for snapshots, and click on Next. This will start the cloning process, which may take several minutes.
  4. Once completed, we will start this host as well as we did with the first Windows 7 Desktop 1, but this time, we will log in when prompted to do so.
  5. Once logged in, you will need to change the name of the machine to Win7_Desktop_2. Allow the machine to reboot.
  6. Once back at the login screen, create a snapshot as we described earlier.
  7. We will now install the Windows 2008 server in the same manner we did the Windows 7 desktops, ensuring that the device is assigned to the host-only network that we created in a previous section.
  8. With all the default options chosen, install Windows 2008, and log in for the first time. The first time you log in, you will be presented with the Initial Configuration Tasks tool. From this tool, configure only the following:

Set time zone

Set to your timezone

Configure networking

Set the IP information as follows: IP Address: 192.168.56.10 Subnet Mask: 255.255.255.0 Gateway: 192.168.56.1 DNS Server: 192.268.56.1

Computer name and domain

Computer name: AD-Server Leave set to workgroup for now

Initial Windows server configuration:

  1. Reboot the server after these options are set, and log in. The Initial Configuration Tasks wizard will open again. Scroll down to the section named Add Roles; here we will add the DNS and DHCP roles to this server.

 

  1. Select all the default options, except the following:

Page

Option

Setting

Specify IPv4 DNS Server Settings

Parent Domain

kalicookbook.local

Add of Edit DHCP Scopes (click on ADD)

Scope Name

Lab

Starting IP Address

192.168.56.100

Ending IP Address

192.168.56.150

Default Gateway

192.168.56.1

Configure IPv8 Stateless Mode

Select the DHCPv6 Stateless Mode...

Disable DHCPv6 stateless mode for this server

 Initial role configuration

  1. Once all the preceding has been completed, reboot the server, and log into each of the desktops to make sure that they get an IP address from the AD server and that you can ping each host by their IP addresses. We will configure DNS in a later step.
  2. After you have confirmed that network connectivity between your hosts is working properly, close all open windows, and create a snapshot as we have done in the past.
  3. With the desktop machines created and functioning, you will need to enable basic services on the AD server. After logging into the server, you will be presented with the Initial Configuration Tasks wizard again. Once presented, scroll down to Customize this Server section, and click on Add Role.
  4. In the section called Select Server Roles, select and install the following:
    • File services
    • Remote desktop services
    • Web server (IIS)

Note

If you are prompted to include dependencies, accept, and continue.

  1. As you progress, you will need to select certain options for each of the roles added previously:
    1. Remote desktop services:
      • Select only Remote Desktop Session Host and click on Next
      • Select Do Note Require Network Level Authentication
      • Select Configure Later to defer the licensing of the remote desktop until a later date (120 days max)
      • Permitted user groups: Leave administrators in place and continue
    2. Leave all the remaining options as the default and continue. Reboot when prompted to do so, and log in once more; you will automatically return to the Add Roles wizard. Confirm that the installation was successful.
  2. Return to the Add Role wizard, and select this time to install Active Directory Domain Services. Click on Install AD DS Anyway (not recommended) when presented with the dialog box confirming installation on a domain controller, and accept any dependencies that maybe required. Continue through the installation process with the remaining default options. When complete, select Close.
  3. In the left menu, select Active Directory Domain Services; and in the right pane, select Run the Active Directory Domain Services Installation Wizard (dcpromo.exe). As you go through the wizard, select the default options, except for the following:
    • Choose a deployment configuration: Create new domain in a new forest
    • FQDN of the forest root domain: kalicookbook.local
    • Forest functional model: Windows server 2008 R2
    • Once prompted, reboot. Confirm there are no errors
  4. You will now need to log into each of the Windows 7 desktops and join them to the kalicookbook.local domain.
  5. Log into each machine and ensure that Windows updates are disabled. Make sure the Windows firewall is also disabled.
  6. Create snapshots of each to give us a foundation to work from as we progress through this book. Snapshots will allow us to go back to pre-determined points in time.
 

Installing Metasploitable


Metasploitable is a key component of our testing environment. It is based on the Ubuntu Linux operating system and is made specifically exploitable for penetration testing purposes. This VM should never be exposed directly to the internet, and, for our purposes, we will use the host-only network to bind to.

Getting ready

Before you start, ensure the following prerequisites:

How to do it...

The installation of Metasploitable is done in the following manner:

  1. Start by unzipping the Metasploitable ZIP (at the time of publication this was metasploitable-linux-2.0.0.zip) file that you previously downloaded.
  2. Change the directory name that was extracted to metasploitable.
  3. Find where your main VirtualBox storage is.
  4. Windows default: c:\users\<username>\virtualBox VMs
  5. Mac default: /users/<username>/VirtualBox VMs

Note

You should see a directory under the main path for the Kali Linux VM you installed earlier.

  1. In this directory, create a new folder called Virtual Disks. This will make the following path:

...\VirtualBox VMs\Virtual Disks.

 

  1. Move the metasploitable directory that was created when you unzipped the file earlier under the \Virtual Disks\ directory you created.
  2. Open the VirtualBox manager application, and select New from the top-left corner. To quicken the installation if we are not in expert mode, let's select it by clicking on Expert Mode at the bottom.

Note

You will know you are in Expert Mode if you see an option for Guided Mode at the bottom.

  1. Let's name our VM Metasploitable. Select Type as Linux and Version as Linux 2.6 / 3.x / 4.x (64-bit), enter 2048 for the memory size.
  2. Select Use an existing virtual hard disk file, and click on the file icon on the right; and browse for the metasploitable.vmdk file under the directory from the prior step; then click on Create.
  3. We will now be brought back to the main VM VirtualBox manager screen. Click on the Metasploitable VM to highlight it, and then click on Settings.

 

  1. Click on Network and, for Adapter 1, select the Host-only Adapter and the Name as vboxnet0; lastly, click on OK:

Metasploitable - network dialog

  1. You will now be brought back to the main VirtualBox manager screen. Click on Metasplotable to highlight it and click on Start.
  2. Once the VM is started, you will be brought to the main login screen:

 Metasploitable main login screen

Note

To shut down this VM, you have to log in and issue the command, sudo shutdown -h now. Although the VM itself shuts down, it will not end the VirtualBox session. You must select the Red X at the top of the screen. This will provide a dialog box; select the radio button Power off the machine and click on Ok.

 

Installing OWASP-BWA


The Open Web Application Security Project (OWASP), is a global community that focuses on security awareness and the development of secure applications. While this may be thought of as a single application or platform, OWASP is actually a collection of projects that can focus on any number of aspects of applications security. For this recipe, we will focus on the OWASP Broken Web Application (BWA) project to provide us with a standardized platform for the testing of our tools in later chapters.

Getting ready

To install the OWASP-BWA image, we will need to do the following:

How to do it...

To install OWASP-BWA into our VirtualBox environment, we will do the following:

  1. Unzip the ZIP file containing the OWASP-BWA files into a location you will reference in the next few steps.
  2. From the console of VirtualBox, on the upper left, we will select the New icon to begin the creation of a new virtual machine.

 

  1. We will name our new virtual machine OWASP-BWA, and define it as a 64 bit Ubuntu Linux system:

    Creating a virtual machine for OWASP-BWA

  2. Leave the default memory allocation as 1024 MB, and click Next.
  3. You will now select Use existing virtual hard disk and navigate to the directory where you unpacked OWASP-BWA. From that directory, select the following and click Create:

Selection of OWASP-BWA virtual disk

  1. Once you have created the virtual machine, we will need to make sure that the correct network interface has been designated. Right-click on on our new host on the left, and select Settings. Navigate to Network and ensure that the Adapter 1 is attached to the Host-only Adapter, and that the other adapters are not enabled:

Designating the network adapter for OWASP-BWA in VirtualBox

  1. Once complete, start the new virtual machine and ensure that it boots properly.

Note

It is very likely that fsck will run when first started due to the length of time since last run. You can allow this to complete to ensure there is no observed disk corruption - it only takes a few minutes.

  1. Once fully booted, login as root with the password owaspbwa.
  2. Ensure that you are receiving an IP address from DHCP by issuing ifconfig eth0 from the command line.

 

  1. Open a web browser, and navigate it to the IP address of the OWASP-BWA guest. Ensure that you are able to see the different projects within OWASP-BWA. If you are able to see the following web page, you have successfully configured OWASP-BWA:

Confirmation of services running on OWASP-BWA

 

Understanding hack me and other online resources


There are several other resources that can be accessed either online or installed in VirtualBox that you can use to hone your penetration testing skills. The following list contains few resources you may want to explore as a supplement to the exercises in this book:

hack.me

Easy to advanced challenges

https://hack.me/

Hack this site

Easy to advanced challenges

https://www.hackthissite.org/

Vulnerable by design

Easy to advanced challenges

https://www.vulnhub.com/

Bee-Box

Vulnerable web sites

https://sourceforge.net/projects/bwapp/files/bee-box/

Moth

Vulnerable web applications

http://www.bonsai-sec.com/en/research/moth.php

RasPwn

Vulnerable Raspberry Pi image

http://raspwn.org/

OWASP-BWA

OWASP broken web application

https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Project

Hackfest 2016 Sedna

Medium difficulty - root access

https://www.vulnhub.com/entry/hackfest2016-sedna,181/

Hackfest 2016 Quaoar

Easy machine to own

https://www.vulnhub.com/entry/hackfest2016-quaoar,180/

Pentester Lab: XSS and MySQL File

Easy SQL injection example

https://www.vulnhub.com/entry/pentester-lab-xss-and-mysql-file,66/

SQLInjection to Shell

Intermediate - SQL injection to shell

https://www.vulnhub.com/entry/pentester-lab-from-sql-injection-to-shell-ii,69/

Damn vulnerable web application

Vulnerable - PHP/MySQL application

https://github.com/Hackademic/hackademic

Hackxor

Webapp hacking game

http://hackxor.sourceforge.net/cgi-bin/index.pl

WebGoat

Medium level challenge

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

There's more...

The preceding resources will be installed on a variety of different methods that are beyond the scope of this book. But I will quickly mention some of the deployment options:

  • Virtual machines that, can be installed in VirtualBox
  • Scripts that can be run on standard Linux machines to build applications and make them specifically vulnerable to attacks
  • Resources that you may attack over the internet 
  • Complete self contained hacking environments

Note

Please ensure that as you are working with these sites, you read carefully the terms of service and understand all requirements and limitations of the environment or tools you are working with. Also be careful if you are remotely hacking sites across the internet. Although there are some of these options available for testing and it may be perfectly legal to do so, your Internet Service Provider (ISP) may flag the activity as malicious and take action against you.

 

About the Authors

  • Corey P. Schultz

    Corey P. Schultz is a technologist focusing on security research, Internet of Things, and the impact of technology on education and learning. He has over 20 years of experience in the security industry doing security architecture, penetration testing, incident response, and forensic analysis.

    Corey is currently a technical solutions architect for Cisco Systems Global Security Sales Organization. He works on a daily basis with large environments on designing and architecting secure enterprise networks.

    You can also find Corey active on Twitter @cschultz0000, where you can also see his schedule of speaking engagements and appearances.

    Browse publications by this author
  • Bob Perciaccante

    Bob Perciaccante is seasoned information security practitioner who has been in the security field for almost 20 years. Currently, he is a consulting systems engineer for Cisco Systems in Pennsylvania where he has worked for the last 10 years focusing on network and data security, network access control, and secure network architectures. His primary day-to-day responsibilities focus on designing secure network solutions for his customers and working to train customers and partners on security solution implementations and daily operations to get the most out of their infrastructure.

    When not involved in security activities, Bob enjoys eclectic hobbies such as working on cars, 3D printing, and camping.

    Collaborating with his Cisco peer, Corey P. Schultz, this book is his first security publication.

    Browse publications by this author

Latest Reviews

(6 reviews total)
I ended up returning it, but I appreciate the customer support I received.
Sehr gutes seltenes Fachbuch
Great book , good service

Recommended For You

Book Title
Unlock this book and the full library for only $5/m
Access now