Security BSides St. John’s wrapped up a couple of weeks ago, and has re-invigorated my interest in teaching myself more about security, particularly around penetration testing. The following Monday, I started tackling a new side project – set up a pentesting lab in Oracle VirtualBox, and discovered a couple of things: This is easier said than done, and there’s not really a good beginners guide to all this.
While grabbing a bit of lunch on Tuesday, it occured to me that this would be a fun challenge, not to mention a good way to work on blogging more. I’ve decided to issue myself the following challenge:
Work on computer security for at least 30 minutes every day until the end of October.
For this challenge, I’m including reading security-related books, as well as setting up and configuring my test environment. I won’t be blogging every day (no way I can squeeze that in too!), but I will be logging it, and posting on Monday mornings what I’ve done for the past week.
I’m hoping that, if this challenge turns up anything interesting, it might get turned in to a conference talk. At the very least, I’ll pick up some new tricks for my day job! If you see anything here that raises a question for you, please don’t hesitate to comment. I may not have an answer, but I’ll certainly try to give you as much information as I can.
So, without further ado, here’s my log for this week:
Sept. 25: Tried to run VirtualBox. For some reason, it wouldn’t start. Googling indicates possible conflict between the version I had installed, and various Windows Updates. Re-installed. Downloaded Kali Linux (KL), and Metasploitable 2 (MS2). Realized I shouldn’t have MS2 on the open network. Tried to set up a Host-Only adapter via the UI; error returned. Spent 30 minutes reading “Network Security Assessment” 3rd Edition, by Chris McNab.
Sept. 26: Discovered that adapter hadn’t been created on install; used “VBoxManage hostonly if create”. Reconfigured VMs to use Host-Only adapter, and configured DHCP server from the UI, to narrow the IP range. Couldn’t get the VMs to get an IP, so tried static addresses. Still no effect. Eventually, realized the “Cable Connected” option hadn’t been checked. Was able to get DHCP working. Nmap was taking a long time (sudo nmap p0-65535 192.168.224.3), so I added -n to ignore DNS. Also added -v to monitor. Scan appears to be taking at least an hour, based on time. Had to pause; will restart tomorrow. While working on making dinner, mapped out a possible home lab, using some leftover hardware. May need to do some repairs on some equipment. Possible experiment: using iPad Mini as pentesting tool.
Sept. 27: Continued scans (VMs had been paused on Day 2). Compared results to what was presented as expected in the Metasploitable 2 guide from Rapid 7 (https://metasploit.help.rapid7.com/v1.1/docs/metasploitable-2-exploitability-guide). Following guide from Rapid7, realized that rpcbind and nsf-common weren’t already installed. Installed without issue. rpcinfo -p failed due to timeout. Removing p switch. Realized I had switched network interfaces, so I could download needed packages. rpcinfo -p returned list. Tried the first backdoor (vsftpd), but wasn’t able to exploit it via console. Tried using the Metasploit Framework Module to run the exploit (https://www.rapid7.com/db/modules/exploit/unix/ftp/vsftpd_234_backdoor). Can’t seem to get it to point at the address of the MS2 VM. Found a good tutorial that clarified the original instructions a bit, plus gave me some insight in to checking the results of the first phase of the exploit (http://www.hackingtutorials.org/metasploit-tutorials/exploiting-vsftpd-metasploitable/). Successfully complete the Rapid7 guide’s basics.
Sept. 28-Oct.1: Spent 30 minutes reading “Network Security Assessment” each day
After this first week, I’m keen to try and find some kind of Capture The Flag or similar sort of challenge, that I can run in my lab. If you’ve got any suggestions, feel free to comment!