Setting your very own PenTest Lab

There are types and types of Pentest labs, The one we are going to cover is a very basic Pentest lab, based on virtual machines. No additional hardware is necessary to make this lab.

The first step towards making our lab, is downloading one of the many virtual machine frameworks.
This frameWorks are:
-VirtualBox:
http://www.virtualbox.org
-VmWare:
http://www.vmware.com

Once we have downloaded our Virtual framework, we have to download our PenTest OS.
This is a list of the most important, and professional PentTest OS, you can also make your own linux distro, and include the pentest tools that you would like into it, but that is another tutorial.

This list is:

1. Kali Linux
https://www.kali.org/

2. SELinux
selinuxproject.org

3. Knoppix
http://www.knoppix.org/

4 BackBox Linux
http://www.backbox.org/

5. Pentoo
http://www.pentoo.ch/

6. Matriux
http://www.matriux.com

7. NodeZero
http://www.nodezero-linux.org/

8. Blackbuntu
sourceforge.net/projects/blackbuntu/

9. Samurai Web Testing Framework
samurai.inguardians.com

10. WEAKERTH4N
weaknetlabs.com

11. CAINE (Computer Aided Investigative Environment)
http://www.caine-live.net/

12. Bugtraq
http://www.securityfocus.com/

13. DEFT
http://www.deftlinux.net/

14. Helix
distrowatch.com/helix

There is two ways of running these distros on virtual machines:

You can use the virtual machine image:(vmi,ova) by selecting the export a new virtual machine option.
-Vmware: https://pubs.vmware.com/workstation-9/topic/com.vmware.ws.using.doc/GUID-D1FEBF81-D0AA-469B-87C3-D8E8C45E4ED9.html

-VirtualBox:https://www.virtualbox.org/manual/ch01.html

Also you can create a new virtual machine by using iso files. ISO files are files that contain the complete image of a disc. This option is advisable, because some formats of virtual machines images( such as vmi) do not work properly on some other virtual machines. In other words, rarely virtual machine images from vmware work in virtual box, and the other way around.

Once you have your OS settled in your virtual machine, you are going to change the network settings, and connect this PenTest OS(as well as any other installed OS in your virtual machine framework) to your Network Address Translator(NAT). This is done in order to share the same network with all the machines, so the interaction of this machines with each other would be easier to achieve.

Furthermore, you can install some of this virtual machines for building a foundation of PenTest, at

– VulnHub: https://www.vulnhub.com/

Training with these virtual machines to attempt to get root access to them, would be a really good training before you attempt to apply to your first FTP challenges.

VulnHub is a great site to find virtual machine images that simulate different scenarios where you need to break into. There are many different types and levels of difficulty. I would personally advice to start with a very basic linux distro called “metasploitable”
metasploitable 1 and 2: https://www.vulnhub.com/?q=metasploitable&sort=date-asc&type=vm

and then attempt to hack into kioptrix:
kioptrix levels: https://www.vulnhub.com/series/kioptrix,8/

We would have introductory tutorials guiding you on the steps and theory to break into these systems, as well to some “not that easy” ones in the future. I hope that you can manage now to make your own PenTest lab, and start training with it.

If you have any problems I would be very happy to help you with them, just leave a comment below and I would reply the soonest I can.

Stay curious

TBF

bandit3

In bandit 3 The password for the next level is stored in a hidden file in the inhere directory.
Password bandit3=UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK
When we try to get a file list of all the files that are in the current directory, we get this output:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-17-42

In order to be able to change directories from current directory, to ‘inhere’ we execute the following command:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-19-58

Ok now, if we try to see the list of the contents of that directory we get the following output:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-21-17

We can see that the ‘ls’ command is not reading anything, and is not returning any output for the value of files inside ‘inhere’.
What we can do is check for any ‘hidden files’ In order to do so, we add a -a to the ls command. The program give us the following output:
Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-23-53

So the command ‘ls -a’ read a hidden file called ‘.hidden’, therefore now we can attempt to open and read it:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-26-23

And there we have our password for the next level;
bandit4 Password=pIwrPrtPN36QITSp3EQaw936yaFoFgAB

bandit2

The password for the next level is stored in a file called spaces in this filename located in the home directory.

Password bandit2=CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9;

we can verify that there is a file in the current directory that is calles spaces in this file.

In order to succesfully read the file we do the following command:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-17-07-40

the theory background behind this command is that when a file has spaces in its file name, we have to treat every string in the file name as if they were nested from origin string 1, which is the first string of the file name, starting from the left.

therefore
Password bandit3=UmHadQclWmgdLOKQ3YNgjWxGoRMb5luK

bandit1

In level bandit1 The password for the next level is stored in a file called – located in the home directory.
To login to bandit1 on the server we do the following:Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-42-13
bandit1 Password=boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Once we loging to the server and we type ls to see the list of all files on the current directory, we see this in the terminal:
Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-45-38

in order to read special character, we have to specify in which directory they are located united with the ‘cat’ command. we do that by typing the following:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-48-33

as you can see, we were able to read the file.
The theory behind the command is very simple, cat opens the file and reads it for us, the dot at the beginning of the forward slash just specifies that the file is in the current directory, then we call the file.

therefore,
bandit2 Password=CV1DtqXWVFXTvM2F0k09SHz0YwRINYA9;

Bandit0

This series of post are going to be based on solving wargames. Before actually doing any Pen testing, or diving to more complex topics, we have to make sure that we have the basics clear. Therefore in this blog, we are going to solve the wargame called bandit.

This wargame focus on linux shell scripting along with some cryptography exercises, but nothing too complicated. If you are a beginner, you should do all the different levels looking at the notes posted here, and then afterwards you should go trough them by your own. if you get stuck throughout the process, don`t panic, and get reference from the notes.
Although I recommend the book RTFM – Red Team Field Manual; which you can download here as a quick reference to this exercise, even though the book has so much more to offer, and we will be an optimum help for furture exercises.

Ok lets begin.

In order to “play” bandit, we have to connect to the overthewire-bandit wargame server. To do this we have to use Secure Shell Client protocol commonly known as SSH. If you are running Windows, the program I recommend that supplies SSH is ‘Putty’,, Otherwise if you are running linux there is no need of installing anything, this is because linux comes with libraries and repositories, which includes set of program binaries and services, which most of them are pre-installed in the system, and one of them is a ssh service.
I am going to proceed with the rest of the exercises running Linux on my virtual machine. I’m not going to discuss how to install a virtual machine in this tutorial, However if you are using windows, the methodology of the game does not change, and the commands are still the same.

step 1: in the linux terminal we type the following:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-16-40

Server Password : bandit0

If the login runs correctly you should have something like this in your terminal:
Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-19-21

Once we are logged in the server ‘melinda’ , we want to see a lits of all the files in the current file, to do so we just type ln into the command prompt.

Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-22-05

As you can see there is a file called ‘readme’ inside of the current directory, to open and read what is inside of it we do the following:

Kali-Linux-1.0.9-vm-amd64-2015-03-05-16-23-48
Inside of the file there is the password of level bandit1!
bandit1 Password=boJ9jbbUNNfktd78OOpsqOltutMc3MY1

Hello world!

Hello everyone.

I have decided to create this blog to show the world my journey trough computer security . I will post various exercises that i will be doing, along with programs that i will design. Moreover, I will create tutorials about everything that I would record in this blog, so everyone can learn and take this blog as a free security training resource.

Most of the problems and solved exercises that i will do are all from well known wargames sites.

Please if you have any questions or enquirers, don’t hesitate to contact me. Also let me know if you would like me to do exercises or examples on certain topics, such as reverse engineering, buffers overflows, Cryptology , stenography, Pentest methodologies such as SQLi , XSS…etc.

Hope you enjoy the blog.

WTS