.. _setupbox: 12. Set-up environment for pen testing and red teaming ======================================================= Task ^^^^^ +-----------------------------------------------------+----------+----------+-------------+ | Set-up environment for pen testing and red teaming. | T | 2days | Must | +-----------------------------------------------------+----------+----------+-------------+ Execution ^^^^^^^^^^ Introduction ^^^^^^^^^^^^^ | At the start of the semester I've setup my own tools needed to being able to perform pentests without too much hindrance. I've set this up using a `Kali Linux`_ virtual machine with plenty of dedicated RAM. For more information about the specific specs visit the `about`_ page detailing the architecture - but for the purpose of this assignment a recap will be provided. .. _about: /about.html .. _Kali Linux: https://www.kali.org/get-kali/ Architecture ^^^^^^^^^^^^^ | The network architecture of my configuration for my Kali machine is quite simple. The machine is in a virtual network - behind a `pfSense`_ firewall that I run at home. OpenVPN is used to make connection with the firewall; which grants access to the specific VLAN that puts the client of the VPN in the same network as the Kali machine. From here, I usually Remote Desktop into the KVM (my windows machine), because there's more tools on this machine then doing everything remotely - it is still an option though. The screenshot below display the current architecture of this setup. .. _pfSense: https://www.pfsense.org/ .. WARNING:: TODO update later when making network changes .. image:: archi2.png :target: _images/archi2.png .. sidebar:: MobaXTerm .. image:: https://i.imgur.com/oHG2BIU.png Tools ^^^^^^ | I use a combination of `mobaXterm`_ and noVNC to connect to the Kali machine. MobaXTerm is a (very good in my opinion) SSH terminal, since it allows for an user to setup a multiplexer. I use the noVNC to get access to GUI-tools, such as BurpSuite. Speaking of which, the Firefox browser in the machine is configured to use BurpSuite proxy (so that information can be intercepted). The screenshot below shows an example of this being in action, one terminal being used for devving, the other for a tool such as msf, pinging the machine to make sure connectivity is stable and one terminal for netcat or maybe the results of the nmap scan. .. _mobaXterm: https://mobaxterm.mobatek.net/ .. image:: kalisetupexample.png :target: _images/kalisetupexample.png noVNC ^^^^^ | This is the command I use to run the novnc session - do keep in mind you need to adjust the password if you want to use it. To give the VNC session a proper resolution I've also adjusted the grub settings. | On the fly startup VNC: .. code-block:: console $ x11vnc -display :0 -autoport -localhost -passwd nicetry -bg -xkb -ncache -ncache_cr -quiet -forever | To make a persisted VNC I first had to create an x11vnc service: .. code-block:: console $ vi /lib/systemd/system/x11vnc.service | Here's the contents: .. code-block:: bash [Unit] Description=Start x11vnc at startup. After=multi-user.target [Service] Type=simple ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -passwd nicetry -rfbport 5900 -shared [Install] WantedBy=multi-user.target | To adjust the resolution to make vnc usable: .. code-block:: console $ vi /etc/default/grub | In the ``grub`` file: .. code-block:: bash GRUB_CMD_LINUX_DEFAULT="quiest splash video=hyperv_fb:1800x900" .. sidebar:: BurpSuite .. image:: https://i.imgur.com/QQFR4m8.png Burp ^^^^^ In order to setup `BurpSuite`_ I've configured Firefox on my Kali machine to use the appropiate port. After this, all you have to do simply do is visit https://burpsuite with the proxy enabled and install the CA certificate at the right hand side. With this enabled, one should be able to intercept http traffic. This tool is particularly useful for the repeater - which allows a security professional to easily test out for various OWASP injections. .. _BurpSuite: https://portswigger.net/burp .. image:: vncsetup.png :target: _images/vncsetup.png Expansion ^^^^^^^^^^ | If one were to implement an environment for a pen-test, using a central point would be advised. Thus, rolling out OpenVPN configuration to my colleague red teamers to grant them access and making it easy to roll out a Kali virtual machine with the configuration described above would be a good way to expand the network. Though general instability would be introduced - currently my tools are running from my home, and I do not want to be blacklisted from the internet due to someone in my team doing something malicious unknowingly.