12. Set-up environment for pen testing and red teaming

Task

Set-up environment for pen testing and red teaming.

T

2days

Must

Execution

Introduction

At the start of the semester I’ve setup my own tools needed to being able to perform pentests without too much hindrance. I’ve set this up using a Kali Linux virtual machine with plenty of dedicated RAM. For more information about the specific specs visit the about page detailing the architecture - but for the purpose of this assignment a recap will be provided.

Architecture

The network architecture of my configuration for my Kali machine is quite simple. The machine is in a virtual network - behind a pfSense firewall that I run at home. OpenVPN is used to make connection with the firewall; which grants access to the specific VLAN that puts the client of the VPN in the same network as the Kali machine. From here, I usually Remote Desktop into the KVM (my windows machine), because there’s more tools on this machine then doing everything remotely - it is still an option though. The screenshot below display the current architecture of this setup.

Warning

TODO update later when making network changes

../../_images/archi21.png

Tools

I use a combination of mobaXterm and noVNC to connect to the Kali machine. MobaXTerm is a (very good in my opinion) SSH terminal, since it allows for an user to setup a multiplexer. I use the noVNC to get access to GUI-tools, such as BurpSuite. Speaking of which, the Firefox browser in the machine is configured to use BurpSuite proxy (so that information can be intercepted). The screenshot below shows an example of this being in action, one terminal being used for devving, the other for a tool such as msf, pinging the machine to make sure connectivity is stable and one terminal for netcat or maybe the results of the nmap scan.
../../_images/kalisetupexample.png

noVNC

This is the command I use to run the novnc session - do keep in mind you need to adjust the password if you want to use it. To give the VNC session a proper resolution I’ve also adjusted the grub settings.
On the fly startup VNC:
$ x11vnc -display :0 -autoport -localhost -passwd nicetry -bg -xkb -ncache -ncache_cr -quiet -forever
To make a persisted VNC I first had to create an x11vnc service:
$ vi /lib/systemd/system/x11vnc.service
Here’s the contents:
[Unit]
Description=Start x11vnc at startup.
After=multi-user.target

[Service]
Type=simple
ExecStart=/usr/bin/x11vnc -auth guess -forever -loop -noxdamage -repeat -passwd nicetry -rfbport 5900 -shared


[Install]
WantedBy=multi-user.target
To adjust the resolution to make vnc usable:
$ vi /etc/default/grub
In the grub file:
GRUB_CMD_LINUX_DEFAULT="quiest splash video=hyperv_fb:1800x900"

Burp

In order to setup BurpSuite I’ve configured Firefox on my Kali machine to use the appropiate port. After this, all you have to do simply do is visit https://burpsuite with the proxy enabled and install the CA certificate at the right hand side. With this enabled, one should be able to intercept http traffic. This tool is particularly useful for the repeater - which allows a security professional to easily test out for various OWASP injections.

../../_images/vncsetup.png

Expansion

If one were to implement an environment for a pen-test, using a central point would be advised. Thus, rolling out OpenVPN configuration to my colleague red teamers to grant them access and making it easy to roll out a Kali virtual machine with the configuration described above would be a good way to expand the network. Though general instability would be introduced - currently my tools are running from my home, and I do not want to be blacklisted from the internet due to someone in my team doing something malicious unknowingly.