MacOS-based network environment to build offensive and defensive

1. knowledge carding and summary

Second chapter is mainly practice, probably divided into the following sections elaborate.

Select network attack and defense environment

Offensive and defensive environment topology

Network attack and defense environment installation

Introduce related software

Select network attack and defense environment

First, after reading the contents of the book, we started the bedroom some discussion, decided to unify the environment after the upgrade. The following upgrade version make a brief introduction.

Upgrade attack aircraft for the Kali Linux . Direct download version of VMware, remember that the default user name and password are kali.
Drone for the M etasploitable2 . VMware also download version, remember that the default user name and password is msfadmin.
Download the SEED UBUNTU 16.04 32-bit version, this version contains only a VMware virtual storage, does not contain vmx file, remember that the default user name and password is seed/dees, root password bit seedubuntu.
From teachers Baidu cloud roo-1.4. Image file, remember that the default user name and password is roo/honey.
From teachers Baidu cloud WinXPAttacker. After downloading a VM can be opened directly. Remember default password is mima1234. As to why you want to install Windows Attacker, not a honey pot pot goes on to say.
Under macOS course, you can only choose VMware Fusion Pro 11 a (please support genuine).
Host Configuration Description: MacBook Pro 2015 MF840 16G. Configuration on here, is to tell you install can be assured, I thought it ** configure several virtual machines installed computer will be fried, did not think the fan did not turn about. Acquire a small notebook to the above said, these user name and password down , with below! ! !

Offensive and defensive environment topology

The network topology to build their own offensive and defensive environments given in the following FIG.

Network topology

Network attack and defense environment installation

Configure the virtual NIC

First open the network settings for VMware Fusion, and found the following Windows abundant than it is simply untenable, we have two new networks were vmnet2 and VMnet3 . vmnet2 in NAT mode, VMnet3 using only the host mode. Below, it is a specific configuration. Remember vmnet2 subnet IP and subnet mask (will be used later). If you want to know the difference between these three connections, refer to the VMware network connection .

Kali Linux installation attack

After the above extract directly from the website to download directly open inside the vmx file. Remember to set up the network connection just set VMnet2 . After inputting the password directly into the user name, we view the IP address as follows (please note books with a little bit). Here is a pit, is the need to sudo suenter administrator mode to execute ifconfigthe command. In this way, Kali attack aircraft installation is complete, is not so easy !!!

kali network

time-IP

Install Windows XP Attacker

首先说说为什么要装这个呢，主要还是进行蜜罐网关管理访问的时候，发现所有的浏览器都进不去，经过室友的提醒，只可以这个下面的IE可以进去，好吧，可能这个蜜罐网关是老了。所以我就装了Windows XP Attacker，不过里面的软件还是够丰富的。下载直接解压打开vmx文件，输入密码，记住配置网络为NAT模式，并用ipconfig查看IP地址。

WindowsAtt network

windowsIP

SEED Ubuntu攻击机安装

SEE的 Ubuntu下载了之后应该是一个不含vmx的文件。

首先打开VMware Fusion，点击自定义虚拟机。
进入选择Ubuntu 32位。
进入如下图所示的选择虚拟磁盘，记住选现存的你下载的SEED虚拟磁盘，到此就完成了。

下面又是三件套：输入密码，配置网络，查看IP。

SEED Network

SEEDIP

Metasploitable Linux靶机安装

下载解压后直接打开vmx文件即可，记住这个靶机的网络要选择仅主机模式。然后开启三件套：输入用户名密码，配置网络，查看IP。拿小本本记住IP地址哦。

Roo蜜罐网关安装

蜜罐网关的安装，是遇到的最坑的部分。我总结了可能存在一下几部分原因：

这个Roo蜜罐太老了，而且现在也没有支持的新版本。
关于蜜罐安装网上没有详细的教程，好多囫囵吞枣，容易陷坑。
蜜罐的使用率好像不高，虽然也有其他的蜜罐软件，但是都是极老的。

Starting
首先选择镜像安装，然后进入第二步千万不要选快捷安装。我一开始选了，导致我进不了系统，费了好大劲进了系统，进不了管理，反正这里取消快捷安装就好了。然后下一步下一步。

看到这个就是你成功的开始了，下面他会自己安装的。而我们要做更重要的事情就是配置另外两块网卡。首先应该确保你现在用的是NAT模式。然后点击虚拟机->网络适配器->网络适配器设置。进入之后点击添加设备添加两块网卡，这两块网卡的配置如下。

到这里，你蜜罐自己安装也差不多装好了，但是你的工作才刚刚开始。首先用户名登陆不变，然后要键入su -进入管理员模式。下一步进入Honeywall Configuration，但是根据网上的教程，./menu找不到命令，此时应该cd ../..，然后cd usr/sbin。这个时候就可以执行./menu命令了。进入之后，点击回车就进入配置了。

如果你进行到这一步那下面的就是改改数字了。主要分为三部分，一部分是IP信息，一部分是远程管理，最后一部分是Sebek的配置。首先进行IP信息的配置，如下。237是根据你上面建的网卡的子网IP来的。

下面进入远程管理的一些信息设置。

最后是sebek的配置。设置IP和之前的远程管理一样，其他默认下去就好了。

蜜罐安装到这一步基本上是完成了，下面我们来测试一下。这就需要你的Windows XP Attacker了。打开IE浏览器，输入https://192.168.237.8进入。第一次登陆的用户名密码位roo/honey，登陆后提示更改密码，记住密码要含有字母大小写，特殊字符，数字，可真是复杂啊（记小本本上）。第二张图显示的就是网关的数据分析了。

最后，用kali ping一下我们的靶机，测试我们的系统配置有没有问题，顺便看看蜜罐什么反应？
首先，我们通过tcpdump -i eth0 icmp开始蜜罐的监听。然后Kali主机开始执行ping 172.16.245.128得到的结果如下。我们发现正常ping没问题，蜜罐也没问题。环境到这里也基本安装完成了。

ping1

ping2

2. The problems and solutions encountered in the study

One problem: MacOS and windows are not the same thing did not cause a lot of tutorials
One problem solution: slowly groping
Second problem: some problems when installing honeypot, such as MENU not found, not from the definition installation
Question two solutions: are explained above
Question three: free map Bed thirty one days the picture is not enough, this is really too rich
Question three solutions: free map bed plus a two-pronged approach.

3. Learn sentiment, thinking

Network attack and defense practice is a need for hands-on class, we need to put in the time and effort carefully groping, simple things should be done carefully.
Learn to install network attack and defense environment and the use of some basic software, to improve their ability.
To understand the function of each and the relationship between attack aircraft, drones, SEED virtual machine honeypot.
CTF admire those who do, you can sit for twenty-four hours. In this experiment, I have wasted a lot of time, but also a great progress. Our patience is a great improvement.

20,199,101 2019-2020-2 "network attack and defense practice," the second week of work