20,199,302 2019-2020-2 "network attack and defense practice," the second week of work

"Network attack and defense practice" second job
job belongs courses: https://edu.cnblogs.com/campus/besti/19attackdefense/
operational requirements: https://edu.cnblogs.com/campus/besti/19attackdefense/homework/ 10449

Offensive and defensive environment to build detailed process (illustrated, which is the key part)

Topology FIG.

lab environment

• Host Host
  • Operating System: Win10
  • Software: VMware workstation pro
• Associated virtual machines
  • Honeywall Mirror: roo-1.4.hw-20090425114542.iso
  • Drone virtual machine: Windows XP professional linux Metasploitable
  • Attack virtual machine: WinXPattacker SEEDUbuntu16.04 Kali2020.1a

Build a virtual Honeynet step

Network Configuration

VMware Workstation pro -> Edit -> Virtual Network Editor VMnet1

VMnet8

Wherein, NAT set as follows:

DHCP (Dynamic ip address is provided for) is set as follows:

Drone installation

windows XP professional, and network connections to VMnet1, set the IP address

win2Kserver

linux Metasploitable, the network connection is set VMnet1, set the IP address

Command input sudo vim /etc/rc.local network configuration, configuration is as follows:
ifconfig eth0 192.168.200.123 netmask 255.255.255.128 route add default gw 192.168.200.1

sudo reboot

Attack aircraft installation

Attacker mounted virtual machine (WinXPattacker, kali and SEEDUbuntu16), and network connections to VMnet8 WinXPattacker automatically acquired IP (192.168.200.2) as shown below:

kali acquired IP (192.168.200.3) as follows:

SEED Ubuntu16, only .vmdk file compression bag, you need to create a new virtual machine, just pay attention to when choosing disk, choose to use an existing disk, and select the .vmdk as a disk.
Acquired IP (192.168.200.5) as follows:

Honeywall installation

Honeywall install a virtual machine and configure it. Honeywall virtual machine installation should pay attention to four points: (1) select CD / DVD drive after the virtual machine configured to specify the mirror

(2) Version:

(3) before the final step, select the custom hardware on the network adapter to add and set, and determines -> complete

The left (4) click on the virtual machine configuration list, add a CD / DVD drive and determination to complete.

Use roo log, after use

su -

Be put right, the first time su -will enter the configuration interface, you can also enter menuinto the configuration page. Configuration interface as follows:

Click to enter into the next page

Press ↓Select 4.honeywall configuration, carriage return

Press ↓Select 1.mode and IP information, carriage returns

Press ↓Select 2.honeypot IP Address, Enter ---> Enter honeypot IP, Enter

Select 5.LAN Broadcast Address, Enter ---> Enter the broadcast address, enter

Select 6.LAN CIDR Prefix, carriage return, the network number, the transport

Return to the previous menu, select 2.remote management, setting management information platform.

Select IP 1. management IP, input management platform and determine

Select Subnet Mask 2. management netmask, and to determine the input management platform

Select Gateway 3. management gateway, and to determine the input management platform

Select 7. manager, IP setting management range, and determines the input

Return to previous menu

Select 11. sebek, setting information to be transmitted to the host IP, upd port 1101, the packet processing option to drop

Configuration

test

After opening honeywall virtual machine, and log in roo mention the right to root, enter

su -

Open WinXPattacker, IE browser, enter the address in the address bar management

https://192.168.200.8

Certificates have a problem, click Continue, enter the following interface

Use honeywall account and password, roo and enter their password honey, first login password will change: the need to contain both uppercase letters, lowercase letters, special characters and numbers four types of characters. Login after:

Connectivity Test Honeywall

Enter the monitor command on honeywall gateway:

tcpdump -i eth0 icmp

In the pingWin2kserver WinXPattacker, the following data packet is detected on the gateway host honeywall:

(With the other port on the same, slightly)
(a VMnet1 in any of the other virtual machines and virtual machine VMnet8 ping each other and the same are slightly)

Features

Drone: As a honeypot, has some loopholes, used as a lure to attack the attacker to obtain information attack aircraft.

metasploitable vulnerability, based on Ubuntu, WinXP operating system, used as a security tool to test and demonstrate common exploits, as with MSF drone attacks.

Attack: Attack drones

WinXPattacker attack tools in a series of
scanning tools: decompiler, penetration tools, etc., Nessus, Nmap scan tool is used in the pre-challenge phase; Wireshark packet capture, as shown:

kali system also Nmap scan tool
metasploit frame involved metasploit vulnerability penetration;
Nmap, Nessus scan tool;
Wireshark packet capture tool;
the Aircrack-ng is used to break WEP / WAP / WPA 2 wireless password by receiving data packets to the network work, and analyzed by password recovery. It also has a console interface. In addition, Aircrack-ng also use standard FMS (Fluhrer, Mantin and Shamir) attacks, as well as some optimization (such as KORK attack and PTW attack) to speed up the attack;
Hydra violent attacks, used to verify the identity of the remote service break;
honey network gateway, a network connection and a drone attack machine is located where the network and set the Honeynet.

Learning problems encountered and solutions

1, after installing roo-1.4 virtual machine, did not enter the menu, enter the menu did not enter the Honeynet configuration page, carefully watching online tutorials, original mention the right time to use the

su -

And I use the

su

2, the installation kali Chinese system, but after installing into the system, the emergence of various garbled.
Solution: as follows:

(1) The first system code is set to English encoded (for mounting various tools required, fonts, etc., mainly in the case of downloaded fonts distortion wrong time, and prompts the distortion, it is necessary to put the system encoder arranged to English and easy to see what is wrong). Open the terminal input sudo dpkg-reconfigure locales

select

en_US.UTF-8

,as the picture shows:

View up and down keys, space bar to select, "*" indicates that selected, tab key is used to finalize, later to determine the following interface

Up and down keys to move between en_US.UTF-8 and determine, you can (do not forget to restart) see English interface rather than garbled (although in some places is still garbled, but good enough)

(2) update the software source, type the command

sudo vim /etc/apt/sources.list

Add the following source software

Use command to update

sudo apt-get update

(3) install Chinese fonts, use the command

sudo apt-get install xfonts-intl-chinese

as well as

sudo apt-get install ttf-wqy-microhei

Reboot, the system finally show normal

3, when the kali installation of the system has a step asks whether you want to use a network mirror as a supplement to this mirror, if the election is the case, there will be some errors, the source should not be used, so I'll select No, just install a local mirror step, network configuration there have been some problems, I choose not to direct configuration, etc. after you install the system and then configure the network connection.
4, in kali, use the ifconfig -a can not view IP, through Baidu, that can be used directly in the new version of kali

ip addr

Check the local IP address.
5, now there is a problem, VMnet1 and VMnet8 looks like two segments, but why are used 192.168.200.2-192.168.200.126 in the IP address of the computer network of knowledge have forgotten a lot, need Make it up

Learning insights and experience

Always remember, there will be reverberations. Spent a day just find out the Honeynet system is probably what the situation, it took more than a day ride the system, feel at home, like my mind is not good enough, it took so long, very hard to accept. Bahrain but in the end, still gratifying. Although the research is still lacking narrative related software, but first let me uncomfortable for a while.

Reference material

"Network attack and defense technology and practice"
, "network attack and defense environment to build"
Kali system 20 super useful tool hacker penetration, you know a few?
How to determine two ip address is not in the same segment
three network connection modes VM (Vmware Workstation) virtual machine

ON. Posted 2020-03-09 23:43   20,199,302   read ( ... ) Comments ( ... )  edit   collections

Offensive and defensive environment to build detailed process (illustrated, which is the key part)

Topology FIG.

lab environment

• Host Host
  • Operating System: Win10
  • Software: VMware workstation pro
• Associated virtual machines
  • Honeywall Mirror: roo-1.4.hw-20090425114542.iso
  • Drone virtual machine: Windows XP professional linux Metasploitable
  • Attack virtual machine: WinXPattacker SEEDUbuntu16.04 Kali2020.1a

Build a virtual Honeynet step

Network Configuration

VMware Workstation pro -> Edit -> Virtual Network Editor VMnet1

VMnet8

Wherein, NAT set as follows:

DHCP (Dynamic ip address is provided for) is set as follows:

Drone installation

windows XP professional, and network connections to VMnet1, set the IP address

win2Kserver

linux Metasploitable, the network connection is set VMnet1, set the IP address

Command input sudo vim /etc/rc.local network configuration, configuration is as follows:
ifconfig eth0 192.168.200.123 netmask 255.255.255.128 route add default gw 192.168.200.1

sudo reboot

Attack aircraft installation

Attacker mounted virtual machine (WinXPattacker, kali and SEEDUbuntu16), and network connections to VMnet8 WinXPattacker automatically acquired IP (192.168.200.2) as shown below:

kali acquired IP (192.168.200.3) as follows:

SEED Ubuntu16, only .vmdk file compression bag, you need to create a new virtual machine, just pay attention to when choosing disk, choose to use an existing disk, and select the .vmdk as a disk.
Acquired IP (192.168.200.5) as follows:

Honeywall installation

Honeywall install a virtual machine and configure it. Honeywall virtual machine installation should pay attention to four points: (1) select CD / DVD drive after the virtual machine configured to specify the mirror

(2) Version:

(3) before the final step, select the custom hardware on the network adapter to add and set, and determines -> complete

The left (4) click on the virtual machine configuration list, add a CD / DVD drive and determination to complete.

Use roo log, after use

su -

Be put right, the first time su -will enter the configuration interface, you can also enter menuinto the configuration page. Configuration interface as follows:

Click to enter into the next page

Press ↓Select 4.honeywall configuration, carriage return

Press ↓Select 1.mode and IP information, carriage returns

Press ↓Select 2.honeypot IP Address, Enter ---> Enter honeypot IP, Enter

Select 5.LAN Broadcast Address, Enter ---> Enter the broadcast address, enter

Select 6.LAN CIDR Prefix, carriage return, the network number, the transport

Return to the previous menu, select 2.remote management, setting management information platform.

Select IP 1. management IP, input management platform and determine

Select Subnet Mask 2. management netmask, and to determine the input management platform

Select Gateway 3. management gateway, and to determine the input management platform

Select 7. manager, IP setting management range, and determines the input

Return to previous menu

Select 11. sebek, setting information to be transmitted to the host IP, upd port 1101, the packet processing option to drop

Configuration

test

After opening honeywall virtual machine, and log in roo mention the right to root, enter

su -

Open WinXPattacker, IE browser, enter the address in the address bar management

https://192.168.200.8

Certificates have a problem, click Continue, enter the following interface

Use honeywall account and password, roo and enter their password honey, first login password will change: the need to contain both uppercase letters, lowercase letters, special characters and numbers four types of characters. Login after:

Connectivity Test Honeywall

Enter the monitor command on honeywall gateway:

tcpdump -i eth0 icmp

In the pingWin2kserver WinXPattacker, the following data packet is detected on the gateway host honeywall:

(With the other port on the same, slightly)
(a VMnet1 in any of the other virtual machines and virtual machine VMnet8 ping each other and the same are slightly)

Features

Drone: As a honeypot, has some loopholes, used as a lure to attack the attacker to obtain information attack aircraft.

metasploitable vulnerability, based on Ubuntu, WinXP operating system, used as a security tool to test and demonstrate common exploits, as with MSF drone attacks.

Attack: Attack drones

WinXPattacker attack tools in a series of
scanning tools: decompiler, penetration tools, etc., Nessus, Nmap scan tool is used in the pre-challenge phase; Wireshark packet capture, as shown:

kali system also Nmap scan tool
metasploit frame involved metasploit vulnerability penetration;
Nmap, Nessus scan tool;
Wireshark packet capture tool;
the Aircrack-ng is used to break WEP / WAP / WPA 2 wireless password by receiving data packets to the network work, and analyzed by password recovery. It also has a console interface. In addition, Aircrack-ng also use standard FMS (Fluhrer, Mantin and Shamir) attacks, as well as some optimization (such as KORK attack and PTW attack) to speed up the attack;
Hydra violent attacks, used to verify the identity of the remote service break;
honey network gateway, a network connection and a drone attack machine is located where the network and set the Honeynet.

Learning problems encountered and solutions

1, after installing roo-1.4 virtual machine, did not enter the menu, enter the menu did not enter the Honeynet configuration page, carefully watching online tutorials, original mention the right time to use the

su -

And I use the

su

2, the installation kali Chinese system, but after installing into the system, the emergence of various garbled.
Solution: as follows:

(1) The first system code is set to English encoded (for mounting various tools required, fonts, etc., mainly in the case of downloaded fonts distortion wrong time, and prompts the distortion, it is necessary to put the system encoder arranged to English and easy to see what is wrong). Open the terminal input sudo dpkg-reconfigure locales

select

en_US.UTF-8

,as the picture shows:

View up and down keys, space bar to select, "*" indicates that selected, tab key is used to finalize, later to determine the following interface

Up and down keys to move between en_US.UTF-8 and determine, you can (do not forget to restart) see English interface rather than garbled (although in some places is still garbled, but good enough)

(2) update the software source, type the command

sudo vim /etc/apt/sources.list

Add the following source software

Use command to update

sudo apt-get update

(3) install Chinese fonts, use the command

sudo apt-get install xfonts-intl-chinese

as well as

sudo apt-get install ttf-wqy-microhei

Reboot, the system finally show normal

3, when the kali installation of the system has a step asks whether you want to use a network mirror as a supplement to this mirror, if the election is the case, there will be some errors, the source should not be used, so I'll select No, just install a local mirror step, network configuration there have been some problems, I choose not to direct configuration, etc. after you install the system and then configure the network connection.
4, in kali, use the ifconfig -a can not view IP, through Baidu, that can be used directly in the new version of kali

ip addr

Check the local IP address.
5, now there is a problem, VMnet1 and VMnet8 looks like two segments, but why are used 192.168.200.2-192.168.200.126 in the IP address of the computer network of knowledge have forgotten a lot, need Make it up

Learning insights and experience

Always remember, there will be reverberations. Spent a day just find out the Honeynet system is probably what the situation, it took more than a day ride the system, feel at home, like my mind is not good enough, it took so long, very hard to accept. Bahrain but in the end, still gratifying. Although the research is still lacking narrative related software, but first let me uncomfortable for a while.

Reference material

"Network attack and defense technology and practice"
, "network attack and defense environment to build"
Kali system 20 super useful tool hacker penetration, you know a few?
How to determine two ip address is not in the same segment
three network connection modes VM (Vmware Workstation) virtual machine