20,199,324 2019-2020-2 "network attack and defense practice," the second week of work

Job Description

This work belongs Course : Course Link

Where this requirement in the job : the job requirements link

My goal in this course are : understanding of network attack and defense experimental environment, the ability to grasp the network attack and defense-related

In particular aspects of the job which helped me achieve the goal : to build a network attack-related offense and defense practice network environment

Text of the job

1. knowledge carding and summary

• Based network offensive and defensive experimental environment:
  • Drone: contains the application system security vulnerabilities, as the host of the target. Basic environment should include windowsXP and Linux operating systems.
  • Attack: attack install some special software for host-initiated network attacks. Linux is more suitable as an attack platform.
  • Attack monitoring, analysis and defense platforms: the best location is drone of a gateway, can be based on the Linux operating system to build a gateway host, and by integrating it with a variety of software network attack monitoring, analysis and defense capabilities.
  • Fi: A drone, attack detection analysis and gateway includes a defense function to connect through the network.
• Dense network: deception and conduct a technical means to analyze network attacks by building networks deploying traps.
• Dense network gateway: transparent gateway attacks capture and analysis platform, software and recording system by Sebek attacks on the honeypot.

• Virtual dense network: dense network architecture be deployed on a single host-based virtual machine technology. Traps deployed in the network as a target drone, the use of dense network gateway as a network attack monitoring, analysis and defense platforms, and outside the network port gateway virtual network attack and attack aircraft, which constitute a personal version of the network attack and defense virtualized lab environment .

• By reading the blog front of the students, the environment will be part of the update, this experiment using the environment as follows:
  • Linux Attack: kali-linux-2020.1-vmware-amd64
  • Windows attack aircraft: Windows XP Attacker
  • Linux drone: metasploitable-linux-2.0.0
  • windows drone: win2KServer
    
  • SEED virtual machine: SEEDUbuntu-16.04-32bit-new
  • Gateway virtual machine honeypot: Roo Honeywall CDROM v1.4

Figure 2. Topology offensive environment

3.VMware Network Configuration

VMnet0, VMnet1 VMnet8 with the following settings:

Wherein VMnet8 NAT and DHCP settings as follows:

4. Install Virtual Machine Attack Machine

4.1linux attack aircraft -Kail

As the download is vm file, so you can directly open. The default user name and password are kali.

Next, set the Kali card, select Custom VMnet8

Enter Kali, software setup. Kali default user name kali, password kali, root password kali(to be logged in kali, after use sube put right to prohibit the direct root login)
Login -> provide the right to -> install net-tools (ifconfig package) -> View network information.

Here we must remember kali ip address.

4.2windows attack aircraft -Windows XP Attacker installation

As the download is vm file, so you can directly open. User name and password: administrator/mima1234.

The card is provided below:

At this point the system has been obtained through DHCP IP address, it does not require manual configuration, but need to find a specific IP.
Windowsattacker obtained by ipconfig ip address:

So far, windowsAttacker configuration is complete, remember IP!

The virtual machine installed drone

5.1Linux drone -Metasploitable2 installation

As the download is vm file, so you can directly open.

The card is provided below:

Into the system, the default user name password msfadmin.

Need to manually set an IP address, find a segment in 192.168.200.0/25, and not before ip DHCP allocation range of network configurations, we here choose 192.168.200.125. Specific command is as follows: first by sudo suelevated permissions (password command msfadmin), after executing vim /etc/rc.localthe command, in the penultimate line of the file before exit0, insert the following two sentences:

ifconfig eth0 192.168.200.125 netmask 255.255.255.128
route add default gw 192.168.200.1

After rebootthe restart, the ifconfigView Results

So far, Metasploitable2-Linux configuration is complete, remember the IP address!

5.2windows drone -win2kServer installation

As the download is vm file, so you can directly open. Account number administratorand password mima1234.

The card is provided below:

After you install the VM through the shortcut ALT+CTRL+DELinto the system (will be sent directly to intercept the host), account number administratorand password mima1234.

Network setting parameters in the system:

So far, win2kServer configuration is complete, remember the IP address!

6. Installation Configuration SEEDUbuntu

SEEDUbuntu by VM virtual machines vmdk disk mirroring given to the new virtual machine. Power, for the account seed, the password is dees. Su command by boot mention the right password is seedubuntu

Select 新建虚拟机-> 自定义安装-> 兼容XX随便选-> 稍后安装系统->选择linux , 版本ubuntu-> 名称位置-> 6 consecutive Next 使用现有虚拟磁盘-> ! Select seedubuntu of vmdk file -> Next.

The card is provided below:

After the boot by suthe command prompt right password seedubuntu. ifconfigView network information.

So far, SEEDUbuntu configuration is complete, remember the IP address!

7. Install Virtual Machine Configuration Honeywall

Used here customize a virtual machine, the installation process is as follows:

Now create a new virtual machine is completed, the first related hardware settings, as follows:

The first step is to add a mirror boot installation of:

Add two network cards, and set up:

Boot, login name rooand password honey. Use su -privilege escalation, password honey,

Found entrance configuration interface, manually enter the following command:

cd /usr/sbin
./menu

The following step by step in accordance with the project documentation related configuration tips:

• Honeypot IP configuration information, multiple IP addresses, separated by spaces, Note: Roo is not currently supported Honeynet network has a different network
  segment of the IP address of the honeypot
  
• Honeynet network broadcast IP address
  
• Honeynet network configuration, CIDR format
  
• IP address management port
  
• Mask management port IP address
  
• Management interface gateway
  
• Honeywall management segment
  
• Sebek server IP address, set the management IP port
  
• Select destination port 1101
  
• Sebek packet processing option to select the Drop
  

8. Test Honeywall remote management

In windowsAttacker, the browser opens https://192.168.200.8. Here I would say this website's security certificate has a problem, select Continue.

The first time you open the account roo, passwordhoney

Reset Password, while to the case, and at least eight numbers and characters;

9. The communication test

• kali ping linux linux drone attack aircraft metasploitable-linux
  
• linux drone attack aircraft kali ping Windows win2KServer
  
• Windows attack aircraft Windows XP Attacker ping linux drone metasploitable-linux
  
• Windows attack aircraft Windows XP Attacker ping Windows drone win2KServer
  
• Windows drone attack aircraft win2KServer ping Windows Windows XP Attacker
  
• SEEDUbuntu ping linux 靶机 metasploitable-linux
  
• First, switch to rooby su -lifting weights, run the command tcpdump -i eth0 icmproo, you can see the bridge function properly.
  

Problems encountered and solutions

Question 1

Once configured virtual machines, each boot will basically cards, and when you want to close the VMware will show a "virtual machine XXX busy."

I use Task Manager to end the task, when the virtual machine again, the message "exclusively locked this profile failure" problem.

Solution

After successfully resolved to find information. But this environment to build complete a full five times I restart the computer does not know why ,, ,,

Virtual machine appears exclusively lock the profile fails, the solution

VMware Workstation VMware Authorization Service failed to start error

Question 2

In -Windows XP Attacker install windows attack aircraft, the ip address less than windowsattacker by ipconfig, virtual machine windows display network cable is unplugged.

Solution

Because of the improper methods to solve a problem, not directly shut off the virtual machine host ubuntu on vmware caused some adverse effects. Find the following information to solve.

Display solution "network cable unplugged" virtual machine

Question 3

When I went to install and configure the virtual machine Honeywall time, you want to open this virtual machine when they found that the virtual machine has been in a black state, so has forced shutdown restart (Question 1), but does not improve. Configured before the machine was later found to have been open, but I think before the computer is running slow, previously configured virtual machine configured to shut down. . . . . Restart the computer one day I found twenty times. . .

Learn sentiment

After all the hardships and finally get more solutions than problems ah ~

In the process of building a network attack and defense environment, learning to network attack and defense installation environment and use some basic software, to improve their ability. Although the building is complete, but in fact, to be honest some of the details are not very clear, after which they continue to learn.

Reference material

Virtual machine appears exclusively lock the profile fails, the solution

VMware Workstation VMware Authorization Service failed to start error

Display solution "network cable unplugged" virtual machine

"Network attack and defense technology practice."