table of Contents
- Job Description
- Text of the job
- 1. knowledge carding and summary
- Figure 2. Topology offensive environment
- 3.VMware Network Configuration
- 4. Install Virtual Machine Attack Machine
- The virtual machine installed drone
- 6. Installation Configuration SEEDUbuntu
- 7. Install Virtual Machine Configuration Honeywall
- 8. Test Honeywall remote management
- 9. The communication test
- Problems encountered and solutions
- Learn sentiment
- Reference material
Job Description
This work belongs Course : Course Link
Where this requirement in the job : the job requirements link
My goal in this course are : understanding of network attack and defense experimental environment, the ability to grasp the network attack and defense-related
In particular aspects of the job which helped me achieve the goal : to build a network attack-related offense and defense practice network environment
Text of the job
1. knowledge carding and summary
- Based network offensive and defensive experimental environment:
- Drone: contains the application system security vulnerabilities, as the host of the target. Basic environment should include windowsXP and Linux operating systems.
- Attack: attack install some special software for host-initiated network attacks. Linux is more suitable as an attack platform.
- Attack monitoring, analysis and defense platforms: the best location is drone of a gateway, can be based on the Linux operating system to build a gateway host, and by integrating it with a variety of software network attack monitoring, analysis and defense capabilities.
- Fi: A drone, attack detection analysis and gateway includes a defense function to connect through the network.
- Dense network: deception and conduct a technical means to analyze network attacks by building networks deploying traps.
- Dense network gateway: transparent gateway attacks capture and analysis platform, software and recording system by Sebek attacks on the honeypot.
Virtual dense network: dense network architecture be deployed on a single host-based virtual machine technology. Traps deployed in the network as a target drone, the use of dense network gateway as a network attack monitoring, analysis and defense platforms, and outside the network port gateway virtual network attack and attack aircraft, which constitute a personal version of the network attack and defense virtualized lab environment .
- By reading the blog front of the students, the environment will be part of the update, this experiment using the environment as follows:
- Linux Attack: kali-linux-2020.1-vmware-amd64
- Windows attack aircraft: Windows XP Attacker
- Linux drone: metasploitable-linux-2.0.0
- windows drone: win2KServer
- SEED virtual machine: SEEDUbuntu-16.04-32bit-new
- Gateway virtual machine honeypot: Roo Honeywall CDROM v1.4
Figure 2. Topology offensive environment
3.VMware Network Configuration
VMnet0, VMnet1 VMnet8 with the following settings:
Wherein VMnet8 NAT and DHCP settings as follows:
4. Install Virtual Machine Attack Machine
4.1linux attack aircraft -Kail
As the download is vm file, so you can directly open. The default user name and password are kali
.
Next, set the Kali card, select Custom VMnet8
Enter Kali, software setup. Kali default user name kali
, password kali
, root password kali
(to be logged in kali, after use su
be put right to prohibit the direct root login)
Login -> provide the right to -> install net-tools (ifconfig package) -> View network information.
Here we must remember kali ip address.
4.2windows attack aircraft -Windows XP Attacker installation
As the download is vm file, so you can directly open. User name and password: administrator/mima1234
.
The card is provided below:
At this point the system has been obtained through DHCP IP address, it does not require manual configuration, but need to find a specific IP.
Windowsattacker obtained by ipconfig ip address:
So far, windowsAttacker configuration is complete, remember IP!
The virtual machine installed drone
5.1Linux drone -Metasploitable2 installation
As the download is vm file, so you can directly open.
The card is provided below:
Into the system, the default user name password msfadmin
.
Need to manually set an IP address, find a segment in 192.168.200.0/25, and not before ip DHCP allocation range of network configurations, we here choose 192.168.200.125. Specific command is as follows: first by sudo su
elevated permissions (password command msfadmin
), after executing vim /etc/rc.local
the command, in the penultimate line of the file before exit0, insert the following two sentences:
ifconfig eth0 192.168.200.125 netmask 255.255.255.128
route add default gw 192.168.200.1
After reboot
the restart, the ifconfig
View Results
So far, Metasploitable2-Linux configuration is complete, remember the IP address!
5.2windows drone -win2kServer installation
As the download is vm file, so you can directly open. Account number administrator
and password mima1234
.
The card is provided below:
After you install the VM through the shortcut ALT+CTRL+DEL
into the system (will be sent directly to intercept the host), account number administrator
and password mima1234
.
Network setting parameters in the system:
So far, win2kServer configuration is complete, remember the IP address!
6. Installation Configuration SEEDUbuntu
SEEDUbuntu by VM virtual machines vmdk disk mirroring given to the new virtual machine. Power, for the account seed
, the password is dees
. Su command by boot mention the right password is seedubuntu
Select 新建虚拟机
-> 自定义安装
-> 兼容XX随便选
-> 稍后安装系统
->选择linux
, 版本ubuntu
-> 名称位置
-> 6 consecutive Next 使用现有虚拟磁盘
-> ! Select seedubuntu of vmdk file -> Next.
The card is provided below:
After the boot by su
the command prompt right password seedubuntu
. ifconfig
View network information.
So far, SEEDUbuntu configuration is complete, remember the IP address!
7. Install Virtual Machine Configuration Honeywall
Used here customize a virtual machine, the installation process is as follows:
Now create a new virtual machine is completed, the first related hardware settings, as follows:
The first step is to add a mirror boot installation of:
Add two network cards, and set up:
Boot, login name roo
and password honey
. Use su -
privilege escalation, password honey
,
Found entrance configuration interface, manually enter the following command:
cd /usr/sbin
./menu
The following step by step in accordance with the project documentation related configuration tips:
- Honeypot IP configuration information, multiple IP addresses, separated by spaces, Note: Roo is not currently supported Honeynet network has a different network
segment of the IP address of the honeypot
- Honeynet network broadcast IP address
- Honeynet network configuration, CIDR format
- IP address management port
- Mask management port IP address
- Management interface gateway
- Honeywall management segment
- Sebek server IP address, set the management IP port
- Select destination port 1101
- Sebek packet processing option to select the Drop
8. Test Honeywall remote management
In windowsAttacker, the browser opens https://192.168.200.8. Here I would say this website's security certificate has a problem, select Continue.
The first time you open the account roo
, passwordhoney
Reset Password, while to the case, and at least eight numbers and characters;
9. The communication test
- kali ping linux linux drone attack aircraft metasploitable-linux
- linux drone attack aircraft kali ping Windows win2KServer
- Windows attack aircraft Windows XP Attacker ping linux drone metasploitable-linux
- Windows attack aircraft Windows XP Attacker ping Windows drone win2KServer
- Windows drone attack aircraft win2KServer ping Windows Windows XP Attacker
- SEEDUbuntu ping linux 靶机 metasploitable-linux
- First, switch to
roo
bysu -
lifting weights, run the commandtcpdump -i eth0 icmproo
, you can see the bridge function properly.
Problems encountered and solutions
Question 1
Once configured virtual machines, each boot will basically cards, and when you want to close the VMware will show a "virtual machine XXX busy."
I use Task Manager to end the task, when the virtual machine again, the message "exclusively locked this profile failure" problem.
Solution
After successfully resolved to find information. But this environment to build complete a full five times I restart the computer does not know why ,, ,,
Virtual machine appears exclusively lock the profile fails, the solution
VMware Workstation VMware Authorization Service failed to start error
Question 2
In -Windows XP Attacker install windows attack aircraft, the ip address less than windowsattacker by ipconfig, virtual machine windows display network cable is unplugged.
Solution
Because of the improper methods to solve a problem, not directly shut off the virtual machine host ubuntu on vmware caused some adverse effects. Find the following information to solve.
Display solution "network cable unplugged" virtual machine
Question 3
When I went to install and configure the virtual machine Honeywall time, you want to open this virtual machine when they found that the virtual machine has been in a black state, so has forced shutdown restart (Question 1), but does not improve. Configured before the machine was later found to have been open, but I think before the computer is running slow, previously configured virtual machine configured to shut down. . . . . Restart the computer one day I found twenty times. . .
Learn sentiment
After all the hardships and finally get more solutions than problems ah ~
In the process of building a network attack and defense environment, learning to network attack and defense installation environment and use some basic software, to improve their ability. Although the building is complete, but in fact, to be honest some of the details are not very clear, after which they continue to learn.
Reference material
Virtual machine appears exclusively lock the profile fails, the solution
VMware Workstation VMware Authorization Service failed to start error