Penetration Testing and Ethical Hacking
  • Unit 4
  • Introduction to Linux Lab
  • Hacking Linux Lab
  • Kali Linux Lab
  • Unit 5
    • Metasploit on Kali Linux
  • Unit 6
    • Ruby Tutorial
    • Ruby Problems
    • Creating a Metasploit Module to Detect Online Websites
Powered by GitBook
On this page
  • Ubuntu Linux Hacking Lab Activity for Cybersecurity
  • Objective
  • Prerequisites
  • Important Note
  • Part 1: Setting Up Vulnerable Applications
  • Part 2: Web Application Attacks
  • Part 3: Advanced Privilege Escalation
  • Part 4: Network-Level Attacks
  • Part 5: Forensics and Incident Response
  • Conclusion
Export as PDF

Hacking Linux Lab

Ubuntu Linux Hacking Lab Activity for Cybersecurity

Objective

This advanced lab activity builds upon the previous Ubuntu 22 Server lab, focusing on more complex ethical hacking techniques targeting Ubuntu Linux systems. Students will explore vulnerable web applications, container escapes, and advanced privilege escalation techniques.

Prerequisites

  • Completed basic Ubuntu 22 Server lab

  • VMware Workstation Player with Ubuntu Server 22.04 LTS installed

  • Basic familiarity with Linux command line and web technologies

Important Note

This lab is for educational purposes only. Always obtain proper authorization before attempting any hacking techniques on systems you do not own or have explicit permission to test.

Part 1: Setting Up Vulnerable Applications

Step 1: Install DVWA (Damn Vulnerable Web Application)

  1. SSH into your Ubuntu Server VM

  2. Install necessary packages:

    sudo apt update
sudo apt install apache2 mysql-server php php-mysqli -y

  3. Download and set up DVWA:

    cd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git
sudo chown -R www-data:www-data DVWA

  4. Configure DVWA:

    cd DVWA
sudo cp config/config.inc.php.dist config/config.inc.php
sudo sed -i "s/p@ssw0rd//" config/config.inc.php

  5. Set up the DVWA database:

    sudo mysql -e "CREATE DATABASE dvwa; CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd'; GRANT ALL ON dvwa.* TO dvwa@localhost; FLUSH PRIVILEGES;"

  6. Access DVWA at http://DVWA and click "Create / Reset Database"

Step 2: Set Up a Vulnerable Container

  1. Install Docker:

    sudo apt install docker.io -y

  2. Pull and run a vulnerable container:

    sudo docker run -d -p 8080:80 vulnerables/web-dvwa

Part 2: Web Application Attacks

Exercise 1: SQL Injection

  1. Access DVWA and navigate to the "SQL Injection" page

  2. Try to bypass login using SQL injection

  3. Attempt to extract database information using UNION-based SQL injection

Exercise 2: Cross-Site Scripting (XSS)

  1. Navigate to the "XSS (Reflected)" page in DVWA

  2. Craft a payload to display an alert box

  3. Create a more complex XSS payload that steals cookies

Exercise 3: File Inclusion

  1. Explore the "File Inclusion" page in DVWA

  2. Attempt to read sensitive system files using LFI (Local File Inclusion)

  3. If possible, achieve RFI (Remote File Inclusion) to execute remote code

Part 3: Advanced Privilege Escalation

Exercise 1: Kernel Exploitation

  1. Check the kernel version of your Ubuntu Server:

    uname -a

  2. Research and attempt to find a kernel exploit for this version

  3. Compile and run the exploit to gain root privileges

Exercise 2: SUID Binary Exploitation

  1. Find SUID binaries on the system:

    sudo find / -perm -4000 2>/dev/null

  2. Identify a vulnerable SUID binary (you may need to intentionally install one for this exercise)

  3. Exploit the SUID binary to gain root access

Exercise 3: Exploiting Cron Jobs

  1. View the system-wide crontab:

    sudo cat /etc/crontab

  2. Identify a writable script that runs as root

  3. Modify the script to add a backdoor or elevate privileges

Part 4: Network-Level Attacks

Exercise 1: ARP Spoofing

  1. Install Ettercap:

    sudo apt install ettercap-text-only -y

  2. Perform ARP spoofing between two VMs or containers:

    sudo ettercap -T -S -i eth0 -M arp:remote /target1_ip/ /target2_ip/

  3. Analyze the intercepted traffic

Exercise 2: Setting Up a Rogue Access Point

  1. Install hostapd and dnsmasq:

    sudo apt install hostapd dnsmasq -y

  2. Configure a rogue access point

  3. Implement a captive portal to capture credentials

Part 5: Forensics and Incident Response

Exercise 1: Log Analysis

  1. Intentionally generate suspicious activities on the server

  2. Analyze logs in /var/log to detect the malicious activities

  3. Create a bash script to automate log analysis and alert on suspicious activities

Exercise 2: Memory Forensics

  1. Install Volatility:

    sudo apt install volatility -y

  2. Capture a memory dump of a running process

  3. Analyze the memory dump to find hidden processes or injected code

Conclusion

This advanced lab has provided hands-on experience with complex ethical hacking techniques targeting Ubuntu Linux systems. You've explored web application vulnerabilities, advanced privilege escalation methods, container security, network-level attacks, and basic forensics. Remember to always apply these skills ethically and legally.

PreviousIntroduction to Linux LabNextKali Linux Lab

Last updated 6 months ago