Hacking Linux Lab

Ubuntu Linux Hacking Lab Activity for Cybersecurity

Objective

This advanced lab activity builds upon the previous Ubuntu 22 Server lab, focusing on more complex ethical hacking techniques targeting Ubuntu Linux systems. Students will explore vulnerable web applications, container escapes, and advanced privilege escalation techniques.

Prerequisites

• Completed basic Ubuntu 22 Server lab

• VMware Workstation Player with Ubuntu Server 22.04 LTS installed

• Basic familiarity with Linux command line and web technologies

Important Note

This lab is for educational purposes only. Always obtain proper authorization before attempting any hacking techniques on systems you do not own or have explicit permission to test.

Part 1: Setting Up Vulnerable Applications

Step 1: Install DVWA (Damn Vulnerable Web Application)

1. SSH into your Ubuntu Server VM

2. Install necessary packages:

   Copy

   sudo apt update
   sudo apt install apache2 mysql-server php php-mysqli -y

3. Download and set up DVWA:

   Copy

   cd /var/www/html
   sudo git clone https://github.com/digininja/DVWA.git
   sudo chown -R www-data:www-data DVWA

4. Configure DVWA:

   Copy

   cd DVWA
   sudo cp config/config.inc.php.dist config/config.inc.php
   sudo sed -i "s/p@ssw0rd//" config/config.inc.php

5. Set up the DVWA database:

   Copy

   sudo mysql -e "CREATE DATABASE dvwa; CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd'; GRANT ALL ON dvwa.* TO dvwa@localhost; FLUSH PRIVILEGES;"

6. Access DVWA at http://DVWA and click "Create / Reset Database"

Step 2: Set Up a Vulnerable Container

1. Install Docker:

2. Pull and run a vulnerable container:

Part 2: Web Application Attacks

Exercise 1: SQL Injection

1. Access DVWA and navigate to the "SQL Injection" page

2. Try to bypass login using SQL injection

3. Attempt to extract database information using UNION-based SQL injection

Exercise 2: Cross-Site Scripting (XSS)

1. Navigate to the "XSS (Reflected)" page in DVWA

2. Craft a payload to display an alert box

3. Create a more complex XSS payload that steals cookies

Exercise 3: File Inclusion

1. Explore the "File Inclusion" page in DVWA

2. Attempt to read sensitive system files using LFI (Local File Inclusion)

3. If possible, achieve RFI (Remote File Inclusion) to execute remote code

Part 3: Advanced Privilege Escalation

Exercise 1: Kernel Exploitation

1. Check the kernel version of your Ubuntu Server:

2. Research and attempt to find a kernel exploit for this version

3. Compile and run the exploit to gain root privileges

Exercise 2: SUID Binary Exploitation

1. Find SUID binaries on the system:

2. Identify a vulnerable SUID binary (you may need to intentionally install one for this exercise)

3. Exploit the SUID binary to gain root access

Exercise 3: Exploiting Cron Jobs

1. View the system-wide crontab:

2. Identify a writable script that runs as root

3. Modify the script to add a backdoor or elevate privileges

Part 4: Network-Level Attacks

Exercise 1: ARP Spoofing

1. Install Ettercap:

2. Perform ARP spoofing between two VMs or containers:

3. Analyze the intercepted traffic

Exercise 2: Setting Up a Rogue Access Point

1. Install hostapd and dnsmasq:

2. Configure a rogue access point

3. Implement a captive portal to capture credentials

Part 5: Forensics and Incident Response

Exercise 1: Log Analysis

1. Intentionally generate suspicious activities on the server

2. Analyze logs in /var/log to detect the malicious activities

3. Create a bash script to automate log analysis and alert on suspicious activities

Exercise 2: Memory Forensics

1. Install Volatility:

2. Capture a memory dump of a running process

3. Analyze the memory dump to find hidden processes or injected code

Conclusion

This advanced lab has provided hands-on experience with complex ethical hacking techniques targeting Ubuntu Linux systems. You've explored web application vulnerabilities, advanced privilege escalation methods, container security, network-level attacks, and basic forensics. Remember to always apply these skills ethically and legally.