# Hacking Linux Lab

## Ubuntu Linux Hacking Lab Activity for Cybersecurity

### Objective

This advanced lab activity builds upon the previous Ubuntu 22 Server lab, focusing on more complex ethical hacking techniques targeting Ubuntu Linux systems. Students will explore vulnerable web applications, container escapes, and advanced privilege escalation techniques.

### Prerequisites

* Completed basic Ubuntu 22 Server lab
* VMware Workstation Player with Ubuntu Server 22.04 LTS installed
* Basic familiarity with Linux command line and web technologies

### Important Note

This lab is for educational purposes only. Always obtain proper authorization before attempting any hacking techniques on systems you do not own or have explicit permission to test.

### Part 1: Setting Up Vulnerable Applications

#### Step 1: Install DVWA (Damn Vulnerable Web Application)

1. SSH into your Ubuntu Server VM
2. Install necessary packages:

   ```bash
   sudo apt update
   sudo apt install apache2 mysql-server php php-mysqli -y
   ```
3. Download and set up DVWA:

   ```bash
   cd /var/www/html
   sudo git clone https://github.com/digininja/DVWA.git
   sudo chown -R www-data:www-data DVWA
   ```
4. Configure DVWA:

   ```bash
   cd DVWA
   sudo cp config/config.inc.php.dist config/config.inc.php
   sudo sed -i "s/p@ssw0rd//" config/config.inc.php
   ```
5. Set up the DVWA database:

   ```bash
   sudo mysql -e "CREATE DATABASE dvwa; CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd'; GRANT ALL ON dvwa.* TO dvwa@localhost; FLUSH PRIVILEGES;"
   ```
6. Access DVWA at <http://DVWA> and click "Create / Reset Database"

#### Step 2: Set Up a Vulnerable Container

1. Install Docker:

   ```bash
   sudo apt install docker.io -y
   ```
2. Pull and run a vulnerable container:

   ```bash
   sudo docker run -d -p 8080:80 vulnerables/web-dvwa
   ```

### Part 2: Web Application Attacks

#### Exercise 1: SQL Injection

1. Access DVWA and navigate to the "SQL Injection" page
2. Try to bypass login using SQL injection
3. Attempt to extract database information using UNION-based SQL injection

#### Exercise 2: Cross-Site Scripting (XSS)

1. Navigate to the "XSS (Reflected)" page in DVWA
2. Craft a payload to display an alert box
3. Create a more complex XSS payload that steals cookies

#### Exercise 3: File Inclusion

1. Explore the "File Inclusion" page in DVWA
2. Attempt to read sensitive system files using LFI (Local File Inclusion)
3. If possible, achieve RFI (Remote File Inclusion) to execute remote code

### Part 3: Advanced Privilege Escalation

#### Exercise 1: Kernel Exploitation

1. Check the kernel version of your Ubuntu Server:

   ```bash
   uname -a
   ```
2. Research and attempt to find a kernel exploit for this version
3. Compile and run the exploit to gain root privileges

#### Exercise 2: SUID Binary Exploitation

1. Find SUID binaries on the system:

   ```bash
   sudo find / -perm -4000 2>/dev/null
   ```
2. Identify a vulnerable SUID binary (you may need to intentionally install one for this exercise)
3. Exploit the SUID binary to gain root access

#### Exercise 3: Exploiting Cron Jobs

1. View the system-wide crontab:

   ```bash
   sudo cat /etc/crontab
   ```
2. Identify a writable script that runs as root
3. Modify the script to add a backdoor or elevate privileges

### Part 4: Network-Level Attacks

#### Exercise 1: ARP Spoofing

1. Install Ettercap:

   ```bash
   sudo apt install ettercap-text-only -y
   ```
2. Perform ARP spoofing between two VMs or containers:

   ```bash
   sudo ettercap -T -S -i eth0 -M arp:remote /target1_ip/ /target2_ip/
   ```
3. Analyze the intercepted traffic

#### Exercise 2: Setting Up a Rogue Access Point

1. Install hostapd and dnsmasq:

   ```bash
   sudo apt install hostapd dnsmasq -y
   ```
2. Configure a rogue access point
3. Implement a captive portal to capture credentials

### Part 5: Forensics and Incident Response

#### Exercise 1: Log Analysis

1. Intentionally generate suspicious activities on the server
2. Analyze logs in /var/log to detect the malicious activities
3. Create a bash script to automate log analysis and alert on suspicious activities

#### Exercise 2: Memory Forensics

1. Install Volatility:

   ```bash
   sudo apt install volatility -y
   ```
2. Capture a memory dump of a running process
3. Analyze the memory dump to find hidden processes or injected code

### Conclusion

This advanced lab has provided hands-on experience with complex ethical hacking techniques targeting Ubuntu Linux systems. You've explored web application vulnerabilities, advanced privilege escalation methods, container security, network-level attacks, and basic forensics. Remember to always apply these skills ethically and legally.