7.1 Assessment Preparation - FlameSpyro/Tech-Journal GitHub Wiki

Assessment Prep

Configure Firewall to previous state

  • I have saved my previous firewall configuration as of week 6. As Devin stated, be sure to do this part LAST. This could cause a massive pain of debugging if done improperly.

Setup Nginx on Jump/Nginx Machine

  • This process was fairly simple to setup, however there was a few snags I had to deal with before properly getting the server up and running.
  • Within Fw1, the WAN-to-DMZ rule had a source address of 172.16.50.3 instead of 4 for the test. Looking back this should be a-ok as web01 and nginx share the same IP but just wanted to report.
  • Now for the steps, on jump:
sudo apt update
sudo apt install nginx
sudo ufw app list
sudo allow 'Nginx HTTP'
ufw disable
ufw enable
sudo systemctl restart nginx
sudo ufw app list
  • If both the service and app list are up and running, you should be able to connect via workstation or any other device on the network!

Passwordless User using Traveler

  • Within target enter the following
JUMPUSER="eric-traveler"
adduser --disabled-password $JUMPUSER
mkdir /home/$JUMPUSER/.ssh
touch /home/$JUMPUSER/.ssh/authorized_keys
chown -R $JUMPUSER:$JUMPUSER /home/$JUMPUSER/.ssh
chmod 700 /home/$JUMPUSER/.ssh
chmod 600 /home/$JUMPUSER/.ssh/authorized_keys
  • Now on traveler enter:
ssh-keygen
eric-traveler
  • Ensure the keys are in the ssh of the user profile
  • Copy and paste the public key to github
  • On target
wget raw file in the authorized key directory
cat eric-public-key.txt >> /home/$JUMPUSER/.ssh/authorized_keys
sudo vi /etc/ssh/sshd_config
sudo systemctl restart sshd
  • When you ssh from windows, be sure you are in the correct user. I had a bump where I was in admin powershell trying to get in a champuser public key

DHCP

  • Within the system
apt install isc-dhcp-server
cd /etc/dhcp/dhcpd.conf
mv dhcpd.conf dhcp.conf.bak
sudo vi /etc/dhcp/dhcpd.conf
  • This is the script I used
subnet 172.16.150.0 netmask 255.255.255.0 {
    default-lease-time 3600;
    max-lease-time 14400;
    option subnet-mask 255.255.255.0;
    option routers 172.16.150.2;
    option domain-name-servers 172.16.150.2;
    range 172.16.150.100 172.16.150.150;
}
thx Paul :)
  • From there!
systemctl restart isc-dhcp-server
systemctl start isc-dhcp-server
systemctl status isc-dhcp-server

Reminder Stuff

  • How to change the netplan on a ubuntu machine
sudo vi /etc/netplan/00-installer-config.yaml

image netplan apply

  • Create a sudo user!
useradd -m username -p password
usermod -aG sudo username