Assignment F1 - Zacham17/my-tech-journal GitHub Wiki

Assignment F1 : Home Pentesting Lab

This lab involves the creation of a pentesting environment. This lab was completed in four milestones and this page will follow the setup of the environment and tests ran to ensure its functionality. All of the VMs in this lab were set up using VMWare.

Milestone 1: VMWare and Kali

Configuring NAT(VMNet 8), VMNet 4, VMNet 5, and VMNet 6:

  • In the Virtual Network Editor of VMWare, I edited VMNet8 to have the IP address: 192.168.229.0, and made sure it was set to NAT
  • I then created VMNet 4, 5, and 6, all set as Host-Only Networks. I also unchecked the use of local DHCP and connecting a host virtual adapter
    • I set the address for VMNET4 to 10.0.4.0, VMNET5 to 10.0.5.0, and VMNET6 to 10.0.6.0

Kali Installation and Setup:

  • I set up a kali Base VM in VMWare using a custom configuration install with the following specifications:
    • VMWare Name: kali-base
    • Hostname: kali
    • RAM: 4GB
    • Disk Size: 40GB
    • Network: NAT(VMNet8)
  • I used an ISO image file for the kali installation
  • I powered on the Virtual Machine and completed the kali Installation with default settings except:
    • Set user as "deployer", with a password of my choice
  • After the Installation Finished, at the reboot screen, I shut down the VM.
  • I then Cloned the VM and called it kali-lab, which is the VM that will be used for this assignment
  • I then started the kali-lab VM and made sure that I had a successful internet connection by pinging google.com. I did get a reply, telling me that I have an internet connection.

Milestone 2: Vyos

Vyos Installation and Setup:

  • I set up a vyos Base VM in VMWare using a custom configuration install with the following specifications(NOTE: Vyos is Debian Based):
    • VMWare Name: vyos-base
    • RAM: 1GB
    • Disk Size: 8GB
    • Network Adapter 1: NAT(VMNet8)
    • Network Adapter 2: NAT(VMNet8)
  • I used an ISO image file for the vyos installation
  • I booted up the vyos-base VM and ran the command install image to begin the installation
  • I accepted all defaults and said "yes" to the installation.
  • I then entered a password for the "vyos" user
  • I then rebooted the system using the reboot command
  • I logged into the system as the vyos user

Vyos Network Configuration

  • I used the command configure to enter configuration mode
  • The command show interfaces can be used to display the network interfaces and their information
  • I deleted the eth0 and eth1 interfaces using the commands delete interfaces ethernet eth0 hw-id, and delete interfaces ethernet eth1 hw-id
  • I then used the commit command to apply the changes and save to save them.
  • I then used the exit command to exit configuration mode
  • I then shutdown using the poweroff command

Snapshot and Clone of vyos-base

  • I removed the CD-ROM from the VM
  • I then took a snapshot of the vyos-base VM and called the snapshot Base.
  • Then I created a linked clone of the Base snapshot and named it vyos-lab.

Vyos Network Configuration

  • I powered on the vyos-lab VM and logged in as the "vyos" user.
  • Then in VMWare change the second network adapter of vyos-lab to use VMNet5
  • I then configured eth0 and eth1 on vyos using the following commmands:
configure
set interfaces ethernet eth0 address '192.168.229.10/24'
set interfaces ethernet eth0 description 'Nat on VMware Host'
set interfaces ethernet eth1 address '10.0.5.2/24'
set interfaces ethernet eth1 description 'VMNET5-RANGE'
set protocols static route 0.0.0.0/0 next-hop 192.168.229.2
set service ssh listen-address '192.168.229.10'
set system name-server '192.168.229.2'
commit
save
  • Note: Each new line is the next command
  • The above commands assign IP addresses and descriptions to eth0 and eth1 network adapters. It also specifies the "next-hop" which is essentially the gateway to be used. The ssh listen-address is also specified. The DNS server is specified too.
  • I exited configuration mode and then made sure I had internet access by pinging google.com

Milestone 3: The CentOS Target

CentOS Installation and Setup

  • I set up a Centos Base VM in VMWare using a custom configuration install with the following specifications:
    • VMWare Name: centos6.5-base
    • RAM: 1GB
    • Disk Size: 20GB
    • Network Adapter 1: VMNet5
  • I used an ISO image file for the centOS installation
  • I booted the centos6.5-base VM, skipped the initial tests, and carried on to installation
  • I set a root password, and selected "Use all space" for the installation type
  • I selected to install as a web server and customized the server by adding development tools and server platform development.
  • After the install completed, I reboot the VM

CentOS6.5-Base Configuration

  • I logged in as root and created a "deployer" user with a password and added the user to the Wheel group
  • I then changed /etc/sudoers to allow the wheel group to use sudo
  • Next, I removed some lines from the /etc/sysconfig/network-scripts/ifcfg-eth0 file. The lines I removed are the line with the HWADDR variable and the line with the UUID varible.
  • I also changed ONBOOT from "no" to "yes"
  • I then deleted the file /etc/udev/rules.d/70-persistent-net.rules

Installing VMWare Tools

  • From the VMWare Menu, I selected to install VMWare tools
  • In the Centos VM, I entered the command mount /dev/cdrom /mnt
  • I then use copied the tar file to /tmp
  • I used tar xf TARFILEGOESHERE to untar the VMWare Tools tar file
  • I then ran the vmware-install.pl script that is in the vmware-tools-distrib folder, and accepted the defaults
  • I then shutdown the system, and removed the CD Rom. I then made a snapshot called "Base" and made a linked clone of the snapshot called "cupcake"

Configuring DHCP for use by cupcake

  • I logged into cupcake as deployer and was able to use sudo to gain root priviledges as deoployer
  • On the vyos-lab VM I typed configure to enter configurtion mode, and then entered the following commands:
set service dhcp-server global-parameters 'local-address 10.0.5.2;'
set service dhcp-server shared-network-name DHCPPOOL authoritative
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 default-router '10.0.5.2'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 domain-name 'range.local'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 lease '86400'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 start '10.0.5.50'
set service dhcp-server shared-network-name DHCPPOOL subnet 10.0.5.0/24 range POOL1 stop '10.0.5.100'
commit
save
  • These commands configure DHCP
  • Reboot cupcake
  • cupcake now has an IP address and is connected to the network. I am able to ping cupcake from vyos-lab

Milestone 4: VPN Connectivity to the Target Network

Configuring Wireguard On Kali

  • On my kali-lab VM, I configured wireguard
  • I used the command sudo apt install wireguard
  • I then ran cd /etc/wireguard followed by umask 077
  • I then ran the command wg genkey | tee privatekey | wg pubkey > publickey
  • Now I switched to vyos and ran the following commands in order:
generate pki wiregaurd key-pair
configure
set interfaces wireguard wg0 private-key VYOSPRIVATEKEYHERE
set interfaces wireguard wg0 address '10.0.99.1/24'
set interfaces wireguard wg0 peer namegoeshere allowed-ips '10.0.99.100/32'
set interfaces wireguard wg0 peer namegoeshere public-key keygoeshere
set interfaces wireguard wg0 port '51820'
commit
save
exit
show interfaces wireguard wg0 public-key
  • These commands configure a wireguard peer on vyos and shows the public key for the vyos server
  • Back on kali-lab VM, I created a file called wg0.conf in the /etc/wireguard directory, which contained the following:
[Interface]
PrivateKey = CLIENTPRIVATEKEYHERE
Address = 10.0.99.100/24
[Peer]
PublicKey = VYOSPUBLICKEYHERE
EndPoint = 192.168.229.10:51820
AllowedIPs = 10.0.99.1/32, 10.0.5.0/24
  • The file specifies the configuration for the wg0 interface
  • I then ran the command sudo wg-quick up wg0 to enable to wg0 interface
  • I am now able to ssh into cupcake as root.
    • Note: I had to add HostKeyAlgorithms +ssh-rsa,ssh-dss to the /etc/ssh/ssh_config file on kali before being able to ssh into cupcake

Reflection

This lab was good practice for setting up a home pentesting environment. I learned a lot about specific setup configurations in this lab. I also hadn't used vyos before, so I learned about using that operating system. I had to get used to the difference in commands and functionality. I'd set up home networks before so some of the network configuration on the VMs was familiar, but it was new to me to set up DHCP using vyos command and creating a wireguard configuration. I encountered some challenges in this lab. One challenge was that I had to adapt some commands from the lab guide as they no longer worked and had more updated counterparts that I had to use. I also had to fix an ssh issue in milestone four by updating the ssh_config file. This lab was overall pretty straightforward and I successfully completed all of the milestones with general ease.