Building an ethichal hacking lab on your laptop with VirtualBox – Part 2 Linux Mint Snort IDS

I am focusing on Snort at the moment as this is something that has been consuming my life recently and I have got to know it a bit more intimately and in depth, I know it can be bypassed but at the same time it is a very powerful tool when no Antivirus or Malware detection is currently detecting threats on your local system, I find it fantastic for tracking down the source of Ransomware infections too as some people can think they were just infected by Cryptowall for example when they had actually been hit by the Angler Exploit kit a second earlier exploiting a Flash zero day from a compromised website or advertising service and it can often be overlooked, you can also see some strange things you would not expect to see too! With the advantage of creating your own custom signatures as well as having the option to go for the paid or community route you have a lot of signatures available to you for free also and they are kept up to date. Being able to go back in time with some of the GUI front-ends and some other tools turns snort into a powerful network incident response forensic tool but for now we will be using BASE to analyze the alerts coming from the Snort IDS.

I take it you have already downloaded and installed VirtualBox and the extension pack for whatever platform you are using and are following along from the previous tutorial where this is outlined and explained.

Download Linux Mint, you can use Ubuntu, Centos or any other linux distro but YMMV if you choose a different path to what I have outlined here.

Now it’s time to create your Virtual Machine, up the top left click on the New Button

1 - Create a new Virtual Machine

1 – Create a new Virtual Machine

Next give it a name and select the following type and version and click next

2 - Name - Type and Version

2 – Name – Type and Version

Select some RAM that you have free to spare and click next

3 - Select RAM size

3 – Select RAM size

Select next to create the Hard Drive now

4 - Create HDD now

4 – Create HDD now

Leave it at VDI for VirtualBox Disk Image, feel free to change it but I currently have no need to do this so leave as is and click next

5 - HDD type select

5 – HDD type select

Leave the disk as dynamically allocated unless you want to assign the full disk space to your virtual machine now, this takes more time and dynamic has always worked for me so just click on next

6 - HDD Dynamic select

6 – HDD Dynamic select

Now you need to decide how much space you want to allocate to your virtual machine, I have chosen 20GB’s as this should be more than sufficient to carry out tests but feel free to add some more if you like and click on Create

6 - HDD Size select

6 – HDD Size select

You will now see the following created, either right click on it and select settings or just click on settings up the top left

6.1 - Virtual machine ready to modify

6.1 – Virtual machine ready to modify

The following window then opens where you can modify settings you just selected or make further changes to the environment of the virtual machine you are about to create, you can even come back later and make changes once you have shut the virtual machine down.

7 - Virtual Machine Settings

7 – Virtual Machine Settings

Fun Tip:
When creating and playing around in a virtual environment you can often make a mistake or get to a point where what you were doing has stopped working altogether or you break the machine, don’t fear though as there is an option called ‘Create a Snapshot’ which you guessed it allows you to create a snapshot of the current system state. You can move the location of the snapshot folder for example and in this case I moved it to a drive with loads of free space as I am a bit snapshot happy and you can really fill up your host hard drive very quickly, I also took the opportunity to enable the shared clipboard from host to guest now (This is where the VirtualBox extension pack comes in handy and I take it you have already installed it at this point, if not just double click on it after and it will be installed quickly)

8 - Virtual Machine Settings Advanced

8 – Virtual Machine Settings Advanced

In the system settings remove the floppy as you don’t need it and arrange the CD/DVD and Hard Disk as you see them below

9 - System settings remove that floppy

9 – System settings remove that floppy

Next you need to select your Linux Mint ISO you already downloaded and select it for booting, click on where it says empty and then click on the disc icon over on the right next to where it says ‘IDE Secondary Master’

10 - Storage options

10 – Storage options

Once selected it should look like the following

11 - Storage options selected

11 – Storage options selected

The last things we need to change now are the NIC’s on the system, select Network and you should already have NAT configured for you which is fine for now and will provide you with an Internet connection necessary for updating the system as well as installing and configuring everything else along the way, this will change throughout the tutorial. If you require an Internet connection, turn NAT on, if not use the internal NIC.

12 - Network Options

12 – Network Options

Click on Adapter 2 too and tick the box to enable the network adapter, for testing I will be mainly using my internal lab but feel free to choose your physical Ethernet or wireless adapter for this too by selecting bridged here and choosing the correct adapter from the drop down, in my case it looks like below. You can see I have changed the adapter Type and also see Promiscuous mode which is important for sniffing to Allow VM’s, if you were on a physical NIC you could change this to allow all to capture outside of the virtual environment in the physical network

13 - Second adapter Type changed

13 – Second adapter Type changed

Click OK and that’s it you are good to go!

Start your virtual machine now by clicking on the Start button up the top left or alternatively right click and do this

14 - Click the start button

14 – Click the start button

Fun Tip:
You will get a warning about capture of the mouse etc just accept it and remember right CTRL will remove you from the virtual guest environment and take you back into the host again

Now it’s time to install Linux Mint by double clicking on the Install Linux Mint icon on the desktop

15 - Install Linux Mint from ISO

15 – Install Linux Mint from ISO

Choose your language and click continue

16 - Select your language

16 – Select your language

If you followed all the steps so far you should see the same ticks so just click on continue

17 - System requirments check

17 – System requirments check

Just click Install Now to erase the disk and install Linux Mint

18 - Erase disk and install

18 – Erase disk and install

Yep you are aware things are going to be wiped, just click on continue to start things off and format the drive

19 - Just erase and continue

19 – Just erase and continue

Select your country and click continue

20 -Select your country

20 -Select your country

Do the same for the keyboard layout and click continue

21 - Keyboard layout

21 – Keyboard layout

Pick your name, computer name, username and enter a password and click on continue

22 - Pick your name - password etc

22 – Pick your name – password etc

Wander off and do something for a few minutes depending on the speed of your machine and then come back to it

23 - Linux Mint installing

23 – Linux Mint installing

You should then get a screen like below and can hit Restart Now

24 - Linux Mint installed - restart

24 – Linux Mint installed – restart

First login

25 - First login

25 – First login

Up the top left click on devices and install Guest additions

26 - Guest additions

26 – Guest additions

Navigate to the mounted disc

cd /media
cd your_username
cd VBOXADDITONS_X.X.XX_XXXXX
sudo ./VBoxLinuxAdditons.run

Enter yes if given a warning like below and press enter to continue

27 - Installing Guest additions

27 – Installing Guest additions

Once complete you should see no errors, reboot and login again

28 - Guest additons installed

28 – Guest additons installed

You will notice now that you can go full screen after the reboot

Now to update the system fully before continuing any further, use the following command in the terminal:

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

Enter your password once and leave to run for a while and come back later and it should be fully up to date for you

29 - Upgrading the system

29 – Upgrading the system

Once finished without errors you should be back at the prompt again in the terminal

30 - System updated fully

30 – System updated fully

You will also see a tick in the system tray on the shield now as you are fully up to date

31 - Update shield ticked

31 – Update shield ticked

You don’t have to but I like to reboot after any changes are made to the system, also might be wise to take a snapshot if you haven’t taken any already.

Set some easy firewall rules with UFW

sudo ufw default deny
sudo ufw logging high
sudo ufw enable
sudo ufw status verbose

32 - Simple firewall rules UFW

32 – Simple firewall rules UFW

That’s it for today, tomorrow we will install snort and get this really moving!

 

Building an ethichal hacking lab on your laptop with VirtualBox – Part 1 pfsense

I have not forgotten about the wireless assessment side of things, don’t worry it will continue and thanks for all the feedback so far everyone 🙂

Creating your own ethical hacking lab is a great way to understand how exploits work and how the lack of configuration on systems can lead to compromise.

The following are currently in my lab (Feel free to add more to yours):

Windows Server 2008 R2
Windows Server 2012
Windows 7
Windows 8
Windows XP
Linux Mint
Kali Linux
Metasploitable 2
DVWA
pfsense

First download and install VirtualBox and the extension pack for whatever platform you are using, in my case today I am using Windows for this.

Excellent you followed the Next, Next, Next process and got everything installed!

Now download pfsense first to act as an internal router for all your devices to easily communicate, you can also do this with a windows server by using dhcp but pfsense is light and fast and fit for purpose.

Click on new up the top left to create a new virtual machine

1 - VirtualBox pfsense start

1 – VirtualBox pfsense start

Give it a name, select a type and a version, below should work for you

2 - VirtualBox pfsense name type version

2 – VirtualBox pfsense name type version

Allocate memory

3 - VirtualBox pfsense RAM

3 – VirtualBox pfsense RAM

Create the hard drive now

4 - VirtualBox pfsense create hard drive now

4 – VirtualBox pfsense create hard drive now

Leave it at VDI and click next

5 - VirtualBox pfsense VDI select

5 – VirtualBox pfsense VDI select

Leave the drive as dynamic as this will not use all the space you allocate until it is needed, it saves on space if you allocate too much.

6 - VirtualBox pfsense HDD dynamically allocated

6 – VirtualBox pfsense HDD dynamically allocated

8GB’s is fine for the size so click create

7 - VirtualBox pfsense HDD size

7 – VirtualBox pfsense HDD size

Now that is is created you will see the following in your VirtualBox Manager

8 - pfsense created icon

8 – pfsense created icon

Either right click it and settings or click the settings button up the top right

9 - VirtualBox settings button

9 – VirtualBox settings button

Under the System /  Motherboard tab untick the floppy and move the disk and Hard disk up like I have below

10 - VirtualBox system settings

10 – VirtualBox system settings

Under the storage heading click on the Empty disc under and then select the disc on the right next to where it says IDE Secondary Master and select the location of your pfsense ISO to boot from

11 - VirtualBox Storage settings

11 – VirtualBox Storage settings

It should then look like this once selected

11 - VirtualBox Storage settings - selected

11 – VirtualBox Storage settings – selected

Move to Network next and select Internal Network from the drop down menu like below

12 - VirtualBox Network NICs selected 1

12 – VirtualBox Network NICs selected 1

Next Click on adapter two, tick the box to enable the Network adapter and repeat the same process

12 - VirtualBox Network NICs selected 2

12 – VirtualBox Network NICs selected 2

Repeat for adapter 3 also

12 - VirtualBox Network NICs selected 3

12 – VirtualBox Network NICs selected 3

You now have the option to turn on the WAN, LAN and a DMZ as you wish but for now we will leave them all as internal and start it up and install pfsense

Just let it boot up automatically

13 - pfsense auto boot

13 – pfsense auto boot

Next select ‘I’ for installer

14 - pfsense select i for install

14 – pfsense select i for install

Just accept the settings here

15 - pfsense accept settings

15 – pfsense accept settings

Just select the quick and easy install

16 - pfsense quick and easy install

16 – pfsense quick and easy install

Select OK

17 - pfsense quick and easy install select OK

17 – pfsense quick and easy install select OK

It installs in seconds

18 - pfsense installing

18 – pfsense installing

Select Standard Kernel

18 - pfsense standard kernel

18 – pfsense standard kernel

Reboot

19 - pfsense reboot

19 – pfsense reboot

At this point untick the pfsense ISO down the bottom right to stop it from booting up again

20 - Untick the pfsense ISO

20 – Untick the pfsense ISO

First boot should then look like below, if it doesn’t just shut it down make sure the disc is unticked and start it up again

21 - pfsense first boot

21 – pfsense first boot

Select no to VLANs, you can always do this later anyway if you want. Take note of your interfaces at this point too eg em0, em1 and em2 as these are your WAN, LAN and DMZ NIC’s

em0 = WAN
em1 = LAN
em2 = DMZ

22 - pfsense no to vlans and select WAN

22 – pfsense no to vlans and select WAN

Enter em1 for the LAN

23 - pfsense select LAN

23 – pfsense select LAN

Now enter em2 for what will become a DMZ at some point and then finally press Enter to end this process as you are finished setting the NIC’s

24 - pfsense select DMZ and nothing to finish

24 – pfsense select DMZ and nothing to finish

Enter ‘y’ to accept your settings and make the changes followed by Enter

25 - pfsense acknowledge the NIC settings

25 – pfsense acknowledge the NIC settings

Be patient for a minute or two while the changes are processed

25 - pfsense changes in progress

25 – pfsense changes in progress

When finished you will be passed to an option’s screen

26 - pfsense NIC setup complete

26 – pfsense NIC setup complete

Select option 2 to assign an interface IP address to the LAN that isn’t 192.168.1.1 as we are going to use 10.0.0.0/24 for the lab and configure it to provide DHCP so all of our lab machines automatically get assigned an IP address and can communicate with one another

27 - Configure LAN IP

27 – Configure LAN IP

Give a range of IP addresses you wish to allocate over DHCP and select no to reverting the http web interface

28 - pfsense LAN configured

28 – pfsense LAN configured

Once you press Enter you are then dropped back to the options screen

29 - pfsense back at the options screen

29 – pfsense back at the options screen

As I already have other systems configured in VirtualBox on the internal network NIC’s I can verify connectivity to pfsense by spinning one up and pinging it like below and see that all is ok with the DHCP, if you have nothing else setup yet you can just wait for the next lesson or build another system and see what happens.

30 - Ping to check connectivity

30 – Ping to check connectivity

You can also access pfsense webConfigurator from another machine in the same range via it’s IP address you already assigned, just navigate to the IP address in your browser

31- pfsense webConfigurator

31- pfsense webConfigurator

Select ‘I understand the Risks’ –> ‘Confirm Security Exception’ to gain access to the web interface as it is using a custom certificate and therefore unknown but it is safe to accept

32 - pfsense SSL accept security certificate

32 – pfsense SSL accept security certificate

Login to the webConfigurator with the username ‘admin’ and password ‘pfsense’ as these are the defaults set

33 - Login to the webConfigurator

33 – Login to the webConfigurator

That’s it, you are now logged into pfsense from another system in your internal LAN, I will leave you here to play around with settings and break things, even allow a real Internet connection into the other machines in your test lab through the WAN connection using the Bridging or NAT mode on NIC 1. Have Fun 🙂

34 - First login to pfsense

34 – First login to pfsense