当前位置：网站首页>Range installation and attacker configuration for penetration testing

Range installation and attacker configuration for penetration testing

2022-07-16 05:14:00 【Destiny_ four hundred and four】

Range installation and attacker configuration for penetration testing

List of articles

Range installation and attacker configuration for penetration testing

What is penetration testing ？

Under the premise of reauthorization , Simulate the real attack method of hackers to conduct non-destructive attack tests on systems and Networks , So as to find out the defects and loopholes in the information system .

Build a penetration test attack environment

Vmware workstation pro
- Powerful desktop virtual computer software , Enables users to run multiple different operating systems on a single host at the same time .
- At the same time, it supports real-time snapshot , virtual network , Drag and drop files and other powerful functions
- Why not choose physical machine installation ？
  - Physical machine is inconvenient , Interfere with normal computer functions
  - The virtual machine will not have much performance degradation
  - Virtual machine security , convenient , Easy to recover , Easy to move , Yituozhan hardware
- Vmware Official website ：https://www.vmware.com/

Install penetration attack machine

Kali
About Kali— A hacker who makes ordinary people become rumors directly
Kali Is based on Debian Of Linux Distribution operating system , Have more than 300 A penetration test tool , Have open source Git Trees, etc , It even integrates 600 A variety of hacking tools , You can imagine its power . In addition, you can use it for free forever Kali operating system ！
Kali Official website ：https://www.kali.org/
Kali Good use ,lao Eat enough , Please be sure to abide by relevant laws and regulations when learning network security technology
Kali It provides downloads for various mainstream platforms ：
- arm Architecture operating system
- Virtual machine version
- docker Containers
- Mobile phones
- Microsoft wsl Subsystem
- …
Kali Installation and use of ：
- Select virtual machine download , Choose the corresponding version to download according to your virtual machine software
- When the download is complete , Decompress the compressed package , double-click **.vmx** The virtual machine file can be opened , No installation required
- kali The default user name and password are kali
- You can also use ios Image file installation
Kali A complete collection of tools ：https://www.kali.org/tools/
The network configuration （ edit — Virtual machine network editor ）：
- Only the host mode setting can better simulate the production environment of software testing , Because you can only connect to the local host , Therefore, the network cannot be connected only in the host mode , Internet and LAN are not good , You can only talk to physical machines .
- NAT The mode calls the outside world through the physical machine ( Of NAT transformation ), It won't occupy more than one LAN IP, By default, external terminals cannot directly access virtual machines . It uses the same network card as the host IP.
- Bridging mode is equivalent to turning the virtual machine into a completely independent computer , It will occupy one of the network segments of the LAN IP Address , And it can communicate with other terminals in the network segment , Visit each other .
- In the case of campus network , Using the bridge mode will lead to the equivalent of two computer devices logging into the campus network . There will be new validation , If there is no new account to verify , It will lead to no access to the Internet .
- In terms of security NAT The mode is better , It is recommended to use at home NAT Pattern .

docker Guide to quickly build vulnerability shooting range

What is? docker?

Docker Is an open source application container engine , Allows developers to package their applications and dependencies into a portable image , Then post to any popular Linux or Windows On the machine with the operating system , You can also implement virtualization . Containers are completely sandboxed using the sandbox mechanism , There will be no interface between them .

docker The difference with virtual machine

vm Virtual machine is a complete operating system

docker Call hardware resources directly on the host's operating system , Instead of virtualizing operating systems and hardware resources .

docker build DVWA

kali install docker：

sudo apt install -y docker.io

apt yes debian Software package manager of the system (kali and ubuntu Actually, too. debian The branch of )

Examples of use ：

apt install firefox( Install Firefox )
apt remove firefox( Uninstall Firefox )
apt upgrade firefox( Upgrade Firefox )

windows Can I install docker？ Certainly.

https://www.docker.com/products/docker-desktop

by kali To configure docker Accelerator

Alicloud image Accelerator ：https://help.aliyun.com/document_detail/60750.html

sudo mkdir -p /etc/docker
sudo tee /etc/docker/daemon.json <<-'EOF'
{
  "registry-mirrors": ["https://xxxxxxx.mirror.aliyuncs.com"]
}
EOF
sudo systemctl daemon-reload
sudo systemctl restart docker

docker The basic order of ：
 start-up docker service 	systemctl start docker
 List the mirror 		docker images	
 List containers 		docker ps -a    /   docker container ls -a
 delete mirror 		docker rmi [image_id]
 Delete container 		docker rm [container_id]

visit dockerhub Of dvwa Mirror image

1. Download mirroring ：

docker pull vulnerables/web-dvwa

2. Start the container through the image

docker run --rm -it -p 80:80 vulnerables/web-dvwa

-p 80:80 : Put... In the container 80 Port maps to kali Of 80 port （ Web Services ）

 Closed container ：docker stop [container_id]
 Open the container ：docker start [container_id]

Now we enter our... Directly into the website IP The address can be directly entered

We click create and restart database ：

such DVWA It's finished

Exploration of vulnerability utilization

modify request Request parameters to execute commands remotely

Input 127.0.0.1——> Carry out orders ping 127.0.0.1, How to use this website

Input 127.0.0.1 & whoami——> Carry out orders ping 127.0.0.1 Carry out orders whoami——> obtain whoami Command execution results

We can see whoami Result ：www-data（ Low privileged users ）

Vulnapp Range building

https://github.com/Medicean/VulApps

https://hub.docker.com/r/medicean/vulapps

Build the way in each vulnerability README You can check under the file

With Struts2 S2-037 Take vulnerability environment as an example ：
adopt S2-037 Vulnerability environment README file hear tag by s_struts2_s2-037
Get mirror image ：
docker pull medicean/vulapps:s_struts2_s2-037
If the acquisition speed is slow , Recommended China University of science and technology Docker Mirrors Or use Alibaba cloud Mirrors( Accelerator )
Create and start the container
docker run -d -p 80:8080 medicean/vulapps:s_struts2_s2-037
visit http://127.0.0.1/ You can access the launched s2-037 Environmental Science , Take it out quickly exp Try the tool .

Completion of construction ：

Vulfocus Range building

1. adopt docker Pull the mirror image vulfocus/vulfocus

docker pull vulfocus/vulfocus:latest

2. Open the range

docker create -p 80:80 -v /var/run/docker.sock:/var/run/docker.sock -e VUL_IP=172.17.0.1 vulfocus/vulfocus

Parameter Introduction ：
Be careful ： There are pits here. (-p The port of the pencil represents the port of the physical machine , The rear port is docker port )
-v /var/run/docker.sock:/var/run/docker.sock by docker Interactive connection
unix://var/run/docker.sock Connect , It can also be done through tcp://xxx.xxx.xxx.xxx:2375 Connect （ It has to be open 2375 port ）
-e VUL_IP=xx.xx.xx.xx by Docker The server IP, Not for 127.0.0.1

3. The above steps only add docker Containers , Not started , By order docker container start Take the container given by the above command id The first four are enough

4. At this time, the shooting range opens, and the browser accesses ip Add 88 The port can be opened