Wednesday, November 17, 2010

HOWTO : Setting up a Penetration environment with VirtualBox

*** CAUTION : This tutorial is written for Penetration Test only. Otherwise, you may be arrested if you attack/intrude any other network/computer without authorization. ***

Software :
Back|Track 4 R1
Ubuntu 10.10 Desktop
VirtualBox 3.2.10 r66523

Hardware :
Lenovo ThinkPad X200 with 4GB RAM and 80GB SSD

Lenovo ThinkPad X200 is installed Ubuntu 10.10 Desktop edition. On which, installs VirtualBox.

Go to the Oracle VM VirtualBox site to download the VirtualBox :
http://dlc.sun.com/virtualbox/vboxdownload.html#linux

(A) Create Back|Track virtual machine :

Select at least 8GB virtual hard drive place and 512MB RAM for the Back|Track. The first network adapter is set to "NAT" while the second is set to "Host-Only".

Boot up Back|Track from the VirtualBox and click on "install.sh" to install Back|Track.

Login for further setting. The username is "root" and the password is "toor".

Step 1 :

After the installation, you may execute the following command to fix the screen size to 800x600.

fix-splash800

Then, change the password of the root when necessary. Otherwise, the username is "root" while the password is "toor".

Execute the following command to make Back|Track to start network interface and X.org when bootup each time.

kate /root/.bash_profile

Append the following lines :

start-network
startx


Step 2 :

To install VirtualBox Additions when necessary via "Konqueror" -- "Storage Media" -- "media:/hdc".

bash VBoxLinuxAdditions-x86.run

Step 3 :

apt-get -y update
apt-get -y upgrade


Step 4 :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "Fast Track". Select "Fast-Track Interactive" and choose "1".

Step 4a :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "ExploitDB". Select "Update Exploitdb".

Step 4b :

Go to "Menu" -- "BackTrack" -- "Penetration" -- "Social Engineering Toolkit". Select "S.E.T-Update".

Step 5 :

At the terminal, execute the following command :

airodump-ng-oui-update

Step 6 :

Go to "Menu" -- "BackTrack" -- "Vulnerability Identification" -- "OpenVAS" -- "OpenVAS NVT Sync".

Step 7 :

Update the Add-ons of Firefox.

Step 8 :

apt-get -y install crark
apt-get -y install wbox
apt-get -y install vlc


Step 9 :

Update the Framework. However, it will take several hours.

cd /pentest/exploits/framework3/
svn up


Step 10 :

Reboot the system.

(B) Create Metasploitable virtual machine (Optional)

Go to the following link to download the "Metasploitable" which is an Ubuntu 8.04 server with some flaws.

http://blog.metasploit.com/2010/05/introducing-metasploitable.html

Set the downloaded Metasploitable as virtual hard drive at VirtualBox. The network adapter is set to "Host-Only". The virtual hard disk space is at least 8GB and 512MB RAM for the Metasploitable.

(C) The final

Now, the IP address of eth0 of Metasploitable is similar to 192.168.56.101. The IP address of eth0 and eth1 of Back|Track are similar to 10.0.2.15 and 192.168.56.102 respectively.

You may require to execute the following command at Back|Track in order to see the two network interfaces and their IPs.

/etc/init.d/networking restart

Back|Track can access (or ping) Metasploitable via IP address. Back|Track can surf the internet but Metasploitable cannot.

At last, your penetration environment is set up.

(D) Free Tutorials

(1) Metaploit Unleashed
(2) Fast-Track
(3) Social-Engineer Tootkit
(4) Got Milk?
(5) How to Metasploit Beginner to Advanced (Video)

(E) Non-free Training

Offensive Security

(F) Resources

(1) Exploits Database
(2) Metaploit Blog
(3) Offensive security Blog
(4) Yet another Back|Track in Gnome
(5) Metasploit

That's all! See you.