Northern Kentucky University



CIT 480: Securing Computer SystemsLab #0: SetupName: _____________________1: Starting vSphere Client for WindowsThis perform this lab, you need to use the VMware vSphere Client for Microsoft Windows. On NKU Windows machines, this client should already be installed. If you have a Windows 7 machine, you can install this software on your own machine. The software may or may not work on Windows 8. It does not work on Windows 10, Linux, or MacOS.If you are using a computer that does not or cannot use the vSphere Client software, you will need to perform the following steps to gain access to the software:If you are not on campus, make a VPN connection to NKU. If you have not done this before, point your browser to to install and start and the VPN client.Start the VMware Horizon Client software. If you do not have the Horizon Client, you can install it from the Horizon Client software, connect to the server view.nku.edu.The server will offer multiple types of virtual machines for you to use. Double click on the NKU Labs option.Login to the Windows 7 virtual machine with your NKU Windows account credentials.Find the VMware submenu under the Start menu, then start the VMware vSphere Client.VMware vSphere Client will bring up a login dialog with three text entry field. In the top field, labeled IP address/Name, enter coivcenter1.hh.nku.edu. Login using your NKU Windows username and password. Note that your Windows username must be preceded by the domain prefix nku, so that you will enter nku\yourwindowsusername for username.The vSphere Client will bring up a Security Warning dialog box. Check the checkbox to install the certificate, then click on Ignore. This warning box is the result of NKU using a self-signed certificate for vSphere. The warning dialog will be replaced by a window and two dialog boxes. Click OK to accept the Message of the Day, then once again ignore the certificate warning in the second Security Warning dialog box. Even if the Message of the Day dialog box appears under the Security Warning dialog, you must click on OK first before you will be able to complete the Security Warning dialog.2: Starting your Kali VM in vSphere Client for WindowsUnder the Inventory pane, click on VMs and Templates. This will change the layout of the window. To find your VM, look in the left pane. There will be a single item labeled COIVCENTER1.hh.nku.edu with a plus icon on its left. Click on the plus icon to open that level of the directory tree, and keep on opening plus icons until you find a CIT 480-NNN where NNN is your section number. Open that folder and you should find a folder with your username. This folder should contain three virtual machines, all of whose names will end with your NKU username. These virtual machines are running the following operating systems and should contain the name of the operating system in their vSphere names.Kali 2.0 LinuxMetasploitable 2Windows XP SP2Click on the Kali Linux VM. This is a Kali Linux virtual machine on which we will run most of our security tools for labs and the security assessment. This click will update the pane to the right of the directory tree that we've been navigating. The updated pane will have several panes. Click on the Summary pane and look for the Annotations box. You may have to scroll down to view the Annotations.The Annotations will contain the username and password you need to login to the VM, along with an assigned IP address. As part of this lab, you will need to configure your Kali VM to use this assigned IP address. If the assigned IP address is missing, contact Charlie Bowen (bowenc@nku.edu) for help. If the username and/or password is missing, contact your instructor.2: Setting the IP address in Kali LinuxWhile mobile devices like laptops are easiest to use with dynamic IP addresses via DHCP, servers typically have static IP addresses. To enable your VMs for this class to use the network, you will need to set the static IP address to the value shown in the VM annotations. Debian-based Linux distributions, such as Kali and Ubuntu Linux, store their network configuration information in the file /etc/network/interfaces.Before making any changes, backup the configuration file. Always backup configuration files before modifying them. You will regret it if you don't.# cd /etc/network# cp -p interfaces interfaces.distNote the typographical conventions used in these labs. The root shell prompt is designated by #, so be sure that you execute those commands as root. A non-root shell prompt is designated by $. Names of files and commands are shown in the Consolas font, while normal text is shown in Times New Roman.Disable NetworkManager before editing any files.# systemctl stop NetworkManager.service# systemctl disable NetworkManager.serviceWe will edit the network configuration file to change it from DHCP to a static IP address.# vim interfaces# service networking restartWhen using vim to edit the configuration file, you will see the loopback network interface configuration at the top of the file. Do not change the loopback configuration.auto loiface lo inet loopbackBelow that is the primary network interface, eth0, which may be completely absent or may be configured to receive an IP address using DHCP with a stanza like this:auto eth0iface eth0 inet dhcpReplace any existing eth0 configuration with a static IP configuration, replacing KALI_IP below with the static IP found from the VM annotations:auto eth0iface eth0 inet static address KALI_IP netmask 255.255.252.0 gateway 10.2.242.1For DNS to work, you will also need to replace the file /etc/resolv.conf. Remove the existing file then create a file with the following two lines:nameserver 172.28.102.11nameserver 172.28.102.13For the new configuration to take effort, you need to reboot your VM:# reboot2.1: After logging in again, check what is your IP address? Is it your assigned static IP address? If not, go back to the commands above and find what went wrong.# ifconfig -a26670647700 2.2: Verify connectivity with static IP address. Include command output below. We'll check DNS functionality with the dig command, which should show the IP addresses for . If we get the correct IP address and not an error, then check that we can connect to by using the ping command. If you receive any errors from a command, stop with that command, then check your interfaces file, fix errors, then reboot and retry this step. # dig # ping -c 3 26670704850 3: Setting the IP address in Metasploitable 2Repeat the procedure above on your Metasploitable VM. You will not need to disable Network Manager, as it does not exist on this VM. The interfaces file will be slightly different on this machine as it runs a very old version of Ubuntu Linux. Once again, only change the part that begins with “iface eth0”. Changing anything above that line will result in your machine being unable to access the network. The DNS configuration file will be the same as it was for Kali.This VM runs Metasploitable 2, a deliberately insecure version of Linux designed for testing the Metasploit exploitation framework, which is installed on your Kali VM. Login to this machine with the credentials specified on the login screen, then use the command sudo -s to obtain a root shell. 4: Setting the IP address in Windows XPUse the control panel from the Start menu to set the IP address on the Windows XP VM. This VM is an insecure version of Windows XP Service Pack 2 that we will use for testing security tools like Metasploit. After setting the VM, reboot it and verify that the changes are permanent. Power off this VM once this section is complete.5: Remote Access to Your VM: ssh and sftpIn this class, we only use the slow vSphere user interface to access our VMs when we need to use the GUI. Instead, we will often use remote access commands like ssh and sftp to access them.5.1: On your Kali VM, enable the ssh network service to start on next boot, then reboot the VM.# systemctl enable ssh# vim /etc/ssh/sshd_config# reboot5.2: After the Kali VM has rebooted, use your Metasploitable VM to make an ssh connection to your Kali VM. Use ssh on the command line to login to your Kali VM with the command below, replacing KALI_IP with the actual IP address of your VM.msfadmin@metasploitable:~$ ssh root@KALI_IP5.3: In your ssh session, run lsof once to see what network services are available (ssh should be the only TCP service; all others will be UDP) and then save the output of lsof to a file named lsof.txt.# lsof -i# lsof -i > lsof.txtLog out of your ssh session, then use the sftp (Secure File Transfer Protocol, which is part of SSH) command to retrieve the file created for the previous question. Once you connect to a machine with sftp, you will be presented with the sftp> prompt. At this prompt, you can type a variety of commands, including help, which will display a list of all possible commands. These commands include most of the traditional FTP commands, such as get to download files and put to upload files.The primary commands you will need to use are ls to list files, get to download files, and put to upload files. Retrieve the lsof.txt file, then copy and paste the contents of that file into the box below.msfadmin@metasploitable:~$ sftp root@KALI_IPsftp> helpsftp> lssftp> get lsof.txtsftp> quit$ cat lsof.txt266702984506: Submitting the LabA printed copy of this is due at the beginning the next class period. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download