LabMan2ndEd Setup v2
Content
Setting Up The Lab
This document is provides the steps for setting up virtual machines for use with
the Principles of Computer Security CompTIA Security+ and Beyond. There are a
number of virtual platforms such as VMWare, Virtual PC, Xen, Parallels, and Virtual
Box. The instructions for setting up the environment do not address steps specific to any
single platform. The lab technician who prepares the machines for the lab exercises will
need to be familiar with the particular brand of virtualization in their environment and
configure it as appropriate.
The lab exercises are written for both a Windows and Linux environment. There
are several lab exercises in which both environments are required so it is recommended
that you set up all 4 virtual machines.
The letter w, l, m or I designate the lab environment required for each lab exercise
in the title. The letter “w” is for a Windows environment, “l” is for the Linux
environment, “m” is for a mixed environment, and “i” is for the host computer or any
other computer that has Internet access. So for example, Lab 3w would require the
Windows environment and Lab 3l would require the Linux environment.
Windows Setup – the w labs
The Windows environment consists of 2 PCs, one with Windows XP Professional
and one with Windows 2003 Server. In general, the Windows XP PC will be the
client/attacking machine and the Windows 2003 Server will be the server/target machine.
Linux Setup – the l labs
The Linux environment consists of 2 PCs, one with BackTrack4 (client/attack)
and the other with Metasploitable (server/target). In general, the BackTrack will be the
attacking machine and the Metasploitable will be the target machine.
Mixed Setup – the m labs
The mixed environment will have PCs from both environments. Usually this
environment uses the Linux server as an SSH, DNS or mail server.
Host Setup – the i labs
There are several lab exercises that require an Internet connection. These can be
done from the PC that is hosting the Virtual Machines or they can be done from any PC
that has Internet access.
1 of 18
Setting Up Windows XP SP1
Steps at a Glance
To setup the your computer(s) for working with the lab manual you will have to
• Download and gather required software
• Setup the host machine and ensure minimum requirements
• Setup the virtual machine
• Install Windows XP SP1
• Configure the Windows XP SP1
• Add other software to the tools folder
Download and Gather Required Software
Before beginning the install, make sure you have all the necessary software to complete
the setup. The following is a list of the software needed for the setup. If you are also
setting up the other virtual machines, you may want to download the software for them as
well at the same time. Refer to the later section for the other lists of software to
download.
These files are required for configuring the virtual machine:
Windows XP SP1
Check with your IT Staff about getting the software and licenses
WindowsXP-KB817778-x86-ENU http://support.microsoft.com/kb/817778
(IPv6 Patch)
nmap-5.21-setup
http://nmap.org/download.html
wireshark-win32-1.2.8
http://www.wireshark.org/download/win32/all-versions/
7z465
http://sourceforge.net/projects/sevenzip/files/7-Zip/
Caine-Live
http://www.caine-live.net/Downloads/caine1.5.iso
Secondary_harddrive with
http://www.securitylabmanual.com/files/
Suspect_image.e01
These file go in the the Desktop/tools folder you will create later in the setup:
Spynet
http://packetstormsecurity.org/files/view/10813/spynet312.exe
Camoflague
http://camouflage.unfiction.com/Download.html
Service Pack 3
http://support.microsoft.com/?kbid=936929
Snort 2_8_6_1
http://www.snort.org/snort-downloads
WinPcap 3.0
http://www.winpcap.org/install/default.htm
WinPT
http://www.securitylabmanual.com/files/
Putty
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
WinSCP
http://winscp.net/eng/download.php
2 of 18
Setup Host Machine
There are a number of different ways to deploy virtual machines. The
following requirements are for a single host running software such as
VMware Workstation, VMware Player, or Virtual PC.
Minimum Requirements
CPU – 1.3 GHz or faster (Pentium Core or better recommended)
RAM – 2 GB (4 Gig Recommended)
HD -- 20 GB of free space
Setup the Virtual Machine
The virtual machine for the XP installation will need the following:
1. Use at least a 10 GB partition for the C Drive.
2. Create a second hard drive at least 100MB. (The file name “suspect_image” will
go in this drive.)
3. The RAM should be set for at least 512 MB.
4. You will need to set up the networking for “host only” so that no traffic from the
virtual environment can make it to the actual network.
5. You may also want to disable any file sharing or copying and pasting of files to
and from the virtual machine. Some of the software on the virtual machines is
considered malicious code and should not leave those machines. If you are unsure
of how to do this, please refer to the support provided by the vender of your
virtualization product.
NOTE: You need XP SP1 for this install. XP SP1 has several vulnerabilities that are
used to demonstrate the need for proper patching and updating. If you use a later
distribution, some labs may not work.
Install Windows XP Professional SP1
Mount the Windows XP SP 1 CD and begin the install.
1) On the Welcome to Setup screen, press Enter.
2) On the End User License Agreement screen, press F8.
3) On the Partition screen, accept the defaults by pressing Enter.
3 of 18
4) On the next screen, select Format the Partition Using the NTFS File System and
press Enter. When the computer is done formatting, it will reboot and go into the
GUI portion of the installation
5) On the Regional and Language Options screen, click Next.
6) On the Personalize Your Software screen, type Security Student in the Name box.
7) In the Organization box, type Computer Security and click Next.
8) On the Your Product Key screen, type your product key and click Next.
9) View the Computer Name and Administrative Password screen:
a) In the Computer Name: box, type winxppro.
a) In the Password box type, password.
b) In the Confirm Password box type, password.
c) Click Next.
10) On the Date and Time Settings screen, set the correct date and time and select the
appropriate time zone. Click Next.
11) On the Network Settings screen, select Custom Settings and click Next.
12) On the Networking Components screen, select Internet Protocol (TCP/IP) and
click Properties.
13) On the Internet Protocol (TCP/IP) Properties screen, select Use the Following IP
Address.
14) In the IP Address box, type 192.168.100.101
15) In the Subnet Mask box, type 255.255.255.0
16) In the Default Gateway box, leave blank
17) In the Preferred DNS Server box, type 192.168.100.102
18) Click Ok.
19) Click Next.
20) On the Workgroup or Domain screen, click Next.
4 of 18
a) The installation will complete and the computer will reboot.
21) On the Welcome to Microsoft Windows screen, click Next.
22) On the How Will This Computer Connect to the Internet? Screen, click Skip.
23) On the Ready to Activate Windows? screen select No, remind me every few days,
and click Next.
24) View the Who Will Use This Computer? screen
a) In the Your Name: box, type Admin
b) In the 2nd User: box, type labuser
c) In the 3rd User: box, type labuser2
d) Click Next.
25) On the Thank You screen, click Finish.
26) On the Log in screen, click Admin.
Set Internet Explorer’s page to blank.
1)
2)
3)
4)
5)
Click Start > Internet Explorer.
On the menu bar click Tools > Internet Options
On the General tab, under Home page, click the Use Blank Button.
Click OK.
Close Internet Explorer.
Installing Additional Software
Virtual Machine Tools
Install the virtual machine tools for your particular platform. These tools add mouse
functionality and improved video display, among other things. Check your
documentation for this information.
Installing the Advanced Networking Patch (IPv6)
1. In the Software Installation folder, double click WindowsXP-KB817778-x86ENU.
2. Click Next and Agree to the Terms of service and then click Next.
3. Click Finish and let the computer restart.
5 of 18
Nmap – Zenmap
1. In the Software Installation folder, double click nmap-5.21-setup.
2. Click I Agree and click Next. (Notice it will include WinPcap 4.1.1 which is
needed for other programs as well.)
3. Continue to click Next until the end of the installation. Default settings are fine
for this setup.
Wireshark
1.
2.
3.
4.
In the Software Installation folder, double click wireshark-win32-1.2.8.
Click Next and click I Agree to the Terms of service.
Verify that all of the boxes are ticked and click Next.
Uncheck the Quick Launch Icon checkbox and check the Desktop Icon
checkbox, then click Next.
5. Continue to click Next until the window shows to install WinPcap. Make sure the
checkbox is not checked and click Install. (This was installed with Nmap)
6. When the setup is complete, click Next and then click Finish.
7 Zip
1. In the Software Installation folder, double click 7z465.
2. Click Install and after the setup copies files, click Finish.
Create a Tools Folder on the desktop and put the following installer files in it:
File
URL
Winpcap3.0.exe
Snort 2_8_6_1
Camouflage
WinPT
Putty
WinSCP
Service Pack 3
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
http://support.microsoft.com/?kbid=936929
Required for
Lab Exercise
9.2
9.2
6.3
8.1
8.2
8.3
7.1
Suspect_image file
You should have created a second hard drive of at least 100 MB. Format the drive and
put the file called suspect_image on the drive.
Take a snap shot.
6 of 18
When you are done configuring the virtual machine, make sure to take a snapshot of the
base image. You should do this for all of the virtual machines when they are deployed so
that if a student makes a change, it will be easy to revert back to the original state which
all the labs depend upon.
7 of 18
Setting up the Windows 2003 Server
Steps at a Glance
To setup the your computer(s) for working with the lab manual you will have to
• Download and gather required software
• Setup the host machine
• Setup the virtual machine
• Install Windows Server 2003
• Configure the Windows Server 2003
• Add other software to the tools folder
Download and Gather Required Software
File
Winpcap3.0.exe
Snort 2_8_6_1
McAfee_Antispyware_Trial
McAfee_VirusScan_Trial
Camouflage
WinPT
fakedel
URL
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
Lab
9.2
9.2
7.2
7.2
6.3
8.1
5.3
Secondary_Harddrive
www.securitylabmanual.com/files/
10.1
Setup Host Machine
There are a number of different ways to deploy virtual machines. The
following requirements are for a single host running software such as
VMware Workstation, VMware Player, or Virtual PC.
Minimum Requirements
CPU – 1.3 GHz or faster (Pentium Core or better recommended)
RAM – 2 GB(4 GB Recommended)
HD – 20 Gig of free space
Setting Up the Virtual Machine
1. Use at least a 10 GB partition for the C Drive.
2. The RAM should be set for at least 512 MB but 1 GB is recommended
3. You will need to set up the networking for “host only” so that no traffic from the
virtual environment can make it to the actual network.
8 of 18
location
Tools
Tools
Tools
Tools
Tools
Tools
Wwwroot,
renamed as
update.exe
D drive
4. You may also want to disable any file sharing or copying and pasting of files to and
from the virtual machine. Some of the software on the virtual machines is considered
malicious code and should not leave the machines. If you are unsure of how to do this,
please refer to the support provided by the vender of your virtualization product.
5. You will need to mount the SecondaryHarddrive image as the D drive. (This file is
used only for lab 10.1 and 10.2)
Mount the Windows Server 2003 Standard CD and begin the install.
1) On the Welcome to Setup screen, press Enter to continue
2) On the Windows Licensing Agreement, press F8 to continue
3) On the Windows Server 2003 Setup Screen, press C to create a new partition
4) On the next screen, press Enter to accept the default.
5) On the next screen, make sure “Format Partition Using the NTFS file System” is
selected. Press Enter to continue.
Windows 2003 will begin to install partition and format the drive. It will then begin to
copy the files needed for the rest of the install.
The next portion of the install will take a bit of time depending on your processor speed.
6) On the Regional and Language Options Screen click Next
7) On the Personalize Your Software screen
a) Name – Computer Security Student
b) Organization – Computer Security
c) Click Next.
8) On the Product Key Screen, enter in your product key and click Next
9) On the Licensing Modes Screen accept the default (per server – 5) and click Next.
NOTE: You will have to activate the installation later. This process will vary
depending on your licensing agreement. Contact your network administrator if you
are unsure of this process.
10) On the Computer Name and Administrative Password Screen
a) Computer Name – WIN2K3SERV
9 of 18
b) Administrative password – adminpass (This is an extremely weak password but
is being used only for educational purposes and will be changed later in the labs)
c) Confirm password - adminpass
d) Click Next
e) When prompted “Are you sure you want to continue with the current password?”
click Yes.
11) On the Date and Time screen, enter the correct date and time as well as your time
zone and click Next
12) On the Networking Settings screen select Custom Settings and click Next
13) On the Networking Components screen Select Internet Protocol and then click on
Properties
14) On the Internet Protocol screen select Use the Following IP Address
a) IP address – 192.168.100.102
b) Subnet Mask – 255.255.255.0
c) Default Gateway – blank
d) DNS – 192.168.100.202
e) Click OK
f) Click Next.
15) On the Workgroup or Computer Domain Screen, click Next
16) The Completing the Windows 2003 Setup Wizard will show when the installation
is complete
17) Click on Finish
18) The Windows 2003 Login Screen will appear.
a) Press the Right Alt + Del key (not Ctrl +Alt + Del)
b) Username – Administrator
c) Password – adminpass
d) Click OK
19) When the Server has completed booting up you will get Manage Your Server
Screen.
a) Check the box next to Don’t Display This Page at Logon and close the screen.
10 of 18
NOTE: You may need to install the virtualization tools for your particular platform.
These tools enhance the interaction with the virtual machine (improved display and
mouse performance). Refer to your virtualization software documentation.
Configure the Windows Server 2003
1) Click Start, Control Panel, Add or Remove Programs
2) Click Add/Remove Windows Components
3) On the Windows Components screen, select Application Server and click Details
4) Select Internet Information Services and click Details
a) Check File Transfer Protocol Service
b) Internet Information Service Manager
c) World Wide Web Service
d) Click OK
5) Click OK again
6) Click Next
7) On the Completing Windows Components Wizard screen, click Finish.
8) Rename fake_del.exe to update.exe
9) Copy update.exe to the C:\inetpub\wwwroot\ directory
Configure the FTP server
1) Click Start, Administration Tools, Internet Services Manager.
2) Expand Win2K3Serv
3) Expand FTP Sites
4) Right click Default FTP Site and select Properties.
5) Select the Home Directory tab
6) Change the local path to c:\inetpub\wwwroot
7) Check the Write box
8) Click OK
9) Click OK to Override.
11 of 18
10) Click OK.
11) Close Internet Information Services Manager.
Currently the only accounts available on this virtual machine are the administrator
account and the guest account, which is disabled. Let’s now create a user account.
1) Click Start, right click My Computer and click on Manage.
2) In the Tree pane of Computer Management window click on Local Users and
Groups
3) Right click Users folder and select New User
4) In the New User window
a) In the User Name: box type labuser
b) In the Full Name: box type Lab user
c) In the Description: box type User account for lab exercises
d) In the Password: box type password
e) In the Confirm Password: box type password
f) Select User cannot change password
g) Select Password never expirers
h) Click Create
i) Click Close
5) Close computer management
12 of 18
Additional Software
Download and place the files in the location indicated.
File
Winpcap3.0.exe
Snort 2_8_6_1
McAfee_Antispyware_Trial
McAfee_VirusScan_Trial
Camouflage
WinPT
fakedel
URL
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
Lab
9.2
9.2
7.2
7.2
6.3
8.1
5.3
Keylog5
Nbserv-2.5
Littlesister.de
http://packetstormsecurity.org/files/view/15727/nbpro21
0.exe
10.1
13 of 18
location
Tools
Tools
Tools
Tools
Tools
Tools
Wwwroot,
renamed as
update.exe
D drive
Linux Machine Setup
Materials necessary
•
•
•
•
Base computer with Virtual machine software
A Bit torrent client (The official client at http://www.bittorrent.com/ is fine)
Metasploitable
BackTrack
(2)Steps at a Glance
• Download Metasploitable and BackTrack
• Install the Metasploitable base machine
• Download the linuxadditions.iso
•
•
•
•
•
Install the Backtrack machine
Setup User accounts
Setup DNS
Setup Web
Setup Mailserver
Download: Metasploitable and BackTrack images and the
linuxaddtions.iso
1) Download the bit torrent files for metasploitable and backtrack from the following
locations http://www.securitylabmanual.com/files.
2) Use both files to download the metasploitable and backtrack images.
3) Download the linuxadditions.iso from
http://www.securitylabmanual.com/files/linuxadditions.iso
Install the Metasploitable base machine.
1) Put the Metasploitable.zip file in the directory you will be storing the virtual
machines.
2) Unzip the file.
3) If you are using VMware you will can simply double click the metasploitable.vmx
file and the machine will start up. If you are using a platform other than VMware you
will need to refer to your virtualization documentation for the procedures to convert
the image to the required format.
4) Login, The userid is msfadmin and the password is msfadmin.
NOTE: Ubuntu is designed following best practices, which include that a user does
not directly login as root. Instead, a user logs in as a user in the group admin and then
would use sudo to become root. On the metasploitable machine, the msfadmin
account is a member of the group admin.
14 of 18
To follow all the commands below you will:
login as msfadmin and then run sudo su - and then enter the password of
msfadmin.
5)
Setup the network configuration.
NOTE: An easy to use text editor is pico. To edit files type pico /path/to/file. Or use
another editor of your choice such as vi.
Edit the file: /etc/network/interfaces
remove: iface eth0 inet dhcp
Add:
iface eth0 inet static
address 192.168.100.202
netmask 255.255.255.0
network 192.168.100.0
a) We will change the hostname to linuxserv, by changing the file /etc/hostname
echo "linuxserv" > /etc/hostname
b) Edit the file: /etc/resolv.conf
Change the file to being just:
search security.local
nameserver 192.168.100.202
Install the Backtrack base machine.
1) Put the bt4-final-vm.zip file in the directory you will be storing the virtual machines.
2) Unzip the file.
3) If you are using VMware you will simply double click the bt4-final-vm.vmx file and
the machine will start up. If you are using a platform other than vmware you will
need to refer to your virtualization documentation for the procedures to convert the
image to the required format.
Once the machine is up, we will setup the network interfaces and the hostname.
1)
Login: user root password toor.
2) You need to copy the file hashes.txt to /pentest/passwords/jtr The file is on the
linuxadditions.iso.
3) Connect to the linuxadditions.iso file in VMWare.
i) Ie. Virtual Machine > CD/DVD > Choose image > navigate to your
linuxadditions.iso file
ii) Be sure to click on Virtual Machine > CD/DVD > Connect
4) To mount the CD in Backtrack
i) Type mount /media/cdrom
5) To copy the hashlist.txt file
15 of 18
type cp /media/cdrom/backtrack/hashes.txt /pentest/passwords/jtr/
6)
Setup the network configuration.
Edit the file: /etc/network/interfaces
addreUnder auto eth0
7)
remove: iface eth0 inet dhcp
Add: iface eth0 inet static
address 192.168.100.201
netmask 255.255.255.0
network 192.168.100.0
a) Comment out the remaining lines for (eth1 eth2 ath0 wlan0) by placing a # as the
first character.
Change the hostname to linuxcl, by changing the file /etc/hostname
Type echo "linuxcl" > /etc/hostname
8)
Edit the file: /etc/resolv.conf
Modify the following lines
search security.local
nameserver 192.168.100.202
Create User Accounts
The labs depend upon having the accounts labuser and labuser2. Run the following
commands on both the metasploitable machine (linuxserv) and the backtrack
machine.
1)
2)
3)
4)
5)
6)
useradd -m -s /bin/bash labuser
passwd labuser
Create the password of “password”
useradd -m -s /bin/bash labuser2
passwd labuser2
Create the password of “password”
Setup DNS on the Metasploitable Machine
At this point we need to create the DNS for the virtual machines.
1) The dns configuration is in the directory /etc/bind
You will comment out the global items and add the security.local lines
2) Edit the file /etc/bind/named.conf
comment out: (add // to the beginning of the line)
//prime the server with knowledge of the root servers
//zone "." {
// type hint;
// file "/etc/bind/db.root";
//};
3) Edit the file /etc/bind/named.conf.local
16 of 18
At the end of the file you will add
zone “security.local” {
type master;
file “/etc/bind/db.security.local”;
};
zone “100.168.192.in-addr.arpa” {
type master;
file “/etc/bind/db.100.168.192“;
}
4)
Create the file /etc/bind/db.security.local.
Type cp /etc/bind/db.local /etc/bind/db.security.local and then edit it to the
following.
;
; BIND data file for domain security.local
;
$TTL 604800
@ IN SOA security.local. root.securitylocal. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN
NS
linuxserv.security.local.
@ IN
A
127.0.0.1
@ IN
AAAA
::1
winxppro IN
win2k3serv
linuxcl IN
linuxserv
5)
A
IN
A
IN
192.168.100.101
A
192.168.100.102
192.168.100.201
A
192.168.100.202
Create the file /etc/bind/db.100.168.192 should be created.
Type cp /etc/bind/db.255
as below) db.100.168.192
/etc/bind/db.100.168.192
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
101 IN PTR winxppro.security.local.
102 IN PTR win2k3serv.security.local.
201 IN PTR linuxcl.security.local.
202 IN PTR linuxserv.security.local.
6)
Stop and restart DNS with the commands:
Type /etc/init.d/bind9 stop
* Stopping domain name service... bind
...done.
17 of 18
and then edit the file to be
Type /etc/init.d/bind9 start
* Starting domain name service... bind
...done.
Test DNS by typing nslookup winxppro. If you have an error,
type cat /var/log/syslog and correct errors that are indicated.
Setup Web Site
1) Attach and connect the linuxadditions.iso to the metasploitable machine.
2) Copy and unzip the wwh file in the /var/www directory
a) Type cp /media/cdrom/metasploitable/wwh-0.2.8.zip /var/www
b) In the /var/www directory type unzip wwh-0.2.8.zip
3) Next, type mysqladmin -u root -p create wikihelp
a) When prompted for password, type root
4) Type mysql –u root –p wikihelp < /var/www/wwh/sql/wikihelp.sql
The wikihelp site should now be up.
To test the site, connect to it from one of the other VMs with a browser pointed to
http://linuxserv/wwh
Setup Email
Edit /etc/postfix/main.cf
set mydestination = localhost, linuxserv, linuxserv.security.local,
security.local
This completes the setup. Be sure to take snapshots of the virtual machines once you have
completed the install.
Please send questions to [email protected].
Check www.securitylabmanual.com for updates, new lab exercises, errata and other
resources to support the security curriculum.
18 of 18
This document is provides the steps for setting up virtual machines for use with
the Principles of Computer Security CompTIA Security+ and Beyond. There are a
number of virtual platforms such as VMWare, Virtual PC, Xen, Parallels, and Virtual
Box. The instructions for setting up the environment do not address steps specific to any
single platform. The lab technician who prepares the machines for the lab exercises will
need to be familiar with the particular brand of virtualization in their environment and
configure it as appropriate.
The lab exercises are written for both a Windows and Linux environment. There
are several lab exercises in which both environments are required so it is recommended
that you set up all 4 virtual machines.
The letter w, l, m or I designate the lab environment required for each lab exercise
in the title. The letter “w” is for a Windows environment, “l” is for the Linux
environment, “m” is for a mixed environment, and “i” is for the host computer or any
other computer that has Internet access. So for example, Lab 3w would require the
Windows environment and Lab 3l would require the Linux environment.
Windows Setup – the w labs
The Windows environment consists of 2 PCs, one with Windows XP Professional
and one with Windows 2003 Server. In general, the Windows XP PC will be the
client/attacking machine and the Windows 2003 Server will be the server/target machine.
Linux Setup – the l labs
The Linux environment consists of 2 PCs, one with BackTrack4 (client/attack)
and the other with Metasploitable (server/target). In general, the BackTrack will be the
attacking machine and the Metasploitable will be the target machine.
Mixed Setup – the m labs
The mixed environment will have PCs from both environments. Usually this
environment uses the Linux server as an SSH, DNS or mail server.
Host Setup – the i labs
There are several lab exercises that require an Internet connection. These can be
done from the PC that is hosting the Virtual Machines or they can be done from any PC
that has Internet access.
1 of 18
Setting Up Windows XP SP1
Steps at a Glance
To setup the your computer(s) for working with the lab manual you will have to
• Download and gather required software
• Setup the host machine and ensure minimum requirements
• Setup the virtual machine
• Install Windows XP SP1
• Configure the Windows XP SP1
• Add other software to the tools folder
Download and Gather Required Software
Before beginning the install, make sure you have all the necessary software to complete
the setup. The following is a list of the software needed for the setup. If you are also
setting up the other virtual machines, you may want to download the software for them as
well at the same time. Refer to the later section for the other lists of software to
download.
These files are required for configuring the virtual machine:
Windows XP SP1
Check with your IT Staff about getting the software and licenses
WindowsXP-KB817778-x86-ENU http://support.microsoft.com/kb/817778
(IPv6 Patch)
nmap-5.21-setup
http://nmap.org/download.html
wireshark-win32-1.2.8
http://www.wireshark.org/download/win32/all-versions/
7z465
http://sourceforge.net/projects/sevenzip/files/7-Zip/
Caine-Live
http://www.caine-live.net/Downloads/caine1.5.iso
Secondary_harddrive with
http://www.securitylabmanual.com/files/
Suspect_image.e01
These file go in the the Desktop/tools folder you will create later in the setup:
Spynet
http://packetstormsecurity.org/files/view/10813/spynet312.exe
Camoflague
http://camouflage.unfiction.com/Download.html
Service Pack 3
http://support.microsoft.com/?kbid=936929
Snort 2_8_6_1
http://www.snort.org/snort-downloads
WinPcap 3.0
http://www.winpcap.org/install/default.htm
WinPT
http://www.securitylabmanual.com/files/
Putty
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
WinSCP
http://winscp.net/eng/download.php
2 of 18
Setup Host Machine
There are a number of different ways to deploy virtual machines. The
following requirements are for a single host running software such as
VMware Workstation, VMware Player, or Virtual PC.
Minimum Requirements
CPU – 1.3 GHz or faster (Pentium Core or better recommended)
RAM – 2 GB (4 Gig Recommended)
HD -- 20 GB of free space
Setup the Virtual Machine
The virtual machine for the XP installation will need the following:
1. Use at least a 10 GB partition for the C Drive.
2. Create a second hard drive at least 100MB. (The file name “suspect_image” will
go in this drive.)
3. The RAM should be set for at least 512 MB.
4. You will need to set up the networking for “host only” so that no traffic from the
virtual environment can make it to the actual network.
5. You may also want to disable any file sharing or copying and pasting of files to
and from the virtual machine. Some of the software on the virtual machines is
considered malicious code and should not leave those machines. If you are unsure
of how to do this, please refer to the support provided by the vender of your
virtualization product.
NOTE: You need XP SP1 for this install. XP SP1 has several vulnerabilities that are
used to demonstrate the need for proper patching and updating. If you use a later
distribution, some labs may not work.
Install Windows XP Professional SP1
Mount the Windows XP SP 1 CD and begin the install.
1) On the Welcome to Setup screen, press Enter.
2) On the End User License Agreement screen, press F8.
3) On the Partition screen, accept the defaults by pressing Enter.
3 of 18
4) On the next screen, select Format the Partition Using the NTFS File System and
press Enter. When the computer is done formatting, it will reboot and go into the
GUI portion of the installation
5) On the Regional and Language Options screen, click Next.
6) On the Personalize Your Software screen, type Security Student in the Name box.
7) In the Organization box, type Computer Security and click Next.
8) On the Your Product Key screen, type your product key and click Next.
9) View the Computer Name and Administrative Password screen:
a) In the Computer Name: box, type winxppro.
a) In the Password box type, password.
b) In the Confirm Password box type, password.
c) Click Next.
10) On the Date and Time Settings screen, set the correct date and time and select the
appropriate time zone. Click Next.
11) On the Network Settings screen, select Custom Settings and click Next.
12) On the Networking Components screen, select Internet Protocol (TCP/IP) and
click Properties.
13) On the Internet Protocol (TCP/IP) Properties screen, select Use the Following IP
Address.
14) In the IP Address box, type 192.168.100.101
15) In the Subnet Mask box, type 255.255.255.0
16) In the Default Gateway box, leave blank
17) In the Preferred DNS Server box, type 192.168.100.102
18) Click Ok.
19) Click Next.
20) On the Workgroup or Domain screen, click Next.
4 of 18
a) The installation will complete and the computer will reboot.
21) On the Welcome to Microsoft Windows screen, click Next.
22) On the How Will This Computer Connect to the Internet? Screen, click Skip.
23) On the Ready to Activate Windows? screen select No, remind me every few days,
and click Next.
24) View the Who Will Use This Computer? screen
a) In the Your Name: box, type Admin
b) In the 2nd User: box, type labuser
c) In the 3rd User: box, type labuser2
d) Click Next.
25) On the Thank You screen, click Finish.
26) On the Log in screen, click Admin.
Set Internet Explorer’s page to blank.
1)
2)
3)
4)
5)
Click Start > Internet Explorer.
On the menu bar click Tools > Internet Options
On the General tab, under Home page, click the Use Blank Button.
Click OK.
Close Internet Explorer.
Installing Additional Software
Virtual Machine Tools
Install the virtual machine tools for your particular platform. These tools add mouse
functionality and improved video display, among other things. Check your
documentation for this information.
Installing the Advanced Networking Patch (IPv6)
1. In the Software Installation folder, double click WindowsXP-KB817778-x86ENU.
2. Click Next and Agree to the Terms of service and then click Next.
3. Click Finish and let the computer restart.
5 of 18
Nmap – Zenmap
1. In the Software Installation folder, double click nmap-5.21-setup.
2. Click I Agree and click Next. (Notice it will include WinPcap 4.1.1 which is
needed for other programs as well.)
3. Continue to click Next until the end of the installation. Default settings are fine
for this setup.
Wireshark
1.
2.
3.
4.
In the Software Installation folder, double click wireshark-win32-1.2.8.
Click Next and click I Agree to the Terms of service.
Verify that all of the boxes are ticked and click Next.
Uncheck the Quick Launch Icon checkbox and check the Desktop Icon
checkbox, then click Next.
5. Continue to click Next until the window shows to install WinPcap. Make sure the
checkbox is not checked and click Install. (This was installed with Nmap)
6. When the setup is complete, click Next and then click Finish.
7 Zip
1. In the Software Installation folder, double click 7z465.
2. Click Install and after the setup copies files, click Finish.
Create a Tools Folder on the desktop and put the following installer files in it:
File
URL
Winpcap3.0.exe
Snort 2_8_6_1
Camouflage
WinPT
Putty
WinSCP
Service Pack 3
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
http://support.microsoft.com/?kbid=936929
Required for
Lab Exercise
9.2
9.2
6.3
8.1
8.2
8.3
7.1
Suspect_image file
You should have created a second hard drive of at least 100 MB. Format the drive and
put the file called suspect_image on the drive.
Take a snap shot.
6 of 18
When you are done configuring the virtual machine, make sure to take a snapshot of the
base image. You should do this for all of the virtual machines when they are deployed so
that if a student makes a change, it will be easy to revert back to the original state which
all the labs depend upon.
7 of 18
Setting up the Windows 2003 Server
Steps at a Glance
To setup the your computer(s) for working with the lab manual you will have to
• Download and gather required software
• Setup the host machine
• Setup the virtual machine
• Install Windows Server 2003
• Configure the Windows Server 2003
• Add other software to the tools folder
Download and Gather Required Software
File
Winpcap3.0.exe
Snort 2_8_6_1
McAfee_Antispyware_Trial
McAfee_VirusScan_Trial
Camouflage
WinPT
fakedel
URL
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
Lab
9.2
9.2
7.2
7.2
6.3
8.1
5.3
Secondary_Harddrive
www.securitylabmanual.com/files/
10.1
Setup Host Machine
There are a number of different ways to deploy virtual machines. The
following requirements are for a single host running software such as
VMware Workstation, VMware Player, or Virtual PC.
Minimum Requirements
CPU – 1.3 GHz or faster (Pentium Core or better recommended)
RAM – 2 GB(4 GB Recommended)
HD – 20 Gig of free space
Setting Up the Virtual Machine
1. Use at least a 10 GB partition for the C Drive.
2. The RAM should be set for at least 512 MB but 1 GB is recommended
3. You will need to set up the networking for “host only” so that no traffic from the
virtual environment can make it to the actual network.
8 of 18
location
Tools
Tools
Tools
Tools
Tools
Tools
Wwwroot,
renamed as
update.exe
D drive
4. You may also want to disable any file sharing or copying and pasting of files to and
from the virtual machine. Some of the software on the virtual machines is considered
malicious code and should not leave the machines. If you are unsure of how to do this,
please refer to the support provided by the vender of your virtualization product.
5. You will need to mount the SecondaryHarddrive image as the D drive. (This file is
used only for lab 10.1 and 10.2)
Mount the Windows Server 2003 Standard CD and begin the install.
1) On the Welcome to Setup screen, press Enter to continue
2) On the Windows Licensing Agreement, press F8 to continue
3) On the Windows Server 2003 Setup Screen, press C to create a new partition
4) On the next screen, press Enter to accept the default.
5) On the next screen, make sure “Format Partition Using the NTFS file System” is
selected. Press Enter to continue.
Windows 2003 will begin to install partition and format the drive. It will then begin to
copy the files needed for the rest of the install.
The next portion of the install will take a bit of time depending on your processor speed.
6) On the Regional and Language Options Screen click Next
7) On the Personalize Your Software screen
a) Name – Computer Security Student
b) Organization – Computer Security
c) Click Next.
8) On the Product Key Screen, enter in your product key and click Next
9) On the Licensing Modes Screen accept the default (per server – 5) and click Next.
NOTE: You will have to activate the installation later. This process will vary
depending on your licensing agreement. Contact your network administrator if you
are unsure of this process.
10) On the Computer Name and Administrative Password Screen
a) Computer Name – WIN2K3SERV
9 of 18
b) Administrative password – adminpass (This is an extremely weak password but
is being used only for educational purposes and will be changed later in the labs)
c) Confirm password - adminpass
d) Click Next
e) When prompted “Are you sure you want to continue with the current password?”
click Yes.
11) On the Date and Time screen, enter the correct date and time as well as your time
zone and click Next
12) On the Networking Settings screen select Custom Settings and click Next
13) On the Networking Components screen Select Internet Protocol and then click on
Properties
14) On the Internet Protocol screen select Use the Following IP Address
a) IP address – 192.168.100.102
b) Subnet Mask – 255.255.255.0
c) Default Gateway – blank
d) DNS – 192.168.100.202
e) Click OK
f) Click Next.
15) On the Workgroup or Computer Domain Screen, click Next
16) The Completing the Windows 2003 Setup Wizard will show when the installation
is complete
17) Click on Finish
18) The Windows 2003 Login Screen will appear.
a) Press the Right Alt + Del key (not Ctrl +Alt + Del)
b) Username – Administrator
c) Password – adminpass
d) Click OK
19) When the Server has completed booting up you will get Manage Your Server
Screen.
a) Check the box next to Don’t Display This Page at Logon and close the screen.
10 of 18
NOTE: You may need to install the virtualization tools for your particular platform.
These tools enhance the interaction with the virtual machine (improved display and
mouse performance). Refer to your virtualization software documentation.
Configure the Windows Server 2003
1) Click Start, Control Panel, Add or Remove Programs
2) Click Add/Remove Windows Components
3) On the Windows Components screen, select Application Server and click Details
4) Select Internet Information Services and click Details
a) Check File Transfer Protocol Service
b) Internet Information Service Manager
c) World Wide Web Service
d) Click OK
5) Click OK again
6) Click Next
7) On the Completing Windows Components Wizard screen, click Finish.
8) Rename fake_del.exe to update.exe
9) Copy update.exe to the C:\inetpub\wwwroot\ directory
Configure the FTP server
1) Click Start, Administration Tools, Internet Services Manager.
2) Expand Win2K3Serv
3) Expand FTP Sites
4) Right click Default FTP Site and select Properties.
5) Select the Home Directory tab
6) Change the local path to c:\inetpub\wwwroot
7) Check the Write box
8) Click OK
9) Click OK to Override.
11 of 18
10) Click OK.
11) Close Internet Information Services Manager.
Currently the only accounts available on this virtual machine are the administrator
account and the guest account, which is disabled. Let’s now create a user account.
1) Click Start, right click My Computer and click on Manage.
2) In the Tree pane of Computer Management window click on Local Users and
Groups
3) Right click Users folder and select New User
4) In the New User window
a) In the User Name: box type labuser
b) In the Full Name: box type Lab user
c) In the Description: box type User account for lab exercises
d) In the Password: box type password
e) In the Confirm Password: box type password
f) Select User cannot change password
g) Select Password never expirers
h) Click Create
i) Click Close
5) Close computer management
12 of 18
Additional Software
Download and place the files in the location indicated.
File
Winpcap3.0.exe
Snort 2_8_6_1
McAfee_Antispyware_Trial
McAfee_VirusScan_Trial
Camouflage
WinPT
fakedel
URL
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
www.securitylabmanual.com/files/
Lab
9.2
9.2
7.2
7.2
6.3
8.1
5.3
Keylog5
Nbserv-2.5
Littlesister.de
http://packetstormsecurity.org/files/view/15727/nbpro21
0.exe
10.1
13 of 18
location
Tools
Tools
Tools
Tools
Tools
Tools
Wwwroot,
renamed as
update.exe
D drive
Linux Machine Setup
Materials necessary
•
•
•
•
Base computer with Virtual machine software
A Bit torrent client (The official client at http://www.bittorrent.com/ is fine)
Metasploitable
BackTrack
(2)Steps at a Glance
• Download Metasploitable and BackTrack
• Install the Metasploitable base machine
• Download the linuxadditions.iso
•
•
•
•
•
Install the Backtrack machine
Setup User accounts
Setup DNS
Setup Web
Setup Mailserver
Download: Metasploitable and BackTrack images and the
linuxaddtions.iso
1) Download the bit torrent files for metasploitable and backtrack from the following
locations http://www.securitylabmanual.com/files.
2) Use both files to download the metasploitable and backtrack images.
3) Download the linuxadditions.iso from
http://www.securitylabmanual.com/files/linuxadditions.iso
Install the Metasploitable base machine.
1) Put the Metasploitable.zip file in the directory you will be storing the virtual
machines.
2) Unzip the file.
3) If you are using VMware you will can simply double click the metasploitable.vmx
file and the machine will start up. If you are using a platform other than VMware you
will need to refer to your virtualization documentation for the procedures to convert
the image to the required format.
4) Login, The userid is msfadmin and the password is msfadmin.
NOTE: Ubuntu is designed following best practices, which include that a user does
not directly login as root. Instead, a user logs in as a user in the group admin and then
would use sudo to become root. On the metasploitable machine, the msfadmin
account is a member of the group admin.
14 of 18
To follow all the commands below you will:
login as msfadmin and then run sudo su - and then enter the password of
msfadmin.
5)
Setup the network configuration.
NOTE: An easy to use text editor is pico. To edit files type pico /path/to/file. Or use
another editor of your choice such as vi.
Edit the file: /etc/network/interfaces
remove: iface eth0 inet dhcp
Add:
iface eth0 inet static
address 192.168.100.202
netmask 255.255.255.0
network 192.168.100.0
a) We will change the hostname to linuxserv, by changing the file /etc/hostname
echo "linuxserv" > /etc/hostname
b) Edit the file: /etc/resolv.conf
Change the file to being just:
search security.local
nameserver 192.168.100.202
Install the Backtrack base machine.
1) Put the bt4-final-vm.zip file in the directory you will be storing the virtual machines.
2) Unzip the file.
3) If you are using VMware you will simply double click the bt4-final-vm.vmx file and
the machine will start up. If you are using a platform other than vmware you will
need to refer to your virtualization documentation for the procedures to convert the
image to the required format.
Once the machine is up, we will setup the network interfaces and the hostname.
1)
Login: user root password toor.
2) You need to copy the file hashes.txt to /pentest/passwords/jtr The file is on the
linuxadditions.iso.
3) Connect to the linuxadditions.iso file in VMWare.
i) Ie. Virtual Machine > CD/DVD > Choose image > navigate to your
linuxadditions.iso file
ii) Be sure to click on Virtual Machine > CD/DVD > Connect
4) To mount the CD in Backtrack
i) Type mount /media/cdrom
5) To copy the hashlist.txt file
15 of 18
type cp /media/cdrom/backtrack/hashes.txt /pentest/passwords/jtr/
6)
Setup the network configuration.
Edit the file: /etc/network/interfaces
addreUnder auto eth0
7)
remove: iface eth0 inet dhcp
Add: iface eth0 inet static
address 192.168.100.201
netmask 255.255.255.0
network 192.168.100.0
a) Comment out the remaining lines for (eth1 eth2 ath0 wlan0) by placing a # as the
first character.
Change the hostname to linuxcl, by changing the file /etc/hostname
Type echo "linuxcl" > /etc/hostname
8)
Edit the file: /etc/resolv.conf
Modify the following lines
search security.local
nameserver 192.168.100.202
Create User Accounts
The labs depend upon having the accounts labuser and labuser2. Run the following
commands on both the metasploitable machine (linuxserv) and the backtrack
machine.
1)
2)
3)
4)
5)
6)
useradd -m -s /bin/bash labuser
passwd labuser
Create the password of “password”
useradd -m -s /bin/bash labuser2
passwd labuser2
Create the password of “password”
Setup DNS on the Metasploitable Machine
At this point we need to create the DNS for the virtual machines.
1) The dns configuration is in the directory /etc/bind
You will comment out the global items and add the security.local lines
2) Edit the file /etc/bind/named.conf
comment out: (add // to the beginning of the line)
//prime the server with knowledge of the root servers
//zone "." {
// type hint;
// file "/etc/bind/db.root";
//};
3) Edit the file /etc/bind/named.conf.local
16 of 18
At the end of the file you will add
zone “security.local” {
type master;
file “/etc/bind/db.security.local”;
};
zone “100.168.192.in-addr.arpa” {
type master;
file “/etc/bind/db.100.168.192“;
}
4)
Create the file /etc/bind/db.security.local.
Type cp /etc/bind/db.local /etc/bind/db.security.local and then edit it to the
following.
;
; BIND data file for domain security.local
;
$TTL 604800
@ IN SOA security.local. root.securitylocal. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN
NS
linuxserv.security.local.
@ IN
A
127.0.0.1
@ IN
AAAA
::1
winxppro IN
win2k3serv
linuxcl IN
linuxserv
5)
A
IN
A
IN
192.168.100.101
A
192.168.100.102
192.168.100.201
A
192.168.100.202
Create the file /etc/bind/db.100.168.192 should be created.
Type cp /etc/bind/db.255
as below) db.100.168.192
/etc/bind/db.100.168.192
;
; BIND reverse data file for broadcast zone
;
$TTL 604800
@ IN SOA localhost. root.localhost. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS localhost.
101 IN PTR winxppro.security.local.
102 IN PTR win2k3serv.security.local.
201 IN PTR linuxcl.security.local.
202 IN PTR linuxserv.security.local.
6)
Stop and restart DNS with the commands:
Type /etc/init.d/bind9 stop
* Stopping domain name service... bind
...done.
17 of 18
and then edit the file to be
Type /etc/init.d/bind9 start
* Starting domain name service... bind
...done.
Test DNS by typing nslookup winxppro. If you have an error,
type cat /var/log/syslog and correct errors that are indicated.
Setup Web Site
1) Attach and connect the linuxadditions.iso to the metasploitable machine.
2) Copy and unzip the wwh file in the /var/www directory
a) Type cp /media/cdrom/metasploitable/wwh-0.2.8.zip /var/www
b) In the /var/www directory type unzip wwh-0.2.8.zip
3) Next, type mysqladmin -u root -p create wikihelp
a) When prompted for password, type root
4) Type mysql –u root –p wikihelp < /var/www/wwh/sql/wikihelp.sql
The wikihelp site should now be up.
To test the site, connect to it from one of the other VMs with a browser pointed to
http://linuxserv/wwh
Setup Email
Edit /etc/postfix/main.cf
set mydestination = localhost, linuxserv, linuxserv.security.local,
security.local
This completes the setup. Be sure to take snapshots of the virtual machines once you have
completed the install.
Please send questions to [email protected].
Check www.securitylabmanual.com for updates, new lab exercises, errata and other
resources to support the security curriculum.
18 of 18
