[LINUX] I read "How to make a hacking lab"

I read "How to make a hacking lab" nominated for IT Engineer Book Award 2020, so leave it as a memo for individuals. I will.

Kali Linux Kali Linux is a Linux distribution specifically intended for penetration testing. Download from here.

What is a penetration test?

"A method of testing a computer system connected to a network for vulnerabilities by actually attempting to invade a computer system using known technology. It is also called penetration experiment or penetration test (also called penetration test or penetration test). [Quoted from Wikipedia](https://ja.wikipedia.org/wiki/%E3%83%9A%E3%83%8D%E3%83%88%E3%83%AC%E3%83%BC%E3 % 82% B7% E3% 83% A7% E3% 83% B3% E3% 83% 86% E3% 82% B9% E3% 83% 88)) " It's an image of externally diagnosing vulnerabilities in a system in operation. Kali Linux has a lot of test tools installed, so you need to be careful when setting up your tests to avoid accidental attacks.

Part 1-Environment construction-Network and commands

It explained the physical network configuration and Linux commands. I think I understand this area roughly, so I'll take a quick look.

CLaunch CLaunch is a launcher that runs on Windows. In the past, I felt nostalgic that I was trying to improve efficiency in this way. I put it in and used it lightly, but I think it is very easy to use because it starts up quickly. http://hp.vector.co.jp/authors/VA018351/

Part 2 ~ Windows Hacking ~

Metasploit It's like a chunk of attack software. You can carry out an attack by executing an exe file while satisfying specific conditions on Windows. https://www.metasploit.com/ In the book, I take screenshots of the screen, get administrator privileges, access the webcam and take voyeur, and I am doing my best to be malicious (laugh) Anti-virus software is important, isn't it?

Veli Framework There seems to be a framework that circumvents that antivirus software ... https://github.com/Veil-Framework/Veil In the book, it seems that Windows Defender detected it and the payload was not issued, but I'm sure there is a version that avoids it. It's scary to properly extract files downloaded from the Internet.

Shellter It seems to be software that can embed the above attack files like a Trojan horse. It's so easy to make ... https://www.shellterproject.com/

VirusTotal A service that scans for viruses online. This is convenient. https://www.virustotal.com/gui/home/upload

MacroShop You can embed an attack file in the macro function of MS Office. https://github.com/khr0x40sh/MacroShop


Do not open files downloaded from the Internet carelessly. Obviously, Windows Defender is fine, so it's important to keep the antivirus software running properly.

Part 2 ~ Linux Hacking ~

Metasploitable3 As the name suggests, it is Linux that has a vulnerability that allows metasploit. https://github.com/rapid7/metasploitable3

Various attacks

Port scan with nmap → identify the application in use → identify the vulnerable application (CVE Details, Exploit-DB Search by -db.com/) etc.) → Attack

Does the following part say that the backdoor is triggered when a user with :) logs in?

sock.put("USER #{rand_text_alphanumeric(rand(6)+1)}:)\r\n")


It seems that Metasploitable3 already has a backdoor, and it can be connected to port 1524 immediately.

hydra Software that analyzes passwords with dictionary attacks. https://github.com/vanhauser-thc/thc-hydra

LAN hacking

Xplico It is the one that can read the capture file of Wireshark or capture the packet by itself. https://www.xplico.org/ However, as of April 4, 2020, maintenance seems to have stopped ... It didn't work on Ubuntu 18.04 ... https://github.com/xplico/xplico

When running on ubuntu on docker, it looks like this ...

docker run -it -p 9876:9876 --name xplico ubuntu:16.04

##Below docker prompt
apt-get update
apt-get install lsb-release
bash -c 'echo "deb http://repo.xplico.org/ $(lsb_release -s -c) main" >> /etc/apt/sources.list'
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 791C25CE
apt-get update
apt-get install xplico --fix-missing
service apache2 start
/etc/init.d/xplico start

After that, you can log in with xplico / xplico on the screen below and proceed with the analysis. http://localhost:9876

You can create a session for monitoring by selecting Case creation → session creation.

MITMf It's a framework that can learn man-in-the-middle attacks, but it doesn't seem to be updated. https://github.com/byt3bl33d3r/MITMf


It's hard to move even if you follow the book. Or rather, the version has changed quite a bit, so it's good to get the latest information.

Web app hacking

DVWA This is a vulnerable web application. http://www.dvwa.co.uk/

I will borrow the image here. https://hub.docker.com/r/vulnerables/web-dvwa/

Start with docker run --rm -it -p 80:80 vulnerables / web-dvwa and Go to http: // localhost. You can log in with admin / password.

Use Burp Suite to perform blind SQL injection. However, for some reason kalilinux / kali-rolling does not include Burp Suite ... Drop the installer from here and install it. https://portswigger.net/burp/releases/professional-community-2020-2-1 But it stops with the following error ...

Caused by: java.lang.UnsatisfiedLinkError: /data/workspace/burpsuite_community_linux_v2020_2_1.sh.7.dir/jre/lib/libfontmanager.so: libfreetype.so.6: cannot open shared object file: No such file or directory

So no shah, ubuntu: 18.04.

apt-get update && apt-get install openjdk-8-jre

So, I installed it so far, but it looks like a GUI ... It's better to run Kali Linux quietly with Virtual Box etc ...

bWAPP You can learn vulnerability attacks by itself. http://www.itsecgames.com/

I will borrow the image this time as well. https://hub.docker.com/r/raesene/bwapp/

Once started, http://localhost/install.php from http://localhost/login.php Then you can go to the learning screen.


It takes time to run Burp Suite, so it's a hassle ...

Hacking logon authentication

Abuse of Sticky Keys

It seems to be a way to make it possible to type arbitrary commands by replacing the dialog that appears by pressing Shift 5 times with a command prompt. It seems to be invalid for Microsoft accounts, so it is safer to log in with a Microsoft account if possible.

Add physical device

Let's put Kali Pi in Raspberry Pi and try the above contents, NAS was convenient.

Expansion of network environment

The content was to access the hacking environment of the house with a nice feeling such as remote desktop or VPN.

Impressions throughout

Since the first edition is 2018/12, the version of the package introduced has changed, and there were some parts that got stuck in the environment construction ... However, if you proceed too easily in an ignorant state, it seems dangerous, so is it just right? Personally, I enjoyed it because I had an unknown experience!

Recommended Posts

How to create a hacking lab Hacker experience learning in a virtual environment