Stealth: Penyiapan Infrastruktur untuk Latihan Serangan
Lab preparation To follow along with the examples in this chapter, a bit of lab preparation will be necessary. Throughout this book, there has been a strong focus on being able to emulate a target network. This is critical to being able to learn and practice the latest and greatest techniques as the excellent minds in the security research field continue to surprise us with new vulnerabilities and possible attack vectors. This book cannot cover every possible method of testing a network, but building the labs is an attempt at adding long-lasting value that will hopefully lead to a lifetime of the "hacker mentality." If you continue to build your personal lab and increase the difficulty of the practice challenges that you set for yourself, you will quickly become comfortable with testing any sort of environment. An example of the machines we'll be using is shown in the following figure: We have to make a number of configuration changes in preparing for the exercises. Kali guest machine This machine will need to be connected to the 192.168.75.0/24 subnet. Ensure that only one network adapter is enabled. The adapter should use the VMnet8 NAT network option. An example of this is shown in the following screenshot: [ 320 ]Chapter 10 We can assign the IP address ( 192.168.75.10 , in this case) to an Ethernet adapter ( eth0 ) from within Kali by typing the following command into a terminal:
- ifconfig eth0 192.168.75.20 netmask 255.255.255.0 broadcast
192.168.75.255 promisc As the pfSense machine will need to be our router as well, we need to set it up as the default gateway. This can be accomplished as follows:
- route add default gw 192.168.75.10
[ 321 ]Stealth Techniques Ubuntu guest machine The Ubuntu machine will be used as the target. It needs to be configured to connect to VMnet3 , which is a new internal network we have not used before. Your settings should be similar to the following: The pfSense guest machine configuration Configuring our firewall involves a bit more work. It needs to be able to route restrictive traffic from the VMnet8 (NAT) network to the VMnet3 subnet. There are several configuration changes we will need to make to ensure this works properly. [ 322 ]Chapter 10 pfSense offers the option to reset to factory defaults from the configurations menu. Be aware that the adapters will have to be reconfigured if this option is chosen. This is not difficult, but all previous settings will be lost. Be sure to make a copy/snapshot of your pfSense machine if you are concerned about losing the previous configuration. The pfSense network setup Our firewall guest machine will use two network adapters. One will be used for the VMnet8 (NAT) segment and the other for the VMnet3 segment. VMnet8 (NAT) will be treated as an untrusted wide area network for the examples within this chapter. An example of this is shown in the following screenshot: [ 323 ]Stealth Techniques WAN IP configuration The remaining networking setup will need to be performed from within the guest machine: 1. Boot up your pfSense virtual instance. There may be an additional delay as pfSense attempts to configure the WAN adapter. Allow it to fully load until you see the following menu: 2. The WAN and LAN interfaces will need to be configured properly. Select option 2) Set interface(s) IP address. [ 324 ]Chapter 10 3. Select option 1 – WAN (em0 - dhcp, dhcp6). 4. When asked to configure the WAN interface via DHCP press N for no. 5. The IP for the WAN adapter should be 192.168.75.10 . 6. Subnet bit count should be set to 24. Type 24 and press Enter. 7. Press Enter to return to the configuration menu. 8. Press N as required to the prompts for configuring IPv6; we are not using it in our architecture. 9. After the IPv6 configuration, press N to revert to HTTP. An example of these settings is shown in the following screenshot: [ 325 ]Stealth Techniques After the configuration has been completed, press Enter to continue. This will return you to the main menu. The next thing we want to do is disable the VMware DHCP server that is connected to our VMnet3 switch; we are doing this because we want to use the DHCP server on pfSense. To disable the VMware DHCP server, in VMware Workstation, click on Edit | Virtual Network Editor | VMnet3 and remove the check mark in the DHCP section. As a reference, refer to the following screenshot: [ 326 ]Chapter 10 LAN IP configuration We can set up the LAN IP information from the configuration menu as well. One benefit of configuring the LAN here is that we can have a DHCP server configured for VMnet3 at the same time. 1. Select option 2 from the configuration menu to start the LAN IP configuration module. 2. Choose the LAN interface (option 2 ). 3. When prompted to enter the IP address, type 192.168.101.10 . 4. The bit count should be set to 24 . 5. When asked if you would like a DHCP server to be enabled on the LAN, press Y for yes. 6. The DHCP Client IP range start will be 192.168.101.100 . 7. The DHCP Client IP range stop will be 192.168.101.110 . 8. Press Enter. 9. Press Enter again to return to the configuration menu. [ 327 ]Stealth Techniques Your LAN and WAN IP ranges should match the following: Firewall configuration pfSense can be configured using its intuitive web interface. Boot up the Ubuntu machine, open a terminal, and perform sudo dhclient to pick up an address from the pfSense DHCP server on VMnet3 ( 192.168.101.0/24 ). In a web browser on the Ubuntu machine, type http://192.168.101.10/ to access the configuration panel. If you have to reset the factory defaults, you will need to step through the wizard to get to the standard console. The default username and password combination for pfSense is admin/pfsense. To view the current firewall rules, choose Firewall | Rules and review the current configuration. By default, the WAN interface should be blocked from connecting internally as there are no pre-established rules that allow any traffic through. An example of this is shown in the following screenshot: [ 328 ]Chapter 10 For testing purpose, we will enable ports 80 , 443 , 21 and allow ICMP. Add the rules as follows: 1. Click on the add a new rule button displayed in the preceding screenshot. 2. Use the following rule settings to enable ICMP pass-through: ° ° Action: Pass ° ° Interface: WAN ° ° Protocol: ICMP ° ° All others: Defaults ° ° Click on the Save button at the bottom of the screen ° ° Click on the Apply Changes button at the top of the screen 3. Use the Interface | WAN navigation menu to enter the WAN interface configuration menu and uncheck Block private networks. Apply the changes and return to Firewall | Rules. 4. Click on the add new rule button. An example of this is shown in the following image: 5. Use the following rule settings to enable HTTP pass-through: ° ° Action: Pass ° ° Interface: WAN ° ° Protocol: TCP ° ° Destination port range as follows: ° ° From: HTTP (80) ° ° To: HTTP (80) [ 329 ]Stealth Techniques 6. Continue adding ports until the configuration matches the following: At this point, any machine connected to VMnet8 (NAT) can communicate through the open ports and can ping machines on the VMnet3 segment, as can be seen in the following image (this system running the scan is at 192.168.75.20 ): [ 330 ]