I've built my first Cybersecurity lab early this year for my CySA+ studies. I integrated GNS3 with VirtualBox and ran various Windows and Linux machines. I modified my lab using VMware Workstation this time and integrated my Cisco ASA 5506W-X with FirePOWER.
Below is the logical diagram of my new Cybersecurity lab 2.0 and I used the Cisco CVD visio icons to have that glossy/3D look. I'm running VMware Workstation 12 Pro on my Intel NUC (Windows 10) and the Cisco ASA 5506W-X is acting as the default gateway, DHCP server for the inside wired and wifi users and as a NAT device (to Internet).
My Windows 10 will be used as the VM Hypervisor and for ASDM management. I've deployed a Windows 7 VM to install third party attack tools. I also plan to deploy a Firepower Management Center Virtual (FMCv) to manage the ASA 5506 FirePOWER module and FTDv in the future.
This is how the physical devices looked like.
I chose to run VMware Workstation 12 Pro since it's a more stable release.
Download Kali Linux VMware 64-bit image (7z file) > extract (unzip) the 7z compressed file > double-click on the Kali VM configuration file (4 KB).
To organize on my VM labs, do a right-click My Computer > create a New Folder > type folder name (CYBER). Move Kali VM to CYBER folder. Right-click on the Kali VM > Rename (KALI)
These are the default VM Hardware settings.
You need to ensure VMnet0 (auto-bridging mode) is bridged to the network you want to connect the Kali VM if you have several network adapters on the VM host. Go to Edit > Virtual Network Editor.
Click Change Settings (need admin rights).
Choose VMnet0 > Bridged > Bridged to: > choose the network adapter (Intel Ethernet Connection 1218-V in my case) > click Apply > OK.
Power on the VM (click the green play icon) or right-click on KALI VM > Power > Start Up Guest.
Choose I Moved It.
Enter the default login: root / toor
Open a terminal and type the ifconfig command to verify Kali's IP address. It received a dynamic IP address 192.168.1.14 via DHCP from the Cisco ASA 5506W-X firewall.
You’ll see the IPv4 (DHCP) settings under the Details tab.
Go to IPv4 tab > IPv4 Method: Manual > type the IPv4 address, Netmask and Gateway > type the DNS IP address > click Apply.
Issue an ifconfig command again to verify the new IPv4 address.
Ping the default gateway and Google DNS to test.
It's best practice to perform an update/upgrade on the Kali Linux distribution using the apt-get update and apt-get dist-upgrade commands. The latter command might complete in minutes or hours (mine took almost 2.5 hours) depending on VM hardware and your Internet speed. The Kali VM will reboot several times.
Type y to continue with the upgrade.
Press q to quit.
Press Enter <No>
Press Enter <No>
Enable SSH by issuing an service ssh start and verify using the service ssh status command. You'll need re-enable SSH each time Kali reboots.
Change directory using the cd /etc/ssh and modify the SSH config using the nano sshd_config command.
Uncomment (remove #) on Port 22, uncomment and change PermitRootLogin yes and PubkeyAuthentication yes.
Do a Ctrl+x to exit > type y (to Save) > hit Enter to overwrite the nano file.
Generate an RSA key issuing the ssh-keygen -t rsa and hit Enter to accept the file name and location.
I used SecureCRT for my SSH access. To SSH to Kali Linux, click New Session > leave Protocol: SSH2 > click Next.
Click Accept & Save (RSA keys).
Type the username and password (optionally Save password).
Right-click on KALI VM >Snapshot > Take Snapshot.
Type the file name and optionally give a friendly description > click Take Snapshot.
To restore or revert the KALI VM, right-click on the VM > Snapshot > Revert to Snapshot:<NAME>
The deployment for the Metasploitable 2 VM (vulnerable Ubuntu Linux distribution) is similar to the Kali Linux. Double-click on the Metasploitable configuration file (1 KB).
Change the Network Adapter to Custom: VMnet0.
Power ON the VM and Choose I Moved It.
Type the default login (already displayed): msfadmin / msfadmin
Issue an ifconfig to view the IPv4 address and it got a DHCP address from the ASA 5506.
To manually assign a static IPv4 address and a default route, issue the commands:
sudo ifconfig eth0 192.168.1.120 netmask 255.255.255.0
sudo ip route add default via 192.168.1.1 dev eth0
Verify using the ifconfig command.
Test by pinging the default gateway and Google DNS.
SSH and add the host.
Accept & Save the SSH keys.
Type the login and save password (optional).
Power off the VM before taking a Snapshot.
Right-click on MSPLOIT VM > type a name and an optional description > Take a Snapshot.
I also deployed a Windows 7 Basic (32-bit) machine in order to install third party software for penetration testing. I download the .iso file and clicked Create a New Virtual Machine > choose Typical (recommended) > Next.
Click Installer disc image file (.iso) > browse for the file location > click Next.
You can skip the Windows product key registration > click Next > Yes.
Type a name for the VM > click Next.
Give the VM an ample disk size (I gave 60 GB in my case) > click Next.
Click Customize Hardware.
Click Processors > set the Number of cores per process: 2.
Click Network Adapter > choose Custom: VMnet0 (bridged to 192.168.1.0/24)
View the VM hardware settings > click Finish to start creating the VM.
The Windows 7 installation will follow. It will also install the VMware tools and VM will reboot afterwards.
The Windows 7 VM received a dynamic IPv4 address (and generated its link-local IPv6 address) via DHCP from the Cisco ASA 5506W-X.
Click the PC icon on the taskbar > click Open Network and Sharing Center > Change adapter settings > click Use the following IP address > type the IP address, Subnet Mask, Default gateway and Preferred DNS server.
I installed Google Chrome (as an alternative web browser), PuTTY for remote SSH to the Linux machines).
I disabled Windows update by going to Control Panel > System and Security > Windows Update > Turn automatic updating on or off > Never check for updates.
I've allowed ping to this machine (inbound) by going to Control Panel > System and Security > Windows Firewall > Advanced settings > Inbound Rules > File and Printer Sharing (Echo Request - ICMPv4-In) > right-click > Enable Rule (check the domain/network - mine's Private).
I also disabled Windows firewall under Control Panel > System and Security >Windows Firewall > Turn Windows Firewall on or off > choose Turn off Windows Firewall (not recommended) for both Home (private) and Public network location settings. These steps will "weaken" the Windows 7 VM if we chose it to be a victim as well as allow the installed attacking tools to launch or function properly.
Power Shut Down Guest VM before taking a Snapshot
Right-click on the VM > Snapshot > take Snapshot > type a name and an optional description > Take Snapshot.
Below is the logical diagram of my new Cybersecurity lab 2.0 and I used the Cisco CVD visio icons to have that glossy/3D look. I'm running VMware Workstation 12 Pro on my Intel NUC (Windows 10) and the Cisco ASA 5506W-X is acting as the default gateway, DHCP server for the inside wired and wifi users and as a NAT device (to Internet).
My Windows 10 will be used as the VM Hypervisor and for ASDM management. I've deployed a Windows 7 VM to install third party attack tools. I also plan to deploy a Firepower Management Center Virtual (FMCv) to manage the ASA 5506 FirePOWER module and FTDv in the future.
This is how the physical devices looked like.
I chose to run VMware Workstation 12 Pro since it's a more stable release.
Download Kali Linux VMware 64-bit image (7z file) > extract (unzip) the 7z compressed file > double-click on the Kali VM configuration file (4 KB).
To organize on my VM labs, do a right-click My Computer > create a New Folder > type folder name (CYBER). Move Kali VM to CYBER folder. Right-click on the Kali VM > Rename (KALI)
These are the default VM Hardware settings.
Click Network
Adapter > Custom:Specific virtual network > VMnet0
You need to ensure VMnet0 (auto-bridging mode) is bridged to the network you want to connect the Kali VM if you have several network adapters on the VM host. Go to Edit > Virtual Network Editor.
Click Change Settings (need admin rights).
Choose VMnet0 > Bridged > Bridged to: > choose the network adapter (Intel Ethernet Connection 1218-V in my case) > click Apply > OK.
Power on the VM (click the green play icon) or right-click on KALI VM > Power > Start Up Guest.
Choose I Moved It.
Enter the default login: root / toor
Open a terminal and type the ifconfig command to verify Kali's IP address. It received a dynamic IP address 192.168.1.14 via DHCP from the Cisco ASA 5506W-X firewall.
To manually configure an IPv4 address, click the wire icon on top (beside the volume icon) > Wired Connected
> Wired Settings
Under Wired, click on the gear icon to edit IPv4 address
settings.
You’ll see the IPv4 (DHCP) settings under the Details tab.
Go to IPv4 tab > IPv4 Method: Manual > type the IPv4 address, Netmask and Gateway > type the DNS IP address > click Apply.
You’ll need to Turn Off and then Turn On again
the Wired LAN adapter for the new IP address to take effect. Just click on the Wired toggle switch (near edit/gear icon).
Issue an ifconfig command again to verify the new IPv4 address.
Ping the default gateway and Google DNS to test.
It's best practice to perform an update/upgrade on the Kali Linux distribution using the apt-get update and apt-get dist-upgrade commands. The latter command might complete in minutes or hours (mine took almost 2.5 hours) depending on VM hardware and your Internet speed. The Kali VM will reboot several times.
Type y to continue with the upgrade.
Press q to quit.
Press Enter <No>
Press Enter <No>
Change directory using the cd /etc/ssh and modify the SSH config using the nano sshd_config command.
Uncomment (remove #) on Port 22, uncomment and change PermitRootLogin yes and PubkeyAuthentication yes.
Do a Ctrl+x to exit > type y (to Save) > hit Enter to overwrite the nano file.
Generate an RSA key issuing the ssh-keygen -t rsa and hit Enter to accept the file name and location.
I used SecureCRT for my SSH access. To SSH to Kali Linux, click New Session > leave Protocol: SSH2 > click Next.
Click Accept & Save (RSA keys).
Type the username and password (optionally Save password).
Before taking a snapshot (restore point), power off the VM by clicking the power icon on top.
Right-click on KALI VM >Snapshot > Take Snapshot.
Type the file name and optionally give a friendly description > click Take Snapshot.
To restore or revert the KALI VM, right-click on the VM > Snapshot > Revert to Snapshot:<NAME>
The deployment for the Metasploitable 2 VM (vulnerable Ubuntu Linux distribution) is similar to the Kali Linux. Double-click on the Metasploitable configuration file (1 KB).
Change the Network Adapter to Custom: VMnet0.
Power ON the VM and Choose I Moved It.
Type the default login (already displayed): msfadmin / msfadmin
Issue an ifconfig to view the IPv4 address and it got a DHCP address from the ASA 5506.
To manually assign a static IPv4 address and a default route, issue the commands:
sudo ifconfig eth0 192.168.1.120 netmask 255.255.255.0
sudo ip route add default via 192.168.1.1 dev eth0
Verify using the ifconfig command.
Test by pinging the default gateway and Google DNS.
SSH and add the host.
Accept & Save the SSH keys.
Type the login and save password (optional).
Power off the VM before taking a Snapshot.
I also deployed a Windows 7 Basic (32-bit) machine in order to install third party software for penetration testing. I download the .iso file and clicked Create a New Virtual Machine > choose Typical (recommended) > Next.
Click Installer disc image file (.iso) > browse for the file location > click Next.
You can skip the Windows product key registration > click Next > Yes.
Type a name for the VM > click Next.
Give the VM an ample disk size (I gave 60 GB in my case) > click Next.
Click Customize Hardware.
Click Processors > set the Number of cores per process: 2.
Click Network Adapter > choose Custom: VMnet0 (bridged to 192.168.1.0/24)
View the VM hardware settings > click Finish to start creating the VM.
The Windows 7 installation will follow. It will also install the VMware tools and VM will reboot afterwards.
The Windows 7 VM received a dynamic IPv4 address (and generated its link-local IPv6 address) via DHCP from the Cisco ASA 5506W-X.
Click the PC icon on the taskbar > click Open Network and Sharing Center > Change adapter settings > click Use the following IP address > type the IP address, Subnet Mask, Default gateway and Preferred DNS server.
I installed Google Chrome (as an alternative web browser), PuTTY for remote SSH to the Linux machines).
I disabled Windows update by going to Control Panel > System and Security > Windows Update > Turn automatic updating on or off > Never check for updates.
I've allowed ping to this machine (inbound) by going to Control Panel > System and Security > Windows Firewall > Advanced settings > Inbound Rules > File and Printer Sharing (Echo Request - ICMPv4-In) > right-click > Enable Rule (check the domain/network - mine's Private).
I also disabled Windows firewall under Control Panel > System and Security >Windows Firewall > Turn Windows Firewall on or off > choose Turn off Windows Firewall (not recommended) for both Home (private) and Public network location settings. These steps will "weaken" the Windows 7 VM if we chose it to be a victim as well as allow the installed attacking tools to launch or function properly.
Power Shut Down Guest VM before taking a Snapshot
Right-click on the VM > Snapshot > take Snapshot > type a name and an optional description > Take Snapshot.
No comments:
Post a Comment