From 8bc118c2a39e1802aa90460d8770c4fd032905c8 Mon Sep 17 00:00:00 2001 From: Brendan McDevitt Date: Wed, 14 Nov 2018 21:34:39 -0500 Subject: [PATCH] updated things --- Overview.html | 514 ++++++++++++++++++ _posts/2018-06-19-all-shine-on.markdown | 2 +- .../2018-11-14-st-brendans-fair-isle.markdown | 67 +++ 3 files changed, 582 insertions(+), 1 deletion(-) create mode 100644 Overview.html create mode 100644 _posts/2018-11-14-st-brendans-fair-isle.markdown diff --git a/Overview.html b/Overview.html new file mode 100644 index 0000000..0ab24f1 --- /dev/null +++ b/Overview.html @@ -0,0 +1,514 @@ + + + + + + + +BUILD A HOMELAB TO PREP FOR OSCP / SECURITY RESEARCH + + + + + + +
+

BUILD A HOMELAB TO PREP FOR OSCP / SECURITY RESEARCH

+ +
+

1 Introduction

+
+

+When I started my search on the internet on creating a lab environment for security research and learning the skills of penetration test, I was often frustrated. Many of the articles and how-to guides that I found were using Windows as the host operating system and/or VMware as the hypervisor. +I like linux very much and I have grown to really enjoy using qemu/kvm. libvirt has a great community behind it that offers bindings in many different programming languages (https://libvirt.org/bindings.html). We can use automation to build efficient methods for spawning purposelly vulnerable systems to hack away at til our heads fall off. +

+ +

+In my efforts to build a lab that will withstand the test of time, I purchased a very expensive CPU for my home system. I stacked it with RAM and lots of spinning space, and some SSD space as well. +You do not need to go crazy like I did and buy a bunch of hardware. This will work on a laptop with a decent amount of RAM to allocate to the VMs and a modern CPU. It also needs to support VT-D. +

+ +

+I am going to be primarily using ruby and bash scripting to glue everything together. I am sure it will not be the prettiest code, but it will solve the problem. +

+
+
+

1.1 Host Prep

+
+

+First you are going to want to ensure that your system is capable of running virtualization software. Most modern Intel and AMD based processors will support this. However, they may have the option disabled within the Bios. You will need to check with your motherboard manufacturer to see if your system supports VT-D support. +

+
+
+

1.1.1 TODO RESEARCH: - add in the methods to check to make sure the system is ready to deploy kvm/qemu (cpu flags for vt-d/grub options/bios options….etc, attach or link images if neccessary)

+
+
+
def get_cpu_flags
+  cpu_flags = `grep flags /proc/cpuinfo | cut -f 2 -d : | uniq`.strip
+end
+
+cpu_flags = get_cpu_flags
+
+
+
+
+
+ +
+

1.2 My Lab Specs

+
+
+
    +
  1. Main server
    +
      +
    1. OS: Archlinux
    2. +
    3. Motherboard - Asus X99 WS/USB 3.1
    4. +
    5. CPU - Intel E5-2687W v3 3.1GHZ
    6. +
    7. Heatsink - Noctua
    8. +
    9. RAM - 128GB total - 8 32GB DDR4 ECC 2300 MHZ Kingston
    10. +
    11. HDD - 12 HGST DeskStar NAS 7200 RPM 64MB Cache 4TB
    12. +
    13. SSD - 4 Intel 256GB
    14. +
    15. PCI-E Cards - LSI 9211-8i
    16. +
    17. Chassis - Rosewill 4U
    18. +
    +
  2. +
  3. Router
    +
      +
    1. I have an EdgeRouter lite, but honestly any modern day router will do. If you want more control over the configuration, buy a linux based router, or look into DDWRT and tomato based router firmwares and comptabile routers.
    2. +
    +
  4. +
  5. Storage Chassis #1
    +
      +
    1. Chassis - Supermicro 12 Bay
    2. +
    3. PSU - Not sure at the moment
    4. +
    5. Fans - 3 Noctua
    6. +
    7. Fan Controller - Random one on eBay or Amazon cant remember
    8. +
    +
  6. +
  7. Storage Chassis #2
    +
      +
    1. Chassis - Supermicro 12 Bay
    2. +
    3. PSU - Not sure at the moment
    4. +
    5. Fans - 3 Noctua
    6. +
    7. Fan Controller - Random one on eBay or Amazon cant remember
    8. +
    +
  8. +
+
+
+

1.3 VMs to build

+
+
+
    +
  1. TODO RESEARCH: can we figure out a way to start a base template VM, and based on a set of vulns that we give the VM at deploy time, spin up the VM with those vulns?
  2. +
  3. TODO OpenVas VM
  4. +
  5. TODO Kanban board (investigate opensource JIRA alternatives)
    +
    +
      +
    • Atlassian offers confluence, bitbucket, and jira all for $10 per year per 10 users. I like these tools, so I am more than happy to pay them for them.
    • +
    +
    +
  6. +
  7. TODO Issue tracking (bugzilla maybe?)
  8. +
  9. TODO Wiki - (as close to confluence as we can find)
  10. +
  11. DONE Pentest System (Kali linux and/or pentoo)
    +
    + +

    +CLOSED: [2018-07-16 Mon 16:25] +

    +
    +
  12. +
  13. TODO Vulnerable system with multiple web apps (multidae, dvwa)
    + +
  14. +
+
+
+

1.4 Research Material

+
+
+ +
+

1.4.2 Web Application Testing:

+ +
+
+

1.4.3 Pentest Specific:

+ +
+
+
+

1.5 Programs to write

+
+
+
+

1.5.1 TODO Make a program in ruby that will convert other image files to raw files. we will need to run this in bulk after dl of ova images

+
+
+
def file_exists(filename)
+  File.file?(filename) # return true if filename exists
+end
+
+def convert_file(format, filename) # needs qemu-img binary installed on the system, returns a new raw image file
+  `qemu-img convert -f #{format} -O raw "#{filename}" "#{filename}.img"` 
+end 
+
+# I am using a 56MB vmdk file to test the conversion process
+def test_convert(format, filename)
+  file_exists(filename)
+  convert_file(format, filename)
+end
+
+test_convert('vmdk', '/storage/virtual_machines/DSL-4.4.10-disk1.vmdk')
+
+
+
+
+
+ +
+

1.5.2 TODO Make a program in ruby that will download the .ova files from https://download.vulnhub.com/checksum.txt

+
+
+
class DownloadVulnHubTorrents
+  require 'csv'
+
+  def initialize
+    @base_url = 'https://download.vulnhub.com'
+  end
+
+  # get the checksum file which has checksums + urls. we can automate the check of the files and compare with the checksums to make sure everything downloaded matches
+  def download_checksum
+    checksum_url = "#{@base_url}/checksum.txt"
+    `wget #{checksum_url}` # download the checksum file
+  end
+
+  def gather_urls(filename)
+    urls = `awk ' { print $2 } ' #{filename} | sed 's/^\./''/g' | grep -E 'ova|torrent|zip|tar|txt|gz|gzip|iso|7z|exe|text|img|png|jpg|jpeg|md|LICENSE|README'`
+    CSV.parse(urls).flatten
+  end
+end
+
+vulnhubber = DownloadVulnHubTorrents.new
+vulnhubber.download_checksums
+vulnhubber.gather_urls('/home/booboy/bin/mygit/homelab_scripts/checksum.txt')
+
+
+
+
+
+
+

1.5.3 TODO Make a program in ruby that will generate ssh keypairs for our vms

+
+

+found a nice ruby gem sshkey gem +

+
+
require 'sshkey'
+
+  def gen_ssh_keypair
+
+    k = SSHKey.generate(
+      type: "DSA",
+      bits: 1024,
+      comment: "foo@bar.com",
+      passphrase: "foobar"
+    )
+  end
+
+keypair = gen_ssh_keypair
+
+
+
+
+
+
+

1.5.4 TODO Make a program that configures a static ip address for a host system in ruby (most of the vulnhub vms come configured with dhcp, but this will still be a nice tool to have for vm reconfiguring if ever needed)

+
+
+

1.5.5 TODO RESEARCH: Make a program that will allow you to export an org-mode document in emacs to a pentest report.

+
+
+
+
+
+

Author: Brendan McDevitt

+

Created: 2018-07-19 Thu 00:52

+

Validate

+
+ + diff --git a/_posts/2018-06-19-all-shine-on.markdown b/_posts/2018-06-19-all-shine-on.markdown index 2c0c017..d444ab0 100644 --- a/_posts/2018-06-19-all-shine-on.markdown +++ b/_posts/2018-06-19-all-shine-on.markdown @@ -2,7 +2,7 @@ layout: post title: "all shine on" date: 2018-06-19 -categories: misc +categories: song lyrics --- ``` Instant Karma's gonna get you diff --git a/_posts/2018-11-14-st-brendans-fair-isle.markdown b/_posts/2018-11-14-st-brendans-fair-isle.markdown new file mode 100644 index 0000000..e8aa58e --- /dev/null +++ b/_posts/2018-11-14-st-brendans-fair-isle.markdown @@ -0,0 +1,67 @@ +--- +layout: post +title: "st brendans fair isle" +date: 2018-11-14 +categories: song lyrics +--- + +``` +St. Brendan's Fair Isle + + D G D +When I was a lad on the Emerald Isle, + G D Bm +I heard many stories both lovely and wild. + D G D +About the great dragons and monsters there be, + G D Bm +That swallow the ships when they sail on the sea. + G +Now, I was an artist with canvas and paints, + D +We sailed with Brendan and his jolly saints. + G +We bid the good people farewell for a while. + D A D G +We sailed to Saint Brendan's fair isle, fair isle, + D A D +We sailed to Saint Brendan's fair isle. + +We'd been on the ocean for ninety-five days, +When we came to a spot where the sea was ablaze. +Those demons from Hades was dancing with glee, +And burning the sailors alive on the sea. +Saint Brendan walked on the blistering waves, +And he threw all the demons back down to their caves, +And all of the saints wore a heavenly smile, +We sailed... + +One night while the brethren were lying asleep, +Well, a great dragon came up from out of the deep. +He thundered and he lightninged and he made a great din; +He woke up Saint Brendan and all of his men. +The dragon came on with his mouth open wide. +We threw in a cross and the great dragon died. +We plucked him and skinned him and feasted awhile, +We sailed... + +Then at last we came onto that beautiful land. +We all went ashore and we walked on the strand. +We took our longbows and killed one pig or two +Then we roasted them up and had hot barbecue. +And after a while we were singing this song, +We noticed that the island was moving along. +We ate and we drank and we rode in high style, +We sailed... + +Says Brendan, "Me boys, it is much to my wish +For to ride on the back of the world's biggest fish! +Hold fast to the rope that is pulling the ship, +For we'll need it some day if this fish takes a dip!" +We sailed every ocean, we sailed every sea, +We sailed every spot where a sailor could be. +In forty-four days we sailed ten million miles, +We sailed... +``` + +{% include youtubePlayer.html id="DndF93ztvUQ" %}