The Web Local
 

 

 

Virtual Hosts for Vulnerability Assessment

 

VMware Workstation is an extremely useful virtual host software suite designed for software testers and IT professionals that require to run multiple OS simultaneously on a single PC/laptop.  Users can run Windows, Linux, NetWare, or Solaris x86 in fully network-able environment without the need to reboot and dual boot configurations. VMware also allow a user to take snapshots and revert back to these images to allow for product testing etc.  It is available from VMWare.

 

I use VMWare as it is possible to to run multiple OS tools at the same time on the same laptop.  It also allows me to build disparate OS to keep my hand in on the ins and outs of a possible OS I am (or due) to test. Its only this hand-on time that really gets you to know a particular OS. (In saying that I find Microsoft Virtual PC easier to configure for Sun Solaris builds!!).

 

VMWare also now do a product called VMWare player which although it won't allow you to build a VM it will allow you to play them, so if you can get hold of a decent VM and have no licence you can still at least use them with this free player.

 

I have got used to using RedHat and of course now Fedora Core.  I won't say I'm an expert, but I get by and I think its best to stick with what you know rather than diversifying and possibly coming across a whole new set of problems.

 

Install Procedure:

 

Select Linux and other 2.6 Kernel

Select 5Gb as the maximum size

 

Insert FC4 DVD

Select start the virtual machine

Select graphical install

Skip DVD Media check (Just wastes time) 

Accept all defaults unless mentioned below:

Workstation Configuration        Select Custom

Partitioning    Select Manual Partitioning with the following partitions to be created:

Mount point    File system type            Size  

/boot             ext3                   124 MB

swap              N/A                    512 MB

/home             ext3                  1000 MB

/                 ext3                  3000 MB

 

Boot Loader - Accept default of Grub Boot Loader - Select Boot Loader password option and

insert password

 

Network Configuration - Select edit and deselect DHCP and insert

valid LAN address. Insert Hostname as required

 

Firewall Configuration - Enable firewall (This laptop should be

further locked down later utilising TCP wrappers xinetd and

the removal of unwanted services). 

 

Language Configuration - Highlight English (Great Britain) and set this also to the default.

 

Time Zone - Select Europe (London)

 

Root Password - Supply a strong password

Package Configuration - Accept the defaults except for the following packages:

    X Windows System              Default

    GNOME Desktop Environment     Default

    Graphical Internet            Deselect gaim and xchat

    Text Based Internet           Cadaver and elinks only

    Office Productivity           Deselect all.

    Sound/Video                   Default

    Graphics                      Default, deselect gimp help

    Server Configuration Tools    All

    Web Server                    Default (for testing purposes only)

    Mail Server                   Default (for testing purposes only)

    Windows File Server           Select All

    DNS                           Default (for testing purposes only)

    FTP                           Default (for testing purposes only)

    Network Servers               Select DHCP servers (for testing only)

    Development Tools             Default

    X Software Development        Default

    GNOME Software Development    Default

    Legacy Software Development   Default

    Administrative Tools          Select All

    System Tools                  Deselect ethereal, nmap, screen, vnc)

    Printing Support              Default

 

Post Installation Configuration

Display Settings - As required

User Account - Add separate user

 

Once all configured, start the linux virtual machine.  In order to talk to the windows host you will now need to set up

Samba file sharing;

 

Create some directories to share i.e. mkdir /VA_Tools (for tools) & mkdir /Results (For all results ;-)

 

Use the command: system-config-samba to bring up the gui interface for share creation.

 

Add the VA_Tools and Results shares (ensuring in the preferences that user share security is enabled and the

workgroup the laptop is assigned to is the same on the linux host) and assign what users may access.

 

Assign Samba passwords to users i.e. smbpaswd -a (for the root user)

 

Run setup command

 

Scroll to System Services and:

 

 

Deselect:

 

  •     bluetooth (if not required)

  •     iptables

  •     isdn (if not required)

  •     nessusd (otherwise all plugins will be loaded every time the workstation starts)

  •     sendmail (insecure)

  •     spamassassin

  •     apmd (why do you need advanced power management in a vm machine?)

 

Select:

    smb

 

service smb start will start the Samba service on the host and to check the syntax of the smb.conf

(samba) file type testparm /etc/samba/smb.conf and hopefully no errors will come back.

 

Type smbclient -L \\localhost and insert password and hopefully a list of all available samba shares will be displayed.

 

vi /etc/samba/smb.conf and insert ; comments on the home directories and printer shares for added security.

 

Test the connectivity with the windows host now to ensure you can write to these shares and transfer documents.

 

A quirk of vmware is that by default a Linux host will not accept an external DHCP address when bridged.  A jink

around this is to insert the following syntax at the end of the:

/etc/sysconfig/network-scripts/ifcfg-eth0 file:

 

check_link_down () {

return 1;

}

 

This is especially important is you are using ICS to update your VM host.

 

Once all this is working copy all tools from the windows host (or direct from the internet) into the VA_Tools folder and start building (see other pages).  You will also need java, especially for the Oracle tools (notably Oscanner which does not work

with the usual java executable in fc4.  Once downloaded the java file, if not an rpm will need to be installed.  (Usually by

chmod 744 java_filename to make it executable and then running the command ./java_filename).

 

I usually install the latest versions of:

 

Nmap

Nmapfe

Ethereal

Ettercap

X-probe2

Firewalk

Nikto

Netcat

Paketto

Oscanner_bin

Oat

SARA

Metasploit

Java

Amap

Hydra

John-the-ripper (including wordlists) etc.

Nessus

NessusClient

 

Note:- Nessus reports that its performance is abysmal running in VMWare.  This is mostly in NAT based scenarios. 

I will agree that Nessus will not run as fast in VMWare as on a separate host, but if you are running windows and linux

tools from the same box at the same time, the time trade-off in my mind is definitely worth it.  You could of course dual

boot, but the ability to snapshot, suspend etc. is also a great bonus.

 

 

One other useful thing to do is to amend the path statement in Linux, (edit the path in your .bash_profile file), to add the direct route to the executables in the above files and keep a copy of the path in your VA_Tools folder so you can easily amend when upgrading tools:

 

PATH=/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:

/bin:/usr/sbin:/usr/bin:/usr/X11R6/bin:/root/bin:/VA_Tools/amap5.3:/VA_Tools/

hydra-5.3-src:/VA_Tools/ethereal.0.99:/VA_Tools/paketto-1.10/src:/opt/

nessus/sbinNessusClient-1.0.0.RC5/nessus

 

or you could place soft links in a directory already listed in the $PATH to save extra searching being carried out by the OS.

 

Hopefully now, you will have a stable build with a nice bunch of working tools.  You can now tie the VM host down further by wither enabling SELinux and allow certain exemptions i.e. Samba, add TCP wrapper and Xinetd rules and ensure the firewall is enabled to ensure the system is a secure testing bed.

 

Oh yeah, don't forget to patch, FC4 was released quite a few months ago and a number of holes in the OS and apps need addressing (quite a few!):

 

  • up2date -u -i --nosig  (Will update all packages on the system, bar the kernel and install automatically after all have downloaded)  The are stored in the /var/spool/up2date folder on your hard drive whilst this process is being carried out.  All rpm's downloaded to this directory are deleted after they have been installed by the up2date process.  If by chance your internet connection fails whilst this process is going on, the system will automatically review the contents of the up2date directory and start from where it left off, (thank goodness!)If you encounter errors i.e. It is report your primary.xml.gz file is corrupt, I found the easiest way around this is to issue the following commands:

 

  • yum clean headers

  • yum check-update

 

Hopefully you will then be able to use up2date normally. 

 

Note: - Up2date is now deprecated and has been replaced by pup, I'd stick with command line and yum though, most extensible

 

I hope this guide has been helpful to you and although basic hopefully will keep things simple.   

 

Linux VMWare 5* problems

 

I've encountered problems installing VMWare 5 on Linux after running the vmware-config.pl script.  I get the report vmnet0 bridging [FAILED].  To overcome this problem, (as VMWare will not start will not start until this is fixed), you need to download the vmware-any-any.tar.gz file and untar it and run the script runme.pl. After this has been run, you can then issue the command vmware-config.pl and the FAILED message will not be displayed and VMWare will run normally.

 

IT Security News:

 

Pen Testing Framework:

 

Latest Tool Reviews: