Hack Lab #4 - Setting up Dradis for Tracking Hacking Activities

I have been using Kali Linux for a while since I started doing the OSCP labs.  Up to this point I had always used KeepNote to maintain my notes on what I did to what boxes and what I found in the labs.  However, I am now going to use Dradis to keep track of the same material.  I am doing this to ease the development of reporting - Dradis is capable of creating reports from its database.  This is going to be interesting since I have not used this tool before.  I have been playing around with it for a couple of days so I have a lot of junk in the database.  Since you are limited to one "project" at a time in Dradis-CE (community edition) I went on a hunt to find some way of being able to keep separate "project"s.  When I get back into the OSCP labs again, I want to keep separate databases of the exercises, the lab notes, and the challenge notes.

I was able to find a set of commands to reset the database at https://dradisframework.com/ce/documentation/reset.html.  I found out that using the following command

 "bundle exec thor dradis:reset"

while in the Kali Linux directory /usr/lib/dradis, I could reset everything and have a backup of what I had put into the archive.  So this led to a plan to keep things separate; I just have to remember to output a report of my findings before separating items out.  The sequence of steps is as follows:

1. reset the database with "bundle exec thor dradis:reset" in the /usr/lib/dradis directory; note the backup file in a README file in the /usr/lib/dradis directory, what it contains and the date.
2. change the .xml file that is used for initial project setup
3. create a new project using the .xml file
4. do what you do; take notes, add attachments, etc.
5. perform periodic backups of the data, in case of system failure
6. when complete, or at various times during the note taking, put out a report
7. finish up with a database reset (#1 above) and start over

I may come back and update this information later.

Hack Lab #3 - Install Additional VMs to Give an Attack Surface

I ended up installing additional VMs from VulnHub to give me some practice before I get back into the OSCP labs.  I obtained the VMs from a list here and here.  The second list is a file from NetSecFocus on Google Drive and includes a list of OSCP like VMs and ones from HackTheBox.  The first ones that I installed were:

1. Kioptrix: Level 1 (#1): https://www.vulnhub.com/entry/kioptrix-level-1-1,22/
2. Kioptrix: Level 1.1 (#2): https://www.vulnhub.com/entry/kioptrix-level-11-2,23/
3. Kioptrix: Level 1.2 (#3): https://www.vulnhub.com/entry/kioptrix-level-12-3,24/
4. Kioptrix: Level 1.3 (#4): https://www.vulnhub.com/entry/kioptrix-level-13-4,25
5. Kioptrix: 2014: https://www.vulnhub.com/entry/kioptrix-2014-5,62/
6. FristiLeaks 1.3: https://www.vulnhub.com/entry/fristileaks-13,133/
7. Stapler 1: https://www.vulnhub.com/entry/stapler-1,150/
8. VulnOS 2: https://www.vulnhub.com/entry/vulnos-2,147/
9. SickOs 1.2: https://www.vulnhub.com/entry/sickos-12,144/

In addition, I installed the Kali VM from the OSCP class (new version based on Kali 2018.4 rolling).

Hack Lab #2 - Adding an OpenVPN Connection into the HomeLab

Strangely enough, I have a lot of equipment that is not being utilized all the time.  One thing that I wanted to do was to have a VPN connection into the house that I could use when I am on travel.  I just so happened to have a GL-AR300M laying around.  I also have both a GL-USB150 and a GL-AR750S-EXT as travel routers that I take with me.  I pretty much use the GL-USB150 to connect into my companies BYOD network.  Since it is a simple usb device, and can do WiFi relay, I use it as the main router for side projects when I am at work.  The GL-AR750S-EXT is also connected to my companies BYOD network, but is my main travel router when I am away.  I decided to add an OpenVPN connection to my house.

The main instructions for doing this are located at https://docs.gl-inet.com/en/3/app/openvpn/ for the Server portion and https://docs.gl-inet.com/en/2/app/openvpn/ for the client.  My server is going to be the GL-AR300M, I will attach it to an isolated vlan known as LAN5, and my client will be on the GL-AR750S-EXT.  I first set up LAN5 vlan throughout the network to keep it separate from anything else.  The LAN side of my server was connected to LAN5 and the WAN side was connected to my ISP router.  Right now while I do testing, I will not have it on my ISPs Router DMZ.  In fact I might isolate that out anyway.  No need to expose any more ports than necessary.  So the process is:

1. set up the server router in the home network
2. generate a .ovpn file using the GUI
3. download the .ovpn file (which is for the client)
4. at work, set up the client router
5. install the .ovpn file using the GUI
6. test out the connection
7. download the OpenVPN client to the personal laptop
8. install the .ovpn file on the personal laptop's OpenVPN client
9. test out the connection

Pretty simple, and it worked out just fine.

Hack Lab #1 - Installation of VMs on New Laptop with VirtualBox

So I went out and purchased a new laptop, an HP Pavillion, that I have been using as my travel personal laptop.  I usually carry both my work laptop and a personal laptop when I go on TDY.  I decided to try and setup a Hacking Lab on the new laptop using VirtualBox.  This is a bit of a change for me since I normally have done everything using VMWare. However, I have heard good things about the VirtualBox package, and since it is free I decided to give it a shot.  My version of VMWare Workstation is a bit out of date and I didn't want to spend the $140 or so to update it.  I have had great success with using KVM on Ubuntu (http://linuxweenie.blogspot.com/2016/07/wow-amazing-find-to-convert-vmware-to.html).

I am doing this primarily to get back into preparation for the OSCP labs.  I have been in the labs many times before, and I have taken the OSCP test but have not been completely successful at it.  So, I have added the Kali Linux VM by doing the following:

1. download the Kali Linux VM from https://cdimage.kali.org/kali-2019.1a/kali-linux-2019.1a-amd64.iso
2. launch VirtualBox and install Kali from the iso by following instructions on the screen; make sure to select encrypted drive for extra security (the reason that I did not install from the VirtualBox image)
3. set up a shared directory with the personal laptop and the Kali VM

I did have some issues with having a shared directory between the Kali VM and the laptop until I followed the instructions at https://docs.kali.org/general-use/kali-linux-virtual-box-guest.  I had forgotten that VMWare utilized not only the hypervisor parts but a small set of drivers that were loaded into the VM in order to perform all the functionality, including shared directories with the host.  So the following resolved the issue:

apt-get update
apt-get install -y virtualbox-guest-x11
reboot

Project #15 - Add a Hacking Lab to the Network

As part of my studies in OSCP and CEH I have decided to add a hacking lab to my network.  This should be protected from the outside and include many vulnerable VMs that I can practice on.

Cataloging Patch Panel Connections

So I was busy over the last two days trying to get the patch panel connections documented.  If you have never tried to do this at your house, it is quite an eye opener.  What you originally thought that you had connected, turns out to be incorrect.  I have prided myself on documenting how the home network is wired together.  However, in the heat of battle, sometimes you fail to record the subtle differences, especially if you make a sudden change to the wiring because of a problem you find.  I finally settled on giving each patch panel a number (i.e., PP#1).  I also designate a connection that the port is connected to (i.e., PP#1-5 for patch panel 1 port number 5).  I had designations on the patch panels to record what device I was connected to.  However, this became a problem since I started rearranging the patches to suit different things that I was doing at the moment.

I now have labels on each patch panel port that tell me what patch panel (and associated port) contains the port connection.  I also have labels on the patch panels that tell me what number the patch panel is. What this means is that the label on the patch panel end points back to the opposite patch panel port.  Even though the numbering on the patch panel doesn’t tell me the signal it does tell me the infrastructure (that which doesn’t change) pieces so that I can trace a signal as necessary.  I also record patch cord connections to equipment in my iPhone; generally something like this:

PP#1: (toolroom)

15, 16 empty

1- To Kitchen/Dining Rm Ethernet plug (patch to .115-3)

2- To TIVo Mini downstairs (patch to PP#1-4)

3- To Computer Rm-Hutch wall (n/c)

4- to PP#2-1 (patch to PP#1-2)

5- to cable20 / cable21 .114-1 (patch to PP#1-11)

6- to PP#2-4 (patch to PP#1-9)

7- to black cable2 PP#6-2 (patch to Unmgd sw)

8- to light blue cable6 PP#6-1 (patch to .115-7)

9- to dark blue, PP#5-Y (patch to PP#1-6)

10 - to PP#2-8 (n/c)

11- to PP#3-19 (patch to PP#1-5)

12- to PP#4-X (patch to .115-5)

13- to PP#2-2 (patch to .115-2)

14- to PP#3-20 (patch to .115-4)

Notice that this setup allows me to see at a glance what signal is flowing through that patch panel port.  It also tells me if I have some empty ports (for expansion later).  Notice that I have in parends a patch cord designation that tells me the device or patch panel port connection.  The .xxx-x indicates a device IP number and the device port.

I tried hard to rearrange the port wiring so that patch panel ports for the most part connect to other patch panel ports.  After all, that is what patch panels are for.  Now I can rearrange the patch cords as necessary for different devices that are added or vlan connections that need to be made.

HA #1 - Making Changes to the Network for Home Automation

On a lark, I started changing out my Experimental vlan to add some Home Automation components.  I took my Plex server and changed it out to run Ubuntu 18.04 LTS, now called the HA-IOT server, added Docker, and spun up around 12 containers to support what I wanted to do.  I also added an Aeotec Z-Wave USB stick to interface to a number of Z-Wave components.  So far I have added three multi-sensors (temp, movement, humidity, etc.), three Z-Wave dimmable wall switches, two Z-Wave toggle wall switches, one plug in Z-Wave dimmer, one plug in Z-Wave switch, one Z-Wave door lock, and one Z-Wave door open switch.  In addition I have added one wifi multicolor LED bulb and have started adding dimmable LED bulbs in various lamps.

I have also started a project using a Raspberry Pi Zero W which interfaces to a LinkMaster 850LM so that I can press the buttons on my Subaru to activate some automations via a MQTT message.  The containers include home-assistant which interfaces to the Z-Wave USB stick, node-red which sets up automations, and pertainer which is used to manage containers in Docker.  I originally set-up the containers using a docker-compose script that I found on the home-assistant blog.  I will be changing those docker-compose scripts as I go.

Right now I am attempting to understand how to control lights via triggers so that I will be able to set-up automations that will work pretty much the first time.  I am also exploring a couple of different dashboard layouts.  All of this is actually controllable via web interfaces, so I am able to push the ports through a router (Netgear FVS318N) to my media vlan so that I am able to get to the web interfaces easily.