Instructions to set up the lab environment
Laboratory for the class “Computer system security” (02KRQ)
Politecnico di Torino – AY 2016/17
Prof. Antonio Lioy
prepared by:
Diana Berbecaru ([email protected])
v. 1.3 (06/10/2016)
1
Working environment
The laboratory exercises use the live Linux distribution Kali version 2016.2. We have created a “custom” ISO
image of this Linux distribution, enhanced with additional packages needed to complete the exercises proposed
in the laboratories.
The image of the Kali ISO Live can be selected directly from the Grub menu of the PCs in the laboratory. The
username and the password requested to load the Live distribution are the following ones:
username:
password:
security
03GSD02KRQ
At the boot of Kali you should see a menu similar to the one in Figure 1.
Figure 1: Initial menu of Kali 2016.2
Choose “Live (amd64)” to start up the operating system.
At login, authenticate with username root and password toor.
At the end of the boot, Kali should have already configured correctly the network if DHCP facility is present
(e.g. in lab). Otherwise, you will have to configure it manually with the command ifconfig (see commands
below). The graphical X server should start up automatically. Note that to limit the size of ISO we have
included XFCE as unique Desktop Environment. The working environment will look like in Figure 2.
1
Figure 2: Kali working environment
Useful commands
We remind you some useful Linux commands required throughout the exercises. Note: the square brackets (i.e.
[ and ]) indicate something optional, the angle brackets (i.e. < and >) indicate a choice, the words in Italic
need to be replaced with specific data required by the command.
To configure the keyboard, you can use the commands:
• loadkeys language (in console);
• setxkbmap language (in graphical mode).
where language can be it for the Italian keyboard (available in the lab for example) or us for the American
keyboard.
• to create a new user:
useradd username
passwd username
mkdir /home/username
chown username:users /home/username
• to change user, and to acquire root privileges:
su [-] [ username ]
if you don’t specify username, it assumed root by default
• to get more info on the use of a command/program:
man program name
• to start/stop/restart services:
/etc/init.d/servicename { start | stop | restart }
or
service servicename { start | stop | restart }
2
• to view the network configuration of your machine (IP address, netmask, . . . ):
ifconfig
• to configure the network card:
ifconfig interfaccia IP netmask netmask della rete
route add default gw defaultGW IP
• to set the DNS server, add a line in the file resolv.conf
nameserver IP del nameserver
Further options are available with the command man resolv.conf
If the screen locks and you need to unlock it as “root” user, you can use the password “toor”.
2
Setting up the laboratory environment at home . . .
The exercises proposed in the laboratories will require you to use at most three PCs at the same time, with
the exception of the laboratory on IPsec, when you will be required to use four PCs at the same time. This
environment can be easily created in the laboratory using physical machines, in the following sections we
describe how you can create it at home or in lab in a virtual environment.
2.1
Working environment with different PCs
If you have three PCs at your disposal, you can connect them in a network with a switch, as illustrated in
Figure 3. You have to start an ISO Live for each of these machines. You can download the ISO image from the
course website:
http://security.polito.it/˜lioy/sw/kali_2016_2_torsec_v5.iso
You can copy the ISO on a DVD or on an USB key. It is advisable to use an USB key (to create it read the
Section 3) with respect to a DVD (which is typically slower and does not allow to save temporary data).
The Internet connection is not necessarily required for most of the exercises, but it could be useful to you in
case you want to access the laboratory texts or if you want to update programs or to find out useful materials
and documentation.
Figure 3: Domestic network topology
If you don’t have a DHCP server that assigns automatically the IP addresses to the machines, you need to set
manually the network configuration (refer to the ifconfig man page for more details).
You could also use a WiFi network (an ADSL router behaves both as switch and as router), but pay attention
because some drivers of wireless cards have some limitations (for capturing and inserting packets) that could
compromise the results/behaviour of some specific exercises. These limitations can be typically solved out by
using a different version of the driver, of by configuring it in a proper manner.
3
2.2
Working environment with virtual machines
You can create and use virtual machines in order to start up one or more Kali distributions (in practice to
simulate various machines), which are running in parallel on a unique physical machine. The solution we adopt
requires to use the Kali ISO image as virtual CD/DVD for the virtual machines that we are going to create:
consequently, you must have a local copy of the Kali ISO file (either on disk, on an USB key or on a DVD).
As explained, you can download the Kali ISO file from the course website:
http://security.polito.it/˜lioy/sw/kali_2016_2_torsec_v5.iso
Alternatively, if you have enough computational resources you can even use a complete Kali version (which
includes interesting penetration testing tools but not required in the exercises proposed). In such case, you can
download the ISO files or VMs available on the official website (as explained in Section 4)
Even though you can work only with Live virtual machines, in our opinion the best solution is:
• install in at least one VM the Kali distribution by choosing the option “Install” or “Graphical Install” from
the menu in Figure 1 and follow the instructions (similar to the ones required for the installation of a
Linux Debian distribution), and then
• start as ISO Live all the additional VMs required in the various laboratories (as explained in Section 2.2.1).
In this way you would have a main VM in which you can save the data you will create or is requested in the
various exercises and from which you can controll other virtual machines required 1 .
In some case (few) the virtualisation environment might compromise the results expected, but in these cases we
signal them with a note in the text.
2.2.1
Oracle VirtualBox
In this section we explain in brief how to use VirtualBox, a virtualisation product freely available for Linux and
Windows platforms. The version we refer to in this document is 4.3.16, which can be downloaded from the
URL https://www.virtualbox.org/wiki/Downloads.
The documentation is available at the URL https://www.virtualbox.org/wiki/Documentation.
For installation, check out the Section 2 of the guide Oracle VM VirtualBox User manual available at
http://download.virtualbox.org/virtualbox/UserManual.pdf
If you decided to install Kali in a VirtualBox virtual machine, we advise you to install also the “VirtualBox
Extension Pack” that you can download from the link
https://www.virtualbox.org/wiki/Downloads
Note: Compared to other commercial products, VirtualBox is lighter from the computational point of view in
case we use a single VM, but it does not scale very well with the increasing the number of VMs. Consider that
you might need at least 2 GB RAM if you use more than two VMs on your PC.
Alternatively, you can use VMware Player2 (refer to the official documentation to create and install VM of type
Live). Other free products are considered not adequate for this course: VMware vSphere Hypervisor is too
much for the exercises proposed, while VMServer is not maintained anymore since 2010. If you have a licence,
you can use VMware Workstation. We have not tested any virtualisation environment for MacOS.
1 In
addition you can also install the guest addition that allow to change the screen resolution and to share directories with the guest
machine, as illustrated in Section 2.2.1.
2 According to the documentation, VMware Player supports at most one VM, in practice this limitation is not applied and you can
create more than one.
4
Assuming that you have a VirtualBox running, you can proceed with the installation of the VMs necessary for
the execution of the exercises proposed in the laboratory text.
First of all, from the menu “File > Preferences” of VirtualBox, click on “Extensions” and add the file that you
have downloaded3 .
Figure 4: Selection of the ISO file with VirtualBox.
By pressing “New”, you activate the guided procedure of creating a new VM, which is composed of the following steps (see Fig. 4):
• choose the name and type of the operating system: we have created four VMs (with the names of users
that we will use in the various laboratories: Alessandro, Beatrice, Claudio and Francesca), with “Linux”
operating system and version “Debian (64 bit)” (we remind you that Kali is based on Debian). We have
also created a second VM for Beatrice and we allocated 2048 MB for such VM (see also next choice);
• choose the RAM size to be allocated to the VM: we advise you to allocate at least 512 MB RAM for each
VM, or even better 768 MB. In only one case, to execute a vulnerability assessment it will be required
a VM with at least 2 GB RAM (note that the memory allocated to a VM can be changed subsequently
from the menu Settings); for this reason, we allocated the second VM for Beatrice with 2048 MB RAM,
that you can name Beatrice-2048MBRAM. You should also allocate at least 2 GB RAM to the virtual
machine in which you install Kali (if this approach is adopted).
• choose the Hard Disk: deselect “Do not add a Virtual Drive” and continue (later on, you can find the
instructions to boot from the DVD).
3 The
latest version available for VirtualBox 4.3.16 is http://download.virtualbox.org/virtualbox/5.1.6/Oracle_VM_
VirtualBox_Extension_Pack-5.1.6-110634.vbox-extpack
5
Figure 5: Selecting the storage with VirtualBox.
By selecting the VM just created, and by clicking “Settings” it is possible to add a CD/DVD:
• select “Storage” (you should see a window like the one shown in Figure 5);
• click on device CD/DVD present in the menu “IDE Controller”, then from the tab “Attributes” make it
“IDE Primary Master”, click on the disk symbol to add the drive to which it must be mapped, then click on
“choose a virtual CD/DVD file” and choose the ISO of Kali (kali-linux-1.0.9-amd64-custom.iso).
Finally, check out the checkbox “Live CD/DVD”.
• for the virtual machine in which you intend to install it, right click on “IDE Controller” and choose “Add
CD/DVD Device”: you should see a window, select “Choose Disk”, which will allow you to select directly
a new ISO file. Go to the installation directory of VirtualBox and choose the ISO VBoxGuestAdditions.iso,
which represent the Guest Additions of VirtualBox that will allow you to use the shared directories among
the VMs and the operating system of your physical machine, the USB ports and the resolution in graphical mode above 800x600;
Note: you should not do this operation for the VMs that you use as Live, because the installation of the
Guest Addition requires to make restart. Thus, all the modifications would be lost.
We have encountered problems with the VMs that use NAT, because they receive from the internal DHCP of
VirtualBox the same IP address (10.0.2.15, as explained at page 174 of the VirtualBox Manual available at
http://download.virtualbox.org/virtualbox/UserManual.pdf) and thus are not usable for our practical exercises. For this reason we advise you to use “Bridged Adapter”, as described below.
For a selected VM, you can modify the network settings, by choosing “Network” and, after selecting the network
card, change the field “Attached to”, from “NAT” to “Bridged Adapter”.
The Guest Additions are designed to be installed inside a virtual machine after the guest operating system has
been installed. They consist of device drivers and system applications that optimize the guest operating system
for better performance and usability
6
To install and enable the guest additions, see the instructions at
http://www.virtualbox.org/manual/ch04.html
First, you need to mount the ISO of the Guest Additions:
mkdir /media/guestaddition
mount /dev/cdrom /media/guestaddition
Next, run the following command:
/media/guestaddition/VBoxLinuxAdditions.run
To create shared folders, from VirtualBox, select the VM to which you want to allow access, click on “Settings”,
then select “Shared Folders”. Click on “Add shared folders”, select the path of the folder to be shared on your
PC and finally assign it a name (e.g. guestsharedfolders).
Then, create on the VM that you have chosen a folder (e.g. /localsharedfolders) and attach it to the shared
folder that you created previously, by using the following command:
mount -t vboxfs guestsharedfolders /localsharedfolders
where the first guestsharedfolders is the name that you have assigned to the shared folder when you have
created it, and the second /sharedfolders is the name of the folder internal to the VM.
You can also share the clipboard by simply enabling the option “Share Clipboard” in the menu “Devices” in the
VirtualBox window of the virtual machine.
3
Creating a persistent live USB . . .
With Kali, as with all the main Linux live distributions, it is possible to install the ISO image on an USB key
and run it from this device.
Copying the Kali ISO file on USB
Creating an bootable USB key with the Linux distribution provided in this course is really easy, you just need
to copy bit by bit the ISO file on the USB key, for example by using the command dd:
dd if=/home/user1/kali-linux-1.0.9-amd64-custom.iso of=/dev/sdd
(where kali-linux-1.0.9-amd64-custom.iso is the ISO file of the Kali distribution, while /dev/sdd is the
device on which the USB key is mapped)
Beware the USB key must be empty, otherwise you will loose any data saved on the key.
To copy correctly the Kali ISO file on the USB key on Windows or MAC, we recommend you to download and
use appropriate programs (e.g. Rufus, UNetbootin, ISO to USB, Windows USB/DVD Download Tool) and run
the instructions of the tool. We remind you that the content of the key will be lost, so use an empty USB key
with no data on it. Note also that for those tools that do not perform a copy bit by bit of the ISO file (similar to
the dd command), you have to make the key bootable.
Beware! do not (simply) copy the file ISO directly on the key (e.g. with Windows Explorer), it will not work!
Adding a “persistent” partition on the USB key
If you use a USB key (instead of a DVD for example) it is also possible to save the data you create when you
run a live distribution. You can in fact create a partition on the USB key, of about some hundreds of megabytes,
on which you can save the data you create throughout the execution of the proposed exercises.
7
To do so with Kali, you have to create a new partition formatted with the filesystem ext3, and insert an adequate
configuration file in its root. To add persistence to an USB key, on Linux you may execute the following
commands:
parted
select /dev/sdd
maintaining the hypothesis that the key is mapped on the device sdd (it is anyway possible to see the list of the
devices with the command print devices to understand which is the device we are interested in)
print
from which it is possible to see where it starts the part not allocated of the USB key
mkpart primary <start part not allocated> <start part not allocated>+500MB
in order to create a new partition of 500 MB starting from the beginning of the space which has not been
allocated.
quit
mkfs.ext3 /dev/sdd3
under the hypothesis that there are two partitions and the one that has been created is sdd3.
e2label /dev/sdd3 persistence
to label the new partition
mount /dev/sdd3 /mnt/usb
echo "/ union" > /mnt/usb/persistence.conf
to create and set adequately the configuration file persistence.conf in the root of the partition that has been
created
umount /dev/sdd3
4
Kali Full
We have created a custom ISO in order to have a working environment with all the tools required by the
exercise proposed in the laboratories. Furthermore, we have minimized the ISO size adopting XFCE to reduce
the system requirements (nevertheless with the various dependencies required by this 2016.2 we reduce the size
by about 1 GB). This is mainly useful if you perform the exercises with virtual machines. Having 4 VMs of
large size running can require high resources (and time). Such resources are not always available (at your own
PC or the ones in the laboratory).
However, if you have at disposal a powerful PC, you can use a complete Kali distribution (named also Kali
Full) and a rich Desktop Environment4 . You can download such ISO (indicated as Kali Linux 32 or 64 bit,
Version 2016.2, Size 2.9 GB) from the following link:
https://www.kali.org/downloads/
Moreover, it is also possible to download VMs that can be used directly in VirtualBox and VMware (called
“Prebuilt Kali Linux VirtualBox Images” and “Prebuilt Kali Linux VMware Images”) from the following link:
https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/
In both cases, you have to install also the following packages (only at home, in the laboratory these packages
are already installed):
4 We advise to use it, there are also other interesting security attack and analysis tools that you might be interested in (pay attention
to law restrictions if you intend to test them).
8
• vsftpd
• hexedit
• strongswan
• strongswan-ikev1
• ipsec-tools
• dkms
• lynx
• alien
• nsis
by using the command
apt-get install package name
Furthermore, you can download also the file below, which is required to update the NVT plugin of OpenVAS
in the laboratory no. 1:
http://www.openvas.org/openvas-nvt-feed-current.tar.bz2
9