Topology for laboratory
The enable secret password for both routers is class.
The enable, VTY and console password for both routers is cisco.
Objective
Configure two routers back to back as a Frame Relay PVC. You will dothis manually, in the absence of a frame relay switch, and therefore there willbe no Local Management Interface (LMI).
Background/Preparation
Cable a network that is similar to the topology above. You can use any router that meets the interface requirements, you may use 2600 routers.
Step 1. Configure the routers.
Configure the host name, console, VTY, and enable passwords according to the requirements.
Step 2. Configure the Washington serial interface
First, define the Frame Relay type to be used on the link. Disable keepalive messages because there is no Frame Relay switch in this configuration (and consequently no Frame Relay DCE).
Step 3. Configure the Frame Relay map on Washington
Step 4. Configure the DCE on Washington
In this configuration using DCE cables, a clock signal is necessary. The bandwidth command is optional, but it is a wise choice for verifying bandwidth transmission. Another option is to title the connection by using the description command. This is useful so that you can record information about the PVC, such as a remote leased line circuit identifier.
Step 5. Configure the Dublin router
Configure the Dublin router by using the following commands.
Step 6. Verify the Frame Relay PVC.
Step 7. Display the Frame Relay map.
Step 8. Verify Frame Relay connectivity.
The enable secret password for both routers is class.
The enable, VTY and console password for both routers is cisco.
Objective
Configure two routers back to back as a Frame Relay PVC. You will dothis manually, in the absence of a frame relay switch, and therefore there willbe no Local Management Interface (LMI).
Background/Preparation
Cable a network that is similar to the topology above. You can use any router that meets the interface requirements, you may use 2600 routers.
Step 1. Configure the routers.
Configure the host name, console, VTY, and enable passwords according to the requirements.
Step 2. Configure the Washington serial interface
First, define the Frame Relay type to be used on the link. Disable keepalive messages because there is no Frame Relay switch in this configuration (and consequently no Frame Relay DCE).
Step 3. Configure the Frame Relay map on Washington
A. When you are sending an Ethernet frame to a remote IP address, you must discover the remote MAC address so that you can construct the correct frame type. Frame relay needs a similar mapping.
B. The remote IP address needs to be mapped to the local DLCI (Layer 2 address), sothe correctly address frame can be created locally for this PVC. Because you cannot map the DLCI automatically, with LMI disabled, you must create this map manually.
Step 4. Configure the DCE on Washington
In this configuration using DCE cables, a clock signal is necessary. The bandwidth command is optional, but it is a wise choice for verifying bandwidth transmission. Another option is to title the connection by using the description command. This is useful so that you can record information about the PVC, such as a remote leased line circuit identifier.
Step 5. Configure the Dublin router
Configure the Dublin router by using the following commands.
Step 6. Verify the Frame Relay PVC.
Step 7. Display the Frame Relay map.
Step 8. Verify Frame Relay connectivity.
How to Install De-ICE 1.100
|
|
comments (0)
|
Before configuring the LiveCD, be sure you have already installed the VMware player in your computer and it is running properly.
To configure the De-ICE 1.100 LiveCD on your VMware player you may follow the procedure:
1. Run the VMware Player. The VMware player home screen will be displayed.
9. Click OK and click Finish. You will see the newly created virtual machine on the VMware player inventory.
To configure the De-ICE 1.100 LiveCD on your VMware player you may follow the procedure:
1. Run the VMware Player. The VMware player home screen will be displayed.
2. Click Create a New Virtual Machine.
3. Choose I will install the operating system later.
4. Select Other on the guest operating system.
5. Type the name of the virtual machine and choose the path where the files will be saved.
6. Since we are installing a LiveCD, just enter the minimum value for the disk size which is 100MB.
7. Click the Customize Hardware.
8. Instead of using a physical drive, select Use ISO image file and choose the location of the .iso image.
9. Click OK and click Finish. You will see the newly created virtual machine on the VMware player inventory.
10. Play the De-ICE virtual machine.
11. When the LiveCD is finish on loading the welcome screen of the De-ICE will be displayed, and prompting for login.
12. You may now start you penetration testing exercise using your client virtual machine with a BackTrack LiveCD.
Schedule a restart operation with Windows XP's Shutdown utility
|
|
comments (0)
|
Note: This tip applies to both Windows XP Home and Professional editions.
Wouldn't it be nice if each morning your Windows XP machine restarted before you got to work so you had a fresh system to work on each day?
To help you automate this type of operation, Windows XP comes with a command-line utility called Shutdown.exe, which can restart your system. To make this happen automatically, you can configure it to run at a specified time with the Scheduled Tasks tool. Here's how:
When the Shutdown utility runs, you'll momentarily see a small dialog box on your screen before the system restarts.
Wouldn't it be nice if each morning your Windows XP machine restarted before you got to work so you had a fresh system to work on each day?
To help you automate this type of operation, Windows XP comes with a command-line utility called Shutdown.exe, which can restart your system. To make this happen automatically, you can configure it to run at a specified time with the Scheduled Tasks tool. Here's how:
- Go to Control Panel | Scheduled Tasks.
- Double-click Add Scheduled Task to launch the Scheduled Task Wizard.
- Click Next and then click the Browse button.
- Access the Windows\System32 folder, select Shutdown.exe, and click Open.
- Follow the wizard through the next two screens to give the task a name and choose a schedule.
- Enter your user account name and password and click Next.
- Select the Open Advanced Properties check box and click Finish.
- In the task's Properties dialog box, add the /r parameter to the end of the command line in the Run text box and click OK. (Be sure to include a space between the last character in the command name and the first character in the parameter list.)
- Enter your user account name and password and click OK.
When the Shutdown utility runs, you'll momentarily see a small dialog box on your screen before the system restarts.
Speed up Windows XP's defrag operations
|
|
comments (0)
|
Note: This tip applies to both Windows XP Home and Professional editions.
A simple way to speed up a defrag operation in Windows XP is to restart the system before you launch Defrag. This allows the operating system to clear out the swap/paging file and reset it to the default size. This lets Defrag focus strictly on the necessary data on the hard disk without having to stop and manage a huge swap file loaded with unneeded data.
Another approach to speeding up a defrag operation in Windows XP is to configure it to occur immediately upon startup. Fortunately, you can do so easily with this simple registry edit:
The defrag operation will begin when you type in your password and press [Enter]. (Keep in mind that values added to the RunOnce key are removed immediately after the command has been run.)
A simple way to speed up a defrag operation in Windows XP is to restart the system before you launch Defrag. This allows the operating system to clear out the swap/paging file and reset it to the default size. This lets Defrag focus strictly on the necessary data on the hard disk without having to stop and manage a huge swap file loaded with unneeded data.
Another approach to speeding up a defrag operation in Windows XP is to configure it to occur immediately upon startup. Fortunately, you can do so easily with this simple registry edit:
- Launch the Registry Editor (Regedit.exe).
- Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce.
- Right-click on the RunOnce subkey and select New | String Value.
- Name the value Defrag and press [Enter] twice.
- Type Defrag.exe c: /f in the Value Data text box and click OK.
- Close the Registry Editor and restart Windows.
The defrag operation will begin when you type in your password and press [Enter]. (Keep in mind that values added to the RunOnce key are removed immediately after the command has been run.)
De-ICE 1.100
|
|
comments (0)
|
This LiveCD is configured with an
Internet Protocol (IP) address of 192.168.1.100 – no additional
configuration of the server is necessary. The scenario for this LiveCD
is that a chief executive officer(CEO) of a small company has been
pressured by the board of directors to have a penetration test done
within the company. The CEO, believing his company is secure, feels this
is a huge waste of money, especially since he already has a company
scan their network for vulnerabilities (using Nessus). To make the board
of directors happy, he decides to hire you for a 5-day job; because he
really doesn’t believe the company is insecure, he has contracted you to
look at only one server – an old system that only has a Web based list
of the company’s contact information.
The CEO expects you to prove that the system administrators follow all proper accepted security practices, and that you will not be able to obtain access to the box.
DynamicHost Configuration Protocol (DHCP) Server: active
The CEO expects you to prove that the system administrators follow all proper accepted security practices, and that you will not be able to obtain access to the box.
The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values:
DynamicHost Configuration Protocol (DHCP) Server: active
- Pool Starting Address: 192.168.1.2
- IPAddress: 192.168.1.1
- IPSubnet Mask: 255.255.255.0
De-ICE
|
|
comments (0)
|
Designed to provide legal targets in
which to practice and learn PenTest skills, the De-ICE LiveCDs are real
servers that contain real-world challenges. Each disk provides a
learning opportunity to explore the world of penetration testing and is
intended for beginners and professionals alike.
Available since January of 2007, the De-ICE project has been presented at security conferences across the United States, and was first referenced in print in the book titled Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, published by Syngress in September of the same year.
Currently located at www.heorot.net/livecds/, there are multiple LiveCDs available to download for free.
These servers provide real-world scenarios built on the Linux distribution “Slax”.On these disks, different applications are included that may or may not be exploitable, just like the real world. The challenge is to discover what applications are misconfigured or exploitable and to obtain unauthorized access to the root account.
The advantage to using these LiveCDs is that there is no server configuration required – the LiveCD can simply be dropped into the CD tray, the system configured to boot from the CD,and within minutes a fully functional hackable server is running in the lab. We can also use the LiveCD images directly in a virtual machine,which makes things even simpler.
The De-ICE disks were also developed to demonstrate common problems found in system and application configuration. A list of possible vulnerabilities included in the De-ICE disks are as follows:
Well-known exploits are not included in the De-ICE challenges, eliminating the use of automated vulnerability identification applications.
Available since January of 2007, the De-ICE project has been presented at security conferences across the United States, and was first referenced in print in the book titled Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, published by Syngress in September of the same year.
Currently located at www.heorot.net/livecds/, there are multiple LiveCDs available to download for free.
These servers provide real-world scenarios built on the Linux distribution “Slax”.On these disks, different applications are included that may or may not be exploitable, just like the real world. The challenge is to discover what applications are misconfigured or exploitable and to obtain unauthorized access to the root account.
The advantage to using these LiveCDs is that there is no server configuration required – the LiveCD can simply be dropped into the CD tray, the system configured to boot from the CD,and within minutes a fully functional hackable server is running in the lab. We can also use the LiveCD images directly in a virtual machine,which makes things even simpler.
The De-ICE disks were also developed to demonstrate common problems found in system and application configuration. A list of possible vulnerabilities included in the De-ICE disks are as follows:
- Bad/weak passwords
- Unnecessary services (file transfer protocol [ftp], telnet, rlogin [?!?!])
- Unpatched services
- Too much information available (contact info, and so forth)
- Poor system configuration
- Poor/no encryption methodology
- Elevated user privileges
- No Internet Protocol Security (IPSec) filtering
- Incorrect firewall rules (plug in and forget?)
- Clear-text passwords
- Username/password embedded in software
- No alarm monitoring
Well-known exploits are not included in the De-ICE challenges, eliminating the use of automated vulnerability identification applications.
Setting Up Your Personal Penetration Test Lab
|
|
comments (0)
|
For those who are interested in learning
how to do penetration testing (or hacking) there are many tools
available, but very few targets to practice safely against – not to
mention legally. For many, learning penetration tactics has been through
attacking systems on the Internet. Although this might provide a wealth
of opportunities and targets, it is also quite illegal. Many people
have gone to jail or paid huge amounts of money in fines and
restitution– all for hacking Internet sites.
The only real option available to those who want to learn penetration testing legally is to create a penetration test lab. For many, especially people new to networking, this can be a daunting task. Moreover, there is the added difficulty of creating real-world scenarios to practice against, especially for those who do not know what a real-world scenario might look like. These obstacles often are daunting enough to discourage many from learning how to conduct a PenTest project.
We will discuss how to set up different penetration test labs, as well as provide scenarios that mimic the real world, providing the opportunity to learn (or improve) skills that professional penetration testers use. By creating a PenTest lab, we will be able to repeat hands-on penetration test exercises on real servers.
Hardware
A decent laptop or desktop computer and VMware Player as the VM engine is recommended to setup the hardware for the application and OS penetration testing lab.
ComputerConfiguration
VirtualMachine
NetworkConfiguration
Software
Creating a personal lab in today’s information technology environment is an advantage since many applications used incorporate networks are Open Source, which are easy and free to obtain.Proprietary software, including OSes, is another matter. Open Source software is often sufficient to learn hacking techniques, including system, application,database, and Web attacks.
The only real option available to those who want to learn penetration testing legally is to create a penetration test lab. For many, especially people new to networking, this can be a daunting task. Moreover, there is the added difficulty of creating real-world scenarios to practice against, especially for those who do not know what a real-world scenario might look like. These obstacles often are daunting enough to discourage many from learning how to conduct a PenTest project.
We will discuss how to set up different penetration test labs, as well as provide scenarios that mimic the real world, providing the opportunity to learn (or improve) skills that professional penetration testers use. By creating a PenTest lab, we will be able to repeat hands-on penetration test exercises on real servers.
A personal lab that only focuses on application and Operating System (OS) hacking does not require any advanced networking equipment, but does require a more robust computing platform to handle multiple VMs running simultaneously.
Hardware
A decent laptop or desktop computer and VMware Player as the VM engine is recommended to setup the hardware for the application and OS penetration testing lab.
ComputerConfiguration
- 400 MHz or faster processor (500 MHz recommended)
- 512MB random access memory (RAM) minimum (2GB RAM recommended)
VirtualMachine
- VMware Player
- Available at www.vmware.com/products/player/
NetworkConfiguration
- Dynamic Host Configuration Protocol (DHCP) Server: active
- Pool Starting Address: 192.168.1.2
- Local Area Network TCP/IPIP
- Address: 192.168.1.1
- IP Subnet Mask : 255.255.255.0
Software
Creating a personal lab in today’s information technology environment is an advantage since many applications used incorporate networks are Open Source, which are easy and free to obtain.Proprietary software, including OSes, is another matter. Open Source software is often sufficient to learn hacking techniques, including system, application,database, and Web attacks.
De-ICE
Designed to provide legal targets in which to practice and learn PenTest skills, the De-ICE LiveCDs are real servers that contain real-world challenges. Each disk provides a learning opportunity to explore the world of penetration testing and is intended for beginners and professionals alike.
Available since January of 2007, the De-ICE project has been presented at security conferences across the United States, and was first referenced in print in the book titled Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research, published by Syngress in September of the same year.
Currently located atwww.heorot.net/livecds/, there are multiple LiveCDs available to download for free.
Hackerdemia
This LiveCD is not really intended to emulate a real-world server – it was designed to be a training platform where various hacker tools could be used and learned. Similar to the De-ICE LiveCDs, it was developed on the Slax Linux distribution and is included in the accompanying DVD. It can also be downloaded online at www.heorot.net/hackerdemia/.
Foundstone
Foundstone NetworkSecurity is a division of McAfee, which developed a series of Microsoft-based scenarios that involve Web and SQL attacks. The series of scenarios go by the name of Hacme and can be downloaded at www.foundstone.com/us/resources-free-tools.asp. These scenarios are not LiveCDs but are provided as software installers for Windows servers. There are different application requirements before the Hacme scenarios can be installed.
pWnOS
Developed and maintained by Brady Bloxham, the pWnOS VM image is a Linux distribution with service vulnerabilities that can be exploited using scripts available on milw0rm.org and can be downloaded (and discussed about) at the Heorot.net forums. We will use thepWnOS VM image to find vulnerabilities, and use scripts to exploit the discovered vulnerabilities.
Windows 2003 Missing Hub
|
|
comments (0)
|
It is late at night and you have forgotten to take a hub.
Now it is impossible to set up the server because it presents you with a red X over the network icon in the tray and you are unable to create a new domain.
Take a UTP patch cable, cut off the one end ,strip it, connect wires 1 with 3 and 2 with 6, plug the RJ45 in the NIC of the server and you are done (this fools the NIC/server into finding a LAN)
If you hold the patch cable with the RJ45 away from you, the plastic tang facing the floor and the cable running towards you pin 1 is to your left.
Now it is impossible to set up the server because it presents you with a red X over the network icon in the tray and you are unable to create a new domain.
Take a UTP patch cable, cut off the one end ,strip it, connect wires 1 with 3 and 2 with 6, plug the RJ45 in the NIC of the server and you are done (this fools the NIC/server into finding a LAN)
If you hold the patch cable with the RJ45 away from you, the plastic tang facing the floor and the cable running towards you pin 1 is to your left.
Use the PushD command to create a quick temporary drive map
|
|
comments (0)
|
This tip applies to both Windows XP Home and Windows XP Professional.
Have you ever been working from a Command Prompt and needed to temporarily map a drive letter to a network location for a quick file operation? Of course, you can switch over to Windows Explorer and use the Map Network Drive command on the Tools menu.
While this is a viable solution, it requires multiple steps to create—and then you have to perform several more steps to disconnect the network drive. This can be a pain, especially if you just want to work from a Command Prompt.
However, there is another way. You can use the PushD command to quickly create a temporary drive map while remaining in the Command Prompt. You can then use PopD to quickly disconnect the network drive. Here’s how:
1. Open a Command Prompt window.
2. Type the following command line: PUSHD ServerSharepath
where \\Server\Share\path
is the network resource to which you want to map a drive letter.
The PUSHD command will instantly map a drive letter to the network resource and then change to that drive right in the Command Prompt window. When you’re finished, just type POPD and the mapped drive letter will be disconnected and you’ll return to your original drive.
Keep in mind that, the PUSHD command allocates drive letters from Z: on down and will use the first unused drive letter it finds.
Have you ever been working from a Command Prompt and needed to temporarily map a drive letter to a network location for a quick file operation? Of course, you can switch over to Windows Explorer and use the Map Network Drive command on the Tools menu.
While this is a viable solution, it requires multiple steps to create—and then you have to perform several more steps to disconnect the network drive. This can be a pain, especially if you just want to work from a Command Prompt.
However, there is another way. You can use the PushD command to quickly create a temporary drive map while remaining in the Command Prompt. You can then use PopD to quickly disconnect the network drive. Here’s how:
1. Open a Command Prompt window.
2. Type the following command line: PUSHD ServerSharepath
where \\Server\Share\path
is the network resource to which you want to map a drive letter.
The PUSHD command will instantly map a drive letter to the network resource and then change to that drive right in the Command Prompt window. When you’re finished, just type POPD and the mapped drive letter will be disconnected and you’ll return to your original drive.
Keep in mind that, the PUSHD command allocates drive letters from Z: on down and will use the first unused drive letter it finds.
Implementing a Group Policy, Part 3
|
|
comments (0)
|
Task 7: Filtering GPO Scope
In this exercise you prevent a policy from applying to the Sales security group by denying that group Read permission to the GPO. You created the Sales group and its members.
To filter the scope of your GPO
1. In the DispatchPolicy GPO console, right-click the root node of the console, then click Properties.
2. Click the Security tab, then click the Sales security group. You will need to add the Sales group using the Add button.
Task 8: Linking a GPO
By default, the DispatchPolicy GPO is linked and its settings apply to the Dispatch OU. In this exercise you will link the DispatchPolicy GPO to the Security1 OU you created.
To link your GPO to an additional OU
1. Click Start, point to Programs, point to Administrative Tools, then click Active Directory Users And Computers.
2. Right-click the Security1 OU, then click Properties.
Task 9: Testing a GPO
In this exercise you view the effects of the group policy implemented in the previous exercises.
To test the DispatchPolicy GPO
1. Log off Windows 2003. If a Microsoft Management Console message box appears, prompting you to save console settings to DispatchPolicy GPO.msc, click Yes.
2. Log on as Assistant1 on a Windows XP, a member of the Security1 OU.
3. Press Ctrl+Alt+Delete.
4. Click Cancel, then click Start.
5. Log off as Assistant1, then log on as Administrator.
6. Make Assistant1 a member of the Sales security group.
7. Log off as Administrator, then log on as Assistant1.
8. Press Ctrl+Alt+Delete.
9. Log off the computer.
In this exercise you prevent a policy from applying to the Sales security group by denying that group Read permission to the GPO. You created the Sales group and its members.
To filter the scope of your GPO
1. In the DispatchPolicy GPO console, right-click the root node of the console, then click Properties.
2. Click the Security tab, then click the Sales security group. You will need to add the Sales group using the Add button.
3. For the Sales group, set Apply Group Policy to Deny and set Read to Deny, then click OK.
4. Click Yes.
Task 8: Linking a GPO
By default, the DispatchPolicy GPO is linked and its settings apply to the Dispatch OU. In this exercise you will link the DispatchPolicy GPO to the Security1 OU you created.
To link your GPO to an additional OU
1. Click Start, point to Programs, point to Administrative Tools, then click Active Directory Users And Computers.
2. Right-click the Security1 OU, then click Properties.
3. Click the Group Policy tab, then click Add.
4. Click the All tab, click the DispatchPolicy GPO, then click OK.
5. In the Security1 Properties dialog box, click OK.
Task 9: Testing a GPO
In this exercise you view the effects of the group policy implemented in the previous exercises.
To test the DispatchPolicy GPO
1. Log off Windows 2003. If a Microsoft Management Console message box appears, prompting you to save console settings to DispatchPolicy GPO.msc, click Yes.
2. Log on as Assistant1 on a Windows XP, a member of the Security1 OU.
3. Press Ctrl+Alt+Delete.
4. Click Cancel, then click Start.
5. Log off as Assistant1, then log on as Administrator.
6. Make Assistant1 a member of the Sales security group.
7. Log off as Administrator, then log on as Assistant1.
8. Press Ctrl+Alt+Delete.
9. Log off the computer.
No comments:
Post a Comment