Differences between revisions 6 and 18 (spanning 12 versions)
Revision 6 as of 2017-01-24 23:46:17
Size: 3075
Editor: scot
Comment:
Revision 18 as of 2018-12-21 07:09:35
Size: 3741
Editor: scot
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
= More Firewall rules and VNC access to your Kali Linux = = Lab 03 - More Firewall rules and VNC access to your Kali Linux =
Line 5: Line 5:
 1. First we are going to setup your Kali linux to allow SSH and VNC - your final goal is to show a VNC login from your Windows 10 Box.  1. First we are going to setup your Kali linux to allow SSH and rdp - your final goal is to show a rdp login from your Windows 10 Box.
Line 26: Line 26:
    1. Update all machines except metasploitable 3.     1. Update all machines except metasploitable 3.
       * Hint if you your having trouble with pfSense, try the following:
         1. Check the networking
         2. Login to pfSense and do an upgrade from the commandline. # sudo pfSense-upgrade -d
Line 28: Line 31:
 1. Finally, I want to have a remote desktop ability to Kali 2. (e.g. VNC). However there seems to be problems with VNC and Gnome 3.
    1. It is not necessary to remove Gnome 3, we'll just install mate side-by-side {{{# apt-get install mate}}} (from the [[https://forums.kali.org/showthread.php?26704-Kali-2-0-vncserver-grey-window-sad-computer|kali forums]])
    1. Change the default to boot to the terminal instead of into Gnome 3:
       * To switch from GUI to CLI: {{{# systemctl set-default multi-user.target}}} I did this from the CLI.
       * To switch from CLI to GUI: {{{# systemctl set-default graphical.target}}} (This is just in case, we will leave it in CLI mode)
    1. Change which GUI you are using with: {{{# update-alternatives --config x-session-manager}}} to change to mate.
    1. From the command line {{{# vncserver -localhost no -geometry 1024x768}}}
    1. Download a VNC client to your windows 10 machine and login to: 192.168.1.4::5901
    1. Todo: have the vncserver survive a reboot.
Line 29: Line 41:
 1. Finally, I want to have a remote desktop ability to Kali 2. (e.g. RDP+VNC). However there seems to be problems with VNC and Gnome 3.
    1. I had to remove Gnome 3 and install mate. [[https://alancads.wordpress.com/2016/05/10/remove-gnome-3-and-install-mate-kali-linux-rolling-edition/|With directions here.]]
    1. You can change to and from booting to terminal with the following commands:
       * To switch from GUI to CLI: {{{systemctl isolate multi-user.target}}}
       * To switch from CLI to GUI: {{{systemctl isolate graphical.target}}}
    1. You can change which GUI you are using with: {{{update-alternatives --config x-session-manager}}}
Line 36: Line 42:
In-Progress! === Show me ===
Line 38: Line 44:
 1. Let's install the "vino" vnc server. (Follow your favorite [[http://xmodulo.com/how-to-set-up-vnc-server-on-linux.html|tutorial]]
    1. I also had to install dconf-editor
 1. Show me that no updates are needed on any of your computers except Metasploitable 3!
 1. Show me that you can login to kali via ssh and VNC.
 1. Show the the publicly available open ports, and programs associated with those ports, that are open on Kali.

Lab 03 - More Firewall rules and VNC access to your Kali Linux

Goal

  1. First we are going to setup your Kali linux to allow SSH and rdp - your final goal is to show a rdp login from your Windows 10 Box.
  2. Understand Firewall rules and how they are processed on pfSense

  3. Explore the metasploitable box and see what ports are open on it. This will involve a bit of work relating to nmap. Goal is to list all open ports and the common programs that run on those ports.

Lab Guide

There will be a lecture and demo of firewall rules.

First we are going to setup

  1. Install the openssh-server on kali (you know how, I shouldn't have to tell you)
  2. Make sure the service always starts on a reboot (ditto here, hint update-rc.d)
    1. Can you login over ssh with root? Ok, then add yourself
    2. Don't forget to add yourself to the right group (hint: usermod will do that for you).
    3. Now you should be able to login from your Windows 10 machine (using putty, did you install that yet?) and sudo su|bash or whatever you want to use to become root! And you don't ever need that crazy IE for this either.
  3. Now that you are root, why not take this opportunity to update|upgrade your system.
    1. This is not as easy as it may sound. You should know to do a apt-get update, apt-get upgrade, apt-get dist-upgrade, and now full-upgrade. BUT THIS MAY NOT WORK HERE! Why? Because you are installing software that will set off all sorts of alarms in most security suites.
    2. Solution? I had to use a SOCKS proxy to end around this. You all should collaborate to see if you can find a solution. I've given you a hint, here is another. There are only a couple of .deb files that will fail so you could just download them through another means (again, the means I used was a SOCKS proxy).
  4. Make sure you have updated your Windows 10, and Windows 2016 machines too.
  5. Since the most important step in security is to make sure your machines are up-to-date...
    1. Update all machines except metasploitable 3.
      • Hint if you your having trouble with pfSense, try the following:
        1. Check the networking
        2. Login to pfSense and do an upgrade from the commandline. # sudo pfSense-upgrade -d
    2. Make sure that all machines will continue to update on a regular bases.
  6. Finally, I want to have a remote desktop ability to Kali 2. (e.g. VNC). However there seems to be problems with VNC and Gnome 3.
    1. It is not necessary to remove Gnome 3, we'll just install mate side-by-side # apt-get install mate (from the kali forums)

    2. Change the default to boot to the terminal instead of into Gnome 3:
      • To switch from GUI to CLI: # systemctl set-default multi-user.target I did this from the CLI.

      • To switch from CLI to GUI: # systemctl set-default graphical.target (This is just in case, we will leave it in CLI mode)

    3. Change which GUI you are using with: # update-alternatives --config x-session-manager to change to mate.

    4. From the command line # vncserver -localhost no -geometry 1024x768

    5. Download a VNC client to your windows 10 machine and login to: 192.168.1.4::5901
    6. Todo: have the vncserver survive a reboot.

Show me

  1. Show me that no updates are needed on any of your computers except Metasploitable 3!
  2. Show me that you can login to kali via ssh and VNC.
  3. Show the the publicly available open ports, and programs associated with those ports, that are open on Kali.

NetworkSecurity/Lab/Lab03 (last edited 2021-02-04 19:53:15 by scot)