HW01: VM Setup, Virtual Networking, Traffic Capture
For this homework assignment, you will be expected to build a simple “attack lab” similar to the one that I discussed and demonstrated during the Week 1 & 2 lecture sets.
As your assignment submission, you will draft a report that describes the steps taken and, where necessary, the findings that were discovered.
In our case, you will be expected to accomplish the following tasks:
- For all VM Appliances below, if importing an OVA file, make sure to reinitialize the MAC Address for network interfaces
- Install Kali Linux VM
- Install Remnux VM
- Choose and install one Windows VM (Either use OVA’s from Modern.IE website, use the Win10 install from DreamSpark, or optionally use a copy you’ve purchased)
- Set up all of the VMs on a common “Internal Network” (one that uses the same network name) - document this network in your report
- Configure the TCP/IP networking settings for all of them so they are unique IP addresses on the same IP network range. I am recommending using the CIDR range 172.20.22.0/24 (netmask 255.255.255.0) for all of them. Document the IP addresses and configuration for each in your report.
- Here is help on static networking in Ubuntu (should work on both Kali and Remnux): https://www.swiftstack.com/docs/install/configure_networking.html
- You should only need to specify the “address” and “netmask” configurations to get Internal Networking functioning
- Demonstrate connectivity between all three VMs, by using the “ping” (or “ping.exe”) command to attempt to ping the other three VMs (in Windows, you may need to disable the Firewall in Security Settings)
- Use the “tcpdump” command on a Linux VM, or (if you prefer) use Wireshark to capture traffic - document which tool you wish to use in your report
- On one of the Linux VMs (remnux or kali preferred) use the netcat utility (“nc” or “netcat”) to listen for incoming connections on a TCP port of your choosing (make sure the TCP port number is >1024): NetCat documentation
- Using the Windows VM you chose earlier, use the “telnet.exe” or similar tool (you may
install nc.exe, NetCat for windows) to connect to your netcat listener and send the
following text from one side to the other (substituting your UC username, where indicated),
while capturing traffic:
Hello World, my username is ucuser and this is a test message!
- Document the traffic capture in your report, including the TCP/IP information about the packet containing the message
- For extra +5% points, use NetCat to provide a remote “/bin/bash” shell, and execute three commands over the connection - capturing the traffic and including analysis of the command/response data in your report. What content in the network traffic could you watch for in order to determine the user is executing these commands?
Submit your report to the appropriate HW assignment on Blackboard. If you have any supporting program files or artifacts, ZIP them up into a ZIP archive and upload that to blackboard as well.