Setting Up The Lab

This document is provides the steps for setting up virtual machines for use with the Principles of Computer Security CompTIA Security+ and Beyond. There are a number of virtual platforms such as VMWare, Virtual PC, Xen, Parallels, and Virtual Box. The instructions for setting up the environment do not address steps specific to any single platform. The lab technician who prepares the machines for the lab exercises will need to be familiar with the particular brand of virtualization in their environment and configure it as appropriate. The lab exercises are written for both a Windows and Linux environment. There are several lab exercises in which both environments are required so it is recommended that you set up all 4 virtual machines. The lab environment required for each lab exercise is designated by the letter w, l, m or i in the title. The letter w is for a Windows environment, l is for the Linux environment, m is for a mixed environment, and i is for the host computer or any other computer that has internet access. So for example, Lab 3w would require the Windows environment and Lab 3l would require the Linux environment.

Windows Setup the w labs

The Windows environment consists of 2 PCs, one with Windows XP Professional and one with Windows 2003 Server. In general, the Windows XP PC will be the client/attacking machine and the Windows 2003 Server will be the server/target machine.

Linux Setup the l labs

The Linux environment consists of 2 PCs, one with BackTrack4 (client/attack) and the other with Metasploitable (server/target). In general, the BackTrack will be the attacking machine and the Metasploitable will be the target machine.

Mixed Setup the m labs

The mixed environment will have PCs from both environments. Usually this environment uses the Linux server as an SSH, DNS or mail server.

Host Setup the i labs

There are several lab exercises that require an Internet connection. These can be done from the PC that is hosting the Virtual Machines or they can be done from anyPC that has Internet access.

1 of 18

Setting Up Windows XP SP1 Steps at a Glance

To setup the your computer(s) for working with the lab manual you will have to Download and gather required software Setup the host machine and ensure minimum requirements Setup the virtual machine Install Windows XP SP1 Configure the Windows XP SP1 Add other software to the tools folder

Download and Gather Required Software

Before beginning the install, make sure you have all the necessary software to complete the setup. The following is a list of the software needed for the setup. If you are also setting up the other virtual machines, you may want to download the software for them as well at the same time. Refer to the later section for the other lists of software to download. These files are required for configuring the virtual machine: Windows XP SP1 Check with your IT Staff about getting the software and licenses WindowsXP-KB817778-x86-ENU http://support.microsoft.com/kb/817778 (IPv6 Patch) nmap-5.21-setup http://nmap.org/download.html wireshark-win32-1.2.8 http://www.wireshark.org/download/win32/all-versions/ 7z465 http://sourceforge.net/projects/sevenzip/files/7-Zip/ Caine-Live http://www.caine-live.net/Downloads/caine1.5.iso Secondary_harddrive with http://www.securitylabmanual.com/files/ Suspect_image.e01 These file go in the the Desktop/tools folder you will create later in the setup: Spynet http://packetstormsecurity.org/files/view/10813/spynet312.exe Camoflague http://camouflage.unfiction.com/Download.html Service Pack 3 http://support.microsoft.com/?kbid=936929 Snort 2_8_6_1 http://www.snort.org/snort-downloads WinPcap 3.0 http://www.winpcap.org/install/default.htm WinPT http://www.securitylabmanual.com/files/ Putty http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html WinSCP http://winscp.net/eng/download.php

2 of 18

Setup Host Machine

There are a number of different ways to deploy virtual machines. The following requirements are for a single host running software such as VMware Workstation, VMware Player, or Virtual PC. Minimum Requirements CPU 1.3 GHz or faster (Pentium Core or better recommended) RAM 2 Gig (4 Gig Recommended) HD -- 20 Gig of free space
Setup the Virtual Machine
The virtual machine for the XP installation will need the following: 1. Use at least a 10 GB partition for the C Drive. 2. Create a second hard drive at least 100MB. (The file name suspect_image will go in this drive.) 3. The RAM should be set for at least 512 MB. 4. You will need to set up the networking for host only so that no traffic from the virtual environment can make it to the actual network. 5. You may also want to disable any file sharing or copying and pasting of files to and from the virtual machine. Some of the software on the virtual machines is considered malicious code and should not leave those machines. If you are unsure of how to do this, please refer to the support provided by the vender of your virtualization product. NOTE: You need XP SP1 for this install. XP SP1 has several vulnerabilities that are used to demonstrate the need for proper patching and updating. If you use a later distribution, some labs may not work.

Install Windows XP Professional SP1

Mount the Windows XP SP 1 CD and begin the install. 1) On the Welcome to Setup screen, press Enter. 2) On the End User License Agreement screen, press F8. 3) On the Partition screen, accept the defaults by pressing Enter.

3 of 18

4) On the next screen, select Format the Partition Using the NTFS File System and press Enter. When the computer is done formatting, it will reboot and go into the GUI portion of the installation 5) On the Regional and Language Options screen, click Next. 6) On the Personalize Your Software screen, type Security Student in the Name box. 7) In the Organization box, type Computer Security and click Next. 8) On the Your Product Key screen, type your product key and click Next. 9) View the Computer Name and Administrative Password screen: a) In the Computer Name: box, type winxppro. a) In the Password box type, password. b) In the Confirm Password box type, password. c) Click Next. 10) On the Date and Time Settings screen, set the correct date and time and select the appropriate time zone. Click Next. 11) On the Network Settings screen, select Custom Settings and click Next. 12) On the Networking Components screen, select Internet Protocol (TCP/IP) and click Properties. 13) On the Internet Protocol (TCP/IP) Properties screen, select Use the Following IP Address. 14) In the IP Address box, type 192.168.100.101 15) In the Subnet Mask box, type 255.255.255.0 16) In the Default Gateway box, leave blank 17) In the Preferred DNS Server box, type 192.168.100.102 18) Click Ok. 19) Click Next. 20) On the Workgroup or Domain screen, click Next.

4 of 18

a) The installation will complete and the computer will reboot. 21) On the Welcome to Microsoft Windows screen, click Next. 22) On the How Will This Computer Connect to the Internet? Screen, click Skip. 23) On the Ready to Activate Windows? screen select No, remind me every few days, and click Next. 24) View the Who Will Use This Computer? screen a) In the Your Name: box, type Admin b) In the 2nd User: box, type labuser c) In the 3rd User: box, type labuser2 d) Click Next. 25) On the Thank You screen, click Finish. 26) On the Log in screen, click Admin. Set Internet Explorers page to blank. 1) 2) 3) 4) 5) Click Start > Internet Explorer. On the menu bar click Tools > Internet Options On the General tab, under Home page, click the Use Blank Button. Click OK. Close Internet Explorer.

Installing Additional Software

Virtual Machine Tools Install the virtual machine tools for your particular platform. These tools add mouse functionality and improved video display, among other things. Check your documentation for this information. Installing the Advanced Networking Patch (IPv6) 1. In the Software Installation folder, double click WindowsXP-KB817778-x86ENU. 2. Click Next and Agree to the Terms of service and then click Next. 3. Click Finish and let the computer restart.

5 of 18

Nmap Zenmap 1. In the Software Installation folder, double click nmap-5.21-setup. 2. Click I Agree and click Next. (Notice it will include WinPcap 4.1.1 which is needed for other programs as well.) 3. Continue to click Next until the end of the installation. Default settings are fine for this setup. Wireshark 1. 2. 3. 4. In the Software Installation folder, double click wireshark-win32-1.2.8. Click Next and click I Agree to the Terms of service. Verify that all of the boxes are ticked and click Next. Uncheck the Quick Launch Icon checkbox and check the Desktop Icon checkbox, then click Next. 5. Continue to click Next until the window shows to install WinPcap. Make sure the checkbox is not checked and click Install. (This was installed with Nmap) 6. When the setup is complete, click Next and then click Finish. 7 Zip 1. In the Software Installation folder, double click 7z465. 2. Click Install and after the setup copies files, click Finish. Create a Tools Folder on the desktop and put the following installer files in it: File Winpcap3.0.exe Snort 2_8_6_1 Camouflage WinPT Putty WinSCP Service Pack 3 URL www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ http://support.microsoft.com/?kbid=936929 Required for Lab Exercise 9.2 9.2 6.3 8.1 8.2 8.3 7.1

Suspect_image file You should have created a second hard drive of at least 100 MB. Format the drive and put the file called suspect_image on the drive. Take a snap shot.

6 of 18

When you are done configuring the virtual machine, make sure to take a snapshot of the base image. You should do this for all of the virtual machines when they are deployed so that if a student makes a change, it will be easy to revert back to the original state which all the labs depend upon.

7 of 18

Setting up the Windows 2003 Server

Steps at a Glance
To setup the your computer(s) for working with the lab manual you will have to Download and gather required software Setup the host machine Setup the virtual machine Install Windows Server 2003 Configure the Windows Server 2003 Add other software to the tools folder

Download and Gather Required Software

File Winpcap3.0.exe Snort 2_8_6_1 McAfee_Antispyware_Trial McAfee_VirusScan_Trial Camouflage WinPT fakedel Secondary_Harddrive URL www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ Lab 9.2 9.2 7.2 7.2 6.3 8.1 5.3 10.1 location Tools Tools Tools Tools Tools Tools Wwwroot, renamed as update.exe D drive

Setup Host Machine

There are a number of different ways to deploy virtual machines. The following requirements are for a single host running software such as VMware Workstation, VMware Player, or Virtual PC. Minimum Requirements CPU 1.3 GHz or faster (Pentium Core or better recommended) RAM 2 Gig (4 Gig Recommended) HD 20 Gig of free space
Setting Up the Virtual Machine
1. Use at least a 10 GB partition for the C Drive. 2. The RAM should be set for at least 512 MB but 1 GB is recommended 3. You will need to set up the networking for host only so that no traffic from the virtual environment can make it to the actual network. 8 of 18

4. You may also want to disable any file sharing or copying and pasting of files to and from the virtual machine. Some of the software on the virtual machines is considered malicious code and should not leave the machines. If you are unsure of how to do this, please refer to the support provided by the vender of your virtualization product. 5. You will need to mount the SecondaryHarddrive image as the D drive. (This file is used only for lab 10.1 and 10.2) Mount the Windows Server 2003 Standard CD and begin the install. 1) On the Welcome to Setup screen, press Enter to continue 2) On the Windows Licensing Agreement, press F8 to continue 3) On the Windows Server 2003 Setup Screen, press C to create a new partition 4) On the next screen, press Enter to accept the default. 5) On the next screen, make sure Format Partition Using the NTFS file System is selected. Press Enter to continue. Windows 2003 will begin to install partition and format the drive. It will then begin to copy the files needed for the rest of the install. The next portion of the install will take a bit of time depending on your processor speed. 6) On the Regional and Language Options Screen click Next 7) On the Personalize Your Software screen a) Name Computer Security Student b) Organization Computer Security c) Click Next. 8) On the Product Key Screen, enter in your product key and click Next 9) On the Licensing Modes Screen accept the default (per server 5) and click Next. NOTE: You will have to activate the installation later. This process will vary depending on your licensing agreement. Contact your network administrator if you are unsure of this process. 10) On the Computer Name and Administrative Password Screen a) Computer Name WIN2K3SERV

9 of 18

b) Administrative password adminpass (This is an extremely weak password but is being used only for educational purposes and will be changed later in the labs) c) Confirm password - adminpass d) Click Next e) When prompted Are you sure you want to continue with the current password? click Yes. 11) On the Date and Time screen, enter the correct date and time as well as your time zone and click Next 12) On the Networking Settings screen select Custom Settings and click Next 13) On the Networking Components screen Select Internet Protocol and then click on Properties 14) On the Internet Protocol screen select Use the Following IP Address a) IP address 192.168.100.102 b) Subnet Mask 255.255.255.0 c) Default Gateway blank d) DNS 192.168.100.202 e) Click OK f) Click Next. 15) On the Workgroup or Computer Domain Screen, click Next 16) The Completing the Windows 2003 Setup Wizard will show when the installation is complete 17) Click on Finish 18) The Windows 2003 Login Screen will appear. a) Press the Right Alt + Del key (not Ctrl +Alt + Del) b) Username Administrator c) Password adminpass d) Click OK 19) When the Server has completed booting up you will get Manage Your Server Screen. a) Check the box next to Dont Display This Page at Logon and close the screen.

10 of 18

NOTE: You may need to install the virtualization tools for your particular platform. These tools enhance the interaction with the virtual machine (improved display and mouse performance). Refer to your virtualization software documentation.

Configure the Windows Server 2003

1) Click Start, Control Panel, Add or Remove Programs 2) Click Add/Remove Windows Components 3) On the Windows Components screen, select Application Server and click Details 4) Select Internet Information Services and click Details a) Check File Transfer Protocol Service b) Internet Information Service Manager c) World Wide Web Service d) Click OK 5) Click OK again 6) Click Next 7) On the Completing Windows Components Wizard screen, click Finish. 8) Rename fake_del.exe to update.exe 9) Copy update.exe to the C:\inetpub\wwwroot\ directory

Configure the FTP server

1) Click Start, Administration Tools, Internet Services Manager. 2) Expand Win2K3Serv 3) Expand FTP Sites 4) Right click Default FTP Site and select Properties. 5) Select the Home Directory tab 6) Change the local path to c:\inetpub\wwwroot 7) Check the Write box 8) Click OK 9) Click OK to Override.

11 of 18

10) Click OK. 11) Close Internet Information Services Manager. Currently the only accounts available on this virtual machine are the administrator account and the guest account, which is disabled. Lets now create a user account. 1) Click Start, right click My Computer and click on Manage. 2) In the Tree pane of Computer Management window click on Local Users and Groups 3) Right click Users folder and select New User 4) In the New User window a) In the User Name: box type labuser b) In the Full Name: box type Lab user c) In the Description: box type User account for lab exercises d) In the Password: box type password e) In the Confirm Password: box type password f) Select User cannot change password g) Select Password never expirers h) Click Create i) Click Close 5) Close computer management

12 of 18

Additional Software
Download and place the files in the location indicated. File Winpcap3.0.exe Snort 2_8_6_1 McAfee_Antispyware_Trial McAfee_VirusScan_Trial Camouflage WinPT fakedel Keylog5 Nbserv-2.5 URL www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ www.securitylabmanual.com/files/ Littlesister.de http://packetstormsecurity.org/files/view/15727/nbpro21 0.exe Lab 9.2 9.2 7.2 7.2 6.3 8.1 5.3 10.1 location Tools Tools Tools Tools Tools Tools Wwwroot, renamed as update.exe D drive

13 of 18

Linux Machine Setup

Materials necessary
Base computer with Virtual machine software A Bit torrent client (The official client at http://www.bittorrent.com/ is fine) Metasploitable BackTrack Download Metasploitable and BackTrack Install the Metasploitable base machine. Install the Backtrack machine Setup User accounts Setup DNS Setup Web Setup Mailserver

(2)Steps at a Glance

Download Metasploitable and BackTrack images

1) Download the bit torrent files for metasploitable and backtrack from the following locations http://www.securitylabmanual.com/files. 2) Use both files to download the metasploitable and backtrack images.

Install the Metasploitable base machine.

1) Put the Metasploitable.zip file in the directory you will be storing the virtual machines. 2) Unzip the file. 3) If you are using VMware you will can simply double click the metasploitable.vmx file and the machine will start up. If you are using a platform other than VMware you will need to refer to your virtualization documentation for the procedures to convert the image to the required format. 4) Login, The userid is msfadmin and the password is msfadmin. NOTE: Ubuntu is designed following best practices which include that a user does not directly login as root. Instead, a user logs in as a user in the group admin and then would use sudo to become root. On the metasploitable machine, the msfadmin account is a member of the group admin. To follow all the commands below you will: login as msfadmin and then run sudo su - and then enter the password of msfadmin.

14 of 18

5)

Setup the network configuration. Edit the file: /etc/network/interfaces remove: iface eth0 inet dhcp Add:
iface eth0 inet static address 192.168.100.202 netmask 255.255.255.0 network 192.168.100.0

a) We will change the hostname to linuxserv, by changing the file /etc/hostname b)

echo "linuxserv" > /etc/hostname Edit the file: /etc/resolv.conf

Change the file to being just:

search security.local nameserver 192.168.100.202

If you are using VMware and want to access this from your base machine, you would manually setup your vmnet address (of the base machine) to 192.168.100.1 The nice feature of this is that you can then ssh into the virtual machine from a terminal and will be able to copy and paste this easily. ex: on a mac running vmfusion
vmnet8: flags=8863 mtu 1500 inet 192.168.237.1 netmask 0xffffff00 broadcast 192.168.237.255 vmnet1: flags=8863 mtu 1500 inet 192.168.88.1 netmask 0xffffff00 broadcast 192.168.88.255 root# ifconfig vmnet1 192.168.100.1 vmnet1: flags=8863 mtu 1500 inet 192.168.100.1 netmask 0xffffff00 broadcast 192.168.100.255

Install the Backtrack base machine.

1) Put the bt4-final-vm.zip file in the directory you will be storing the virtual machines. 2) Unzip the file. 3) If you are using VMware you will can simply double click the bt4-final-vm.vmx file and the machine will start up. If you are using a platform other than vmware you will need to refer to your virtualization documentation for the procedures to convert the image to the required format. Once the machine is up, we will setup the network interfaces and the hostname. 1. Login: user root password toor. 2. You need to copy the file hashes.txt to /pentest/passwords/jtr The file is on the cd iso.
In the directory backtrack. If mount in /mnt, you would copy the file with the command cp /mnt/backtrack/hashes.txt /pentest/passwords/jtr

3. Setup the network configuration. Edit the file: /etc/network/interfaces remove: iface eth0 inet dhcp Add: iface eth0 inet static address 192.168.100.201 netmask 255.255.255.0 network 192.168.100.0 Comment out the interface lines for (eth1 eth2 ath0 wlan0) by placing a # as the first character.

15 of 18

4. We will change the hostname to linuxcl, by changing the file /etc/hostname

echo "linuxcl" > /etc/hostname

5. Edit the file: /etc/resolv.conf Change the file to:

search security.local nameserver 192.168.100.202

Create UserAaccounts
The labs depend upon having the accounts labuser and labuser2. Run the following commands on both the metasploitable machine (linuxserv) and the backtrack machine. 1. 2. 3. 4. 5. 6. useradd -m -s /bin/bash labuser passwd labuser Create the password of password useradd -m -s /bin/bash labuser2 passwd labuser2 Create the password of password

Setup DNS
At this point we need to create the dns for the virtual machines. 1. The dns configuration is in the directory /etc/bind Edit the file named.conf.local Synopsis: You will comment out the global items and add the security.local lines: So you will comment out: (add // to the beginning of the line)
//prime the server with knowledge of the root servers //zone "." { // type hint; // file "/etc/bind/db.root"; //};

and at the end of the file you will add

zone security.local { type master; file /etc/bind/db.security.local; }; zone 100.168.192.in-addr.arpa { type master; file /etc/bind/db.100.168.192; }

2. After this you will create the files: /etc/bind/db.security.local and

/etc/bind/db.100.168.192 The file /etc/bind/db.security.local

You can cp

db.local db.security.local

will be the following: and then edit it to the following.

; ; BIND data file for domain security.local ; $TTL 604800 @ IN SOA security.local. root.securitylocal. (

16 of 18

2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS linuxserv.security.local. @ IN A 127.0.0.1 @ IN AAAA ::1 winxppro IN A 192.168.100.101 win2kserv IN A 192.168.100.102 linuxcl IN A 192.168.100.201 linuxserv IN A 192.168.100.202

3. The file /etc/bind/db.100.168.192 should be created. You can cp db.255 db.100.168.192 and then edit the file to be as below) db.100.168.192
; ; BIND reverse data file for broadcast zone ; $TTL 604800 @ IN SOA localhost. root.localhost. ( 2 ; Serial 604800 ; Refresh 86400 ; Retry 2419200 ; Expire 604800 ) ; Negative Cache TTL ; @ IN NS localhost. 101 IN PTR winxppro.security.local. 102 IN PTR win2k3serv.security.local. 201 IN PTR linuxcl.security.local. 202 IN PTR linuxserv.security.local.

4. You can now stop the dns with the commands:

root@metasploitable:/etc/network# /etc/init.d/bind9 stop * Stopping domain name service... bind ...done. root@metasploitable:/etc/network# /etc/init.d/bind9 start * Starting domain name service... bind ...done.

Setup Web Site

The website does exist on the metasploitable machine right out of the box. Unzip wwh in /var/www mysqladmin -u root -p create wikihelp mysql -u root -p wikihelp < sql/wikihelp.sql That is all that is needed for the wikiwebhelp site

Setup Email
Edit /etc/postfix/main.cf
set mydestination = localhost, linuxserv, linuxserv.security.local, security.local

17 of 18

This completes the setup. Be sure to take snapshots of the virtual machines once you have completed the install. Please send questions to support@securitylabmanual.com. Check www.securitylabmanual.com for updates, new lab exercises, errata and other resources to support the security curriculum.

18 of 18