Sunday, March 17, 2013

Kali Linux on Raspberry Pi

I finally found some time and installed Kali linux, the Backtrack successor, on my Raspberry Pi!
Here is the screenshot:

Below, I will provide the high level steps in order to install and configure the Kali Linux on your RP! 

"Ingredients" :p
  • Raspberry Pi, 256MB RAM
  • 16GB SD card Class 10

High level steps:
  1. Download kali linux image from here.
  2. Write on SD following the instructions provided by kali website or by Raspberry Pi website.
  3. Change your root password. Note that SSH is enabled by default, so theoretically you will not need to plug in a HDMI monitor.
  4. Expand the partition to fill all the SD card space. Because I am a little bit lazy, I used the raspi-config script with success!
Kali seems to run flawlessly up to this time. The following weeks I am going to test more features of Kali and see how I can take advantage of the flexibility provided by Raspberry Pi!

So stay tuned! :)

Tuesday, March 12, 2013

Building a pentest Lab


For education purposes, a penetration test lab is always necessary. I needed this for a relevant project, so I think it could be useful for colleagues and generally for security researchers to publish my experience in building a penetration test lab. I have used vulnerable Linux images which are publicly available over the Internet. However, the main subject of this post is how to build a vulnerable Windows machine (it would be not too difficult if I had decided to leave it unpatched! :p).
Last but not least, I will go through the common cliche and suggest you run all this vulnerable software in NAT mode; don't leave these security holes running in your local network with Internet access!


First of all, we will need a virtualization software. I have used VMware player which is free and covers my needs for this post. The images used are the following:
  • Backtrack 5 R3, available here.
  • Metasploitable v2, available here.
  • OWASP Broken Web Applications image, available here.
  • Windows XP SP3 (should be installed from scratch)

What else? Topology!

Below you can see the network topology of my pentest lab. I have taken the liberty to watermark my pictures in order to protect myself from plagiarists.

Building Vulnerable Windows machine

First of all we will need a Windows XP machine. It could be fully patched or not; we will not focus on Windows vulnerabilities thus on vulnerabilities on software installed on a Windows machine.
Below is the software and the relevant exploit I used in order to build this vulnerable Windows machine:
  • Java 7 update 2, exploitable by this metasploit exploit.
  • Hacme bank vulnerable web application, available here.
  • Easyftp server vulnerable versions <= and earlier, exploitable by multiple metasploit exploits (use search easyftp under the msfconsole)
Regarding the other VMs on my topology, there are plenty of good articles exploiting the vulnerabilities residing on them.

Conclusion - TBC

I realise that this list is short, but I will come back with updates as my goal is to create a vulnerable Windows machine which is very close to reality and educative at the same time.