As I mentioned previously, I am going to start working through Georgia Weidman’s book, Penetration Testing, as a sort of primer on penetration testing. The first step in the process is to build a lab. Once my school account opens up and I can access all of that sweet free VMWare software I will be building out an ESXi server with FreeNAS storage and migrating all of this to that server, but for now I am using VMWare Workstation and running these on the Toshiba laptop mentioned in my last post. It works, even if I am anxious to build out the real home system I want.
All of these instructions are assuming VMWare Workstation 12 and x64 Kali environment. This took me about two weeks to do and then go back and redo for documentation, working on it an hour or two per day. A motivated person could do it in a day I am sure. I spent a lot of time experimenting and trying to get different things to work, such as a Windows 7 x64 build working with SQL Express.
Kali can be downloaded as a pre-built VM from https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/ and imported into VMWare Workstation. This is a very simple process. Before powering the VM on, go into the CPU settings and change the processor to Intel VT-x/EPT or AMD-V/RVI, which will be necessary in order to run Android emulators:
Once in, change the password for the root account and create a user.
useradd -m xxxxx
usermod -a -G sudo xxxxx
Next, perform a system update using:
apt-get install update
apt-get install upgrade
Installing Nessus is a very easy process. Navigate to https://www.tenable.com/products/nessus-home and register for the code. The code will be emailed to you, and you can download the software. Once the .deb file is downloaded you install it using dpkg-i and follow the configuration instructions.
This is where the modern versions of software and Kali start to diverge from the book. The mingw-64 compiler is already loaded into Kali and should have been updated in the previous step. Download Hyperion 1.2 from the following link: http://nullsecurity.net/tools/binary.html. Unzip it and use the following command to compile it:
i686-w64-mingw32-c++ Hyperion-1.2/Src/Crypter/*.cpp -o hyperion.exe
Veil Evasion set up is by the book and simple, but it will take quite a bit of time. Once that is complete, make the Ettercap config changes detailed in the book. Then it is time to move on to the Android SDK. First to make some changes required by the SDK to run the phone emulators properly. Run the following command to add libraries required by the SDK:
sudo apt-get install lib32z1 lib32ncurses5 lib32stdc++6
Then two environment variables must be set. The first tells the SDK to use Kali’s libraries, installed in the previous step. The second tells the SDK what the SDK root directory is. Add the following two lines to /etc/environment:
Once those have been added, add a script to the /etc/profile.d directory that exports the two environment variables:
Download the Android SDK for Linux at : https://developer.android.com/studio/index.html. Unzip it and then navigate to the bin directory within the unzipped files and run the studio.sh script. That should start the Android Studio software. Prior to creating the emulated smartphones, download the associated packages with each smartphone image. You find those by opening the SDK Manager within Android Studio and selecting the “Show All Packages” button. Once selected, you can view supporting packages for the images. Select the packages for download that support the Android versions mentioned in the book.
Once these downloads are complete, navigate to the AVD Manager utility with Android Studio and create a new smartphone image for each image listed in the book, being sure to select the correct version of Android.
There is an issue in my version of Android Studio in which ARM emulated smartphones must have their config files manually pointed to the correct image. The config files are located in a default installation at /root/.android/avd and there should be a separate directory for each smartphone created in the SDK Manager. Within each directory, navigate to the config.ini file and note the image.sysdir.l path. The smartphones will be listed by API version, below is the config.ini entry for API 8:
This points to an unknown directory in the default installation. To correct this, change the image.sysdir.l path to point to the relative path of the installed image for the smartphone. For the newer API 7 and 8 versions, this is located in the platform directory, at $INSTALL_DIR/platforms/android-X/images, as seen below:
The image for the API 18 emulator is located in $INSTALL_DIR/system-images/android-18/default/armeabi-v7a after installation, as seen below:
You should now be able to run the emulators from the SDK Manager window. When running ARM emulators in an x86 framework, expect to receive the following warning:
Building a Windows XP machine can be tricky. I tried to build one from disc but had issues with the VMWare SCSI driver. The driver is available Here: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1005208. I tried pre-loading the driver but was unable to get this to work and in the interest of saving time I went another route. Test VMs for Windows XP are still available from Microsoft, although they do not publish the link. The link is located here: http://www.askvg.com/download-free-windows-xp-vista-and-windows-7-vhd-image-files-for-microsoft-virtual-pc/. After extracting the .vhd file, follow the steps at http://alstechtips.blogspot.com/2013/11/how-to-migrate-vhd-to-vmware-workstation.html in order to import the .vhd file for use. After successful import, log into the server and install the network drivers located at https://downloadcenter.intel.com/download/18717.
For software associated with the book, download Firefox first. IE 8 will be unsupported on the websites needed to download the software detailed in the book. The software associated with Windows XP installs according to the book description with the exception of mona, which is now located at https://github.com/corelan/mona/ instead of the link given in the book.
The Ubuntu VM can be downloaded via the torrent link given in the book. The book provides the password for unpacking the files, and importing the VM did not have any issues.
Building a Windows 7 VM is significantly easier than the Windows XP VM was. There are no driver issues with the stock Windows 7 SP1 x86 build, so you can install from disc or you can use this link to find a Windows 7 test VM and follow the directions to import it to VMWare. Once installed, again download Firefox to access the software needed to follow along with the book, since IE 8 will not be able to. Note that if you try and use a Windows 7 SP1 x64 build, the version of SQLExpress in the torrent package will not install correctly. There is an x64 version available from Microsoft, but I did not have much luck getting SP3 to install correctly even with the x64 package. Rather than spend more time trying to get this to work under an x64 platform, I moved forward with an x86 platform and it worked without a hitch.