Get and Install VirtualBox|
you have not done so, install VirtualBox on some computer with more than 4GB
Ram, 250GB secondary storage, at least 2 cores, preferably 4 (hyperthreads
don't count). The link for downloading this software is
Linux distributions. Note: some students report problems with the latest
VirtualBox release on Windows - you may have to downgrade. Also download
the latest extension pack, which is
also here. Put the
extensions file in, say ~/Downloads, start VirtualBox by executing
the command virtualbox from the command line or by clicking on a
VirtualBox icon that was put on your machine when VirtualBox was installed.
When started for the first time, VirtualBox looks like this:
You will build three virtual machines, most likely 64 bits - one will be
Kali Linux and the other two will be chosen by you, and most likely will be
Ubuntu. Prepare the install of each by clicking "New", then enter a name,
select a type (say, Linux), and select an OS (with Kali Linux select "Ubuntu
Linux (64-bit)"), and click "Next". Leave the memory size at 512 MB unless
you have much more than 6 GB of RAM, and click "Next". Create the virtual
hard drive now, click "Create". Choose VirtualBox disk image, click "Next".
Choose "Dynamically allocated", click "Next". Choose the name and size for
the disk, click "Create". After doing this for Ubuntu and Kali VirtualBox
should look like this except perhaps some systems parameters are different:
Install the extensions as follows. Click on the "File" menu and select
"Preferences". Click on "Extensions". The small topmost button on the
right of the dialog box adds extensions. Click it, navigate to where the
downloaded extensions file is (probably
~/Downloads) and select the extensions file.
VirtualBox is now ready to install your virtual machines.
Download Operating System Install ISOs
Get the Ubuntu 14.04.3 LTS install iso
from here. You
probably will choose 64 bits. Assume in the following that the iso winds up
in the ~/Downloads directory as
ubuntu-14.04.3-desktop-amd64.iso. You can get the latest Kali Linux
iso from here. You probably
will choose "Kali Linux 64 bit ISO". Choose ISO or Torrent. Please note
that I was unable to succeed with the installation of Kali linux but
v.1.0.9, which is here did
succeed for me. If one does not work, try the other. Your
iso should land in the ~/Downloads directory as
Install the Virtual Machines
Highlight a Virtual Machine entry in the left margin of a running VirtualBox
dialog. Above shows Ubuntu highlighted. Click "Settings" then click
"Storage". To the right of "Controller: IDE" is a small round icon
and a small square icon. Click on the small round one, click "Choose
Disk" and navigate to where the Ubuntu ISO is, probably ~/Downloads.
Click "OK". Highlight ubuntu-14.04.3-desktop-amd64.iso and
click "OK" to close the box. Click on the "Start" arrow. The Live
DVD will boot. Click on install, the only place to worry about during
the install is where to put the OS. If you click on "Something else"
when the time comes, you can check that the install target is
/dev/sda and that the size of the target is only about 8 GB.
Installation of Kali is similar. Note: you should not have to burn
the downloaded iso files to any medium.
Try the Virtual Machines
Try Kali. Highlight the Kali entry in left margin of the VirtualBox dialog
box and click the "Start" arrow. Choose your identity in the login window
and supply your password. When kali is up, pull down the "Applications"
menu and select "Kali Linux". Then select "Top 10 Security Tools". The
result looks like this:
Explore more possiblilites by selecting other menus. This shows the wealth
of tools that come with the Kali distribution. Many of these tools must be
run as root or set up by root to allow non-root users to run. In addition,
some like wireshark require being in promiscuous mode. One way to become
root is to open a terminal (second icon to the right of "Places" in the menu
bar) and run sudo su. Kali will ask for your password and then you
become root. Kali can be set up to allow non-root users to run wireshark.
As root, run
Select "Yes" and hit return. This creates a wireshark group but
does not add any user to that group. The file /etc/group must be
edited, as root, to do this. Just put the user's username after the last
colon. If the VM network adapter is set to NAT and the host is on a
wireless network then it will not be possible to enter promiscuous mode. In
that case, before starting Kali, change the adapter to Internal network.
Set up three systems to be networked using VirtualBox using the following
Host-only networking should be used to configure the networking on a
common interface (such as vboxnet0) so that all machines may see each other.
To see how this is set up, visit this link.
- Two virtual machines plus your laptop
Boot into Kali.
You will need to be able to demonstrate the ability to communicate from one
host to another, and use the third host (Kali) to capture all of the network
traffic into a file. The UI in Wireshark makes this relatively easy. If
you want to do it using tcpdump, become root and do this:
tcpdump -i eth0 -w your-output.pcap [options...]
The flag is the following sentence, a quote by Donald Knuth:
We should forget about small efficiencies, say about 97% of the time:
premature optimization is the root of all evil.
- Note: Completion of this exercise entails submitting a
`capture' file and a report that specifies what was done to
create this file. Submission instructions are
- You will need to utilize nmap to perform a scan, and that
scanning activity should be captured by the third host. Use man
nmap from the command line for documentation showing how to
operate this utility.
- You will need to use the first two hosts to communicate a "flag" from
one to the other using any method to your liking (use of the
nc/netcat tool class is sufficient) and capture that
communication. Use man netcat from the command line for
documentation on netcat. Minimally, execute
`netcat -l -p 8000 -u -v'
on one machine to establish one end of a communication pipe, on
port 8000 (-u means UDP, -l means listen but once a connection is made,
it becomes 2-way), and
`netcat <ip-address> 8000 -u'
on another machine to establish the other end (where data is put into
the pipe) of the connection (<ip-address> is the address of the
first machine). Then, what is typed on the second machine is seen
on the first machine. Redirect the output of netcat on the first
machine to a file to save what is sent.
- In your report, describe the method used to accomplish 2 and 3 above.
- Use the PCAP analysis tools (wireshark,
tcpdump, shark, etc.) to find the "flag" in the pcap
file, and explain where it can be found. You may use timestamps, TCP
sequence numbers, and/or references to packet data.
- Upload the PCAP to blackboard as the solution to lab 1 with the report.
Submission instructions are here.