Firewall Lab Setup: Untangle

What is a Firewall? a firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as the Internet. Wikipedia

Firewalls are also categorized as network firewalls and firewalls depending on the host. Network firewalls filter and run on network hardware from two or more networks. Firewalls based on host computers run in and out of such devices and control network traffic.

Here are the major types of firewalls.

  • First-generation: Packet-filtering firewalls
  • Circuit-level gateways
  • Stateful packet inspection
  • Application-level gateway

Table of Contents

  • Downloading untangle-15.1.0-amd64.ova
  • Introduction of Untangle NG Firewall?
  • Creating Virtual Machin with VMWare Workstation
  • Configuration of Untangle
  • Configuration of Untangle APPS Part I: Web Filtering & SSL Inspector

Introduction of Untangle NG Firewall

Untangle is NGFW/UTM software, bringing together everything your network needs to stay healthy on one box: web content and spam filtering, virus scanning, VPN connectivity, multi-WAN failover capability and much more. With a web-based friendly interface to help you track and filter traffic in your network, it is essential for us to make deployment and management simple.

Requirement: Minimum 2GB RAM, Dual-Core processor, 8 GB hard drive space and minimum 2 LAN cards are required.

Creating a Virtual Machin with VMWare Workstation

Once untangle.ova file is downloaded Doble click and setup will start.

The Setup Wizard will open automatically when Untangle first boots.

Language selection

Before you begin the setup wizard, select your preferred language.

The next screen simply welcomes you to the Setup Wizard. Click next to continue. Untangle Software License click on Agree

Configure the Server, In the first step, you have set a password and select a time zone for the administrator account. The admin e-mail can also be listed for warnings and reports. Optional method of installation.

Now Click on Network Cards

Identify Network Cards, you can simply start with the next move if it’s an Untangle unit.

Note: Be sure that the physical network cards are configured with the right (wanted) interface if this is a custom server.

Configures Interface

The default selection is Auto (DHCP). The automatically assigned address is displayed if an address was successfully acquired. Otherwise, click Renew DHCP to acquire an IP address. Click Test Connectivity to verify Internet access

 

Configure your Internal network interface

Configure your “Internal” interface (and DHCP server and NAT configuration.) There are two choices NAT or Bridge.

Untangle is the edge unit on your network in router mode and acts as a firewall and router. In this case, you would need to correctly configure your external and internal interfaces for traffic to flow.

We must configure the internal interface and allow DHCP and NAT (Network Address Translation) with private static IP addresses to share one public IP on all the internal machines. It is generally called router mode.

In my testing lab I am not enabling DHCP

Automatic Upgrades are configured

If Automatic Upgrades is enabled, NG Firewall automatically checks for new versions and performs the upgrade.

In my testing lab I am not enabling “Connect to Command Center”

Setup Wizard – Finished That’s it!

Click on Go to Dashboard

Configuration of Untangle

In part one we are going to learn how to configure web filtering

Congratulations! Untangle is ready to be configured Click on Continue

The next steps include registration.

After finishing registration click on continue

Now installing the desired apps and possibly tuning the configuration of Untangle NG Firewall. In my testing Lab, I am going with Install the recommended APPS.

Recommended apps now installed as you can see on the screen and you can install available Apps as per requirements. On the Apps tab you will see the currently installed apps. 

Let’s come to the Dashboard of untangle & you can see almost all the information in one page.

To identify the configuration of Untangle network cards you can navigate to Config tab

The config tab holds all the settings related to configuration of the Untangle server itself and settings for components of the platform that apps may interact with.

Configuration of Untangle APPS Part I: Web Filtering

Let’s use the Windows 10 system as untangle client

This client is an internal system and we will set default gateway 192.168.2.1 <IP of Untangle firewall>.

Now you can see the Internet is working and Social networking site Facebook.com is opening.

Block Categories

Now come back to the Dashboard of untangle Firewall go to Apps > web Filter > Categories Tab > Social Networking

Categories Tab: Categories allow you to change which website categories are blocked or highlighted. Blocked categories show the user’s block page; flagged categories allow the user to access the site but will be secretly flagged as an infringement for event logs and reports. For all Web Filter options, these block / flag actions function the same way.

Now for our testing lab, we are going to block Social Networking Sites. And click on Save.

Now you can see on client system Social Networking Site www.facebook.com is blocked and not opening.

 

Lookup Site Tab

 

Now again come to the untangle Dashboard: app > web filter > Site Lookup

Lookup Site offers you the possibility to categorize a URL. A dialogue is generated by clicking on it. In the Web URL, enter the URL for the categorization of the URL and click search.

Now we are searching for www.hackingarticles.in site, click on the Search tab and see the result.

Block Sites Tab

Now again come to the untangle Dashboard: app > web filter > Block Site

Under Block Sites, you can add individual domain names you want to be blocked or flagged – just enter the domain name (e.g. youtube.com) and specify your chosen action.

We are going to block www.ignitetechnologies.in site

Click on add > and type your site which you want to block. Then click on done.

And then click on save.

Let’s check on the client System.

Type site www.ignitetechnologies.in and J Bingo now the site is blocked.

Pass Sites Tab

Now again come to the untangle Dashboard: app > web filter > Pass Sites

Pass Sites is used to pass content that would have otherwise been blocked. This can be useful in “unblock” pages, which are not blocked by block settings.

Also if blocked with category or individual URLs, domains which you add to the Passed Sites lists will be permitted-just add and save the domain. When the pass option is unchecked, the link can be blocked as though the entry is not open.

I am going to pass www.linkedin.com/ site as an example.

Click on add > type required site and Done.

Then click on save.

Now on client system, open browser and type www.linkedin.com/ in URL, see the resulting Site is opening.

Pass the Client

Let’s add another client and that client IP is 192.168.2.11 and default gateway is 192.168.2.1 untangle IP.

On this system, Let’s try to open www.linkedin.com site and see the result this site is under the web filter block category.

Now again come to the untangle Dashboard: app > web filter > Pass the Client

Pass Clients Tab: If you add an IP address to this list, Web Filter will not block any traffic from that IP regardless of the blocked categories or sites.

 Just add the IP 192.168.2.11 & Enable the pass option, then save the configuration as followed in the given image.

Now on the client system, open browser and type www.linkedin.com J bingo see the result this system is working perfectly from Pass Clients settings option.

About SSL Inspector

The SSL Inspector is a special application that allows other Untangle applications processing HTTP traffic to process encrypted HTTPS and SMTP processing applications to process SMTP also via SSL. The software does this by manually encoding and encrypting SSL traffic via the Untangle server for verification by certain applications and services.

Navigate to Apps > SSL Inspector; Turn ON the SSL inspector for the HTTP site.

Now let’s check on the client site, open browser and type any site name in URL.

Now you can see after SSL Inspector is enabled all sites are blocked.  

How these sites will work on the client system with SSL Inspector to continue on Configuration of Untangle APPS Part II.

Author: Rajesh Bora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here

Penetration Testing on PostgreSQL (5432)

In this post, we will demonstrate how to set-up our own Vulnerable PostgreSQL for penetration testing on Ubuntu 20.04 and How to conduct PostgreSQL penetration testing.

Table of Content

Pre-requisites

PostgreSQL Setup on Ubuntu 20.04

PostgreSQL Penetration Testing

Scanning: Nmap

Brute force: Hydra

Access Postgres Shell

Exploiting: Metasploit

  • Module 1: Postgres Readfile
  • Module 2: Banner Grabbing for Postgres_sql
  • Module 3: Dumping Password Hashes
  • Module 4: Pwn Postgres Shell

Pre-requisites:

Target:  Ubuntu

Attacker: Kali Linux

PostgreSQL Setup on Ubuntu 20.04

PostgreSQL is an open-source and advanced object-oriented relational database which is also known as Postgres. It is a powerful high-performance database management system released under a flexible BSD-style license.

In order to configure PostgreSQL in your Ubuntu platform, there are some prerequisites required for installation.

  • Ubuntu 20.04
  • Root Privileges

Install PostgreSQL and All Dependencies

PostgreSQL is available in the Ubuntu repository. So you just need to install them with the apt command.

on the time of installation, a prompt will display on your system that will ask you to confirm the installation process that either you want to continue or not. You need to press ‘y’ to continue the installation.

Once the installation is completed, start the PostgreSQL service and add it to the system boot by entering following command

Set PostgreSQL user Password

You can create the user password for PostgreSQL. Using the following command, you can change the default user password for PostgreSQL. During this process a prompt display on your system that will ask you to enter the new password. After that, a confirmation will be displayed ‘password updated successfully’. And then next, Now you will log in to the database as a user or working shell using the following command:

Create a database and user roles

You can create new databases and users using the PostgreSQL shell as follows:

Enter the following command to list the databases:

PostgreSQL by default listens at Local Interface which is 127.0.0.1. But, for the remote access, you need to some changes in the configuration file. To Access the configuration file you will use the following command:

under the connection settings, you will set #listen_addresses= ‘*’

Now you will restart the PostgreSQL service by entering the following command

Let’s start Pentesting PostgreSQL

In this section, you will be learning how to compromise Databases credentials using different techniques.

Let’s fire up the Attacking machine kali-Linux

Nmap

By-default PostgreSQL service is running on the port no. 5432, with the help of NMAP, let’s identify the state of Port.

As you can see, it has shown Open state for PostgreSQL at port 5432.

Password Cracking

Hydra is a parallelized login cracker which supports numerous protocols to attack. It is very fast and flexible, and new modules are easy to add. This tool makes it possible for researchers and security consultants to show how easy it would be to gain unauthorized access to a system remotely.

Let’s brute-force the target perform this attack you should go with the following command where -L option enables dictionary for username parameter and -P options enables dictionary for the password list.

As above you can see we have successfully dumped the credentials you can use these credentials in gaining access on the database.

Connect to Database Remotely

Kali Linux by default have the psql utility which allows you to authenticate with PostgreSQL database if the username and the password are already known.

As we have already right credentials of the database

Metasploit

As we know Metasploit comes preinstalled with Kali Linux, so our first step is to get to the Metasploit console.

Module 1: Postgres Readfile

The postgres_readfile module, when provided with credentials (e.g. superuser account) for a PostgreSQL server, will read and display files of your choosing on the server.

Module 2: Banner Grabbing for Postgres_sql

The postgres_sql module, when provided with valid credentials for a PostgreSQL server, will perform queries of your choosing and return the results.

Module 3: Dumping Password Hashes

As we have credentials of database admin then we use this one-liner exploit to dump all the user hashes in Metasploit:

Module 4:  Pwn Postgres Shell

Installations running Postgres 9.3 and above have functionality which allows for the superuser and users with ‘pg_execute_server_program’ to pipe to and from an external program using COPY. This allows arbitrary command execution as though you have console access. This module attempts to create a new table, then execute system commands in the context of copying the command output into the table

Now we gained access on the database, you can observe that here we obtain command session and latter we have to upgrade it into meterpreter sessions.

Now we have full access on the database, in this way we can test for postgres loopholes and submit the findings to the network admin 😊.

Author – Vijay is a Certified Ethical Hacker, Technical writer and Penetration Tester at Hacking Articles. Technology and Gadget freak. Contact Here

Docker for Pentester: Pentesting Framework

As we all know, now that we live in the world of Virtualization, most of the organizations are completely reliable on virtual services to fulfil their hardware and software requirements, such as cloud and Container. Containers like Docker are also quite famous techniques used by organizations to build a virtual application environment.

Today in this post we are setting up a docker-based Penetration testing environment for the pentesters to make the installation and configuration for various pentesting tools simple and fast.

Table of Content

  • WPScan
  • Sqlmap
  • Dirbuster
  • Nmap
  • Python HTTP Server
  • John the Ripper
  • Metasploit
  • Powershell Empire
  • Impacket

WPScan

Now let’s continue with our first pentest tool which is used to scan the WordPress CMS-designed website known as WPScan. Open the terminal on your local machine and execute the following command as a superuser, it downloads and builds the docker package.

So we have a WordPress pentestlab, you can create your own wordpress pentestlab and learn more from here.

To use the WPScan docker image you just need to run following command and start pentesting your WordPress.

SQLmap

As we have already told you how to develop your own docking penetration assessment platform, this is SQLMAP for SQL injection testing on our website as our next import pentesting tool. Run the next command, which pulls the SQLMAP docker image.

Assuming testpphp.vulnweb.com is the target website I would like to use sqlmap to test SQL Injection for.

For use the SQLMAP docker image only you need to run the following command and start sql injection testing.

Dirbuster

Move to our next pentest tool “Dirbuster”, which digs out the web directories and pages to reveal the sensitive data stored in the web application. Therefore, run the following command to pull the Dirbuster docker image.

To use Dirbuster’s docker image only you need to run the following command and start testing for enumeration of web directories.

Nmap

How can we leave the network scanning’s most effective tool, my favourite NMAP penetration testing tool 😊? So, run the command below without waste of time and follow the steps

Hopefully, you people know about nmap and its command, I’m just showing you how to use nmap docker image for network scanning.

HTTP Python Server

File transfer is another big part of penetration testing and we should not ignore that, so here I’m going to pull the python server docker image for HTTP.

Execute the following command to run the docker image on port 5555

Now open the server IP over port 5555 and start downloading the file 😊.

John the Ripper

Without a password cracking tool, the penetration testing framework would not be considered an ideal pentest system, so by executing the following command I pull the Johntheripper docker file.

Now, if you have a hash file in your machine, then run the following to make use of the docker image for john ripper to crack the password from inside the hash file.

Metasploit

Metasploit is the most relevant and delegated tool for penetration testing. The manual installations of Metasploit often pose problems for a pentester. Run the following command to drag the Metasploit docker image to your local machine.

To run the Metasploit docker file, execute the command given and proceed using the console in Metasploit.

It functions exactly the same as we have Kali Linux as you can see from the picture below.

PowerShell Empire

Last but not least penetration testing tools are PowerShell Empire whose docker image we ‘re going to install, and to do this, just run the command below to pull the docker image out of the docker hub.

To run the Empire docker image to access the console, execute the given command and continue the way you use it.

It functions exactly the same as we have Kali Linux as you can see from the picture below.

Impacket Toolkit

The most important tool for our Red Teamers is the Impacket and how we can neglect this tool in a pentest framework. Therefore, just execute the following without wasting time to pull the impacket docker image.

As you know, there are so many python libraries within the impacket and here we use docker image to illustrate one of those libraries.

Author: Chiragh Arora is a passionate Researcher and Technical Writer at Hacking Articles. He is a hacking enthusiast. Contact here