Web Server Lab Setup for Penetration Testing

In this post, we will discuss how to set-up our own web server for penetration testing on Ubuntu 18. Ubuntu 18 has updated with the new features.

Table of Content

Requirement

Web Server configuration

  • Apache
  • PHP
  • MySQL
  • phpMyAdmin
  • FTP
  • SSH
  • Nmap

Requirement-ubuntu 18.0

Web Server Configuration

The Web server is a program that uses HTTP to serve users with files forming web pages in response to requests transmitted by their HTTP clients. 

The Web servers can also be called dedicated computers and apparatuses.

Install Apache

First, we will install the Apache. Apache is the most commonly used Web server on Linux Systems. Web servers are used to serve web pages requested by the client computers. So, let’s first install Apache in the ubuntu by the following command-

 We have successfully installed apache2, by default apache runs on port 80.

Install PHP

Now we will install PHP 7modukle for Apache 2 and for all of its dependencies. Earlier we used to install PHP 5 module for Ubuntu 14. But now as it is not compatible in ubuntu 18.so we will install the latest version of php which is php7.2 For this run the following command in ubuntu terminal-

As you can see, we have done with php installation.

Install MySQL Server

Now comes the next step which is the installation of MySQL server. MySQL is the famous open-source database which was very easier to install earlier. But now it requires some changes for Ubuntu 18.

So, let’s go ahead step by step.

First, we will install MySQL server by the following command-

So, we are done with the installation. In Ubuntu 14, MySQL did not need a password as it required only the root user to logged in. But now it needs a password and it won’t allow the root user to log in so we will provide a username and password of ubuntu in MySQL with the following command and as it will ask for the password; you have to use your ubuntu password here. After it gets logged in you will grant all the privileges to the user of Ubuntu as in our case we have given all the privileges to user raj which will be identified with the password of ubuntu which is 123 in our case and after which we will reset all the previous privileges so that it can start the service with the new changes. For this, the commands are the following.

Great we are done with MySQL server installation, by default it runs on port 3306, now restart MySQL service.

Install phpMyAdmin

 Now the next step is the installation of a phpMyAdmin software tool which is written in PHP and which is proposed to handle the administration of MYSQL over the WEB and it also supports a wide range of operations on MYSQL. First, we need to install phpMyAdmin by the following command-

After the installation, it will ask you to choose the web server. Here you need to choose apache2 which will automatically be configured to run phpmyadmin.

Next, you will get a prompt which will be opened to configure a database for phpmyadmin with dbconfig-common. Here you need to click on yes and the enter.

 Again, you will get a prompt which will ask you to submit the password for phpMyAdmin, to register with the database server. Here we have given 123 as the password as it is essential to give it a password now.

The next step is the configuration of phpmyadmin under apache, for this we need to edit apache2 conf file by adding two lines at the end of this file:

At the last, as shown in the image below and then save it and after the editing saves the file and restart apache2 service.

Now open phpmyadmin in the browser as localhost/phpmyadmin as shown in the image below-

Install ftp

 Now we will install FTP server in ubuntu which is used for the transfer of computer files between a client and server on a computer network. For this run the following command in the terminal-

As we can see in the above screenshot that ftp service has been installed in our system which runs on port 21

Install ssh

Now the next is SSh protocol which is method for secure remote login from one computer to another.so lets install this service by the following command. It is installed successfully; by default, it runs on port 22.

Install Nmap

Now in order to check that the above services have been installed properly in our system; we will use nmap which is a scanner for ports and which tells us about the open ports and running services status.

So, let’s install that by the following command-

Once the installation is done, we will scan our own system by the following command and it will scan our system and will come up with the desired results as you can see in the image given below-

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Penetration Testing Lab Setup: Memcached

In this article, we are going to learn about pen-testing in Memcached lab setup in Ubuntu 18.04. Memcached server is used by corporations in order to increase the speed of their network as it helps to store frequently used data. This helps to take the load of the hardware and decrease the time taken.

Table of Contents

  • Introduction to Memcached.
  • Memcached Installation.
  • Memcached Configuration.

Introduction to Memcached

Memcached is a distributed memory object caching system. It’s an open source and without any cost tool. It is used to speed up web applications by using a database from the cache memory. It is an in-memory key-value store for little bits of self-assertive information (strings, objects) that is extracted from database calls, API calls, or page rendering. Memcached is basic however capable of advancing speed arrangement, ease of advancement, and understands numerous issues confronting expansive information caches. Its API is accessible for most prevalent languages.

Memcached Installation

To install, boot up your Ubuntu machine and open the terminal.

Note: Apache2 should be installed before installing Memcached. You can easily install Apache2 by just typing in a simple command.

Now that we are all done, let’s setup Memcached by typing the commands shown below.

After installing Memcached add ppa:ondrej/php PPA in your Ubuntu system’s repository to

download and install the latest version of PHP available. Follow the commands as shown below.

After adding the repository, update the system by typing in the following command.

Now, install PHP by executing the command shown below :

Now that PHP has been installed successfully in our system, we will go ahead and install the PHP Memcached module by executing the below command:

Once the installation is complete, restart the Apache2 service.

Now check whether the PHP extension is working fine or not by creating an info.php by using the code mentioned below with nano or any text editor you like.

Now save the file in /var/www/html

Once the file is saved, access it from your web browser by typing in the following URL.

You should see the results as shown in the image below.

Memcached Configuration

Now, here we are going to configure the Memcached Server. To do so, we have to edit its configuration file. You will find this configuration file through /etc/memcached.conf path. Open the memcached.conf file using nano or any other text editor. The commands that are shown below will be given and activated by default. The purpose of this mentioning is to let you know that where you can find it; along with why and how to make changes to it., if necessary. Following are the said commands which are important for low-level Memcached Server configuration:

-m 64

Here,

m: specifies the maximum memory limit which is used by Memcached daemon. By default, this limit is 64 MB

-p 11211

Here,

p: specifies the port number. By default, it’s 11211.

-u memcache

Here,

u starts the daemon tool as root.

After this, uncomment “-l 127.0.0.1” by simply adding # as shown in the image, as it will not be so by default. By uncommenting, it will stop binding the IP address of Memcached listener to the loopback IP. Hence, traffic can come from any IP over the internet.

Now once you saved the configuration file after making the changes, restart the service by using the following command :

Then use the following command to confirm whether Memcached configurations are working are not :

Once you are done with the above commands, connect Memcached through telnet and do a version check by typing in “version” command:

Now, you can use nmap to check if the Memcached service is running on the server.

Conclusion

To conclude, we can say that Memcached is a distributed memory caching system. It uses expiration timeouts i.e. if the server has no memory left, it will evict items to replace them with the new ones. The items it chooses to replace are the ones which have not been requested for a long period of time. And so, in the above article, we have provided a basic guide to set up the Memcached penetration testing lab.

Author: Benoy Naskar is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information SecurityContact here

Penetration Testing Lab Setup: Jenkins

Hey! You all know that we have performed so many CTF challenges and we got to know about Jenkins there. So let’s know about Jenkins better. For this, we are here with the new challenges which you will face while performing CTF challenges. To do it in an easier way we are here with a new article. So let’s do it.

Table of Content

Introduction of Jenkins

Lab setup

  • Install Java
  • Import the GPG keys
  • Add the Jenkins repository
  • Install Jenkins
  • Setup Jenkins

Jenkins penetration testing

Exploiting Groovy Script

Introduction of Jenkins

Jenkins is an open source automation server written in Java that offers a simple way to set up a continuous CI / CD pipeline. It supports version control tools, including AccuRev, CVS, Subversion, Git, Mercurial, Perforce, TD/OMS, ClearCase, and RTC, and can execute Apache Ant, Apache Maven, and sbt based projects as well as arbitrary shell scripts and Windows batch commands. The creator of Jenkins is Kohsuke Kawaguch. Jenkins achieves Continuous Integration with the help of plugins. Plugins allow the integration of Various DevOps stages. If you want to integrate a particular tool, you need to install the plugins for that tool. For example Git, Maven 2 project, Amazon EC2, HTML publisher etc.

Lab setup

Install Java

Now we need to install Jenkins and for this, it is mandatory that you are logged in from sudo user or root. Because Jenkins is a Java application, installing Java is the first step. Update the package index and install the OpenJDK Java 8 package using the following commands:

Import the GPG keys

Install Jenkins

When the key is added, the system returns all right. Next, add the Debian package repository to the source list of the server:

The Jenkins version with the default Ubuntu packages is often behind the project’s latest version. You can use project-maintained packages to install Jenkins to take advantage of the latest fixes and features. Now open the kali terminal and install Jenkins from the given link below-

You can use its status command to check that Jenkins has successfully started.

Visit Jenkins on its default port 8080 to set up your installation using your server domain name or IP address: http://your server IP or domain:8080

You should see the Unlock Jenkins screen displaying the location of the initial password:

In the terminal window, you need to use the cat command to display the password:

Copy the password from your terminal

Copy the password from your terminal and paste it into the Administrator password field and click Continue.

On the next page, you will be asked if you want to install suggested plugins or if you want to select specific plugins. Click the Install suggested plugins box and start the process of installation plugin instantly.

In my case, it took so much time to get all plugin installed successfully. 

Once the installation is completed, you will get another page to create First Admin user account, fill the all essential details and click on “Save and Continue”.

You will see a confirmation page that “Jenkins is ready”. To visit Jenkins main dashboard, click Start using Jenkins Click Save and Finish after confirming the corresponding information.

That’s wonderful! You have successfully installed Jenkins on your system.

Author: Geet Madan is a Certified Ethical Hacker, Researcher and Technical Writer at Hacking Articles on Information Security. Contact here

Penetration Testing Lab Setup: Microsocks

Hello friends!! In our previous article we have discussed “Web Proxy Penetration Lab Setup Testing using Squid” and today’s article we are going to set up SOCKS Proxy to use it as a Proxy Server on Ubuntu/Debian machines and will try to penetrate it.

Table of Content

  • Introduction to proxy
  • What is socks proxy
  • Difference Between Socks proxy and HTTP Proxy
  • Socks proxy Installation
  • Connecting HTTP via Proxy
  • Connecting SSH via Proxy
  • Connecting FTP via Proxy

Introduction to Proxy

A proxy is a computer system or program that acts as a kind of middle-man or an intermediary to come between your web browser and another computer. Your ISP operates servers– computers designed to deliver information to other computers. It uses proxy servers to accelerate the transfer of information between the server and your computer.

For Example, Two users say A and B both have requested to access the same website of the server then Instead of retrieving the data from the original server, the proxy has “stored or cached” a copy of that site and sends it to User A without troubling the main server.

What is SOCKS Proxy?

A SOCKS server is an all-purpose proxy server that creates a TCP connection to another server on the client’s behalf, then exchanges network packets between a client and server. The Tor onion proxy software serves a SOCKS interface to its clients. Even SSH tunnel makes all the connections as per the SOCKS protocol.

For high security, you can go with SOCKS5 protocol that provides various authentication options which you cannot get with the SOCKS4 protocol.

Difference Between Socks proxy and HTTP Proxy

  • SOCKS Proxy is low-level which is designed to be a general proxy that will be able to accommodate effectively any protocol, program, or type of traffic.
  • SOCKS proxies support both TCP and UDP transfer protocols
  • SOCKS performs at Layer 5 of the OSI model SOCKS server
  • Accepts an incoming client connection on TCP port 1080.
  • HTTP proxies proxy HTTP requests, while SOCKS proxies proxy socket connections
  • HTTP proxies are High-Level which are designed for a specific protocol.
  • HTTP proxies can only process requests from applications that use the HTTP protocol.
  • An HTTP proxy is for proxying HTTP or web traffic at layer 7
  • Accepts an incoming client connection on HTTP port 3128.

Socks Proxy Installation

For socks proxy lab set-up we are going to download microsocks through GitHub. MicroSocks is multithreaded, small, efficient SOCKS5 server. It’s very lightweight, and very light on resources too. Even for every client, a thread with a stack size of 8KB is spawned.

Let’s start!!

Open the terminal with sudo rights and enter the following command:

Once downloading is completed run the following command for its installation:

Now execute the following command to run socks proxy on port 1080 without authentication.

As you can observe FTP, SSH, HTTP and Socks are running in our local machine and now let’s go for socks penetration testing on a various protocol to ensure whether it is an all-purpose program or not as said above.

Connecting HTTP via Proxy

Now Configuring Apache service for Web Proxy, therefore, open the “000-default.conf” file from the path: /etc/apache2/sites-available/ and add following line to implement the following rules on /html directory over localhost or Machine IP (192.168.1.103).

Now the save the file and restart the apache service with the help of the following command.

Now when someone tries to access web services through our network i.e. 192.168.1.103, he/she will welcome by following web page

“Error 403 forbidden You don’t have permission to access <requested page>”.

When you face that such type of situation where port 80 is open but you are unable to access it, hence proved the network is running behind a proxy server.

For web Proxy penetration testing we had already set-up lab for web application server such as DVWA (Read Article from here).

Now to test whether our  proxy server is working or not by configuring , let’s open Firefox and go to Edit –> Preferences –> Advanced –> Network –> Settings and then select “Manual proxy configuration” and enter SOCKS proxy server IP address (192.168.1.103) and Port (1080) to be used for all protocol.

BOOMMM!! Connected to the Proxy server successfully using HTTP Proxy in our Browser.

Connecting SSH via Proxy

Now configuring host.allow file for SSH Proxy, therefore, open /etc/hosts.allow file and following line to allow SSH connection on localhost IP and restrict for others.

Now open a proxychains configuration file from the given path /etc/proxychains.conf in your Kali Linux and then add the following line at the bottom.

Now when we try to connect with target machine via port 22 for SSH connection we got an error message “Connection reset by peer” as shown in below image after executing the 1st command.

When you face that such type of situation where port 22 is open but you are unable to access it, hence proved the network is running behind the proxy server.

But if you will use proxychains along with the command after saving the configuration as said above then you can easily connect with target network via port 22 for ssh connection as shown in below image after executing the 2nd command.

Connecting FTP via Proxy

For connecting FTP via proxy, we have used PRO FTP. SO, you can install it using the following command :

Now configuring vsftpd.conf file for FTP Proxy therefore open /etc/proftpd/proftpd.conf file and add the following line to allow FTP connection on localhost IP and restrict for other networks.

Using FileZilla when we try to connect 192.168.1.103 via port 21 for accessing FTP service, we got an Error “Connection closed by server”.

When you face that such type of situation where port 21 is open but you are unable to access it, hence proved the network is running behind a proxy server.

But FileZilla has multi features as it offers a generic proxy option that forced passive mode on FTP connection. Go to Settings > Connection > FTP and select “generic proxy” option and made the following configuration settings.

  • Choose SOCKS 5 as generic Proxy
  • Proxy HOST IP: 192.168.1.103
  • Proxy Port: 1080

Now again when you will try to connect the target machine via port 21 for accessing FTP service then you will be easily able to access it as shown in the last image.

Hence Proved the SOCKS is actually an all-purpose proxy server and Hopefully, you have found this article very helpful and completely understood the working of Proxy server and another related topic cover in this article.

Author: Sanjeet Kumar is an Information Security Analyst | Pentester | Researcher  Contact Here