Every second Thursday, we have a computer club at EAL/UCL in Odense, where anyone who wishes to come and be a part of something cool can come and share their passion for IT with others.
A couple of people here (me included) has decided that we would like to do and learn more about pentesting then we already know - I believe this is the fore something which is interesting. So, we decided that we will read the book: “The hackers playbook vol.3”, one chapter for each time we meet and give a small presentation about what we have learned from this chapter, as well as help each other out and hopefully start some debates on the different topics. - Do come join us!
This is the first blog post in a series of X amount (I do not know how many at this point). About my experience reading through the book. I am doing this blog because I think it will make me get even more out of the book if I write down my thoughts, and hopefully “help” someone else with some cool and good knowledge at the same time.
This book is the third in the series (Surprise!). I have only skimmed through Vol. 2, so my first hopes are that it is not building on top of any of the previous books - I do believe that I am in luck.
Before the first chapter, there is an explanation that the book will take a red-hat approach to pentesting, and gives some directions about what it means to do a red-hat campaign. Interesting stuff and references to a lot of additional reading which is worth looking into, before making a red-hat campaign.
In this chapter, we get introduced to things which would be considered before starting the campaign:
We also need to have somewhere to perform our attacks from, and from here on, the book starts getting “technical” with setting up a VPS. In the book, they will be using AWS Lightsail, but I’m pretty sure I could go with any provider and the principals from the book should be the same. So, I started looking for a provider that I found best for my minimum needs.
|Specs||Price per month|
1 GB RAM
40 GB SSD
1 vCPU - 2.4 GHz
2 GB RAM
20 GB SSD
1 GB RAM
25 GB Storage
The prices all look fine. But I discovered that you can get a free tier offer: "t2.micro (Variable ECUs, 1 vCPUs, 2.5 GHz, Intel Xeon Family, 1 GiB memory, EBS only)” with 750 hours free per month for a year. (https://aws.amazon.com/free/) at AWS. Since the book is using AWS, there is not much to think about when it comes to picking the server that would fit best for me in this case.
After going through the signup to AWS part (I really hate using my credit card, to get free tier! - Even though it makes sense…) I used the wizard to quickly created my free VPS, connected to it via SSH and started following the book's instructions to install the PenTesters Framework. I’m fairly known in a Linux environment, so it was straightforward to do the installation.
But, during the installation of the first set up modules my VPS ran out of space!! Would this VPS not be good enough for my usage? After failing about around in the AWS console, I realized that during the setup of the VPS, the wizard would select 8 GB for the storage by itself, and if I just configured it myself, I would select a much bigger storage device without paying anything extra. Now with 25 GB of storage, I followed the installation guide and everything just went smooth - Took time, but ran smoothly.
The rest of the first chapter was a short introduction to the different tools which we either needed to configure or be aware of for our attack server.
We get an introduction to a lot of cool tools. I already have some experience with Metasploit, but other then that, the tools are completely new to me.
When getting to the conclusion of the chapter, we get the information that we are going to use the distribution of Kali with everything configured from this chapter for all the labs in this book. So, this means that I should just have read the chapter and I could to all the VPS stuff when going for a real red-hat campaign. Well, I do have 1 year free VPS, and have tried setting the machine up never hurts - It’s all good!