The Hacker Playbook 3: Chapter 1

Aug. 31, 2018, 7:38 a.m.
By: silverbaq
Information Pentesting

Every second Thursday, we have a computer club at EAL/UCL in Odense, where anyone who wishes to come and be a part of something cool can come and share their passion for IT with others. 

A couple of people here (me included) has decided that we would like to do and learn more about pentesting then we already know - I believe this is the fore something which is interesting. So, we decided that we will read the book: “The hackers playbook vol.3”, one chapter for each time we meet and give a small presentation about what we have learned from this chapter, as well as help each other out and hopefully start some debates on the different topics. - Do come join us!

This is the first blog post in a series of X amount (I do not know how many at this point). About my experience reading through the book. I am doing this blog because I think it will make me get even more out of the book if I write down my thoughts, and hopefully “help” someone else with some cool and good knowledge at the same time.

 

The Hacker Playbook vol.3

This book is the third in the series (Surprise!). I have only skimmed through Vol. 2, so my first hopes are that it is not building on top of any of the previous books - I do believe that I am in luck.

Before the first chapter, there is an explanation that the book will take a red-hat approach to pentesting, and gives some directions about what it means to do a red-hat campaign. Interesting stuff and references to a lot of additional reading which is worth looking into, before making a red-hat campaign. 

 

Chapter 1.: Pregame - The Setup

In this chapter, we get introduced to things which would be considered before starting the campaign:

  • What are the end goal goals? Is it just APT detection? Is it to get a flag on a server? Is it to get data from a database? Or is it just to get TTD metrics? 
  • Is there a public campaign we want to copy?
  • What techniques are you going to use? We talked about using MITRE ATT&CK Matrix, but what are the exact techniques in each category? The team at Red Canary supplied detailed information on each one of these techniques. I highly recommend you take time and review them all: http://bit.ly/2H0MTZA 
  • What tools does the client want you to use? Will it be COTS offensive tools like Metasploit, Cobalt Strike, DNS Cat? Or custom tools? 

We also need to have somewhere to perform our attacks from, and from here on, the book starts getting “technical” with setting up a VPS. In the book, they will be using AWS Lightsail, but I’m pretty sure I could go with any provider and the principals from the book should be the same. So, I started looking for a provider that I found best for my minimum needs.

  Specs Price per month
AWS

1 vCPU

1 GB RAM

40 GB SSD

$5.00
OVH

1 vCPU - 2.4 GHz

2 GB RAM

20 GB SSD

$3.35
Digitalocean

1 vCPU

1 GB RAM

25 GB Storage

$5.00

 

The prices all look fine. But I discovered that you can get a free tier offer: "t2.micro (Variable ECUs, 1 vCPUs, 2.5 GHz, Intel Xeon Family, 1 GiB memory, EBS only)” with 750 hours free per month for a year. (https://aws.amazon.com/free/) at AWS. Since the book is using AWS, there is not much to think about when it comes to picking the server that would fit best for me in this case.

 

Setting up the server

After going through the signup to AWS part (I really hate using my credit card, to get free tier! - Even though it makes sense…) I used the wizard to quickly created my free VPS, connected to it via SSH and started following the book's instructions to install the PenTesters Framework. I’m fairly known in a Linux environment, so it was straightforward to do the installation.

But, during the installation of the first set up modules my VPS ran out of space!! Would this VPS not be good enough for my usage? After failing about around in the AWS console, I realized that during the setup of the VPS, the wizard would select 8 GB for the storage by itself, and if I just configured it myself, I would select a much bigger storage device without paying anything extra. Now with 25 GB of storage, I followed the installation guide and everything just went smooth - Took time, but ran smoothly. 

The rest of the first chapter was a short introduction to the different tools which we either needed to configure or be aware of for our attack server.

 

Tools

We get an introduction to a lot of cool tools. I already have some experience with Metasploit, but other then that, the tools are completely new to me.

  • Metasploit - Some previous experience 
  • Obfuscating Meterpreter Payloads - No real experience 
  • Cobalt Strike - No experience 
    • Sounds like an amazing tool - does sound like it takes some knowledge and time to set up and use. 
  • PowerShell Empire - No experience 
    • Did not go through the setup - Might already be set up in a Kali Linux VM 
  • dnscat2  - No experience 
  • P0wnedShell - No experience 
  • PupyShell - No experience 
  • PoshC2 - No experience 
  • Merlin - No experience 
  • Nishang - No experience 

When getting to the conclusion of the chapter, we get the information that we are going to use the distribution of Kali with everything configured from this chapter for all the labs in this book. So, this means that I should just have read the chapter and I could to all the  VPS stuff when going for a real red-hat campaign. Well, I do have 1 year free VPS, and have tried setting the machine up never hurts - It’s all good!