Run the vagrant init command for Kali Linux: vagrant init kalilinux/rolling In the next steps, some Vagrant-related configuration files are created in this directory. Install Kali Linux with Vagrant and VirtualBoxĬreate and navigate to a new directory named kali-vagrant. Download and install the latest VirtualBox platform package for your workstation from the Download VirtualBox page. VirtualBox is a free x86 virtualization software. Follow the Vagrant installation instructions for your platform from the Download Vagrant page. Vagrant is a command-line frontend for other virtualization software, with VirtualBox support included in the default Vagrant installation. Parallels Desktop and qemu currently provide Apple Silicon support. You need to use virtualization software and virtual machines that support your processor architecture. Some workstations (like recent Apple Silicon computers) use ARM or other processor architectures. The example virtual machines specified in this guide assume you are using an x86-architecture workstation. If you prefer to use a different virtualization software, make sure that the two virtual machines can connect to each other over a shared network. Vagrant and VirtualBox are used to create the virtual machines. The next sections show how to install these systems as virtual machines on your workstation. To follow the instructions in this guide, you need to set up the two Linux systems described in the infrastructure section. The following is a list of recommended technical prerequisites that help get the most out of this guide:įamiliarity with Linux system administrationįamiliarity with penetration testing concepts and lifecycle The commands in this guide assume that Kali Linux is used, but the instructions can be adapted to other distributions as well. Some Linux distributions, like Kali Linux and Parrot OS, are pre-configured with tools needed for security work. This guide uses a vulnerable Raven Linux virtual machine that has been configured to teach you the process of exploitation and privilege escalation.Īnother Linux system that the attacks are carried out from. The infrastructure for the example attack scenario consists of:Ī targeted Linux web server. Our objective is to identify and exploit vulnerabilities in the target web application in order to obtain an initial foothold on the target system. In the example for this guide, a public-facing Linux server that is used to host a web application is exploited. The following is a list of key techniques and sub-techniques that this guide explores: Given the nature of our engagement, this guide only focuses on digital initial access vectors. Some techniques in the techniques list, like trusted relationship, require physical contact with employees and the target organization. In the MITRE ATT&CK framework, Initial Access techniques are used to gain an initial foothold within a network. MITRE ATT&CK Exploitation and Initial Access Techniques The use of other domains or IP addresses is prohibited. All labs and tests are to be conducted within the parameters outlined within the text.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |