Running head: FINAL ASSIGNMENT 1

Final – Assignment 7

Kevin Splittgerber

University of San Diego – CSOL570

FINAL ASSIGNMENT 2

Trade Study: Open Source Network Visualization Tools

1. Selection criteria. Tools must:

a. Be easily installed, minimal secondary services such as database, webserver that
requires additional required configuration steps.
b. Be actively supported and have an active support channel.
c. Have adequate documentation on how to use.
d. Capable of automatically discovering and mapping network clients
2. Tool evaluations
a. Nagios Core:
i. Installation was very straightforward using the vendor provided
documentation. There were many pre-requisites, however the vendor
provided configuration scripts that made this nearly painless.
ii. Vendor provided free support channels using GitHub issues appeared to be
active, with 141 open issues, 441 closed at the time of this writing. With
many development branches closed recently, the tool appears to be
actively developed.
iii. Documentation library is organized, well thought out and operating system
specific when appropriate.
iv. Nagios Core does not appear to have a built in Auto Discovery service,
there are, however numerous 3rd party plugins that appear to do this.
Unfortunately, many appear to be out of date, and/or no support channel
available.
b. Maltego:
i. Installation was very simple as it is an included tool with Kali Linux.
ii. Support channels include forums and a ticketing system. The system also
appears to be actively developed with recent new releases.
iii. Documentation is mature and includes installation and technical how-to
guides.
iv. Maltego includes domain scans for remote hosts. May be possible to scan
the local network for machines and sniff traffic, however it appears that
this is not the tool for this job.
c. Wireshark
i. Installation is very simple and is included with Kali Linux, as well as
executable installations for the major operating systems.
ii. The system is under active development and is widely regarded as one of
the best tools for network monitoring.
iii. Documentation is available in an online user guide, command line
interface reference, and a video library. 3rd party resources are also
available in the form of conferences and training.
iv. Wireshark actively listens to network traffic and includes a suite of
filtering capabilities to narrow the traffic down to just what you want to
FINAL ASSIGNMENT 3

see. Wireshark also includes the ability to view packet information of

captured traffic.
3. The best tool for this use case is Wireshark. The tool is well documented, easy to use, is
included in Kali Linux and thus already available for use. If I were to get stuck and need
assistance the training videos are more than enough to get me going.
4. I ended up installing Nagios Core, which was very painless following the installation
scripts in the vendor user guide. However, after many hours of “experimenting” I could
not find a simple way to add hosts to the system to monitor the traffic. The plugins were
all out of date and unclear how to make work for my use case. Here is a screen shot of
my lovely network diagram:

After spinning my wheels with Nagios Core, I switched over to trusty Wireshark. The

network capture went smoothly and saw traffic from my Ubuntu 18 machine to the
FINAL ASSIGNMENT 4

metasploitable2 machine.

Trade Study: Vulnerability Scanners

Vulnerability scanners are essential tools in the security engineer’s toolbox. Automated

scanning of systems is a fast way to ensure compliance and test systems after upgrades.
FINAL ASSIGNMENT 5

Scanners check for known vulnerabilities from databases such as Common Vulnerabilities and

Exposures (CVE).

Evaluation Criteria

Must be easy to install & configure, GUI based, actively maintained, mature

documentation, support channels available, easy to understand reports of detections, accurate

detections. The criteria above is assigned a weight for evaluation, each criterion is evaluated on

a 10 point scale. Initial acquisition cost and ongoing maintenance costs should obviously a

component to evaluate, however for the purpose of this assignment it is not considered as I will

only be evaluating free or software with a free evaluation period.

Criterion Weight
Ease of installation & configuration 10
GUI, high quality 15
Actively Maintained 10
Mature Documentation & Educational Resources 20
Support Channels 10
Easy to understand detection reports 20
Accurate Detections 15

Evaluated Software

Nessus OpenVAS
Score Weighted Score Weighted
Criterion Weight /10 Score /10 Score
Ease of installation & configuration 10 10 100 5 50
GUI, high quality 15 10 150 8 120
Actively Maintained 10 10 100 10 100
Mature Documentation & Education 20 10 200 6 120
Resources
Support Channels 10 10 100 10 100
Easy to understand detection reports 20 10 200 10 200

Accurate Detections 15 8 120 8 120

Total 970 810
FINAL ASSIGNMENT 6

NESSUS Installation and Configuration

1. Open firefox in Kali linux and navigate to https://www.tenable.com/downloads/nessus

2. Find the Kali Linux version of NESSUS for 64-bit system and download the .deb package.

3. While the package is downloading, get an activation code from tenable downloads page. It

will be sent to your email.

4. Find the saved package, open a terminal and run dpkg -i (package file name)

dpkg -i Nessus-8.9.0-debian6_amd64.deb

5. After installation completes, use the printed command to start the scanner

/etc/init.d/nessusd start

6. Open firefox, navigate to https://localhost:8834/ accept the self-signed SSL certificate then

create a user account and paste the activation code.

7. Wait for the plugins to download and compile. When it completes, login and click new scan

button at the top right.

8. Select Advanced scan, and in the Targets text area, enter the IP address of the host to scan.

In my case I selected the Metasploitable2 box running on the local network. Hit the down

arrow next to the Save button and click “Launch.”

FINAL ASSIGNMENT 7

9. When the scan completes a high-level report with drilldown appears:

FINAL ASSIGNMENT 8

Virtualized Test Lab Architecture

The installation is on my Surface Book 2 with Windows 10 Pro. I use different tools for

work and I think I ran into a conflict with virtual box so I ended up installing Kali Linux on

Hyper-V. I used this guide extensively: https://www.techtutsonline.com/setup-kali-linux-

metasploitable-hyper-v-windows-10/

Part 1: Setup

Network Setup

Hyper-V does not have a cool DHCP Network Switch like VirtualBox. Each virtual

machine will use static IPs. Follow steps below to configure a switch that will not be connected

the external network the host is connected to but still be able to connect to the other VMs and

host OS. Open a PowerShell console with elevated privileges and enter the commands from the

following steps:

1. Create a new switch with name “VMSwitch”.

New-VMSwitch -SwitchName “VMSwitch” -SwitchType Internal

2. Configure the virtual NIC

New-NetIPAddress -IPAddress 192.168.10.1 -PrefixLength 24

-InterfaceAlias “vEthernet (VMSwitch)”

3. Configure the network private address range for the virtual machines named

“VMNatNetwork”.

New-NetNat -Name “VMNatNetwork” -InternalIPInterfaceAddressPrefix

192.168.10.0/24
FINAL ASSIGNMENT 9

Kali Linux

Steps:
1. Download Hyper-V image from https://www.kali.org/downloads/ and extract the zip to a
folder.
2. Open Hyper-V Manager and select Import Virtual Machine.
3. In the Locate Folder section, choose the folder just extracted and select Next.
4. Select the virtual machine and hit Next.
5. In the import type section, choose Register option and select next.
6. Select the destination folders, select Next, select folder for VHD and select Next, then
Finish to create the new Kali Linux VM.
7. In Hyper-V Manager select the Kali Linux VM and select Settings.
8. Select Network Adapter from hardware list on the left and select Remove.
9. Select Add Hardware from the top of the hardware list on the left and select Legacy
Network Adapter then select Add.
10. In the Virtual Switch dropdown menu, select VMSwitch created in the Setup section,
select OK.
11. Start the Kali Linux VM and connect, default username: root, default password: toor
12. Open Network Connections (right click on square icon at top right then select Edit
Connections).
13. Select Wired connection 1 and click the edit (gear icon) at the bottom.
14. Go to IPv4 Settings tab. Select Manual option in the Method dropdown select box.
15. Under addresses, enter 192.168.10.10, Netmask 24, Gateway 192.168.10.1, DNS servers:
8.8.8.8
16. To test, open a terminal and enter ping google.com. Use CTRL + C to stop pinging.

Metasploitable 2

I had to take a few extra steps to get Metasploitable2 to work with Hyper-V.

1. Download Metasploitable2 from https://information.rapid7.com/metasploitable-

download.html and unzip to a folder.
2. Download & install Microsoft Virtual Machine Converter from
https://www.microsoft.com/en-us/download/details.aspx?id=42497
3. Run the following commands:
Import-Module "C:\Program Files\Microsoft Virtual Machine
Converter\MvmcCmdlet.psd1"
ConvertTo-MvmcVirtualHardDisk -SourceLiteralPath "C:\

{PATH_TO}\Metasploitable2\Metasploitable.vmdk"

-DestinationLiteralPath "C:\{PATH_TO\Hyper-V}\Metasploitable2\"

-VhdType DynamicHardDisk -VhdFormat Vhdx

FINAL ASSIGNMENT 10

4. Open Hyper-V Manager and select New, Virtual Machine then select Next.
5. Enter Name and change folder location if desired and select Next.
6. Keep Generation 1 option selected and select Next.
7. Enter 512 into startup memory and uncheck dynamic memory, select Next.
8. Select VMSwitch, will change later. Select Next.
9. Virtal Hard Disk, select “Use an existing virtual hard disk” option, find the vhdx file
created in step 3. Select Finish.
10. In Hyper-V Manager, select the Metasploitable2 VM and select Settings.
11. Select Network Adapter from hardware list on the left and select Remove.
12. Select Add Hardware from the top of the hardware list on the left and select Legacy
Network Adapter then select Add.
13. In the Virtual Switch dropdown menu, select VMSwitch created in the Setup section,
select OK.
14. In Hyper-V Manager, select the Metasploitable 2 VM and select Start, then Connect.
15. Default login and password is msfadmin
16. Configure network settings
sudo nano /etc/network/interfaces

17. Enter password again, then change this line

auto eth0
iface eth0 inet dhcp

to
auto eth0
iface eth0 inet static
address 192.168.10.11
netmask 255.255.255.0
network 192.168.10.0
broadcast 192.168.10.255
gateway 192.168.10.1
dns-nameservers 8.8.8.8

18. Save changes CTRL + X, then Y, then Enter.

19. Restart network service to apply changes.
sudo /etc/init.d/networking restart

20. Attempt to ping Kali Linux VM (with Kali Linux machine started).
ping 192.168.10.10

WebGoat

1. Open Hyper-V Manager and select Quick Create from the Actions menu on the right.
2. Select Ubuntu 19.04, then More Options.
FINAL ASSIGNMENT 11

3. Select VMSwitch from the Network dropdown select, then select Create Virtual
Machine.
4. After install, go to Hyper-V Manager and select the Ubuntu 19.04 Virtual Machine,
then select Settings.
5. Go to Memory option from the hardware list on the left. Change ram to 4096 then
select OK.
6. From Hyper-V Manager, start Ubuntu 19.04 and connect.
7. Finish first-time configuration.
8. Right click on the Network icon on the top right and select Network Settings, Wired
Settings.
9. Under the Wired option, click the Gear Icon to configure.
10. Under the IPv4 Tab, choose Manual method.
11. Under Addresses enter Address 192.168.10.12, Netmask 255.255.255.0, Gateway
192.168.10.1
12. Under DNS enter 8.8.8.8 and select Apply
13. Test connection to other VMs by opening a terminal and enter ping 192.168.10.10
(Kali), or 192.168.10.11 (Metasploitable).
14. Open a terminal and run the following commands to update the packages, OS and
install Webgoat.
sudo apt-get update
sudo apt-get upgrade

15. Install Java runtime

sudo apt-get install default-jre
java -version -- displays version of java installed

16. Download Webgoat from Github: https://github.com/WebGoat/WebGoat/releases

wget
https://github.com/WebGoat/WebGoat/releases/download/v8.0.0.M26/w
ebgoat-server-8.0.0.M26.jar

17. In the terminal, start the server

java -jar webgoat-server-8.0.0.M26.jar

18. To test the server in Ubuntu, open Firefox. Go to http://localhost:8080/WebGoat

Part 2: NMAP Scan

Open a terminal and run nmap -sV 192.168.10.11

These ports were open:

FINAL ASSIGNMENT 12
FINAL ASSIGNMENT 13

Diagram

Virtualized Test Lab Conclusion

This assignment was extremely valuable. I chased my tail a bit since I already had Kali

Linux installed from the foundations course, however when I updated the machine it completely

blew up the operating system and needed to install from scratch. This gave me the opportunity

to configure a network like the assignment required, so following this guide proved to be

instrumental: https://www.techtutsonline.com/setup-kali-linux-metasploitable-hyper-v-

windows-10/

Installing Webgoat was a bit of a red herring as Docker claimed to have an image ready

to go. As I already use docker for some personal projects I decided to give it a shot. This turned

into a big waste of time since I didn’t know how to connect that to the virtual switch. I was

familiar with Ubuntu so getting that installed and working with Webgoat was straight forward.
FINAL ASSIGNMENT 14

Security Toolkit

Throughout the course several tools were in use and others were evaluated and not used.

NMAP – A go-to for information gathering and determining the network’s open ports and

services running on a host. When you know which services and ports are open, you know a little

more about how a host is vulnerable.

Wireshark – An essential tool in the security practitioner’s toolkit. This tool analyses network

traffic and can be used to view unencrypted packets. Some helpful information can be gathered

by using wireshark by learning which domains a particular service is in communication with, the

protocols in use.

Kismet – An excellent wireless sniffing tool. View broadcasting devices within range of your

wireless adapter. View packets and device information such as manufacturer, uptime, list of

clients connected to the access point. With the right equipment you can also get GPS information

of your current location to automatically geotag the location of a wireless network, which is

useful for war driving or war walking, depending on your mode of transportation.

Nessus – An excellent tool for scanning hosts for vulnerabilities. They will track common

vulnerabilities on a system and help ensure that your systems are compliant with your update

policies.

Surveillance and Reconaisssance

 Scan a network to determine the operating systems installed on hosts

Using NMAP run NMAP <target IP address> -sV
-sV is for service and version information, included in this output is the operating system of
the target machine.
 Perform a dictionary attack against a host’s SSH service
Hydra is a dictionary attack tool that works on over 50 protocols on a host. Kali Linux
comes with username and password dictionaries. Using Hydra on a target machine to attack
SSH option -L for list of login names, and option -P for list of passwords. Full command:
hydra -L /usr/share/wordlists/metasploit/mirai_user.txt -P
/usr/share/wordlists/metasploit/burnett_top1024.txt 192.168.1.103 ssh
FINAL ASSIGNMENT 15

 Identify the ports listening on a host

NMAP <target IP address> -sV will list all ports and services on the target host.
 Eavesdrop on communications between two hosts
Wireshark is an excellent tool to do this. This tool will allow you to view network packets
between two hosts, see the protocols in use, the packet information both unencrypted and
encrypted.
 Identify the SSID of an active wireless network
Kismet network sniffer is an excellent tool to do this. In the terminal running kismet, then
viewing all the SSID’s in range of your WiFi adapter.

Reflection

This course was extremely valuable on many fronts and I have already incorporated a few

tools learned into my day job. Exposure to vulnerability scanners had the biggest impact so far.

My client’s IT staff does not appear to have any sort of tracking mechanism to ensure

compliance with their systems. While at work, network scanning with NMAP has been quite

valuable to find exposed ports and services on our range of public IP’s, several my IT

department was unaware of. The tools available with Metasploit framework and the opportunity

to try exploits on the metasploitable2 and webgoat tools is an excellent way to learn. I plan on

continuing to learn those tools so I can better understand vulnerabilities with the systems I am

developing. Wireless attacks is another thing that greatly interests me but I did not go into great

depth in this course.