v\:* {behavior:url(#default#VML);} o\:* {behavior:url(#default#VML);} w\:* {behavior:url(#default#VML);} .shape {behavior:url(#default#VML);}

Normal 0 false false false EN-CA X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Calibri","sans-serif";}

THIS IS THE GUIDELINE OF MY FINAL PROJECT

 

VLAN Setup Guidelines

 

 

Project Part I

A virtual image has been created that mirrors as much as possible the target network. The image can be downloaded at the link given in the project description. This document provides the instructions to install the virtual image.

 

Installation and Configuration

Target Network

The first step is to start up the virtual network and locate the LAN segment upon which it resides.

Download and uncompress the ACME_LAN_CKDF.zip file, which contains the virtual network. After uncompressing, you’ll see 2 files, each representing one VM on the target network.

The screenshots below are based on an extended version of the VLAN, which involves a 3^rd machine named ACME_U14. You can ignore this machine; the installation guidelines are the same.

To install the image, start Virtualbox and select File>Import Appliances

 

Browse to the uncrompressed directory, and select one of the files:

 

 

Click Next

 

Review and Keep the default. Click Import to finalize the importation.

 

 

Repeat the above process for the 2 machines (UB12 and UB16C).

In the end, you can group (optionally) all the machines so as to be able to run them at once.

 

To do that select the 2 machines, right-click and click on Group. You can change the name of the group, by right-clicking on it and clicking on Rename.

 

 

 

 

The next step is the network setup. Each of the machines are pre-configured to be attached on 2 network adapters: adapter 1 attached to NAT and adapter 2 attached to host-only. Host-only networking in VirtualBox allows the virtual machine to communicate with your hardware host, as well as any other virtual machines attached to the Host-only Adapter.

 

You can reuse an existing host adapter (if it is unused) or create a new one. To create a new host adapter, from the VirtualBox main screen, click on File>Preferences, then click on 'Network' and then the 'Add' icon (the green plus sign).

 

 

Next, you need to configure the adapter.  Select the adapter, and click on the screwdriver icon on the right, this will display a configuration dialog. Update your configuration to match the one shown below:

 

 

Check that the DHCP Server is enabled and configured as shown below.

 

As we can see from the above figure the IP address for this adapter is 192.168.56.101. This tells us the address space that we need to scan later to find our target network (i.e. 192.168.56.101-254 in the above configuration).

 

Now, you must check that the network configuration of each of the target machines are as expected. Select each of the machines (one at a time), and check that adapter 1 is attached to NAT and adapter 2 to the host-only adapter created earlier, as shown below.

Make sure, by clicking on Advanced, that Cable Connected is selected. This must be done for both adapters.

 

 

 

Attack Machine

The attack machine (i.e. your Kali VM) must be configured by assigning the same virtual networking settings as the target. This allows them to run on the same the same virtual LAN segment.

To do that, right click on the Kali VM machine from the VBOX manager and select settings. Go to the Network section and configure your network by attaching the machine to NAT (if it is not yet already done) and the same “Host-only Adapter” you created in the previous steps. Press the OK button. See the following figure:

Like above, make sure that the Cable Connected option is selected for both adapters.

 

Starting Up

To peform the project, start the target machines and the attack machine in Kali. All machines should be up and running.

 

Important note/warning:  it is assumed that the attacker does not have physical access to the target network. So all access should (in Part 1) be performed (remotely) through the attack machine. Results obtained by analyzing directly the target machine are invalid, and will be assigned zero.

 

Project Part II

Snort is installed and configured on Machine UB16C. The credentials to access this machine are provided in the project document.

Login directly in UB16C, and enable in the /etc/snort/snort.conf file the path to the local.rules file where you’ll store your custom rules. If you attempt to update the file, permission will be denied. So you’d need to override the permissions. The easiest is to allow all, as shown below:

Next, open the snort.conf file, for instance using the nano text editor[1]:

            cd /etc/snort

            sudo nano snort.conf

Then move the cursor to the section Step #7, and remove the pound (#) in front of the line for including local rules as shown below:

 

Save the  file (in nano, this will be Ctrl-O and yes; close the file: Ctrl-X).

Now, when needed you can start snort, and collect the alerts. This can be done as follows:

 

The above command assumes that you’ve created a directory named snort_log (under /home/ascocrates to store your alerts).

To get the alerts, go to the specified directory. You can simply read the alerts file by typing:

more snort_d_alerts.csv

You can also transfer the log file to Kali, and read it with a CSV reader such as libreoffice. To do that change the permissions for the log file as shown below:

 

On Kali log in UB16 using SFTP, as follows (make sure you remember the directory from where you logged in, as the file will be transferred to it; below, I’m doing it from the Desktop):

As you can see, the file is on the Desktop; you can open it now.

 

 

No Answer Submitted Yet