Notes on preparing a machine for the CREST registered tester exam. An important disclaimer is that this is set-up the tools that I use for some PenTesting, it is not a recommend set-up for the exam, each candidate need to assemble their own test machine to suit their methodology.
I am starting with Backtrack 5R3 as a basis
Virtualbox
Installed virtualbox for running a windows virtual machine to allow access to windows based tools for testing Windows clients.
Download the version for Ubuntu 10.04 from the official site
wget http://download.virtualbox.org/virtualbox/4.0.10/virtualbox-4.0_4.0.10-72479~Ubuntu~lucid_i386.deb
Install some dependencies and install virtualbox
apt-get -f -y autoremove
apt-get install libqt4-opengl libqt4-opengl-dev
dpkg -i virtualbox-4.0_4.0.10-72479~Ubuntu~lucid_i386.deb
rlogin
installed rlogin to allow use of the R* services, if not installed attempting to rlogin uses SSH
apt-get install rsh-client
TFTP
installed tftp clients and services
apt-get install tftpd
apt-get install atftpd
OpenVAS
OpenNAS is a fork of Nessus v2 and to be honest I would prefer to use the professional feed version of Nessus for this testing, however we are working on a couple of jobs for clients and I can't hijack the application for use on the test. So since I have used OpenNAS before and it has given good results I will be using that. However on the backtrack distro is requires setting up and some additional configurations to get it working fully.
At any stage of the configuration you can always run the following script to check what is missing:
/pentest/misc/openvas/openvas-check-setup
The stages to go through are
Configure certificates
openvas-mkcert
Then sync the NVTs:
openvas-nvt-sync
Create an admin account:
openvasad -c 'add_user' -n admin -r Admin
Configure access for the OpenVas Manager:
openvas-mkcert-client -n om -i
Start the scanner (this will take some time after the NVTs has been sync'd) :
openvassd
Finally rebuild the database and run the services:
openvasmd --rebuild
openvasmd -p 9390
openvasad -p 9393
gsad --http-only -p 9392
Now browse to port 9392 on your machine and login with the account you created or use the security desktop. OpenVas will be unable to run other additional scanners, to enable it to use them do the following
Install Arachni: apt-get update;
apt-get install arachni
Create the following symbolic links:
ln -s /pentest/web/dirb/dirb /usr/local/bin
ln -s /pentest/web/nikto/nikto.pl /usr/local/bin
Edit /pentest/web/nikto/nikto.pl, modify the configfile variable line to be
$VARIABLES{'configfile'} = /pentest/web/nikto/nikto.conf"
Edit /pentest/web/nikto/nikto.conf and set EXECDIR to /pentest/web/nikto
EXECDIR=/pentest/web/nikto
In order to get Wapiti to work it needs more than a symbolic link in the /usr/local/bin directory. Both the python scripts (wapiti.py & vulnerability.py) should be owned by root and executable, in my set-up only the vulnerability.py script needed setting to executable.
chmod 755 /pentest/web/wapiti/vulnerability.py
Need to create a wapiti script in the /usr/local/bin directory containing the following lines
#!/bin/sh
cd /pentest/web/wapiti/
./wapiti.py $*
Ensure it is executable and owned by root, finally to make it easier to start OpenVAS create a startup script which contains the following
openvas-nvt-sync
openvassd
openvasmd --rebuild
openvasmd -p 9390
openvasad -p 9393
gsad --http-only -p 9392
No comments:
Post a Comment