Testbed Platform for Cybersecurity Use Cases A
Total Page:16
File Type:pdf, Size:1020Kb
TESTBED PLATFORM FOR CYBERSECURITY USE CASES A Master's Thesis Submitted to the Faculty of the Escola Tècnica d'Enginyeria de Telecomunicació de Barcelona Universitat Politècnica de Catalunya by Enric Ruhi Velasco In partial fulfilment of the requirements for the degree of MASTER IN ADVANCED TELECOMMUNICATIONS TECHNOLOGIES (MATT) Advisor: Josep Rafael Pegueroles Valles Barcelona, May 2020 Title of the thesis: Testbed platform for Cybersecurity Use cases Author: Enric Ruhi Velasco Advisor: Josep Rafael Pegueroles Valles Abstract In the cybersecurity world, having not only theoretical but also practical experiences is crucial. Cybersecurity Use Cases (UCASES) is a subject from the master’s degree in advanced telecommunication technologies (MATT) that provides the opportunity to see penetration testing and cybersecurity from a practical standpoint. This thesis’ objective is to provide a stable and up to date testbed for UCASES, composed of multiple virtual machines, vulnerable and non-vulnerable. In addition, it also contains a practical beginner’s guide based on the guide provided by the lecturer of the subject, Josep Rafael Pegueroles Valles, and a virtual machine with all tools the students will need to follow the guide and the subject UCASES. 1 Aquest treball està dedicat als meus pares i la meva germana, els quals han estat al meu costat en tot moment, durant tot el màster, donant-me suport i recolzant les meves decisions. Moltes Gracies! 2 Acknowledgements First, I would like to thank my supervisor Josep Rafael Pegueroles Valles. He had infinite patience with me and did far more for me than his role as supervisor required. Without him and his dedication and patience this project would have never been done. 3 Revision history and approval record Revision Date Purpose 0 09/04/2020 Document creation 1 07/05/2020 Document revision 2 11/05/2020 Document correction 3 15/05/2020 Document revision 4 18/05/2020 Document correction 5 22/05/2020 Document final revision Written by: Reviewed and approved by: Date 09/04/2020 Date 22/05/2020 Name Enric Ruhi Velasco Name Josep Rafael Pegueroles Valles Position Project Author Position Project Supervisor 4 Table of contents Abstract ............................................................................................................................ 1 Acknowledgements .......................................................................................................... 3 Revision history and approval record ................................................................................ 4 Table of contents .............................................................................................................. 5 List of Figures ................................................................................................................... 7 List of Tables .................................................................................................................... 8 1. Introduction ................................................................................................................ 9 1.1. Statement of the problem ................................................................................... 9 1.2. Motivation ........................................................................................................... 9 1.3. Solution ............................................................................................................ 10 1.4. Objectives ........................................................................................................ 10 1.5. Work plan, milestones and task diagram .......................................................... 10 2. Technology used or applied in this thesis ................................................................ 14 2.1. Virtual labs........................................................................................................ 14 2.1.1. HackTheBox & TryHackMe ....................................................................... 14 2.2. Tools ................................................................................................................ 15 2.2.1. Reconnaissance ........................................................................................ 15 2.2.2. Exploiting ................................................................................................... 17 3. Project development ................................................................................................ 18 3.1. Virtualization platform ....................................................................................... 18 3.1.1. Why this three requirements? .................................................................... 18 3.1.2. Choosing the platform ............................................................................... 19 3.2. Updating UCASES ........................................................................................... 19 3.2.1. Tools ......................................................................................................... 19 3.3. Virtual Machines ............................................................................................... 20 3.3.1. Attacker ..................................................................................................... 20 3.3.2. Victims ....................................................................................................... 21 4. Results .................................................................................................................... 22 4.1. Scenario ........................................................................................................... 22 4.2. Reconnaissance ............................................................................................... 23 5 4.2.1. Recon-ng ................................................................................................... 23 4.2.2. Nmap ........................................................................................................ 25 4.2.3. Scapy ........................................................................................................ 26 4.2.4. NSE ........................................................................................................... 27 4.2.5. Nessus ...................................................................................................... 28 4.2.6. Netcat ........................................................................................................ 30 4.2.7. Nikto .......................................................................................................... 30 4.3. Exploiting .......................................................................................................... 30 4.3.1. Metasploit .................................................................................................. 30 4.3.2. Empire ....................................................................................................... 32 5. Budget ..................................................................................................................... 33 6. Conclusions and future development ....................................................................... 34 6.1. Difficulties ......................................................................................................... 34 6.2. Testing ............................................................................................................. 34 6.3. Future developments ........................................................................................ 35 Bibliography .................................................................................................................... 36 Glossary ......................................................................................................................... 38 6 List of Figures Figure 1: Logo TryHackMe & Hack the Box .................................................................... 15 Figure 2: Recon-ng ASCII when starting the framework ................................................. 16 Figure 3: Scapy ASCII when starting the framework ....................................................... 16 Figure 4: Nessus logo ..................................................................................................... 16 Figure 5: Metasploit logo ................................................................................................ 17 Figure 6: UCASES testbed network ................................................................................ 23 Figure 7: Setting a NAMESERVER ................................................................................. 24 Figure 8: Recon-ng database showing reverse-resolve findings ..................................... 24 Figure 9: File of AV domains used by cache-snoop ........................................................ 25 Figure 10: Full TCP SYN scan output ............................................................................. 26 Figure 11: OS fingerprinting on the vulnerable Windows 2008 machine. ........................ 26 Figure 12: TCPdump output of challenge #2 ................................................................... 27 Figure 13: Missing reset [R] response from target's ports 10 & 11 that are "filtered" ....... 27 Figure 14: Content of the "script.db" file .......................................................................... 28 Figure 15: sshv1.nse finds SSH in port 23 .....................................................................