hacking-lab livecd mini-howto · please choose your preferred keyboard layout by left-clicking on...
TRANSCRIPT
Hacking-Lab LiveCD Mini-HowTo
Table of ContentsKeyboard Layout..................................................................................................................................2Root Shell.............................................................................................................................................2
GUI Access......................................................................................................................................2Shortcut: Root Shell <SUPER> + t.................................................................................................2Shortcut: Drop-Down Root Shell <CTRL> + l...............................................................................2
VPN Connection...................................................................................................................................3GUI Access......................................................................................................................................3VPN Connection in a Terminal (Debugging)..................................................................................3
Browser.................................................................................................................................................4GUI Access......................................................................................................................................4Shortcut: Browser <SUPER> + n....................................................................................................4
File Explorer.........................................................................................................................................4GUI Access......................................................................................................................................4Shortcut: File Explorer <SUPER> + w...........................................................................................4
Additional Shortcuts.............................................................................................................................5Close active Window <SUPER> + BACK......................................................................................5Toggle your Terminal Window left/right/full...................................................................................5Switch Workspace............................................................................................................................5Shortcut: Application Launcher <SUPER> + j................................................................................6
Menu Options.......................................................................................................................................7Show My IP.....................................................................................................................................7
Inspection Proxies................................................................................................................................8OWASP ZAP Inspection Proxy.......................................................................................................8Burp Inspection Proxy.....................................................................................................................8
LiveCD Apache Web Server (Landing Page Server)...........................................................................9How it Works...................................................................................................................................9Landing Page Server Menu..............................................................................................................9Start / Stop / Restart / Configure Apache.......................................................................................10
Firefox Browser..................................................................................................................................11Firefox Plug-Ins.............................................................................................................................11Profiles...........................................................................................................................................11Switch Proxy Plugin......................................................................................................................12Cookie Manager.............................................................................................................................12LiveHttpHeader Plugin..................................................................................................................13Firebug Plugin................................................................................................................................13
User Shell...........................................................................................................................................14List of all Shortcuts............................................................................................................................14Default Usernames and Passwords in Hacking-Lab..........................................................................15
Keyboard LayoutPlease choose your preferred keyboard layout by left-clicking on the “ch” letter in the top panel.
If your language is not available, please right-click the “ch” letters and adjust your keyboard settings accordingly.
IMPORTANT: You must first remove a keyboard layout before you can add a new one.
Root Shell
GUI AccessThe root shell is spawned with the following command “/usr/bin/sudo xfce4-terminal”. You can launch a root shell from the top panel, the docker panel or from the Start Menu. Please click on the terminal with the red color.
Shortcut: Root Shell <SUPER> + tYou can launch a root shell by pressing the following keys
• <SUPER> + t (t = terminal)
Please note
• OSX <SUPER> is the CMD key
• Windows <SUPER> is the WINDOWS key
Shortcut: Drop-Down Root Shell <CTRL> + lAs a new feature with XFCE, you can get a root drop down terminal by pressing
• CTRL + l (Small L)
This will open a drop-down shell from the upper panel.
VPN Connection
GUI Access Please use the VPN icon (right click)
Right click the VPN icon
Choose: Connect Hacking-Lab
Username = your username in HL (www.hacking-lab.com)
Password = your password in HL (www.hacking-lab.com)
VPN Connection in a Terminal (Debugging)In some very rare situations, the VPN icon is disappears from the top panel or the VPN icon keeps blinking yellow. In such situations, please run the VPN client in a terminal (debugging purpose). Wecreated a convenience menu for you.
Start → Hacking-Lab → OpenVPN → Start VPN Client in Terminal
Please enter username and password
Browser
GUI AccessPlease use Firefox for solving your Hacking-Lab challenges. You can use chromium, but the challenge descriptions in HL is refering to Firefox tools and plug-ins. Click on the Firefox in the toppanel, in the docker panel or by pressing the Start Menu.
Shortcut: Browser <SUPER> + nYou can launch Firefox by pressing the following keys
• <SUPER> + n (n = netscape)
Please note
• OSX <SUPER> is the CMD key
• Windows <SUPER> is the WINDOWS key
File Explorer
GUI AccessThe LiveCD use “Thunar” as the standard file explorer. Thunar starts as root and you can change allfiles, including system and security files. Click on the Thunar icon in the top panel, in the docker panel or by pressing the Start Menu.
Shortcut: File Explorer <SUPER> + wYou can launch Thunar by pressing the following keys:
• <SUPER> + e (e = explorer)
Please note
• OSX <SUPER> is the CMD key
• Windows <SUPER> is the WINDOWS key
Additional Shortcuts
Close active Window <SUPER> + BACK The active window will close if you press SUPER + BACK at the same time. This shortcut helps you closing your current windows
• <SUPER> + Back (Back button)
Please note
• OSX <SUPER> is the CMD key
• Windows <SUPER> is the WINDOWS key
Toggle your Terminal Window left/right/fullPlease use the following shortcuts to toggle your active windows. Try these shortcuts with a root terminal.
• CTRL + SHIFT + Left Arrow Toggle window to the left corner of the desktop
• CTRL + SHIFT + Right Arrow Toggle window to the right corner of the desktop
• SUPER + Up Arrow Maximize the current window
Switch WorkspaceYou can change the current workspace by clicking with your mouse point into one of the four squares or by pressing
• CTRL + ALT + Left Arrow
• CTRL + ALT + Right Arrow
• CTRL + ALT + Up Arrow
• CTRL + ALT + Down Arrow
Shortcut: Application Launcher <SUPER> + jPlease press the <SUPER> + j keys to start the application launcher. This is similar to the OSX Spotlight Search feature. You can start almost any GUI application throughout the Application Launcher.
• <SUPER> + j
Menu Options
Show My IP In some Hacking-Lab challenges, it is mandatory to find out the current IP address. Linux users willtype “ifconfig -a” in a shell. If you prefer the GUI method, please use the “Show My IP” menu in the Start Menu.
• Please click START → About → Show My IP Address
Inspection Proxies
OWASP ZAP Inspection ProxyPlease start the OWASP ZAP Inspection Proxy by clicking on the ZAP icon (top panel, docker panel or in the Start Menu). This will start ZAP with listening on localhost port 8080.
Burp Inspection ProxyYou can use the Burp Inspection Proxy too. Please navigate to from Start → Hacking-Lab → Inspection Proxy → Burp Proxy
LiveCD Apache Web Server (Landing Page Server)
How it WorksThe LiveCD web server is required in several Hacking-Lab challenges (e.g. XSS, JSON Hijacking or similar). The LiveCD landing page server has two independent web servers
• Front-End Webserver (Reverse Proxy, WAF)
◦ Port 80 HTTP
◦ Port 443 HTTPS
• Backend Webserver
◦ Port 8888 HTTP
The front-end web server has some mod_proxy rules configured and proxifies some URL's to the backend web server. This is important for Web Application Firewall labs, as mod_security, mod_proxy, mod_substitute, mod_log_forensics and more is activated. A simple pre-auth page is configured (should help you understanding a commercial reverse proxy with pre-auth).
Landing Page Server MenuAdvanced users should check-out the Apache configuration in /opt/applic/httpd/conf and review the /etc/init.d/apache_but start script. For your convenience, we have created Menu items for managing your Apache instance
Start / Stop / Restart / Configure Apache
Start Start the Web Server on Port 80 and 443 (including the backend web server on Port 8888)
Stop Stopping the Web Server (all instances)
Restart Restart Apache Webserver
Edit httpd.conf Edit main Apache configuration file (Reverse Proxy with mod_security)
Edit httpd-backend.conf Edit backend Apache configuration file (second Apache listening on port 8888)
File Explorer APACHE CONF Edit some other files in your Apache configuration directory
File Explorer APACHE HTDOCS Edit some files in your Apache htdocs (where the index.html is)
Clean Access Log Cleans your Apache log file
Show Apache Access Log File Opens and refreshes access_log file
Show Apache Error Log File Opens and refreshes error_log file
Show Apache Audit Log Opens and refreshes mod_security log file
Firefox Browser
Firefox Plug-InsAs the HL LiveCD is designed as standardized client workbench for HL challenges, there are some pre-configured plugins available that should your life making easier during the challenges.
ProfilesWhenever you start Firefox the first time, the profile chooser is being opened. There is no difference between the Browser 1 and Browser 2 profile. But this is very handy if you do XSS and other session hijacking challenges and you play the attacker and victim at the same time. Therefore, you need two independend browser instances.
The underlying command for Firefox is
• /opt/applic/firefox/firefox -P (-P opens the Choose User Profile dialog)
Firefox runs with “hacker” privileges (not as root). Where most other tools run as root.
Switch Proxy PluginIf you work with ZAP or Burp inspection proxies, you need to switch your Firefox browser proxy tolocalhost:8080. A simple Firefox plugin helps you switching the proxy (fast access).
Without ZAP or Burp, please keep the settings on “No Proxy”. Otherwise, please use Burp or ZAP instead. You can change the settings by pressing the “Manage Proxies” Menu.
Cookie ManagerIf you need to view, edit, delete cookies in your browser (XSS challenge, session hijacking challenge), please use the Cookie Manager plugin.
LiveHttpHeader PluginThis plugin will help you seeing some request/response headers while surfing the net. You cannot change the content, but shall help beginners getting an idea in what is going on behind the scene when visiting a web app.
Firebug PluginSome say Firebug is useless, since all browser added the Web Development tools. However – we have added firebug to the arsenal of Firefox plugins.
User ShellIf you need to get a shell as a 'normal' and 'unprivileged' user, please type
• <SUPER> + u (user shell)
Please note
• OSX <SUPER> is the CMD key
• Windows <SUPER> is the WINDOWS key
List of all ShortcutsIf you want to review or change the shortcut configuration, please start the keyboard application from the application launcher
• <SUPER> + l (Small L = Launcher) → Type “keyboard”
Please review “Application Shortcuts”
Default Usernames and Passwords in Hacking-Lab
We have setup test accounts for you in Hacking-Lab challenges. Whenever you are prompted for a username and password, please try
hacker10 with password compass
hacker11 with password compass
hacker12 with password compass
….
hacker40 with password compass
This will work for all challenges, except for those where the password is part of the challenge! Please use these credentials for example in http://glocken.hacking-lab.com/