Infrastructure

Skip this section if taking the training. The lab should already have this.

We’ll be using a few different VMs throughout this process. Let’s kick off the downloads now since they make take some time to complete.

Op VM

We need a place to deploy all our stuff. For this workshop, we’ll be using VirtualBox and the latest Ubuntu LTS (22.04 LTS). Ubuntu has a great walk through on how to do this.

Install Tooling

We need a handful of tools to accomplish our goals

  • git
  • docker (podman-docker)

following: https://docs.docker.com/engine/install/ubuntu/


sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \
    git vim
sudo mkdir -m 0755 -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin 

I also installed VS Code (https://code.visualstudio.com/sha/download?build=stable&os=linux-deb-x64)

Testing windows implants

To test windows implants on Linux, install wine (https://wiki.winehq.org/Ubuntu):

sudo dpkg --add-architecture i386
sudo mkdir -pm755 /etc/apt/keyrings\nsudo wget -O /etc/apt/keyrings/winehq-archive.key https://dl.winehq.org/wine-builds/winehq.key
sudo wget -NP /etc/apt/sources.list.d/ https://dl.winehq.org/wine-builds/ubuntu/dists/jammy/winehq-jammy.sources
sudo apt update
sudo apt install --install-recommends winehq-stable

Now a quick test in a terminal:

wine cmd.exe

You may get some prompts to follow, you should follow them… Eventually you should get a nice cmd.exe prompt.

Wine CMD

Docker DNS Magic

In an effort to make things more clear and easier to understand while we hop through browser tabs and URLS, we’ll want to set up some DNS magic for our docker containers. This requires us to replace the default systemd-resolved in Ubuntu with dnsmasq. Then we’ll use a program to populate dnsmasq configuration with docker container information. This step is only for local testing.

This article came in handy to switch to dnsmasq. In addition to that article, we’ll also need to add the following to the dnsmasq.conf

conf-dir=/etc/dnsmasq.d

Now we need to install Golang so we can build docker-dnsmasq.

sudo apt install golang
go install github.com/defektive/docker-dnsmasq@latest

Now would be a good time to add ~/go/bin to our $PATH.

Now we should be able to run this in a new terminal window:

sudo `which docker-dnsmasq` daemon

We can test everything is working properly by starting a container with the VIRTUAL_HOST environment variable. Then pinging that docker container VIRTUAL_HOST name.

sudo docker run --rm -e VIRTUAL_HOST=mailhog.docker mailhog/mailhog
ping mailhog.docker

Ping Docker Container

We should also be able to ping random subdomains:

ping asdasd.mailhog.docker

Ping Docker Container Subdomain

Windows VM

We’ll want a Windows box to do a little bit of payload development and testing. Once windows is installed, we’ll need to install Visual Studio Community. When configuring visual studio select .NET Development.

https://learn.microsoft.com/en-us/dotnet/framework/install/dotnet-35-windows#enable-the-net-framework-35-in-control-panel

Change networking to bridged

We need to change our VM’s network settings to be bridge so they can talk to each other.

Install Guest Utils

We should install virtualbox guest utils. This will make things much easier when we want to share things between our VMs.

Last modified August 31, 2024: better spelling. new post (15bc7a8)