I'm working on a talk for a conference and an aspect of my talk involves being anonymous.  I'd considered several ideas as to that initial step but ended up with a Raspberry Pi Tor Proxy to sit in front of my burner laptop.  That's just the beginning, of course, because there will be multiple layers but that's the direction of the talk and not the topic of this post.  This post is that initial platform of anonymity. 

    When I looked around at examples for Pi proxies, I saw some older posts that were no longer valid and some newer posts that didn't exactly cover what I was trying to do.  Or perhaps my Googling wasn't good enough.  Regardless, I pieced some parts together and I got what I wanted.  To make this post complete, I'm starting from near the very beginning.  Pet projects aside, I not a frequent user of the Raspberry Pi so this will be as much a tutorial for me as for those who stumble upon this post. 

    It's been a while since I've played on Vulnhub and there are a ton of new machines.  In fact, I just saw a stat that showed this is the first year where there have been over 100 submissions.  I guess I've got a lot of catching up to do -- or not.  Anyway, it's the holiday weekend and I have some time to kill so I went to see what was new and hackNos is one of the first few.

    This box is fairly straightforward as long as you don't get bogged down on any particular avenue.  It's also possible to get the root flag without actually becoming root but I couldn't let that stand so I rooted it as well.  More on that in a moment. 

    First, we kick off with Nmap:

    If you blink, there will be another privilege escalation script and as far as I can tell, they seem to be the work of people honing their skills with a particular language or platform.  As such, they tend to go without updating not long after they are produced.  On the Linux side, there is (was) a popular script, in Kali, unix-privesc-check from Pentest Monkey.  When you're working with old machines, this is a good one and one that I've used for many reasons.  First, it works a lot of the time.  Second, when it's finished, it lists kernel exploits. This is all great until you move into modern systems, then the script produces a whole lot of something without the glaring "use this to get root" at the end.  Then you're destined to hunt through the miles of information it provides. 

    While performing a penetration test recently, I managed to pivot from a workstation to a VoIP server.  One of the main reasons this occurred is due to the fact that the network was not segmented.  So what is network segmentation?  It's breaking up the network into logical parts while isolating some devices from other devices.

    I think most WiFi networks these days have a "guest network" which is essentially the same concept.  We're isolating the guests from the rest of our network but we're still allowing them access to the Internet.  With our network, we're able to do this with several different technologies but it can be done for as little as $20-$30. 

    In the picture below, I've created a basic network:

    I sort of stumbled across Heist because I accidentally landed on a Reddit page that mentioned it.  Prior to that, I'd not heard of this box.  Granted, there are a lot of HTB boxes and I don't live on the platform.  It's not that I couldn't, I could.  It's very gamified and I'm drawn to that sort of thing but I also see it as a great time suck.  That being said, this box was mentioned in the same context with a box that I had rooted and I was curious about the parallel.  Spoiler, there wasn't any.  I think it was just a non sequitur but here I am and I'm not disappointed I ended up here.

    We kick off with Nmap:

    "Gophish is a powerful, open-source phishing framework that makes it easy to test your organization's exposure to phishing."

    Depending on where you look, and what they are trying to sell you, the percentage of attacks from phishing range from 30% - 90%.  The Verizon Data Breach Investigations Report shows the percentage dropped in 2019 from 2018 by about 40%.  Regardless, phishing is still an easy and viable attack vector.  I can send phishing emails over and over again and the recipient only needs to make a mistake once.  It's simple and it's effective.

    For phishing awareness training, there are pay services, there are services that offer phishing as a secondary feature -- like Duo, and there are free products like GoPhish.  Not only can you use phishing awareness tools test phishing, you can also use them as a tripwire of sorts -- more on that at the end of this post. 

    © 2020 sevenlayers.com