Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Capsulecorp-Pentest - Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com


Vagrant VirtualBox Environment For Conducting An Internal Network Penetration Test.

1. Capsulecorp Pentest
The Capsulecorp Pentest is a small virtual network managed by vagrant and ansible. It contains five virtual machines, including one Linux attacking system running xubuntu and 4 Windows 2019 servers configured with various vulnerable services. This project can be used to learn network penetration testing as a stand-alone environment but is ultimatly designed to compliment my book The Art of Network Penetration Testing

1.1. Current Funcionality
  • Active directory domain with one DC and 3 server members
    • Domain Controler: goku.capsulecorp.local
    • Server 01: vegeta.capsulecorp.local
    • Server 02: gohan.capsulecorp.local
    • Server 03: trunks.capsulecorp.local
  • Vulnerable Jenkins server on vegeta
  • Vulnerable Apache Tomcat server on trunks
  • Vulnerable MSSQL server on gohan
  • Xubuntu pentest system running XRDP.
    • Metasploit
    • CrackMapExec
    • Nmap
    • Remmina RDP client
    • RVM
    • Python/Pip/Pipenv
    • Impacket

1.2. Requirements
In order to use the Capsulecorp Pentest network you must have the following:

1.3. OSX Configuration
In order to manage Windows hosts you'll have to install pywinrm with pip inside the ansible virtual environment
source ~/ansible/bin/activate
pip install pywinrm
deactivate

2. Installation
For a detailed installation walkthrough check out the MacOS Setup Guide

2.1. Configure the windows hosts
The first thing you should do is bring up and provision Goku the domain controller. This system will likely take the longest to bring up because the dcpromo stuff just takes a while.
Bring up the VM
vagrant up goku
Provision the VM
vagrant provision goku
Repeat the above two commands for gohan, vageta and trunks.
...WARNING...
This section of the provision is expected to take a while because after a dcpromo it takes a long time for the system to reboot.
TASK [promotedc : Set a static address to 172.28.128.100] **********************
changed: [goku]

TASK [promotedc : Change hostname to goku] *************************************
ok: [goku]

TASK [promotedc : Install Active Directory Services] ***************************
ok: [goku]

TASK [promotedc : Promote goku to domain controller] ***************************
changed: [goku]

TASK [promotedc : Reboot after promotion] **************************************

2.2. Configure your pentest platform
Bring up the virtual machines using vagrant. First cd into the project directory, for example: cd ~/capsulecorp-pentes. Take note of the RDP port that gets forwarded to your localhost.
vagrant up pentest
Provision the pentest machine.
vagrant provision pentest
You can access your penitent machine either using your preferred RDP client to connect to the xrdp listener or via SSH with.
vagrant ssh pentest


...



๐Ÿ“Œ Internal Linking yang Baik: Cara Meningkatkan SEO On-Page dengan Strategi Internal Linking yang Tepat


๐Ÿ“ˆ 23.34 Punkte

๐Ÿ“Œ WinPwn- Automation For Internal Windows Penetration Testing


๐Ÿ“ˆ 23.17 Punkte

๐Ÿ“Œ HiveJack - This Tool Can Be Used During Internal Penetration Testing To Dump Windows Credentials From An Already-Compromised Host


๐Ÿ“ˆ 23.17 Punkte

๐Ÿ“Œ Penetration Testing Bootcamp - Penetration Testing Methodologies


๐Ÿ“ˆ 23 Punkte

๐Ÿ“Œ Penetration Testing Bootcamp - Penetration Testing Terminology


๐Ÿ“ˆ 23 Punkte

๐Ÿ“Œ Penetration Testing as a Service (PTaaS): the evolution of Penetration Testing at AT&T


๐Ÿ“ˆ 23 Punkte

๐Ÿ“Œ Network Audit Company in Delhi | Network Penetration Testing


๐Ÿ“ˆ 22.99 Punkte

๐Ÿ“Œ FBI Bust Indian Student for Conducting DDoS Attacks on a Chat Site


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ The US Has Been Conducting Offensive Cyberattacks against North Korea


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Lazarus group conducting malware attacks to steal Bitcoins


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Google Is Conducting a Secret 'Performance Review' Of Its Censored China Search Project


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Google Is Conducting a Secret 'Performance Review' Of Its Censored China Search Project


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ FBI Bust Indian Student for Conducting DDoS Attacks on a Chat Site


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ FBI Bust Indian Student for Conducting DDoS Attacks on a Chat Site


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ FBI Bust Indian Student for Conducting DDoS Attacks on a Chat Site


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Facebook Accused of Conducting Mass Surveillance Through Its Apps


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Google boots major Android app developer from store for conducting massive ad fraud


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Twitter Removes State-backed Actors Conducting Information Campaigns


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Conducting a Successful False Flag Cyber Operation (Blame it on China)


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Why Threat Actors Are Increasingly Conducting Cyberattacks on Local Government


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Is Russia Conducting A Social Media War On America?


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ eBay Is Conducting a 'Mass Layoff' In the Bay Area


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Contingency Planning: Conducting the Census When Knocking on Doors Isnโ€™t Safe


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Websites Conducting Port Scans


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Conducting Modern Insider Risk Investigations


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Super Micro conducting investigation into Bloomberg claims


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Hackers conducting botnet attacks through 20k hacked WordPress sites


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Hackers Conducting RDP Attacks Using New Technique to Bypass Protections


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ UK suspects China is conducting espionage with few among 100,000 Chinese University students


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Two Massachusetts Men Arrested for Conducting SIM-swapping Attack To Steal Cryptocurrency & Social Media Login


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Mastering GDPR Article 30 Compliance: Conducting, Maintaining and Reporting on your Data Inventory


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Data detective: Tips and tricks for conducting effective exploratory data analysis


๐Ÿ“ˆ 21.56 Punkte

๐Ÿ“Œ Designing and conducting digital testing for mobile applications


๐Ÿ“ˆ 21.56 Punkte











matomo