In this tutorial I am going to look at what services are running on our Metasploitable machine and setup firewalls. This is more basic scanning of our machine to get an idea of how to get in. Obviously in a real engagement you would want to do research on Google and whatnot to find out as much as you can about your target but this series isn't about all of that.
Sidenote: I wanna do a series on how to setup and use the ZUES botnet. Does this sound interesting?
Step 1: Finding All Available IPs
First things first. I want to find my machine! this can be done with the nmap -sP 192.168.1.0/24 command. The IP used it your network IP and the /24 is the subnet mask bits. You should get an output similar to this.
Step 2: Scanning Our IP
Once you find the machine you want to test (for me it is 192.168.1.200) we want to find all the services and open ports. Remember that the goal of this series is to keep these ports open but secure the machine. This is to make it so we don't just block all connections and makes the scenario more realistic. This should be very similar to the output you get.
Step 3: Setting Up IPtables
Next you will want to connect to your Metasploitable machine using the account we used last time. I use ssh msfadmin@192.168.1.200 and typed "yes" without quotes to add the key to my SSH cache.
IPtables is a great piece of software that any Linux server admin NEEDS to know so it is worth the Googling ;). I have seen several machines on my college's darknet that have never setup their IPtables and it would help them alot to do so.
Here I am clearing all previous rules (iptables -F)and then defining new ones for all the ports I see are being used. I did this for both the INPUT and OUTPUT chains. This is in a script just so I have the ability to reapply them or even modify and reapply quickly. Remember to save with iptables-save once you have finished. I will attach this script to this tutorial (remember to run chmod +x iptables.sh). Again some Googling will help you understand these commands alot!
After you run this script type iptables -L to view the setup rules. IPtables real each rule from top to bottom for each packet that applies to the chain. Thus why an observant person would notice the last rule drops all remaining packets.
Try scanning your machine with the nmap -sV command again and you will see that it appear nothing has changed. Half of the firewalls job is to keep listeners (or really anything the admin wants) from leaving the machine/network or coming in.
Question: Is this tutorial length good or no? I see that most tutorials seem like shorter reads. Or should it just depend on what I wanna teach?
Just updated your iPhone to iOS 18? You'll find a ton of hot new features for some of your most-used Apple apps. Dive in and see for yourself:
9 Comments
(y)
Hi, where is the IPTables script?
This is the script I created with this tutorial http://pasteben.benbaptist.com/?id=794765576720
Awesome cheers :) Thanks for the tutorial. So basically all open ports follow the same rules in the chain, input and output with drop terminator at the end to return to the calling module.
What does this do for us? Will the port not accept calls normally without these rules? Please excuse my ignorance I'm fairly new to this.
Firewalls in general filter out traffic coming into the machines. In Linux it is usually iptables. The way this works when it receives a packet is it starts at the first rule in the chain and if the packet fits that rule than it gets let through if not it goes to the next one, this is why we need the last one that just drops all other connections besides what we want.
By default iptables has the chain policy to default accept everything. You can change this but it is not recommended because if you are remotely connected and you accidentally flush your iptables you will not be able to connect.
Does this answer your questions?
Yes, thanks Jeremiah :)
Regarding the tutorial, you did a good job I reckon. Personally I like in-depth detailed tutorials, as missing info or misunderstanding steps can make all the difference between it working and not working, the more detail the better.
Much better to have to skip some stuff you already know than to be frustrated trying to interpret insufficient information.
I agree. And thank you for the feedback!
Great tutorial :D!
Any plans on continueing this ?
Also i had a question metasploitable. So this virtual machine is basically a real scenario's of when you are hacking any kind of network / servers?
Also can you add Firewalls + IDS and loggings to this virtual machine to make it harder to be undetected?:)
Thanks and keep it up!
Share Your Thoughts