Category «Security»

Dropbox 11 – Dropbox Server (VNC)

To run GUI programs on our Kali box we’ll use VNC. Launch the TightVNC server and set a password. While the password is limited to 8-characters, it’s not really a concern as the service will only be listening on localhost. tightvncserver Once the password has been set we can make it a startable service. vi/vim/nano /etc/systemd/system/tightvncserver.service [Unit] Description=TightVNC remote …

Dropbox 10 – Dropbox Server (SSH)

First we create root’s keys. Note: We have to leave the passphrase blank as we will be using the keys to auto-authenticate to the Dropbox Relay when creating our SSH tunnels. ssh-keygen -t rsa Override the default /root/.ssh/id_rsa with /root/.ssh/dbox-01.id_rsa or something similar. Just use the same naming convention throughout. Each Dropbox Server you deploy will have a …

Dropbox 9 – Dropbox Server (USB Key)

The purpose of the USB drive is multifaceted. We need a partition to store our encrypted logs that the client can send to us to assist in troubleshooting if (when) things go wrong. We also need to be able to send them new encrypted config files to place on the drive that the Dropbox Server will …

Dropbox 8 – Dropbox Server (Safe Boot)

We’ll be modifying the initial RAM file system so making a backup is a “good idea”. Run the following and look for an output similar to what’s shown below. ls -al /boot | grep init -rw-r–r– 1 root root 25485034 Sep 12 18:50 initrd.img-4.6.0-kali1-amd64 Copy the identified file to “filename-safe”, similar to this. cp initrd.img-4.6.0-kali1-amd64 initrd.img-4.6.0-kali1-amd64-safe …

Dropbox 7 – Dropbox Server (Install Kali)

During the initial testing of this platform the standard GNOME build of Kali wouldn’t work with VNC or X11/RDP so the first iteration required a custom build. Since then the Offensive Security folks were nice enough to include downloadable LXDE ISOs as part of the new 2016.2 rolling release. We will be using the Kali Linux 64 bit …

Dropbox 6 – Dropbox Relay (SSH)

Add a non-root account (dbox-relay), forbid root login, and require key authentication. We also remove support for weak keys and other housekeeping. As root: adduser dbox-relay cd dbox-relay/ mkdir .ssh cd .ssh/ Then vi/vim/nano authorized_keys and paste in the public key that you will be using to access the Dropbox Relay from your Dropbox Client. …

Dropbox 5 – Dropbox Relay (SSH over SSL/TLS)

The focus of this series isn’t the relay server. Any solution can be used as long as it supports tunneling SSH over SSL/TLS as one of our stipulations is not to require outbound SSH from the client environment. For the solution documented here we’ve gone with HAProxy (http://www.haproxy.org/). I found Ch-M.D’s website very helpful – http://blog.chmd.fr/ssh-over-ssl-episode-4-a-haproxy-based-configuration.html A lesson learned …

Dropbox 4 – Dropbox Relay (Basics)

Setup a server to act as the Dropbox Relay. I’ve deployed a t2.micro instance running Ubuntu 14.04.5 LTS in the Amazon AWS cloud. It’s assigned an Elastic IP so we don’t have to mess with Dynamic DNS. To increase the security of our encrypted tunnels we are going to validate certificates where possible so it is important …

Dropbox 3 – High Level Overview

The Dropbox Server is the device that is sent to the client. The Dropbox Client is the machine the consultant uses to interact with the Dropbox Server. The Dropbox Relay proxies all communications. It can be in a dedicated lab environment or in the cloud. For the current deployment configuration, the Dropbox Server will create …

Dropbox 2 – Requirements

The services we want to be able to support remotely include: Vulnerability assessments Penetration tests Web application tests Database assessments Configuration reviews To do so, the platform should meet the following requirements: Hardware Small form factor Few/no moving parts Low cost Deployment Headless Minimal client interaction (power/Ethernet) Outbound SSL/TLS connectivity only Secure Tamper resistant No local network …