RIPT 11 – RIPT Server (VNC)

To run GUI programs on our Kali box we’ll use VNC. Launch the TightVNC server and set a password. While the password is limited to 8-characters, it’s not really a concern as the service will only be listening on localhost. tightvncserver Once the password has been set we can make it a startable service. vi/vim/nano /etc/systemd/system/tightvncserver.service [Unit] Description=TightVNC remote …

RIPT 10 – RIPT Server (SSH)

First we create root’s keys. Note: We have to leave the passphrase blank as we will be using the keys to auto-authenticate to the relay server when creating our SSH tunnels. ssh-keygen -t rsa Override the default /root/.ssh/id_rsa with /root/.ssh/ript-01.id_rsa or something similar. Just use the same naming convention throughout. Each RIPT Server you deploy will have a …

RIPT 9 – RIPT Server (USB Key)

The purpose of the USB drive is multifaceted. We need a partition to store our encrypted logs that the client can send to us to assist in troubleshooting if (when) things go wrong. We also need to be able to send them new encrypted config files to place on the drive that the RIPT Server will …

RIPT 8 – RIPT Server (Safe Boot)

We’ll be modifying the initial RAM file system so making a backup is a “good idea”. Run the following and look for an output similar to what’s shown below. ls -al /boot | grep init -rw-r–r– 1 root root 25485034 Sep 12 18:50 initrd.img-4.6.0-kali1-amd64 Copy the identified file to “filename-safe”, similar to this. cp initrd.img-4.6.0-kali1-amd64 initrd.img-4.6.0-kali1-amd64-safe …

RIPT 7 – RIPT Server (Install Kali)

During the initial testing of this platform the standard GNOME build of Kali wouldn’t work with VNC or X11/RDP so the first iteration required a custom build. Since then the Offensive Security folks were nice enough to include downloadable LXDE ISOs as part of the new 2016.2 rolling release. We will be using the Kali Linux 64 bit …

RIPT 6 – RIPT Relay (SSH)

Add a non-root account (ript-relay), forbid root login, and require key authentication. We also remove support for weak keys and other housekeeping. As root: adduser ript-relay cd ript-relay/ mkdir .ssh cd .ssh/ Then vi/vim/nano authorized_keys and paste in the public key that you will be using to access the RIPT Relay from your RIPT Client. …

RIPT 5 – RIPT Relay (SSH over SSL/TLS)

The focus of this series isn’t the relay server. Any solution can be used as long as it supports tunneling SSH over SSL/TLS as one of our stipulations is not to require outbound SSH from the client environment. For the solution documented here we’ve gone with HAProxy (http://www.haproxy.org/). I found Ch-M.D’s website very helpful – http://blog.chmd.fr/ssh-over-ssl-episode-4-a-haproxy-based-configuration.html A lesson learned …

RIPT 4 – RIPT Relay (Basics)

Setup a server to act as the RIPT Relay. I’ve deployed a t2.micro instance running Ubuntu 14.04.5 LTS in the Amazon AWS cloud. It’s assigned an Elastic IP so we don’t have to mess with Dynamic DNS. To increase the security of our encrypted tunnels we are going to validate certificates where possible so it is important …

RIPT 3 – High Level Overview

The RIPT Server is the dropbox that is sent to the client. The RIPT Client is the machine the consultant uses to interact with the RIPT Server. The RIPT Relay proxies all communications. It can be in a dedicated lab environment or in the cloud. For the current deployment configuration, the RIPT Server will create …

RIPT 2 – Requirements

The services we want to be able to support remotely include: Vulnerability assessments Penetration tests Web application tests Database assessments Configuration reviews To do so, the platform should meet the following requirements: Hardware Small form factor No moving parts Cheap Deployment Headless Minimal client interaction (power/Ethernet) Outbound SSL/TLS connectivity only Secure Tamper resistant No local network accessible …