This range is intended to be an exercise for cybersecurity professionals to gain exposure to pivoting tools and tradecraft. There are many other tools out there, and this is surely just hitting some of the wavetops for some of the most popular tools.
Table of Contents
Broadly speaking, this lab includes the use of three different types of tools:
- live off the land tools
- non-native binaries
- webshells
The lab consists of three jump boxes with different web servers, and two "target" machines for exploitation. All of the machines except for one of the targets is Debian-based. The three web servers include a Tomcat server for jsp webshells, an Apache server for php webshells, and an nginx server. All of the machines can be administered through the SSH key provided on the kali attack box as the root user, including the two "target" machines.
This guide assumes the user already has Promox and Ludus installed. If Ludus is not yet installed, start here.
-
Clone the repo
git clone https://github.com/CleverNamesTaken/PivotLab.git
-
Add the necessary roles
cd PivotLab ludus ansible role add -d roles/attack_box/ ludus ansible role add -d roles/fvarovillodres.lamp/ ludus ansible role add -d roles/lamp/ ludus ansible role add -d roles/linux_target/ ludus ansible role add -d roles/nginx/ ludus ansible role add -d roles/tom/ ludus ansible role add -d roles/tomcat/ ludus ansible role add -d roles/windows_target/ ludus ansible role add -d roles/ludus_vulhub/ -
Import the range config file
ludus range config set -f range-config.yml -
Deploy the range
ludus range deploy
Feel free to test any number of pivoting tools you'd like. The Conops.md file contains a walkthrough on basic usage of the following tools, which are pre-installed on the Kali attack box at 10.<RANGE_NUMBER>.20.201:
ssh to 10.<RANGE_NUMBER>.20.201 with the credentials kali:kali, and check out the ~/tools directory for pre-installed tools.
If you are like me and prefer your own attack box, then just run prepareTools.sh to install the tools on a different platform.
See Conops.md for how these tools can be deployed.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature) - Commit your Changes (
git commit -m 'Add some AmazingFeature') - Push to the Branch (
git push origin feature/AmazingFeature) - Open a Pull Request
Distributed under the Apache License. See LICENSE.txt for more information.
Project Link: https://github.com/CleverNamesTaken/PivotLab
- Erik (Bad Sector Labs) for all the amazing work on Ludus.
- opsdisk and the incredible Cyber Plumber's Handbook
- fvarovillodres for his development of the ansible-role for installing a LAMP stack