HACKLOG 2×02 – Fondamentali sulla Programmazione Web


GNU / Linux is still the Operating System today
mostly used by those who practice IT at high levels: its flexibility and nature
open source with which it is distributed allows to analyze and retail many
aspects that in other Operating Systems often they are not accessible.
Surely you’ve heard of GNU / Linux and you are already wondering if that’s the case with
having to format again: in our case however we will install it inside a container
called Virtual Machine. A Virtual Machine, or virtual machine,
it’s a computer inside a computer: in this so you won’t have to format and configure
thousand drivers and components. We will then install Virtual Box, a program that allows you to
create Virtual Machine and that is available for Windows, Mac and GNU / Linux. For this series we preferred to use
Parrot Security OS, a GNU / Linux distribution all Italian designed for those doing pentesting.
If you haven’t already done so you can download it from the official website.
Then start the installation and proceed with it. The installation process is immediate
and requires few interactions. If you have problems, please comment
under this video or document yourself on the site team official. The machine you just created will simulate
the environment where the cyber criminal performs his attacks. But what’s going to attack?
Another machine, always in our possession, where we can analyze what happens
on the other side of the fence. Metasploitable will be the Virtual Machine towards
which we will carry out attacks on the network: with it we will carry out attacks against services,
of doors and everything related to a web-based attack based. The creation procedure is slightly different
compared to the first: first get yourself Metasploitable image from the website
official by registering. To the term, you will get a .zip file.
metasploitable-linux-2.zip is the version .zip to be extracted: inside
you will find 5 files but for the moment we are not interested. We create the new virtual machine by assigning:
Name (Metasploitable), Type (Linux) and Version (Linux 2.6 / 3.x / 4.x 64-bit) RAM, 1024 MB recommended
Hard Disk, select “Create a new one immediately virtual hard disk ”
For the type of Hard Disk, choose VDI (VirtualBox Disk Image)
The type of allocation is indifferent (Allocated dynamically or specified size)
Give a bigger size than that recommended, say 20GB will suffice
The machine has been installed but, unlike of the other two (where proceedings will follow
of Setup and so on) we will import directly here the Virtual Machine ready to be
launched. Instead of starting the machine, select it
from the list of Virtual Machines, then right click and enter the settings.
We navigate to “Archiving”, select the SATA controller “Metasploitable.vdi”, then
click on the icon of the Hard Disk next to it on the “Hard Disk” entry on the right. To the pop-up
click on “Choose a virtual hard drive …”, then select the “Metasploitable.vdmk” file
that you just pulled out. The first virtual machine created will be that
that attacks, the second the one that defends. It will now be necessary to link them to the level
network, so make sure they can communicate within a virtual network, that is
exists only within our computer. From the settings of each virtual machine
(right click on it, then Network) configuria mo a new network card as follows:
Click on “Card 2” then “Enable Card of network”
Connected to: Internal network Name: hacknet
In advanced Type of Intel PRO / 1000 MT Desktop card
Promiscuous mode: Allow everything Connected cable (enabled) It could be more comfortable to have two
static IP addresses: this means that, at startup, the two machines will always have
the same IP addresses (static) and will not change based on the presence of other VMs or the order
of both. A note: the IP address is that address
that identifies a computer, a smartphone, a smarttv and any other device
IT, within a network. And how a phone number and is unique to that
device in that network. First let’s go to the car
attacks (from now on the attacker machine), open the terminal and type:
$ ip a We take notes on the two identifiers of the
network cards Also from the terminal, we get the privileges
root and modify the file / etc / network / interfaces: The two commands we mentioned are needed
respectively to raise our permits to root users, then to administrators of
system, and to modify the “interfaces” file, present in the “/ etc / network” folder, through
the nano command, a text editor available for the terminal. We modify the file as follows. To close and save the file we will use
the CTRL + X combination to indicate closure, the Y button to confirm the choice and ENTER
to definitively save everything. Remember: CTRL + X, Y key and ENTER. You will use it often
in this course (if you need to write it from somewhere). At this point you can restart the service
networking, so that the system is loaded operating the new network configurations
or if I have problems restarting directly the virtual machine The same operation will now be carried out
also on the second machine (which from this moment we will call victim) and re-perform
the procedure. Open the interfaces file and configure it
as seen before, but only changing the address IP (remember that two computers cannot have
the same IP address in a network). Finally we restart the network services. Now we can test the operation through
ping, a system that allows us to establish if an IP address (and therefore a computer)
is available on the network. From the attacker machine, always from the terminal,
we type: ping 20.0.0.3 And from the virtual machine that defends (metasploitable)
We’ll type ping 20.0.0.2 If we receive response packets, then
means that the two virtual machines can communicate with each other.
To recap: 20.0.0.2 is the IP of the attacker machine
20.0.0.3 is the IP of the metasploitable machine We may want to define a hostname like this
from not having to indicate the address every time IP of the victim machine: from attacker we modify
the / etc / hosts file: $ nano / etc / hosts
and add below the other IP addresses: 20.0.0.3 [tab] metasploitable

18 thoughts on “HACKLOG 2×02 – Fondamentali sulla Programmazione Web

  1. una domanda, se la macchina virtuale ti da problemi di virtualizzazione, nel senso se il programma deve partire la virtualizzazione deve stare spenta pero per farlo funzionare serve la virtualizzazione che posso fare?

  2. Penso sia la serie che più aspettavo da tempo😍 grazie Stefano e un grazie anche a tutto il tuo staff!😍

  3. Tutto configurato… nel ping Host Unreachable. Anche se eseguo il ping a 8.8.8.8 non dà risposta. Pls HP!

  4. Aspettiamo che mi introduco mentalmente ,dopo un lungo digiuno,di informatica.ciao.

  5. a me da problemi sia la macchina parrot perche in seguito all accensione arriva alla prima schermata ma poi mi da tutti punti interrogativi e poi lo schermo diventa tutto nero mentre la metasploitable mi da un errore di fatal

  6. quando vado a modificare /etc/network/interfaces di metasploitable con nano, mi dice permesso negato, qualcuno mi aiuta a trovare una soluzione? (((risolto))) sotto ho un'altro problema

    un nuovo problema si è posto, entrando dopo la modifica di interfaces all'interno di parrot, questo è ciò che mi si presenta davanti: "FATAL: bootable medium found! System halted." soluzioni?

  7. Visto che ho già una VM con Kali che sto usando per un corso di Network Security è possibile utilizzare quella al posto della parrot OS per questa serie?

  8. quando vado a vedere se le due macchine sono connesse con il comando ping non riesce a mandarli pacchetti

  9. Visto l'inglese in nano non è ctrl+x S per salvare ma ctrl+x Y.
    A parte queste piccolezze gran video ragazzi

  10. Ma non avendo una mail da compagnia a me non fa creare l'account per scaricare metasploitable… se metto una mail normale dice "must be valid company email…

  11. dove scaricare metasplitable , all'email dice di mettere un email aziendale , ma come faccio?
    cioé se devo cambiarla in aziendale , non voglio

Leave a Reply

Your email address will not be published. Required fields are marked *