Penetration Testing Lab and Dynamic DNS

Dynamic DNS can be useful especially for home users who wanted to host their own websites or other internet services, without having a static IP Addresses.

Also useful if you want to have a test server that is accessible via internet to perform or simulate penetration testing from public access.

These are the items needed to follow this post.

ISP Plan that can serve dynamic public IP Addresses for their clients. Usually a 1Mbps up plan
DynDNS Account
TP-LINK model no.: TL-WR340G or router that have DDNS feature
Web server

To start with, create an account with DynDNS

Once created, login to your account and go to "My Services" and click "Add Hostname".

Put any hostname that you want, in my case i use "pentestlab". Select the domain name from drop-down list, i've chosen "homeip.net". Click the "Use your currently detected IP address ..." then click "Add To Cart".

Don't worry, this is just a free services. Just click "Next"

The details about the domain is listed below. Just click "Activate Services" to instantly enable it.

We will now proceed with the TP-Link router DDNS configuration. Login to your router management console. Go to the Dynamic DNS tab and put your credentials, dyndns domain etc. as shown below, then click "Login". The status should be succeeded.

Now, get the local IP address of those server that you want to access from the internet.

Now back to TP-Link management console. Go to Forwarding tab and select virtual servers. Put the IP address and ports of the server as shown below.

Users accessing http://pentestlab.homeip.net will be forwarded to your server.

Browsing http://pentestlab.homeip.net (this domain is for POC only and will be deactivated afterwards)

Ping to pentestlab.homeip.net

Perform NMAP to pentestlab.homeip.net to start your recon. Then open each services you want to test on. Use your pentest tools (e.g. metasploit, nikto, backtrack3) to practice exploitation through public IP. Comes in handy on practicing forking (socat) on doing reverse shell, if http/https 80/443 is only allowed. 

That's all. Hope you like it.

Microsoft Patch Management WSUS 3.0 Group Policy Deployment (Part 3)

Note: The domain name, computer name etc. that i have used are for demo and a standalone lab only.

We are now ready to use Group Policy to deploy updates.

First, go to active directory users and computers and create 2 OU (Organizartional Units)

Update Group - Computers must be located on this OU

Update Test Group - Computers for update testing must be located on this OU

Open Group policy management and create 2 GPO (Group Policy Object) under the "Update" and "Updates Test" Groups.

To edit GPO right click on it and select EDIT.

Under computer configuration >>> Administrative Templates >>> Windows Components >>> Windows Update.

IMPORTANT: Both GPO settings of groups should be configured same as below, except for "Target group name for this computer". The value for WSUS Deploy Updates GPO should be "Deploy Updates"

If you are finished configuring the GPO. Launch again the Active Directory Users and Computers. Move the computers that you have chosen to be tested for new updates to the "Update Test Group".

On my case, the machine with the computer name "BBC5C249A514424".

Now going back to the WSUS 3.0 server. The computer should now be detected and should be on the list of Test Updates.

Let us now select and approve one update. Right click on it and select Approve.

Right click Test Updates and choose Approved for install.

The update is now approve to be deployed to those machines under Test Updates group.

To learn more, go to WSUS Home

To learn more about GPO, go to Windows Server Group Policy website

Microsoft Patch Management WSUS 3.0 Configuration (Part 2)

Note: The domain name, computer name etc. that i have used are for demo and a standalone lab only.

Launch the Windows Server Updates Services.

Select Options to view all WSUS configuration. We have to setup this first one by one.

Select Update Source and Proxy Server. Choose "Synchronize from Microsoft Update". The server must be allowed in your firewall to be able to download updates from microsoft website.

If you are using a proxy server to access the internet. Tick the "Use a proxy..." and enter the credentials if needed.

The product and classification option allow us to choose the updates for the specific products that we want and the classification of updates to download such as critical, security, commulative, service packs etc.

Choose "Store update files locally...". We also choose to download update files only when the updates are approved.

Choose download updates only in these languages ex. English. Downloading updates in all languages will consume more disk space.

We will be using Manual Synchronizarion for testing, but you can change it later according to your desired schedule.

We choose "Use Group Policy ..." to allow us the group management using GPO.

Now that we have configured WSUS server. We will prepare the groupings on how the machines will acquire updates from our WSUS.

Microsoft recommends to test all the patches prior to deploying it to all computers in your organization. We might encounter some OS or third party application issues after installing some updates.

In some cases, you would want to choose 3 or more computers from every departments who are using different applications to test the new updates. If no issue arises, then you may deploy it to all the machines in your organization.

As an example, we will create 2 groups:

Test Updates - Machines on this group are chosen to deploy and test updates.

Deploy Updates - Machines on this group are all the machines on your organization.

IMPORTANT: For new updates, approved only the installation to Test Updates group.

When finished preparing the groups. Click "Synchonize now" to get the list of available updates based on the products and classification that we have chosen.

NOTE: After the synchronization, WSUS server only lists the available updates. Updates will be automatically downloaded once we have approved it.

Proceed to Part 3 which covers the client update deployment via Group Policy.

Microsoft Patch Management WSUS 3.0 Installation (Part 1)

Note: The domain name, computer name etc. that i have used are for demo and a standalone lab only.

This is for the starters who want to implement microsft patch management using WSUS 3.0 and to control clients updates using Group Policy.

On this demo, we will be using Windows 2003 Server Standard with Service Pack 1. This machine must be a member of a domain.

These are the requirements prior to installing WSUS 3.0:

Microsoft IIS must be installed
Windows Installer 3.1 or later
Microsoft .Net Framework 2.0
Background Intelligent Transfer Service (BITS) 2.0
Microsoft Management Console (MMC) 3.0
Microsoft Report Viewer 2008 Redistributable

After installing all the requirements, we can now download and launch WSUS 3.0 installation.

Choose "Full server installation including Administration Console"

Choose "I accept the terms..." and click next

Click Next...

Let's leave the directory to the default. Click Next...

If the server you are installing is hosting other web services, you may choose the create WSUS website otherwise use the existing IIS default.

Click Next...

Click Finished.

Installation is now complete. Let us now proceed to Part 2, which covers the configuration.

How to disable autorun in group policy

Worms and viruses from mobile disks are really annoying. There are too many viruses and worms that uses the autorun.inf file to spread the infection.

If you have a mobile disk, you can actually check the content of the autorun.inf file to verify if it's really calling a legitimate file by viewing it's content using Notepad.

The worm writer modifies or creates their own "autorun.inf" file on your mobile disks. So whenever you insert an infected USB storage device, the worm can be transferred to that machine automatically.

There are some Anti-virus that can easily blocked a suspicious autorun.inf file from running. Though, i suggest following the procedure below to disable autorun.

Windows 2003 Active Directory Group Policy

1. Open "Group Policy Management" if you don't have you can download it here.

2. Right click select on the domain where you want this policy to be implemented and select "Create or Link a GPO here". Or if you have an existing GPO that you want to use, you can go to step 5.

3. Name it to "Disable Autorun" and click Ok

4. Write click the newly created or an existing GPO and select Edit.

5. Go to Computer Configuration >>> Administrative templates >>> System and double-click Turn-Off Autoplay. Select "Enabled" and select "All Drives" on the drop-down list.