SlideShare a Scribd company logo
How to create your
own hack environment
By Sumedt Jitpukdebodin
# whoami
:~ # Sumedt Jitpukdebodin

:~ # Cyber Ops Consultant @ Horangi

:~ # Technical @ OWASP Thailand, Admin @ 2600Thailand

:~ # Google me :)
# why ~
:~ # Learn system administrator jobs

:~ # Learn offensive and defensive

• Do PoC from public exploit

• Analysis vulnerabilities and analysis

• Create your own challenges and make people fun with it :)

:~ # Do the lab for DevSecOps

:~ # Simulate the real world situation.

:~ # Do something weird :p
# How
• Create with your own machine (server)

• Create with cloud service

• Create with VM and container
# Differentiate
Price
(Start)
Pros Cons
Real Server 30000
- Powerful machine

- Can do everything you
want

- You own it
- Longterm solution

- Have to maintain by
yourself
Cloud Service 500~/month
- Short-term solution

- Easy to setup

- Real world environment

- Scalable

- Easy to custom
- Limit images

- High price for longterm

- Have some restriction
# why Docker
• Easy to setup and maintain

• Easy to find template

• Easy to modify

• Can run on multi-platform

• Strong community
# Install Docker on Ubuntu
16.04.2
:~ # sudo apt-get update

:~ # sudo apt-get install apt-transport-https ca-certificates
curl software-properties-common

:~ # sudo add-apt-repository  "deb [arch=amd64] https://
download.docker.com/linux/ubuntu  $(lsb_release -
cs)  stable”

:~ # sudo apt-get update

:~ # sudo apt-get install docker-ce docker-compose
Example Docker image for
IIS (Windows)
# escape=`
FROM microsoft/windowsservercore:1803
RUN powershell -Command `
Add-WindowsFeature Web-Server; `
Invoke-WebRequest -UseBasicParsing -Uri "https://
dotnetbinaries.blob.core.windows.net/servicemonitor/2.0.1.3/ServiceMonitor.exe"
-OutFile "C:ServiceMonitor.exe"
EXPOSE 80
ENTRYPOINT ["C:ServiceMonitor.exe", "w3svc"]
Example Docker image for
Nginx (Linux)
FROM debian:jessie
MAINTAINER Diego Najar
# Variables
ENV NGINX_VERSION 1.10.1-1~jessie
ENV nginx_conf /etc/nginx/nginx.conf
ENV php_conf /etc/php5/fpm/php.ini
ENV fpm_conf /etc/php5/fpm/php-fpm.conf
ENV fpm_pool /etc/php5/fpm/pool.d/www.conf
# Packages installation
RUN echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list && 
apt-get update && 
apt-get install --no-install-recommends --no-install-suggests -y --force-yes ca-
certificates nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter nginx-
module-perl nginx-module-njs gettext-base php5-fpm supervisor
RUN sed -i -e "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" ${php_conf} && 
sed -i -e "s/listen = 127.0.0.1:9000/listen = /var/run/php-fpm.sock/g" ${fpm_pool}
EXPOSE 80 443
# Start Docker
:~ # docker build -t nginx-phpfpm docker-nginx-php-fpm

:~ # docker run -itd -p 80:80 nginx-phpfpm:latest

:~ # docker ps

:~ # docker exec <name> /etc/init.d/nginx restart
Example Docker Compose
for LEMP
version: ‘3'
networks:
LEMP:
services:
nginx:
image: nginx:stable-alpine
container_name: LEMP_nginx
ports:
- "8080:80"
volumes:
- ./code:/code
- ./nginx/default.conf:/etc/nginx/conf.d/default.conf
depends_on:
- php
networks:
- LEMP
mariaDB:
image: mariadb:latest
container_name: LEMP_mariaDB
volumes:
- ./database:/var/lib/mysql:rw
ports:
- "3306:3306"
depends_on:
- nginx
environment:
- MYSQL_ROOT_PASSWORD=654321
networks:
- LEMP
php:
image: php:7-fpm-alpine
container_name: LEMP_php
volumes:
- ./code:/code
ports:
- "9000:9000"
networks:
- LEMP
phpmyadmin:
image: phpmyadmin/phpmyadmin
container_name: LEMP_phpMyAdmin
ports:
- "8183:80"
environment:
PMA_ARBITRARY: 1
depends_on:
- mariaDB
networks:
- LEMP
# Vulnerable OWASP
Docker Images
• DVWA (https://github.com/infoslack/docker-dvwa)

• Juice Shop (https://hub.docker.com/r/bkimminich/juice-shop/)

• Vulnerable Wordpress by WPScan Team (https://hub.docker.com/r/
wpscanteam/vulnerablewordpress/)

• Mutillidae 2 (https://hub.docker.com/r/citizenstig/nowasp/)

• OWASP WebGoat (https://hub.docker.com/r/danmx/docker-owasp-
webgoat/)

• OWASP NodeGoat (https://github.com/owasp/
nodegoat#option-3---run-nodegoat-on-docker)
# Specific Vulnerabilities
• Apache Struts2 - CVE-2017-5638 (https://hub.docker.com/r/
piesecurity/apache-struts2-cve-2017-5638/)

• Shellshock - CVE-2014-6271 (https://github.com/Zenithar/docker-
shellshockable)

• Heartbleed - CVE-2014-0160 (https://hub.docker.com/r/hmlio/
vaas-cve-2014-0160/)

• Sambacry - CVE-2017-7494 (https://hub.docker.com/r/
vulnerables/cve-2017-7494/)

• DHClient RCE - CVE-2018-1111 (https://github.com/knqyf263/
CVE-2018-1111)
# Multi Vulnerable Docker
• https://hub.docker.com/u/vulnerables/
# Start Heartbleed Docker
:~ # docker pull hmlio/vaas-cve-2014-0160

:~ # docker run -d -p 8443:443 hmlio/vaas-cve-2014-0160

:~ # nmap -sV -p 8443 --script=ssl-heartbleed localhost

:~ # git clone https://github.com/mpgn/heartbleed-PoC

:~ # python2 heartbleed-exploit.py localhost 8443
# Start DHClient-RCE
Docker
:~ # git clone https://github.com/knqyf263/CVE-2018-1111

:~ # docker-compose up -d

• Attacker

:~ # docker-compose exec attacker bash

:~ # ./scripts/attack.sh

• Victim

:~ # docker-compose exec victim bash

:~ # ./scripts/victim.sh
Demo time
# Docker for Security
Officer
• Kali Linux (https://www.kali.org/news/official-kali-linux-
docker-images/)

• SIFT (https://github.com/kost/docker-sift)

• REMNux (https://hub.docker.com/r/remnux/)
How about real world
scenario?
AWS
• AWS EC2

• Active Directory

• IIS

• SQL Server

• WAF

• NGFW

• AWS S3

• Real sh*t scenario
Step of demo#2
• Pwn client with any method (in this demo, I used psexec
but actually can be any client side attack method)

• Dump password and enumerate information inside client

• Create Socket Server on Attacker and forward package to
client via session of Metasploit for pivoting network

• Pwn Windows AD on AWS with psexec by using
credential of domain user.
Demo time#2
Can we do anything else?
• Vulnhub

• HackTheBox

• PentesterLab

• Many Vulnerability VM/docker from many vendor.

• CTF

• etc.
Thank you

More Related Content

What's hot

Provisioning & Deploying with Docker
Provisioning & Deploying with DockerProvisioning & Deploying with Docker
Provisioning & Deploying with Docker
Erica Windisch
 
Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))
Michele Orselli
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Develcz
 
Infrastructure = Code
Infrastructure = CodeInfrastructure = Code
Infrastructure = Code
Georg Sorst
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)
Michele Orselli
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansible
Ahmed AbouZaid
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
Ben Hall
 
PHP development with Docker
PHP development with DockerPHP development with Docker
PHP development with Docker
Yosh de Vos
 
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Docker, Inc.
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
Sergiy Kukunin
 
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
Puppet
 
Create your very own Development Environment with Vagrant and Packer
Create your very own Development Environment with Vagrant and PackerCreate your very own Development Environment with Vagrant and Packer
Create your very own Development Environment with Vagrant and Packer
frastel
 
Docker as development environment
Docker as development environmentDocker as development environment
Docker as development environment
Bruno de Lima e Silva
 
Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)
Ontico
 
Installaling Puppet Master and Agent
Installaling Puppet Master and AgentInstallaling Puppet Master and Agent
Installaling Puppet Master and AgentRanjit Avasarala
 
Infrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & AnsibleInfrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & Ansible
Robert Reiz
 
Austin - Container Days - Docker 101
Austin - Container Days - Docker 101Austin - Container Days - Docker 101
Austin - Container Days - Docker 101
Bill Maxwell
 
Ansible Oxford - Cows & Containers
Ansible Oxford - Cows & ContainersAnsible Oxford - Cows & Containers
Ansible Oxford - Cows & Containers
jonatanblue
 

What's hot (20)

Docker orchestration
Docker orchestrationDocker orchestration
Docker orchestration
 
Provisioning & Deploying with Docker
Provisioning & Deploying with DockerProvisioning & Deploying with Docker
Provisioning & Deploying with Docker
 
Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))Vagrant for real codemotion (moar tips! ;-))
Vagrant for real codemotion (moar tips! ;-))
 
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
Ondřej Šika: Docker, Traefik a CI - Mějte nasazené všeny větve na kterých pra...
 
Infrastructure = Code
Infrastructure = CodeInfrastructure = Code
Infrastructure = Code
 
Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)Vagrant for real (codemotion rome 2016)
Vagrant for real (codemotion rome 2016)
 
DockerCoreNet
DockerCoreNetDockerCoreNet
DockerCoreNet
 
Getting Started with Ansible
Getting Started with AnsibleGetting Started with Ansible
Getting Started with Ansible
 
Real World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS ApplicationReal World Lessons on the Pain Points of Node.JS Application
Real World Lessons on the Pain Points of Node.JS Application
 
PHP development with Docker
PHP development with DockerPHP development with Docker
PHP development with Docker
 
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
Orchestration? You Don't Need Orchestration. What You Want Is Choreography by...
 
Start tracking your ruby infrastructure
Start tracking your ruby infrastructureStart tracking your ruby infrastructure
Start tracking your ruby infrastructure
 
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
How Puppet Enables the Use of Lightweight Virtualized Containers - PuppetConf...
 
Create your very own Development Environment with Vagrant and Packer
Create your very own Development Environment with Vagrant and PackerCreate your very own Development Environment with Vagrant and Packer
Create your very own Development Environment with Vagrant and Packer
 
Docker as development environment
Docker as development environmentDocker as development environment
Docker as development environment
 
Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)Использование Docker в CI / Александр Акбашев (HERE Technologies)
Использование Docker в CI / Александр Акбашев (HERE Technologies)
 
Installaling Puppet Master and Agent
Installaling Puppet Master and AgentInstallaling Puppet Master and Agent
Installaling Puppet Master and Agent
 
Infrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & AnsibleInfrastructure Deployment with Docker & Ansible
Infrastructure Deployment with Docker & Ansible
 
Austin - Container Days - Docker 101
Austin - Container Days - Docker 101Austin - Container Days - Docker 101
Austin - Container Days - Docker 101
 
Ansible Oxford - Cows & Containers
Ansible Oxford - Cows & ContainersAnsible Oxford - Cows & Containers
Ansible Oxford - Cows & Containers
 

Similar to How to create your own hack environment

From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
Jérôme Petazzoni
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
Ben Hall
 
ILM - Pipeline in the cloud
ILM - Pipeline in the cloudILM - Pipeline in the cloud
ILM - Pipeline in the cloud
Aaron Carey
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
Ben Hall
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
Docker, Inc.
 
Ruby on Rails and Docker - Why should I care?
Ruby on Rails and Docker - Why should I care?Ruby on Rails and Docker - Why should I care?
Ruby on Rails and Docker - Why should I care?
Adam Hodowany
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
양재동 코드랩
 
Docker
DockerDocker
Docking with Docker
Docking with DockerDocking with Docker
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
Alexandre Salomé
 
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day ThailandCI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
Troublemaker Khunpech
 
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
Sencha
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
Leo Lorieri
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - Indroduc
Al Gifari
 
Docker orchestration v4
Docker orchestration v4Docker orchestration v4
Docker orchestration v4
Hojin Kim
 
How to _docker
How to _dockerHow to _docker
How to _docker
Abdur Rab Marjan
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016
Ben Hall
 
PDXPortland - Dockerize Django
PDXPortland - Dockerize DjangoPDXPortland - Dockerize Django
PDXPortland - Dockerize DjangoHannes Hapke
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarm
Hsi-Kai Wang
 
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
Mando Stam
 

Similar to How to create your own hack environment (20)

From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...From development environments to production deployments with Docker, Compose,...
From development environments to production deployments with Docker, Compose,...
 
Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)Running Docker in Development & Production (#ndcoslo 2015)
Running Docker in Development & Production (#ndcoslo 2015)
 
ILM - Pipeline in the cloud
ILM - Pipeline in the cloudILM - Pipeline in the cloud
ILM - Pipeline in the cloud
 
Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)Running Docker in Development & Production (DevSum 2015)
Running Docker in Development & Production (DevSum 2015)
 
Docker Security workshop slides
Docker Security workshop slidesDocker Security workshop slides
Docker Security workshop slides
 
Ruby on Rails and Docker - Why should I care?
Ruby on Rails and Docker - Why should I care?Ruby on Rails and Docker - Why should I care?
Ruby on Rails and Docker - Why should I care?
 
[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안[Codelab 2017] Docker 기초 및 활용 방안
[Codelab 2017] Docker 기초 및 활용 방안
 
Docker
DockerDocker
Docker
 
Docking with Docker
Docking with DockerDocking with Docker
Docking with Docker
 
Docker, c'est bonheur !
Docker, c'est bonheur !Docker, c'est bonheur !
Docker, c'est bonheur !
 
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day ThailandCI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
CI/CD with Jenkins and Docker - DevOps Meetup Day Thailand
 
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
SenchaCon 2016: Develop, Test & Deploy with Docker - Jonas Schwabe
 
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
[EXTENDED] Ceph, Docker, Heroku Slugs, CoreOS and Deis Overview
 
Docker engine - Indroduc
Docker engine - IndroducDocker engine - Indroduc
Docker engine - Indroduc
 
Docker orchestration v4
Docker orchestration v4Docker orchestration v4
Docker orchestration v4
 
How to _docker
How to _dockerHow to _docker
How to _docker
 
Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016Deploying Windows Containers on Windows Server 2016
Deploying Windows Containers on Windows Server 2016
 
PDXPortland - Dockerize Django
PDXPortland - Dockerize DjangoPDXPortland - Dockerize Django
PDXPortland - Dockerize Django
 
Introction to docker swarm
Introction to docker swarmIntroction to docker swarm
Introction to docker swarm
 
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
GDG-ANDROID-ATHENS Meetup: Build in Docker with Jenkins
 

More from Sumedt Jitpukdebodin

Phishing
PhishingPhishing
Which side are you
Which side are youWhich side are you
Which side are you
Sumedt Jitpukdebodin
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
Sumedt Jitpukdebodin
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
Sumedt Jitpukdebodin
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
Sumedt Jitpukdebodin
 
R u hacked
R u hackedR u hacked
Web architecture mechanism and threats
Web architecture   mechanism and threatsWeb architecture   mechanism and threats
Web architecture mechanism and threats
Sumedt Jitpukdebodin
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
Sumedt Jitpukdebodin
 
Security awareness training
Security awareness trainingSecurity awareness training
Security awareness training
Sumedt Jitpukdebodin
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
Sumedt Jitpukdebodin
 
DDoS handlering
DDoS handleringDDoS handlering
DDoS handlering
Sumedt Jitpukdebodin
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
Sumedt Jitpukdebodin
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
Sumedt Jitpukdebodin
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
Sumedt Jitpukdebodin
 

More from Sumedt Jitpukdebodin (14)

Phishing
PhishingPhishing
Phishing
 
Which side are you
Which side are youWhich side are you
Which side are you
 
Endpoint is not enough
Endpoint is not enoughEndpoint is not enough
Endpoint is not enough
 
Antivirus is hopeless
Antivirus is hopelessAntivirus is hopeless
Antivirus is hopeless
 
Purple team is awesome
Purple team is awesomePurple team is awesome
Purple team is awesome
 
R u hacked
R u hackedR u hacked
R u hacked
 
Web architecture mechanism and threats
Web architecture   mechanism and threatsWeb architecture   mechanism and threats
Web architecture mechanism and threats
 
Fundamental of malware analysis
Fundamental of malware analysisFundamental of malware analysis
Fundamental of malware analysis
 
Security awareness training
Security awareness trainingSecurity awareness training
Security awareness training
 
Hacking with paper
Hacking with paperHacking with paper
Hacking with paper
 
DDoS handlering
DDoS handleringDDoS handlering
DDoS handlering
 
Incident response before:after breach
Incident response before:after breachIncident response before:after breach
Incident response before:after breach
 
What should I do when my website got hack?
What should I do when my website got hack?What should I do when my website got hack?
What should I do when my website got hack?
 
Web Architecture - Mechanism and Threats
Web Architecture - Mechanism and ThreatsWeb Architecture - Mechanism and Threats
Web Architecture - Mechanism and Threats
 

Recently uploaded

Importance of BWTS in the Maritime Industry
Importance of BWTS in the Maritime IndustryImportance of BWTS in the Maritime Industry
Importance of BWTS in the Maritime Industry
Blessed Marine Automation
 
How Does Littering Affect the Environment.
How Does Littering Affect the Environment.How Does Littering Affect the Environment.
How Does Littering Affect the Environment.
ClenliDirect
 
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Landscape Express
 
Best Catering Event Planner Miso-Hungry.pptx
Best Catering Event Planner  Miso-Hungry.pptxBest Catering Event Planner  Miso-Hungry.pptx
Best Catering Event Planner Miso-Hungry.pptx
Miso Hungry
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
Himanshu
 
SIMBA SQUAD : Best seo company in perth
SIMBA SQUAD :  Best seo company in perthSIMBA SQUAD :  Best seo company in perth
SIMBA SQUAD : Best seo company in perth
ridebiler
 
Are Gutters Necessary? Explore the details now!
Are Gutters Necessary? Explore the details now!Are Gutters Necessary? Explore the details now!
Are Gutters Necessary? Explore the details now!
AmeliaLauren3
 
Reliable Logistics Solutions - Truxcargo
Reliable Logistics Solutions - TruxcargoReliable Logistics Solutions - Truxcargo
Reliable Logistics Solutions - Truxcargo
Truxcargo
 
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
RNayak3
 
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
gitapress3
 
Best steel industrial company LLC in UAE
Best steel industrial company LLC in UAEBest steel industrial company LLC in UAE
Best steel industrial company LLC in UAE
alafnanmetals
 
Elevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion IndustryElevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion Industry
Matebiz Pvt. Ltd
 
Solar Panel For Home Price List In india
Solar Panel For Home Price List In indiaSolar Panel For Home Price List In india
Solar Panel For Home Price List In india
janhaviconaxweb
 
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
gitapress3
 
Office Business Furnishings | Office Equipment
Office Business Furnishings |  Office EquipmentOffice Business Furnishings |  Office Equipment
Office Business Furnishings | Office Equipment
OFWD
 
Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098
Chandigarh export services garal
 
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi KadaleGet your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Pallavi Makeup Artist
 
Bulk SMS Service Provider In Mumbai | sms2orbit
Bulk SMS Service Provider In Mumbai | sms2orbitBulk SMS Service Provider In Mumbai | sms2orbit
Bulk SMS Service Provider In Mumbai | sms2orbit
Orbit Messaging Hub
 
Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
Irri Design Studio
 
Colors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptxColors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptx
Brendon Jonathan
 

Recently uploaded (20)

Importance of BWTS in the Maritime Industry
Importance of BWTS in the Maritime IndustryImportance of BWTS in the Maritime Industry
Importance of BWTS in the Maritime Industry
 
How Does Littering Affect the Environment.
How Does Littering Affect the Environment.How Does Littering Affect the Environment.
How Does Littering Affect the Environment.
 
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
Nature’s Paradise Glamorous And Sustainable Designs For Your Outdoor Living S...
 
Best Catering Event Planner Miso-Hungry.pptx
Best Catering Event Planner  Miso-Hungry.pptxBest Catering Event Planner  Miso-Hungry.pptx
Best Catering Event Planner Miso-Hungry.pptx
 
DOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce ExcellenceDOJO Training Center - Empowering Workforce Excellence
DOJO Training Center - Empowering Workforce Excellence
 
SIMBA SQUAD : Best seo company in perth
SIMBA SQUAD :  Best seo company in perthSIMBA SQUAD :  Best seo company in perth
SIMBA SQUAD : Best seo company in perth
 
Are Gutters Necessary? Explore the details now!
Are Gutters Necessary? Explore the details now!Are Gutters Necessary? Explore the details now!
Are Gutters Necessary? Explore the details now!
 
Reliable Logistics Solutions - Truxcargo
Reliable Logistics Solutions - TruxcargoReliable Logistics Solutions - Truxcargo
Reliable Logistics Solutions - Truxcargo
 
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
Unlocking Insights: AI-powered Enhanced Due Diligence Strategies for Increase...
 
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
BesT panDit Ji LoVe problem solution 9463629203 UK uSA California New Zealand...
 
Best steel industrial company LLC in UAE
Best steel industrial company LLC in UAEBest steel industrial company LLC in UAE
Best steel industrial company LLC in UAE
 
Elevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion IndustryElevate Your Brand with Digital Marketing for Fashion Industry
Elevate Your Brand with Digital Marketing for Fashion Industry
 
Solar Panel For Home Price List In india
Solar Panel For Home Price List In indiaSolar Panel For Home Price List In india
Solar Panel For Home Price List In india
 
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
BEst VASHIKARAN SPECIALIST 9463629203 in UK Baba ji Love Marriage problem sol...
 
Office Business Furnishings | Office Equipment
Office Business Furnishings |  Office EquipmentOffice Business Furnishings |  Office Equipment
Office Business Furnishings | Office Equipment
 
Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098Chandigarh call garal serives 9512450098
Chandigarh call garal serives 9512450098
 
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi KadaleGet your dream bridal look with top North Indian makeup artist - Pallavi Kadale
Get your dream bridal look with top North Indian makeup artist - Pallavi Kadale
 
Bulk SMS Service Provider In Mumbai | sms2orbit
Bulk SMS Service Provider In Mumbai | sms2orbitBulk SMS Service Provider In Mumbai | sms2orbit
Bulk SMS Service Provider In Mumbai | sms2orbit
 
Maximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management SystemsMaximizing Efficiency with Integrated Water Management Systems
Maximizing Efficiency with Integrated Water Management Systems
 
Colors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptxColors of Wall Paint and Their Mentally Properties.pptx
Colors of Wall Paint and Their Mentally Properties.pptx
 

How to create your own hack environment

  • 1. How to create your own hack environment By Sumedt Jitpukdebodin
  • 2. # whoami :~ # Sumedt Jitpukdebodin :~ # Cyber Ops Consultant @ Horangi :~ # Technical @ OWASP Thailand, Admin @ 2600Thailand :~ # Google me :)
  • 3. # why ~ :~ # Learn system administrator jobs :~ # Learn offensive and defensive • Do PoC from public exploit • Analysis vulnerabilities and analysis • Create your own challenges and make people fun with it :) :~ # Do the lab for DevSecOps :~ # Simulate the real world situation. :~ # Do something weird :p
  • 4. # How • Create with your own machine (server) • Create with cloud service • Create with VM and container
  • 5. # Differentiate Price (Start) Pros Cons Real Server 30000 - Powerful machine - Can do everything you want - You own it - Longterm solution - Have to maintain by yourself Cloud Service 500~/month - Short-term solution - Easy to setup - Real world environment - Scalable - Easy to custom - Limit images - High price for longterm - Have some restriction
  • 6. # why Docker • Easy to setup and maintain • Easy to find template • Easy to modify • Can run on multi-platform • Strong community
  • 7. # Install Docker on Ubuntu 16.04.2 :~ # sudo apt-get update :~ # sudo apt-get install apt-transport-https ca-certificates curl software-properties-common :~ # sudo add-apt-repository "deb [arch=amd64] https:// download.docker.com/linux/ubuntu $(lsb_release - cs) stable” :~ # sudo apt-get update :~ # sudo apt-get install docker-ce docker-compose
  • 8. Example Docker image for IIS (Windows) # escape=` FROM microsoft/windowsservercore:1803 RUN powershell -Command ` Add-WindowsFeature Web-Server; ` Invoke-WebRequest -UseBasicParsing -Uri "https:// dotnetbinaries.blob.core.windows.net/servicemonitor/2.0.1.3/ServiceMonitor.exe" -OutFile "C:ServiceMonitor.exe" EXPOSE 80 ENTRYPOINT ["C:ServiceMonitor.exe", "w3svc"]
  • 9. Example Docker image for Nginx (Linux) FROM debian:jessie MAINTAINER Diego Najar # Variables ENV NGINX_VERSION 1.10.1-1~jessie ENV nginx_conf /etc/nginx/nginx.conf ENV php_conf /etc/php5/fpm/php.ini ENV fpm_conf /etc/php5/fpm/php-fpm.conf ENV fpm_pool /etc/php5/fpm/pool.d/www.conf # Packages installation RUN echo "deb http://nginx.org/packages/debian/ jessie nginx" >> /etc/apt/sources.list && apt-get update && apt-get install --no-install-recommends --no-install-suggests -y --force-yes ca- certificates nginx nginx-module-xslt nginx-module-geoip nginx-module-image-filter nginx- module-perl nginx-module-njs gettext-base php5-fpm supervisor RUN sed -i -e "s/;cgi.fix_pathinfo=1/cgi.fix_pathinfo=0/g" ${php_conf} && sed -i -e "s/listen = 127.0.0.1:9000/listen = /var/run/php-fpm.sock/g" ${fpm_pool} EXPOSE 80 443
  • 10. # Start Docker :~ # docker build -t nginx-phpfpm docker-nginx-php-fpm :~ # docker run -itd -p 80:80 nginx-phpfpm:latest :~ # docker ps :~ # docker exec <name> /etc/init.d/nginx restart
  • 11. Example Docker Compose for LEMP version: ‘3' networks: LEMP: services: nginx: image: nginx:stable-alpine container_name: LEMP_nginx ports: - "8080:80" volumes: - ./code:/code - ./nginx/default.conf:/etc/nginx/conf.d/default.conf depends_on: - php networks: - LEMP mariaDB: image: mariadb:latest container_name: LEMP_mariaDB volumes: - ./database:/var/lib/mysql:rw ports: - "3306:3306" depends_on: - nginx environment: - MYSQL_ROOT_PASSWORD=654321 networks: - LEMP php: image: php:7-fpm-alpine container_name: LEMP_php volumes: - ./code:/code ports: - "9000:9000" networks: - LEMP phpmyadmin: image: phpmyadmin/phpmyadmin container_name: LEMP_phpMyAdmin ports: - "8183:80" environment: PMA_ARBITRARY: 1 depends_on: - mariaDB networks: - LEMP
  • 12. # Vulnerable OWASP Docker Images • DVWA (https://github.com/infoslack/docker-dvwa) • Juice Shop (https://hub.docker.com/r/bkimminich/juice-shop/) • Vulnerable Wordpress by WPScan Team (https://hub.docker.com/r/ wpscanteam/vulnerablewordpress/) • Mutillidae 2 (https://hub.docker.com/r/citizenstig/nowasp/) • OWASP WebGoat (https://hub.docker.com/r/danmx/docker-owasp- webgoat/) • OWASP NodeGoat (https://github.com/owasp/ nodegoat#option-3---run-nodegoat-on-docker)
  • 13. # Specific Vulnerabilities • Apache Struts2 - CVE-2017-5638 (https://hub.docker.com/r/ piesecurity/apache-struts2-cve-2017-5638/) • Shellshock - CVE-2014-6271 (https://github.com/Zenithar/docker- shellshockable) • Heartbleed - CVE-2014-0160 (https://hub.docker.com/r/hmlio/ vaas-cve-2014-0160/) • Sambacry - CVE-2017-7494 (https://hub.docker.com/r/ vulnerables/cve-2017-7494/) • DHClient RCE - CVE-2018-1111 (https://github.com/knqyf263/ CVE-2018-1111)
  • 14. # Multi Vulnerable Docker • https://hub.docker.com/u/vulnerables/
  • 15. # Start Heartbleed Docker :~ # docker pull hmlio/vaas-cve-2014-0160 :~ # docker run -d -p 8443:443 hmlio/vaas-cve-2014-0160 :~ # nmap -sV -p 8443 --script=ssl-heartbleed localhost :~ # git clone https://github.com/mpgn/heartbleed-PoC :~ # python2 heartbleed-exploit.py localhost 8443
  • 16. # Start DHClient-RCE Docker :~ # git clone https://github.com/knqyf263/CVE-2018-1111 :~ # docker-compose up -d • Attacker :~ # docker-compose exec attacker bash :~ # ./scripts/attack.sh • Victim :~ # docker-compose exec victim bash :~ # ./scripts/victim.sh
  • 18. # Docker for Security Officer • Kali Linux (https://www.kali.org/news/official-kali-linux- docker-images/) • SIFT (https://github.com/kost/docker-sift) • REMNux (https://hub.docker.com/r/remnux/)
  • 19. How about real world scenario?
  • 20. AWS • AWS EC2 • Active Directory • IIS • SQL Server • WAF • NGFW • AWS S3 • Real sh*t scenario
  • 21.
  • 22.
  • 23.
  • 24.
  • 25. Step of demo#2 • Pwn client with any method (in this demo, I used psexec but actually can be any client side attack method) • Dump password and enumerate information inside client • Create Socket Server on Attacker and forward package to client via session of Metasploit for pivoting network • Pwn Windows AD on AWS with psexec by using credential of domain user.
  • 26.
  • 28. Can we do anything else? • Vulnhub • HackTheBox • PentesterLab • Many Vulnerability VM/docker from many vendor. • CTF • etc.