A colleague suggested books by no starch press (https://nostarch.com/) as a good resource. I picked up two volumes, including Ethical Hacking by Daniel G Graham (ISBN: 978-1-7185-0187-4). Thew first section of this book is about setting up a home lab for practice.
Dr Graham gives instructions for setting up a lab using VirtualBox. In my bootcamp, I used VMWare. I don't remember the precise reasons, but I did try out both VirtualBox and VMWare, and was able to get VMWare started easier. Once it was up and running, there was no reason then to troubleshoot VirtualBox any further. Now my choice is to troubleshoot VirtualBox so as to be able to setup my lab like Dr Graham's, or try to adapt his instructions to VMWare. I think there's more to be learned by adapting his instructions, so that's the route I'm taking.
The first thing I learned was that if I was going to be running a vulnerable machine, I should probably place an additional firewall between it and the rest of the world. I actually have two firewalls: my ISP provides one with its router, and I use PiHole; so this will place three(!) firewalls around my vulnerable machines. In truth, I'm half convinced that this is overkill, but I don't think it will slow things down enough to matter, and I'd like the experience of setting up this additional firewall. Also, I expect it will simplify some of Dr Graham's later exercises, and as steep as I do like the learning curve, at a certain point you're looking at a funicular, which is self-defeating.
Dr Graham recommends the pfSense firewall, downloaded from their website (https://www.pfsense.org/). The download is straightforward, a zipped file that extracts to a .iso (disk image) file. You select your architecture (64-bit or Netgate; there's theoretically also a 32-bit option according to the help text on mouse-over, but that may be a legacy help text) and your (USB or iso), then download. Once you've unzipped the image, it's available to install: open the File menu on VMWare and select "New Virtual machine". A wizard launches - I used the Typical install option, then directed the wizard to the extracted iso. Strangely, I couldn't click on the image to select it, but by navigating to the folder then entering the filename manually, the install seems to have worked.
The default memory assigned by the wizard is 256MB. Dr Graham suggests a setting of 1024MB, which is changed via a vertical slider during setup. Alternately, you can change it later by right-clicking the machine's tab and selecting "Settings' form the resulting menu.
The network settings were the first real change. pfSense needs to connect to the internet and to a LAN - it's positioned between the internet and the machines on the LAN, in order to police the traffic passing between the two. This requires two network connections, and while the VirtualBox setup looks to have four network adapters out of the box, VMWare only provides one. In that same settings menu that I referenced last paragraph, though, on the Hardware tab, there's a button near the bottom of the window labeled "Add...", and clicking that gives the opportunity to add another network interface. this now gives me the two interfaces, one of which I set to Bridged (Automatic), and the other of which I set to LAN Segment:
- Bridged (Automatic) provides a direct connection to the physical network - this is the connection to the internet (and any threat actors) - the area outside the firewall.
- LAN Segment provides a connection to a local area network (LAN), the area inside the firewall. Initially, there are no LAN segments available, but adding one is easily managed through the LAN Segments button. Click 'Add' on the resulting mini window. I named my LAN 'Internal LAN' to keep it consistent with Dr Graham's design, and connected the Network Adapter 2 to this LAN Segment.
Thus configured, pfSense can be started up. There is an agreement to accept, then you can install the software. And about here is where I ran into my first puzzle.
Dr Graham now directs you to reboot pfSense, and then to note that pfSense redirects to the same copyright and distribution notices as before, since the machine is still booting form the original iso download. He directs you to Settings --> Storage, then select the iso file and click "Remove Attachment." I didn't find exactly that in VMWare, but on the Hardware tab of the Settings window, there is a CD/DVD (IDE) line, which when opened reveals checkboxes for "Connected" and "Connect at power on". For the connection, there is the downloaded, extracted iso file - looks like the same thing, right?
Well, I deselected the checkboxes, disconnecting the file, and restarted pfSense. And it didn't work. Foolishly, I didn't write down the error. The obvious soluiton was to reselect those checkboxes, which I did, but on restarting pfSense, it got stuck in a boot loop: rebooting and rebooting and rebooting.
Google is your friend, they say, and a quick web search on "pfsense stuck in boot loop" showed me that I was hardly the first person to face this scenario. The second hit was a Reddit post that included directions for fixing it (the first post looks to be a blog giving the same advice). I ran the appropriate command until there were no errors and successfully rebooted into the expected menu:
There is still one problem, which is that the WAN entry is blank, when it should be filled in. That is for tomorrow night.
Next Post
The menu gives an option to set an interface ip address - option 2. From here, I'm given the option to set the ip address via DHCP. ipv4 and ipv6 are separate options. Selecting 'no' to DHCP enables entering an ip address manually. Selecting 'yes' for ipv4 and 'no' for ipv6 does - nothing. Oops - it was already setup that way, so, no change. Googling a solution means finding pfSense setup directions; pfSense has their own page, it's the top hit, and I start there (https://www.pfsense.org/getting-started/).
I also note that previously, the loading process used to hang on "Configuring WAN interface" for over a minute; now this process only takes a few seconds. However, there is not yet a connection between machines on the LAN and the outside world. With my Kali and my Raven boxes on the internal LAN, I can reach one from the other, but attempting to reach the internet fails: I can't navigate to outside websites on a browser in Kali, nor can I ping the Google DNS server (8.8.8.8 - "ping: connect: Network is unreachable")
