Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What is Capsulecorp-Pentest?

2025-01-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

This article mainly explains "what is Capsulecorp-Pentest". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "what is Capsulecorp-Pentest?"

Capsulecorp-Pentest

Capsulecorp-Pentest is a small virtual network driven by Vagrant and Ansible. The tool consists of five virtual machines and includes one Linux attack system running Xubuntu and four virtual machines running Windows 2019 server system and configured with multiple vulnerable services. This project can help security researchers learn and study network penetration testing techniques in a standard environment.

Building a virtual network to learn penetration testing is actually a tedious task, which not only consumes passion, but also consumes a lot of time and resources. However, the Capsulecorp environment has helped us configure all the components and environments. Once you have Vagrant, Ansible, and VirtualBox installed on your device, we only need to run a few simple Vagrant commands to have a fully functioning active directory domain and use it to learn and study penetration testing techniques.

Function introduction

Active directory domain with 1 DC and 3 server members

Domain controller: goku.capsulecorp.local server 01:vegeta.capsulecorp.local server 02:gohan.capsulecorp.local server 03:trunks.capsulecorp.localWrkstn 01:tien.capsulecorp.local

Vulnerable Jenkins server (running on vegeta)

Vulnerable Apache Tomcat server (running on trunks)

Vulnerable MSSQL server (running on gohan)

There is a MS17-010 vulnerability (running on tien)

Run XRDP's Xubuntu penetration test system, which contains the following components:

MetasploitCrackMapExecNmapRemmina RDP clientRVMPython/Pip/PipenvImpacket tool requirements

If you want to use the Capsulecorp penetration test network properly, the majority of users must pre-install the following tool components:

VirtualBox: [click me to download]

Vagrant: [click me to download]

Ansible: [click me to download]

Tool installation

First, clone the project source code locally using the following command:

Git clone https://github.com/R3dy/capsulecorp-pentest.git

Use the cd command to change to the project directory:

Cd capsulecorp-pentest

Next, we need to start the virtual machine in a specific order and configure the Ansible script. Then use the following command to configure the Goku environment:

Vagrant up gokuvagrant provision gokumacOS configuration

To manage the Windows host, you need to install pywinrm in the Ansible virtual environment using the pip command:

Source ~ / ansible/bin/activatepip install pywinrmdeactivate configure Windows host

First, we need to configure the domain controller. This system can take a long time to boot up, because things like dcpromo take a little time to configure.

Turn on the virtual machine:

Vagrant up goku

Configure the virtual machine:

Vagrant provision goku

We can configure different virtual machine environments by replacing "goku" in the above two commands with "gohan", "vegeta", and "trunks".

This part of the operation will take some time, because after configuring dcpromo, the system will have to restart.

TASK [promotedc: Set a static address to 172.28.128.100] * * changed: [goku] TASK [promotedc: Change hostname to goku] * * ok: [goku] TASK [promotedc: Install Active Directory Services] * * ok: [goku] TASK [promotedc: Promote goku to domain controller] * * changed: [goku] TASK [promotedc: Reboot after promotion] * * configure the penetration test platform

After starting and configuring all the virtual machines using Vagrant, use the cd command to enter the project directory, such as "cd ~ / capsulecorp-pentest", where the RDP forwarding port of the local host is required.

Vagrant up pentest

Configure penetration testing equipment:

Vagrant provision pentest

We can use the preferred RDP client to connect to the xrdp listener, or use SSH to access your penetration testing device:

Vagrant ssh pentest at this point, I believe you have a deeper understanding of "what is Capsulecorp-Pentest", might as well come to the actual operation of it! Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 232

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report