aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-24 01:14:24 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
86b8b9d08c72a4e3b855399b3eeef8474ffd98e9
securedorg.github.io/fundamentals.md
Amanda Rousseau 86b8b9d08c fixing table
2017-03-08 14:32:15 -08:00

3.2 KiB
Raw Blame History

layout, permalink, title
layout permalink title
default /RE101/section1/ Fundamentals

Go Back to Reverse Engineering Malware 101

Section 1: Fundamentals

Enviroment Setup

Installing VirtualBox

For windows and osx, follow the instructions in the install binary.

Windows #### | #### Mac OSX #### | #### Linux

--- | --- | --- alt text | alt text | alt text

Mac OSX

alt text

Linux

alt text

Download Victim and Sniffer VMs

Unzip the files below and open the .ovf file with VirtualBox

Victim VM

  • OS: Windows 7 Service Pack 1
  • Architecture: Intel 32bit
  • Username: IEUser
  • Password: Passw0rd!
  • IP Address: 192.168.0.2
  • Gateway: 192.168.0.1

Sniffer VM

  • OS: Ubuntu 16.04.2 LTS Desktop
  • Architecture: Intel 64bit
  • Username: Sniffer
  • password re1012017
  • IP Address: 192.168.0.1
  • Gateway: 192.168.0.1

Post Install Instructions

  1. Install VirtualBox CD on both VMs: Devices->Insert Guest Additions CD Image
  • If it doesn't auto appear, navigate to the CD Drive to install
  • Follow install directions
  • Note: it will require install privileges so insert passwords for each VM
  1. Victim VM: Devices->Drag and Drop->Bidrectional
  2. Victim VM: Devices->Shared Clipboard->Bidirectional
  3. Both VMs: Devices->Network->Network Settings
  • Select Attached to Interal Network
  • Name should mirror both VMs. Default is intnet
  1. Run/Play both VMs to verify network connectivity
  2. Sniffer VM: Ensure inetsim is running
  • Open terminal and run: ps -ef | grep inetsim
  • If no output, run: /etc/init.d/inetsim start
  • Run the ps command again to confirm it's running.
  • Expected output: alt text
  1. Victim VM: test connection to Sniffer VM
  • In the search bar, type cmd.exe to open terminal
  • Run command: ping 192.168.0.1
  • Expected output: alt text
  1. Sniffer VM: Devices->Shared Folders->Shared Folders Settings
  • On your Host, create a folder called sniffershare
  • In virtual box select Add New Shared Folder icon and navigate to the folder you just created (sniffershare)
  • In Sniffer VM, open the terminal and run command:sudo mount -t vboxsf -o uid=$UID,gid=$(id -g) share ~/host

Intro <- Back | Next -> Anatomy of PE