aljaz/securedorg.github.io
1
0
Fork 0
mirror of https://github.com/aljazceru/securedorg.github.io.git synced 2025-12-20 23:44:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
b97eff6b3b6db12c25fbaaad466f5eb3ebad51a0
securedorg.github.io/fundamentals.md
Amanda Rousseau 7cb508f06e adding images
2017-03-08 12:28:36 -08:00

2.9 KiB
Raw Blame History

layout, permalink, title
layout permalink title
default /RE101/section1/ Fundamentals

Go Back to Reverse Engineering Malware 101

Section 1: Fundamentals

Enviroment Setup

Installing VirtualBox

For windows and osx, follow the instructions in the install binary.

Windows

alt text

Mac OSX

alt text

Linux

alt text

Download Victim and Sniffer VMs

Unzip the files below and open the .ovf file with VirtualBox

Victim VM

  • OS: Windows 7 Service Pack 1
  • Architecture: Intel 32bit
  • Username: IEUser
  • Password: Passw0rd!
  • IP Address: 192.168.0.2
  • Gateway: 192.168.0.1

Sniffer VM

  • OS: Ubuntu 16.04.2 LTS Desktop
  • Architecture: Intel 64bit
  • Username: Sniffer
  • password re1012017
  • IP Address: 192.168.0.1
  • Gateway: 192.168.0.1

Post Install Instructions

  1. Install VirtualBox CD on both VMs: Devices->Insert Guest Additions CD Image
  • If it doesn't auto appear, navigate to the CD Drive to install
  • Follow install directions
  • Note: it will require install privileges so insert passwords for each VM
  1. Victim VM: Devices->Drag and Drop->Bidrectional
  2. Victim VM: Devices->Shared Clipboard->Bidirectional
  3. Both VMs: Devices->Network->Network Settings
  • Select Attached to Interal Network
  • Name should mirror both VMs. Default is intnet
  1. Run/Play both VMs to verify network connectivity
  2. Sniffer VM: Ensure inetsim is running
  • Open terminal and run: ps -ef | grep inetsim
  • If no output, run: /etc/init.d/inetsim start
  • Run the ps command again to confirm it's running.
  • Expected output: alt text
  1. Victim VM: test connection to Sniffer VM
  • In the search bar, type cmd.exe to open terminal
  • Run command: ping 192.168.0.1
  • Expected output: alt text
  1. Sniffer VM: Devices->Shared Folders->Shared Folders Settings
  • On your Host, create a folder called sniffershare
  • In virtual box select Add New Shared Folder icon and navigate to the folder you just created (sniffershare)
  • In Sniffer VM, open the terminal and run command:sudo mount -t vboxsf -o uid=$UID,gid=$(id -g) share ~/host

Intro <- Back | Next -> Anatomy of PE