Black Hat Bash - Bash Scripting for Hackers and Pentesters (Early Access) (Dolev Farhi, Nick Aleks)

The Corporate Network

The second network is the corporate network. ACME Infinity Servers uses

this private network to hosts its supporting infrastructure on the back-end. As you

can see, the corporate network has an IP address CIDR range of 10.1.0.0/24 and

contains five machines (whose names are prefixed with c-). This network is not

public facing, meaning the machines in this network don’t have internet

connectivity, and we won’t test them until we’re able to take over one or more of

the machines on the public network, which will serve as our launchpad to the

corporate network.

Kali Network Interfaces

Kali has two network interfaces used to facilitate connections to both lab

networks. We can use the br_public network interface to access the public network

and the br_corporate network interface to access the corporate network. You can

validate that both interfaces are online and configured to use the correct network

address by running the following command:

$ ip addr | grep "br_"

--snip--

4: br_public: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

link/ether 02:42:ea:5f:96:9b brd ff:ff:ff:ff:ff:ff

inet 1 172.16.10.1/24 brd 172.16.10.255 scope global br_public

valid_lft forever preferred_lft forever

5: br_corporate: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default

link/ether 02:42:67:90:5a:95 brd ff:ff:ff:ff:ff:ff

inet 2 10.1.0.1/24 brd 10.1.0.255 scope global br_corporate

valid_lft forever preferred_lft forever

Verify that the IP addresses match those shown at 1 and 2 before moving on.

The Machines

The nine machines that make up the lab environment follow a simple naming

convention. The first character of the name determines what network the machine

belongs to. For example, if the machine name starts with a p, it belongs to the

public network; likewise, if it starts with a c, it belongs to the corporate network.

The next word describes the machines’ functions or main technology stack, such

as web, ftp, jumpbox, or redis. Finally, a number is used to distinguish similar

machines, such as p-web-01 and p-web-02.

Each machines provides us with unique applications, services, and user

accounts that we can learn about and break into. Later chapters will describe these

machines in more detail, but Table 3-1 provides some high-level information about

them.

Table 3-1

Lab Machine Details

Name

Public IP

Corporate IP

Hostname