|
|
Line 192: |
Line 192: |
| | | |
| =Setup Help= | | =Setup Help= |
− | ===Security Shepherd v3.0 VM Setup:===
| + | Use our [https://github.com/OWASP/SecurityShepherd/wiki Github Wiki page] for the best Setup Help going! |
− | To get a Security Shepherd VM ready to rock, follow these steps;
| |
− | | |
− | Setting up your instance of Security Shepherd with the VM: In Steps!
| |
− | | |
− | * Import the VM to your hypervisor (Eg: Virtual Box)
| |
− | * Update the VM Network Adapters to suit what you have available. (Bridged Adapter for Network Availability, Host-Only for local access only and NAT for just outbound access) The VM by default has 2 Network adapters, one NAT and a Host-Only.
| |
− | * Boot the VM
| |
− | * Sign in with securityshepherd / owaspSecurityShepherd
| |
− | * Change the user password with the passwd command
| |
− | * In the VM, run "ifconfig" to find the IP address of the network adapter that is not configured for NAT. Make note of this
| |
− | * On your host machine, open https://<VM IP Address>/
| |
− | * Sign in with admin / password
| |
− | * Change the admin password (cannot be password again)
| |
− | * Go to Admin -> Module Management-> Change Module Layout to change the way levels are presented. Default is CTF Mode (One at a time)
| |
− | * Time to play!
| |
− | | |
− | ===How to Upgrade Version 2.4 to Version 3.0:===
| |
− | You have a current instance of Security Shepherd V2.3, and you want to upgrade it to 2.4 without loosing any data? No Problem. Follow these steps to upgrade;
| |
− | | |
− | * Download and run this SQL file on your DB server: [[https://github.com/OWASP/SecurityShepherd/raw/master/SecurityShepherdCore/setupFiles/updateCoreSchemaV2.4toV3.sql Upgrade Core Schema Script]]
| |
− | * Download the 2.4 Manual Pack, and replace your V2.4 war file with the new V3.0 war file.
| |
− | * Run the moduleSchemas.sql script from the manual pack on your Security Shepherd mysql instance
| |
− | * Install mongoDb and then run the mongoSchema.js file on that instance, using the default port for mongoDb
| |
− | | |
− | All settings will be set to default after completing these steps and new levels will be marked as open.
| |
− | | |
− | ===Security Shepherd v3.0 Manual Pack (Windows):===
| |
− | * Download the Security Shepherd Manual Pack
| |
− | * Install Apache Tomcat 7
| |
− | * Install MySql, using CowSaysMoo as the default password to skip future steps, if you prefer your own password go ahead and set-up MySql with that instead!
| |
− | * Extract the Security Shepherd Manual Pack
| |
− | * Copy the sql files extracted from the pack to the bin directory of MySql
| |
− | * Open MySql from the command line (eg: mySqlBinDirectory/mysql -u root -p )
| |
− | * Type the following commands to execute the Shepherd Manual Pack SQL files;
| |
− | | |
− | source coreSchema.sql
| |
− | source moduleSchemas.sql
| |
− | | |
− | * Open the webapps directory of your Tomcat instance
| |
− | * Delete any directories that are there already
| |
− | * Move the WAR file from the Shepherd Manual Pack into the webapps folder of Tomcat
| |
− | * Start Tomcat
| |
− | * Open the temp directory of Tomcat
| |
− | * If you chose the default when configuring MySql as your DB password, you are running MySql on the same machine as Tomcat and you are using port 3306 for MySql, you can skip this step. Otherwise, in the temp directory, in the ROOT directory in the temp folder, modify the /WEB-INF/coreDatabase.properties and /WEB-INF/database.properties to point at your local DB with your MySql settings. Leave the Driver alone!
| |
− | * If you have more than one ROOT folder in your temp directory, visit your Tomcat instance with your browser and then check the Tomcat logs for a line that reads "Servlet root =" to find which directory is the correct one to modify the MySql settings of.
| |
− | * Open your the root context of your Tomcat server (eg: http://127.0.0.1:8080/ )
| |
− | * Sign into Security Shepherd with the default admin credentials (admin / password)
| |
− | * Change the admin password (Can't be 'password' again)
| |
− | * Make sure JAVA_HOME is set;
| |
− | * Right click My Computer and select Properties.
| |
− | * On the Advanced tab, select Environment Variables, and then edit JAVA_HOME to point to where the JDK software is located, e.g C:\Program Files\Java\jdk1.8.0_45.
| |
− | * To setup SSL for port 443 (HTTPS) firstly generate the self signed certificate
| |
− | | |
− | "%JAVA_HOME%\bin\keytool" -genkey -alias tomcat -keyalg RSA
| |
− | | |
− | * The following is an example of filling out the details for the cert. You can choose your own.
| |
− | | |
− | Enter keystore password: passw0rd
| |
− | Re-enter new password: password
| |
− | What is your first and last name?
| |
− | [Unknown]: Paul Stone
| |
− | What is the name of your organizational unit?
| |
− | [Unknown]: Security Shepherd
| |
− | What is the name of your organization?
| |
− | [Unknown]: OWASP
| |
− | What is the name of your City or Locality?
| |
− | [Unknown]: Baile Átha Cliath
| |
− | What is the name of your State or Province?
| |
− | [Unknown]: Laighin
| |
− | What is the two-letter country code for this unit?
| |
− | [Unknown]: IE
| |
− | Is CN=Paul Stone, OU=Security Shepherd, O=OWASP, L=Baile Átha Cliath, ST=Laighin, C=IE correct?
| |
− | [no]: yes
| |
− | | |
− | Enter key password for (RETURN if same as keystore password): <RETURN>
| |
− | | |
− | * This will create a file under C:\Users\YOUR_USERNAME.keystore
| |
− | * Now Update the C:\INSTALL_LOCATION\tomcat7\conf\server.xml file manually. Make a note of the password to the cert you generated and enter it under the 'keystorePass'. Change the listener port to the following:
| |
− | | |
− | <Connector address="0.0.0.0" port="80" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" />
| |
− | | |
− | <Connector address="0.0.0.0" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Users\YOUR_USERNAME\.keystore" keystorePass="passw0rd" keyAlias="tomcat"/>
| |
− | | |
− | * To Redirect traffic to 443 (HTTPS)add the following to C:\INSTALL_LOCATION\tomcat7\conf\web.xml
| |
− | | |
− | <security-constraint><web-resource-collection><web-resource-name>Entire Application</web-resource-name><url-pattern>/*</url-pattern></web-resource-collection><user-data-constraint><transport-guarantee>CONFIDENTIAL</transport-guarantee></user-data-constraint></security-constraint>
| |
− | | |
− | * To setup and install MonogoDB for the NoSQL Injection Level found in shepherd, follow the steps to install here: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-windows/
| |
− | * Use the MongoDB shell to execute the mongoSchema.js file: https://docs.mongodb.org/manual/reference/method/load/
| |
− | | |
− | Time to Play!
| |
| | | |
| =Videos= | | =Videos= |