504 VSAgent Usage Instructions

Jordan Drysdale//

HERE IT IS! Finally!

For the vsagent from SANS SEC504 (only the finest InfoSec course the world has ever seen!): this is a Q&D deployment guide for the HTTP view state agent demonstrated in the SANS SEC504 labs.

The README.md file in the repo has everything you need to get vsagent running for your enjoyment, analysis, and review in a matter of minutes.

First, spin up a new Digital Ocean Ubuntu node and capture the IP. We generally throw DNS records at things and if you haven’t integrated your GoDaddy DNS with Digital Ocean’s, now is the time.

SSH over to your new node and run a few commands. Clone the repo with the following:

git clone https://github.com/rev10d/504vsa.git    

For Debian/Ubuntu, install some required packages:

    apt install nginx php7.0-fpm php7.0-sqlite sqlite 

Next, put this chunk into /etc/nginx/sites-available/default:

location ~ \.php$ {                                

        include snippets/fastcgi-php.conf;        

        fastcgi_pass unix:/run/php/php7.0-fpm.sock;

}

Modify ownership of the web files so things work right:

    chown -R www-data:www-data /opt/course_www/vsagent-504   

Trash the existing database to start fresh:

    rm /opt/course_www/vsagent-504/server/data.db   

Restart nginx:

    service nginx restart    

Launch your vsagent with python (works on Windows, Linux, and Mac!):

    python vsagent-504.py http://127.0.0.1/vssvc.php

Last up, check out the http://127.0.0.1/vsgui.php service on your IP:

Shells, brought to you by SANS SEC504, the world’s finest InfoSec security program!



Want to learn more mad skills from the person who wrote this blog?

Check out these classes from Kent and Jordan:

Applied Purple Teaming

Defending the Enterprise

Available live/virtual and on-demand!