Installing VECTR on GCP Ubuntu VM

-

VECTR is a well-known name in Purple teams. It's a tool to ease purple team activities.

While trying to install VECTR in Google Cloud Instance I faced a challenge that I think many of us have faced and given up on the tool. The GitHub page being very silent, it was difficult to find the way forward. After trying several things, finally, I have a way to install VECTR.

I am trying to write the steps in a section-wise manner. Feel free to skip into the section you need.

A. Setting up Google Cloud Environment

Now as an example and ease of POC we will install VECTR in Google Compute Engine.

  1. Create a custom VPC with port 22,8839,443 allowed rule.



2. Provide firewall allow ingress rule for P443, P3389. Also, allow rule for Port 22 access from "specified service account".


3. Create a Compute Engine VM Instance with Ubuntu 16.4 (You are free to take any other), choose E2 Medium with 4GB ram. Don't forget to add 100 GB (requirement as per HECTR official guide) balanced persistent disk.




Click on Management, security, disks, networking, sole tenancy, and allocate the custom VPC with your ce-vm.




Now launch your Compute Engine VM. And take ssh access.

B. Installing Dependency

We would require docker-ce, docker-ce-cli, containerd.io, docker-compose, and unzip. These can be installed via apt but be careful with docker-compose. If you have used apt to install docker-compose then it would have grabbed a very old version with bugs. We will come to that separately.

Let's start installing dependencies one by one.

Run:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

 

Then run:

sudo add-apt-repository \

   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \

   $(lsb_release -cs) \

   stable"

 

Now apt is ready. Time to update apt.

sudo apt update

Now let's grab docker-ce, docker-ce-cli, containerd.io and unzip. Run below commands one at a time.

sudo apt-get install docker-ce 

sudo apt-get install docker-ce-cli

sudo apt-get install containerd.io

sudo apt-get install unzip

When the above is completed, run apt update once again.

**Now we will be installing the latest docker-compose.

Run below:

sudo curl -L "https://github.com/docker/compose/releases/download/1.27.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose

Allocate permissions to docker-compose by:

sudo chmod +x /usr/local/bin/docker-compose

Now verify docker-compose version:

docker-compose --version

Now as the version is satisfactory, we will enable docker.

sudo systemctl enable docker

 

C. Installing VECTR

As per the official guide, we will install VECTR in /opt/vectr directory

Let's create the directory and traverse to that for further steps

mkdir -p /opt/vectr

 

cd /opt/vectr

Now let's pull VECTR and unzip it.

sudo wget https://github.com/SecurityRiskAdvisors/VECTR/releases/download/ce-7.1.1/sra-vectr-runtime-7.1.1-ce.zip -P /opt/vectr

 

sudo unzip sra-vectr-runtime-7.1.1-ce.zip

If you are lazy enough to write sudo every time then use sudo -s once and you no longer require sudo in all commands.

Now,

sudo vi .env

Change following values immediately, other values you can change as per requirement.

VECTR_HOSTNAME = 127.0.0.1

 

VECTR_DATA_KEY = enter your decided key. remember the value

 

MONGO_INITDB_ROOT_PASSWORD = enter your decided password.

 

Leave rest settings as of now.

Now run

sudo docker-compose up -d

It will do several things and will show like this





Congratulations now you have VECTR up and running.

Wait. How do you access the GUI now?

D. Configure remote desktop for GUI

Install XRDP and XFCE4

sudo apt-get install xrdp

sudo apt-get install xfce4

sudo service xrdp restart

Now create a root password

sudo -s

passwd

 

Type decided password twice

Done!

E. Access the GCP VM GUI

Mac users install Windows remote application from App Store. Windows users already have remote desktops.

Now find the external IP of your Google Compute Engine VM Instance from the VM Instances list of the google cloud consoles. Enter that IP and take remote. Enter user as root and enter the password.

Now launch web browser.

Crashed?

No worries.

Open gcp ssh window and run

sudo apt update

sudo apt-get install firefox

Now launch Firefox and go to https://127.0.0.1:8081

Initial Username: admin Password: 11_ThisIsTheFirstPassword_11

Happy purple teaming!

 

Comments

Post a Comment

Popular posts from this blog

What is OT Security?

-
Image
A non-theoretical explanation of OT Security. In our normal Cyber Security practices, OT Security is an unusual keyword. Be it LinkedIn or Job portals the search results fetched using OT Security are mere small compared to other Cyber Security keywords. But in the practical world, OT is the most important term and line of service for any industry. If you look at the image the orange portion is the IT network. This IT network grabs most of the cybersecurity budget of an organization. We design secure networks, deploy firewalls, write ACL rules, and implement SIEM solutions to protect the IT infrastructure. Why? Because of inherent ideas, we assume systems that are connected to the internet and visible as a desktop or laptop are the attack surface of a cyber adversary. But if the revenue generation is taken under consideration then it can be observed that these systems are only supporting elements of operations, finance, sales, etc. Obviously, these are very important com...
Read more

Demystifying SCADA Testing - P1

-
Image
There is a big difference between doing pen-tests in IT and doing it in SCADA. Tools and methodology outlines will be almost the same but the main concern is availability. You need to know certain things before attempting to find flaws in industrial networks. Else, you won't realize why shift managers were rushing here and there while you were sitting in their control room with your test laptop. Approach: Always remember we are not trying to prove anything by breaking stuff ruthlessly. A PLC or RTU, stuck in a loop, can delay production for several hours, creating not-so-funny consequences. While trying to assess cyber risk in plants our aim should be clear. Here are few points to keep in mind. Find out unnecessary hosts in the network. These hosts can be legitimate, else they are leaking into the plant network by a badly configured switch or the plant team was badly stuck with finance and they have used a generic switch (those household tp-link/d-link devices).  Try to impersonate...
Read more
-
Image
  M ongoDB is a popular NoSQL database that has been widely adopted by many organizations for its scalability and flexibility. However, with the increase in cyber attacks, it is important to ensure that MongoDB databases are secure to prevent data breaches. As a security engineer, I had to face challenges while creating security checks and security plans on MongoDB. I am trying to collate the sweeter grapes of that journey in this write-up. Some resources might seem a bit high-level, but these can be utilized to come down to a granular level as per your org setup or requirements. Let’s begin :) Authentication MongoDB provides authentication features that allow users to access the database only after providing valid credentials. MongoDB supports several authentication mechanisms, including LDAP, Kerberos, and x.509 certificates. However, SSO integrations for authentication have been the best approach so far. There are various SSO providers, as an example you may use OKTA as SSO inte...
Read more