504 VSAgent Usage Instructions
HERE IT IS! Finally!
For the vsagent from SANS SEC504 (only the finest InfoSec course the world has ever seen!): this is a Q&D deployment guide for the HTTP view state agent demonstrated in the SANS SEC504 labs.
The README.md file in the repo has everything you need to get vsagent running for your enjoyment, analysis, and review in a matter of minutes.
First, spin up a new Digital Ocean Ubuntu node and capture the IP. We generally throw DNS records at things and if you haven’t integrated your GoDaddy DNS with Digital Ocean’s, now is the time.
SSH over to your new node and run a few commands. Clone the repo with the following:
git clone https://github.com/rev10d/504vsa.git
For Debian/Ubuntu, install some required packages:
apt install nginx php7.0-fpm php7.0-sqlite sqlite
Next, put this chunk into /etc/nginx/sites-available/default:
location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.0-fpm.sock; }
Modify ownership of the web files so things work right:
chown -R www-data:www-data /opt/course_www/vsagent-504
Trash the existing database to start fresh:
rm /opt/course_www/vsagent-504/server/data.db
Restart nginx:
service nginx restart
Launch your vsagent with python (works on Windows, Linux, and Mac!):
python vsagent-504.py http://127.0.0.1/vssvc.php
Last up, check out the http://127.0.0.1/vsgui.php service on your IP:
Shells, brought to you by SANS SEC504, the world’s finest InfoSec security program!
Want to learn more mad skills from the person who wrote this blog?
Check out this class from Kent and Jordan:
Available live/virtual and on-demand!