Chris Security Setup .pdf

Hi Chris,
Try follow this as close as you can and then let me know how your get on. There are probably
peace’s already done or maybe you already have the VM downloaded but just delete it and start
from the beginning. Sorry for any spelling mistakes!

First things first: download the files from here:
http://sourceforge.net/projects/owaspshepherd/
 Unpack them and move to your local machine (Don’t run it in the zipped file)

 There should only be two files available in the folder, we don’t really need to worry about
the Readme one but you should have a look at it first before starting.
 Either double click on the file or go right click  open with  Virtualbox. (Just make sure
that it is Virtualbox. The OVA file extension is for Virtualbox only)

 Leave all options untouched when importing. You
can change them later but for the purpose of
importing, they should remain unchanged.


 The import may fail with the following warning:

 This is due to a previous install of the security shepard which may have been deleted from

Virtualbox but still resides in the vm folders.
 To fix this, simply select file  Preferences then copy the folder path

 Navigate to the folder and delete any previous instances of the vm. As you can see from the
pic above, there are three vms available in Virtualbox but when we go into the folder there
are four. Delete the OwaspSecurityShepard folder and try to import again

 Once imported, the network settings need to be configured based on your network adapters
availabilities. To check this we need to use the command ipconfig –all in the cmd of your
local machine.
 From here we can see a list of network adopters, I’ve highlighted the main ones
below in my PC:
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\fward>ipconfig -all
Windows IP Configuration
Host Name . . . . . . . . . . . . : espion-fergal
Primary Dns Suffix . . . . . . . : Espion.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Espion.local
Wireless LAN adapter Wireless Network Connection 2: //This is our first adopter
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 58-94-6B-27-00-2D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

// (but its virtual so it’s no good)

Wireless LAN adapter Wireless Network Connection:

//This is our second adopter, its for the wireless

Connection-specific DNS Suffix . : Espion.local
Description . . . . . . . . . . . : Intel(R) Centrino(R) Advanced-N 6200 AGN //And this is how we identify it
Physical Address. . . . . . . . . : 58-94-6B-27-00-2C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::54b9:924b:2cdd:65bf%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.171(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 November 2014 08:47:24
Lease Expires . . . . . . . . . . : 15 November 2014 08:47:22
Default Gateway . . . . . . . . . : 10.1.1.10
DHCP Server . . . . . . . . . . . : 10.1.1.120
DHCPv6 IAID . . . . . . . . . . . : 257463403
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-1F-BC-5B-00-23-18-2C-50-FB
DNS Servers . . . . . . . . . . . : 10.1.1.120
10.1.1.121
Primary WINS Server . . . . . . . : 10.1.1.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Mobile Broadband adapter Mobile Broadband Connection: //This is number 3 for a mobile adopter
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix .:
Description . . . . . . . . . . . : Ericsson F3607gw for TOSHIBA Mobile Broad
band Network Adapter
Physical Address. . . . . . . . . : 02-80-37-EC-02-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection: //This is the fourth one for the Ethernet which is the one we want
Connection-specific DNS Suffix . : Espion.local
Description . . . . . . . . . . . : Intel(R) 82577LM Gigabit Network Connection //This is what we need to know
Physical Address. . . . . . . . . : 00-23-18-2C-50-FB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::98d1:2bd4:1e4e:ed4a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.23(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 10 November 2014 08:44:55
Lease Expires . . . . . . . . . . : 15 November 2014 08:44:52
Default Gateway . . . . . . . . . : 10.1.1.10
DHCP Server . . . . . . . . . . . : 10.1.1.120
DHCPv6 IAID . . . . . . . . . . . : 285221656
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-1F-BC-5B-00-23-18-2C-50-FB
DNS Servers . . . . . . . . . . . : 10.1.1.120
10.1.1.121
Primary WINS Server . . . . . . . : 10.1.1.100
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter VirtualBox Host-Only Network:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : VirtualBox Host-Only Ethernet Adapter
Physical Address. . . . . . . . . : 08-00-27-00-D4-60
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5893:7783:a082:69a3%17(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.56.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 487063591
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-1F-BC-5B-00-23-18-2C-50-FB
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1

fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\fward>

 From the information above we have 2 useful adopters. The Ethernet (wired) and the
Wireless LAN adopter. We can use either but to keep it simple, we will just use the Ethernet
one.
So now we need to configure
Virtualbox to use the Ethernet adopter
in bridge mode (bridge mode allows
the vm to communicate on the
physical network like a real machine).
Right click on the vm and go into the
settings menu. Then navigate to the
networking options

 Select the adopter that was identified from the ipconfig –all command and ensure that the
networking mode is in Bridged.
 Now start the VM and use the following login credentials:
Username: securityshepherd
Password: owaspSecurityShepherd
 Once logged in, run the ifconfig command to get the network configuration. The IP address
should be in the range of your local machines IP address and should available on the
network like any other machine.

 To access the web interface, open a browser on any computer which is connected to that
network and type the IP into the address bar:
 You can login with the following Username: admin and Password: password








Once logged in make sure that you configure the server.

This is why you’re getting the Error Message

Under the admin tab, select configuration and then “Set Core Host Address”
It should say “Current Core Server Address = http://127.0.0.1/”
Change this to the address of the vm. This is mine: http://10.1.1.74/
Set the host address and it should update successfully. Now select the “Set Exposed Host
Address” it will show that it is set to the following “Current Exposed Server Address =
http://127.0.0.1/Exposed/”
 The easiest way to do this is to open a new tab in your browser and type in your vms IP
followed by /Exposed/

 Now just copy the address from the address bar and use it to update the Exposed host
address. This is mine http://10.1.1.74/Exposed/
 Finally, select the Get Next Challenge Option and it should now be fully operational.

Enjoy !!!