Articoli

In this short article I want to explain to you an alternative method to install ProxMox on a dedicated server purchased on Hetzner.

Hetzner, I consider him one of the best European providers, does not offer a KVM free on his servers. So the installation phase of an operating system may be limiting, not having a graphical interface.

To install ProxMox I’ve hitherto followed Hetzner official guides, that is, installing a Debian machine, adding ProxMox repositories, and installing packages.

But I’ve always had trouble configuring the FileSystem ZFS, LVM, etc etc.

These aspects are much easier to handle using the official ISO of ProxMox and the GUI that follows you step by step in the installation.

So you can leverage the official ISO and GUI? Yes, it is possible 🙂 follow these steps:

  1. Start your machine in rescue mode with Linux 64bit;
  2. Connect to your dedicated server via SSH;
  3. Install QEMU ($ apt-get install qemu);
  4. Download ProxMox ISO (Select last ISO image on https://www.proxmox.com/en/downloads) and save locally in proxmox.iso file;
  5. Start QEMU Emulator ($ qemu-system-x86_64 -m 1024 -k it -hda /dev/sda -hdb /dev/sdb -cdrom proxmox.iso -boot d -vnc :0);
  6. Connect via VNC to your server port 5900, and follow the installation procedure;
  7. Reboot rescue system.

Ok, now the system is installed;) Simple!

Two more tips, Repository and Let’s Encrypt!

ProxMox releases two types of repository, free and paid. If you want to use the free ones you have to change the source list.

Open the file /etc/apt/sources.list.d/pve-install-repo.list and remove or edit the content that should be:

deb http://download.proxmox.com/debian jessie pve-no-subscription

Currently, debian main distribution is Jessie, when it’s updated (es. Stretch), you’ll need to refresh the indication.

Finally I recommend using a valid SSL certificate to connect to the ProxMox Web GUI, on official wiki site there is a great guide!

 

Il FabLab Bassa Romagna e ImoLUG hanno intrapreso un percorso di approfondimento su ProxMox, un progretto OpenSource basato sul sistema operativo Debian Linux per la virtualizzazione di sistemi operativi, incontrandosi ogni martedì per affrontare tematiche diverse.

Martedì 23 Maggio sarò ospite al FabLab Bassa Romagna per insegnare come è possibile creare un proprio Hacking Lab. Creare un laboratorio nella propria infrastruttura di rete permette di allenarsi in assoluta legalità sulle principali tecniche sfruttate nel mondo del Hacking.

Per creare il proprio laboratorio virtualizzeremo Metasploitable, una famosa distribuzione vulnerabile creata da Rapid7, ovviamente su ProxMox e sfrutteremo BackBox Linux per effettuare i test di Sicurezza Informatica.

Entrando più nel dettaglio sfrutteremo software come nmap, zenmap, dirsearch, sqlmap e metasploit. Analizzeremo le vulnerabilità Command Execution, SQL Injection, XSS Reflected, XSS Stored e magari anche altre in base al tempo rimasto.

L’incontro inizierà alle 20:30 del 23 Maggio 2017 presso la sede del FabLab Bassa Romagna, Via Vassura 16/F a Cotignola. È gradita la prenotazione tramite Doodle!

Per chi non riuscisse a venire da Mercoldì 24 troverà, in questo articolo, le slide dell’evento e forse anche uno screencasting!

[ AGGIORNAMENTO ]

Le slide sono disponibili su SlideShare, lo screencasting a breve…

Proxmox is open source server virtualization management software. It is a Debian-based Linux distribution  and very perfect to create your Hacking Lab on your local networking.

The Metasploitable virtual machine is an intentionally vulnerable version of Ubuntu Linux designed for testing security tools and demonstrating common vulnerabilities. Never expose this VM to an untrusted network 😉 it’s very dangerous!

On my YouTube you can find a video guide about virtualization of Metasploitable on ProxMox!

Finally, you can find a list of all vulnerabilities in Metasploitable on the official Rapid7 website.