Scribd
Upload
9 views

jehad

This document provides a comprehensive guide for setting up a stealthy and hardened Nginx server for payload delivery, focusing on security and evasion techniques. Key goals include restricting access to specific IPs, spoofing payload extensions, redirecting unauthorized users, and blocking brute-force attempts. The lab outlines installation, configuration, and testing steps, including the integration of Fail2Ban for automatic banning of aggressive scanners.

Uploaded by

Saba Hussien
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
9 views

jehad

This document provides a comprehensive guide for setting up a stealthy and hardened Nginx server for payload delivery, focusing on security and evasion techniques. Key goals include restricting access to specific IPs, spoofing payload extensions, redirecting unauthorized users, and blocking brute-force attempts. The lab outlines installation, configuration, and testing steps, including the integration of Fail2Ban for automatic banning of aggressive scanners.

Uploaded by

Saba Hussien
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as ODT, PDF, TXT or read online on Scribd
You are on page 1/ 5

Nginx Lab

This lab for guide through setting up a stealthy and hardened Nginx server for payload delivery
that incorporates multiple security, evasion, and deception techniques.

Lab Goals
Restrict payload access to a specific IP.
Spoof payload extensions (e.g., file.update → delivers file.bat).
Redirect unauthorized users who request file.exe.
Block brute-force attempts on payload requests.
Prevent detection by security tools (e.g., Nmap, sqlmap, Nikto).
Integrate automatic banning via Fail2Ban.

Step 1: Install & Configure Nginx

“sudo apt update && sudo apt install nginx -y”

Start and enable the service:


“sudo systemctl start nginx”
“sudo systemctl enable nginx”

Step 2: Create the Nginx Payload Delivery Configuration


Create a new configuration file:
“nano /etc/nginx/sites-available/payload.conf”
configuration if file
server {
listen 80;
server_name 10.0.2.15;
# --- LOGGING & ACCESS CONTROL ---
# Custom log format to reduce footprint
log_format stealthed '$remote_addr - [$time_local] "$request_method $request_uri" $status';
# Define IP blocklist variable
set $block_ip 0;
set $redirect_url "https://example.com"; # Random redirect URL
# Only allow specific IP (change this)
if ($remote_addr = 192.168.1.100) {
set $block_ip 0;
}
# --- ANTI-BRUTE FORCE RATE LIMITING ---
limit_req_zone $binary_remote_addr zone=antibrute:10m rate=5r/m;
# If an IP requests "file.exe" more than 5 times, block it
location /file.exe {
limit_req zone=antibrute burst=1 nodelay;
return 302 $redirect_url; # Redirect to decoy URL
}
# --- PAYLOAD EXTENSION SPOOFING ---
location /file.update {
add_header Content-Disposition 'attachment; filename="file.bat"';
root /var/www/html;
try_files /file.bat =404;
}
# --- STEALTH PAYLOAD DELIVERY ---
location /payload {
if ($block_ip = 1) {
return 403; # Unauthorized users get blocked
}
root /var/www/html;
try_files /payload.exe =404;
}
# --- ANTI-SCANNING & ANTI-FORENSICS ---
# Block common penetration testing tools
if ($http_user_agent ~* (nmap|sqlmap|wget|python|nikto|hydra)) {
return 403;
}
# Prevent direct IP access
if ($host ~* "\d+\.\d+\.\d+\.\d+") {
return 403;
}
# Fake "not found" errors for common attack paths
location ~* (admin|backup|config|phpmyadmin|wp-login|.git|.env) {
return 404;
}
# --- DEFAULT HANDLER ---
location / {
root /var/www/html;
index index.html;
}
}

Step 3: Deploy the Configuration


1. Enable the site:
“ln -s /etc/nginx/sites-available/payload.conf /etc/nginx/sites-enabled/”
2.Test and reload Nginx:
“nginx -t && systemctl reload nginx”

Step 4: Set Up Fail2Ban for Auto-Banning


Why Use Fail2Ban?
• Automatically bans aggressive scanners and brute-force attempts.
• Blocks IP addresses that try to access /file.exe too many times.

1️- Create a Custom Fail2Ban Filter


“nano /etc/fail2ban/filter.d/nginx-payload.conf”
configuration of file:
“[Definition]
failregex = ^<HOST> - .* "(GET|POST) /file.exe HTTP/.*" 302”

2- Configure Fail2Ban Jail


“nano /etc/fail2ban/jail.local”
configuration of file:
“[nginx-payload]
enabled = true
filter = nginx-payload
action = iptables-allports
logpath = /var/log/nginx/access.log
maxretry = 5
bantime = 600”
3️- Restart Fail2Ban
“systemctl restart fail2ban”

Step 5: Testing Setup


Test Each Feature
1. Verify redirection
• Try accessing http://10.0.2.15/file.exe.

• I redirected to https://ss.com.

2. Verify payload extension spoofing


“curl -I http://10.0.2.15/file.update”
3. Response:
“Content-Disposition: attachment; filename="file.bat"”

Conclusion: Red Teaming Success


1- Stealthy payload delivery (restricted to one IP).
2- Spoofed extensions for social engineering.
3- Redirection & deception against unauthorized users.
4- Auto-block brute-force attacks on payloads.
5- Failsafe: Blocks scanners & security tools like Nikto/Nmap.

You might also like