# Home Lab: Part 11

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/building-home-lab-part-11-banner.png" alt=""><figcaption></figcaption></figure>

In this module, we will see how we can transfer files using SCP from “Tsurugi Linux” which is on the **`SECURITY`** subnet to VMs on the **`ISOLATED`** subnet.

I recommend this approach to get Malware Samples into the Malware Analysis Lab. We can use other methods for transferring files to these VMs but since we are dealing with Malware I want to keep the samples isolated from the Internet and the host machine filesystem.

### Tsurugi Linux Static IP Assignment <a href="#tsurugi-linux-static-ip-assignment" id="tsurugi-linux-static-ip-assignment"></a>

Start the pfSense VM if it is shut down. Once pfSense is up and running. Start the Tsurugi Linux VM. One the terminal and run the following command:

```
ip a
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-1.png" alt=""><figcaption></figcaption></figure>

Tsurugi Linux has been assigned the IP Address **`10.10.10.12`** by the DHCP server.

Start the Kali Linux VM and log into the pfSense Web UI.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-4/pfsense-27.png" alt=""><figcaption></figcaption></figure>

From the navigation bar select **`Status -> DHCP Leases`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-4/pfsense-53.png" alt=""><figcaption></figcaption></figure>

In the **`Leases`** section find Tsurugi Linux. Click on the hollow “+” icon (Add Static IP) on the right-hand side.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-2.png" alt=""><figcaption></figcaption></figure>

In the IP Address field enter **`10.10.10.2`**. Scroll to the bottom and click on **`Save`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-3.png" alt=""><figcaption></figcaption></figure>

A popup will appear at the top. Click on **`Apply Changes`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-4.png" alt=""><figcaption></figcaption></figure>

#### Refreshing Tsurugi Linux IP Address <a href="#refreshing-tsurugi-linux-ip-address" id="refreshing-tsurugi-linux-ip-address"></a>

On Tsurugi Linux from the terminal run the following command:

```
# Disable and then Enable the Network Adapter
sudo ip l set enp0s3 down && sudo ip l set enp0s3 up
```

Restarting the adapter will cause the dynamic IP that was assigned to the VM to be released. Run the following command to confirm the VM is using the configured static IP.

```
ip a enp0s3
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-5.png" alt=""><figcaption></figcaption></figure>

Refresh the DHCP Leases page and we should see that Tsurugi Linux is now using the IP address that we configured.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-6.png" alt=""><figcaption></figcaption></figure>

### pfSense Firewall Configuration <a href="#pfsense-firewall-configuration" id="pfsense-firewall-configuration"></a>

From the navigation bar select **`Firewall -> Rules`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-4/pfsense-58.png" alt=""><figcaption></figcaption></figure>

Go to the **`ISOLATED`** subnet tab. Click on the “Add rule to the top of the list” button.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-9.png" alt=""><figcaption></figcaption></figure>

Enter the details as shown below:\
Source: **`ISOLATED subnets`**\
Destination: **`Address or Alias - 10.10.10.2`**\
Destination Port Range: **`SSH (22)`**\
Description: **`Allows SSH access to DFIR VM`**

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-7.png" alt=""><figcaption></figcaption></figure>

A popup will appear at the top of the page. Click on **`Apply Changes`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-8/pfsense-98.png" alt=""><figcaption></figcaption></figure>

The final firewall rules will look as follows:

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-8.png" alt=""><figcaption></figcaption></figure>

### Enabling SSH <a href="#enabling-ssh" id="enabling-ssh"></a>

#### Tsurugi Linux <a href="#tsurugi-linux" id="tsurugi-linux"></a>

Run the following command to check if SSH is running.

```
systemctl status ssh
```

If SSH is disabled use the following command to enable it.

```
sudo systemctl start ssh
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-10.png" alt=""><figcaption></figcaption></figure>

#### Flare VM (Windows) <a href="#flare-vm-windows" id="flare-vm-windows"></a>

Right-click on the Start menu icon. Select **`Windows PowerShell (Admin)`**.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-8/flare-23.png" alt=""><figcaption></figcaption></figure>

Enter the following command to check if the SSH server is running.

```
Get-Service sshd
```

Run the following to enable the SSH server.

```
Start-Service sshd
```

[How to SSH into a Windows 10 Machine from anywhere - Scott Hanselman’s Blog](https://www.hanselman.com/blog/how-to-ssh-into-a-windows-10-machine-from-linux-or-windows-or-anywhere)

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-11.png" alt=""><figcaption></figcaption></figure>

#### REMnux Linux <a href="#remnux-linux" id="remnux-linux"></a>

Running the following commands to check the status of SSH and enable it.

```
# Check Status
systemctl status ssh

# Enable SSH
sudo systemctl start ssh
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-12.png" alt=""><figcaption></figcaption></figure>

### Testing SSH Connectivity <a href="#testing-ssh-connectivity" id="testing-ssh-connectivity"></a>

#### Finding Target VM IP Address <a href="#finding-target-vm-ip-address" id="finding-target-vm-ip-address"></a>

To connect to Flare VM and REMnux we need their IP address.

```
ipconfig
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-13.png" alt=""><figcaption></figcaption></figure>

```
ip a
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-14.png" alt=""><figcaption></figcaption></figure>

#### Connecting to Flare VM <a href="#connecting-to-flare-vm" id="connecting-to-flare-vm"></a>

In my case, the IP address of Flare VM is **`10.99.99.11`**.

Use the following command to remote into Flare VM from Tsurugi Linux.

```
# ssh target-system-username@target-system-ip-address
ssh david@10.99.99.11
```

Type **`yes`** to add the fingerprint.\
Enter the password of the target system when prompted.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-15.png" alt=""><figcaption></figcaption></figure>

This will log you into Flare VM.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-16.png" alt=""><figcaption></figcaption></figure>

Type **`exit`** to quit the remote connection.

#### Connecting to REMnux Linux <a href="#connecting-to-remnux-linux" id="connecting-to-remnux-linux"></a>

In my case, the IP address for REMnux is **`10.99.99.12`**.

Use the following command to remote into REMnux from Tsurugi Linux.

```
# ssh target-system-username@target-system-ip-address
ssh remnux@10.99.99.12
```

Type **`yes`** to add the fingerprint.\
Enter the password of the target system when prompted.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-17.png" alt=""><figcaption></figcaption></figure>

Type **`exit`** to quit the remote connection.

### SCP File Transfer <a href="#scp-file-transfer" id="scp-file-transfer"></a>

Now we know that we can connect to the Malware Analysis Lab VMs from Tsurugi Linux.

To demonstrate how to transfer files from Tsurugi Linux to the Malware Analysis Lab VMs I will use a simple text file. To follow along run the following commands on Tsurugi Linux:

```
cd Downloads
echo "Hello Hello World" > hello.txt
cat hello.txt
```

#### File Transfer to Flare VM <a href="#file-transfer-to-flare-vm" id="file-transfer-to-flare-vm"></a>

To transfer **`hello.txt`** to the target systems we will use SCP which is can command line utility that uses SSH to securely copy files over the network.

Run the following command to copy the file to Flare VM.

```
# scp file-to-copy target-ysername@target-ip-address:destination-path
scp hello.txt david@10.99.99.11:/C:/Users/David/Downloads
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-18.png" alt=""><figcaption></figcaption></figure>

The above command will copy the file into the Downloads folder on Flare VM.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-19.png" alt=""><figcaption></figcaption></figure>

#### File Transfer to REMnux Linux <a href="#file-transfer-to-remnux-linux" id="file-transfer-to-remnux-linux"></a>

Using the same command we can move the file onto REMnux as well.

```
# scp file-to-copy target-ysername@target-ip-address:destination-path
scp hello.txt remnux@10.99.99.12:~/Downloads
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-20.png" alt=""><figcaption></figcaption></figure>

The above command will copy the file into the Downloads folder on REMnux.

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-21.png" alt=""><figcaption></figcaption></figure>

> To copy a whole folder use the **`-r`** (recursive) flag with the SCP command\
> [SCP Linux - Securely Copy Files Using SCP examples](https://linuxblog.io/linux-securely-copy-files-using-scp/)

### Disabling SSH <a href="#disabling-ssh" id="disabling-ssh"></a>

Once you copy the required files onto the Malware Analysis lab use the following commands to disable SSH on all the systems.

#### Tsurugi Linux <a href="#tsurugi-linux-1" id="tsurugi-linux-1"></a>

```
sudo systemctl stop ssh
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-22.png" alt=""><figcaption></figcaption></figure>

#### Flare VM (Windows) <a href="#flare-vm-windows-1" id="flare-vm-windows-1"></a>

```
Stop-Service sshd
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-23.png" alt=""><figcaption></figcaption></figure>

#### REMnux Linux <a href="#remnux-linux-1" id="remnux-linux-1"></a>

```
sudo systemctl stop ssh
```

<figure><img src="https://blog.davidvarghese.net/assets/images/building-home-lab-part-11/malware-24.png" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://foothold.gitbook.io/blog/home-lab-part-11.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.