• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Ethical Hacking

William Bailey

Ethical Hacking

MIS 5211.701 ■ Fall 2020 ■ William Bailey
  • Home
  • INSTRUCTOR
  • SYLLABUS
  • Gradebook

Week 11: Share Your Experiences – Security Shepherd

November 10, 2020 by William Bailey 22 Comments

During Week 11, what are your experiences with Security Shepherd?

Which deployment method (VMware / VirtualBox / Docker) did you choose, and why?

How many challenges did you complete?

When you encountered issues, what kind of steps did you take to resolve the issues and forge onward?

Filed Under: Uncategorized Tagged With:

Reader Interactions

Comments

  1. Nicholas Fabrizio says

    November 11, 2020 at 9:45 pm

    Security Shepherd is a very interesting virtual machine and I enjoyed being able to try and exploit some of the vulnerabilities. I decided to run the Security Shepherd 3.1 virtual machine on VMware since that is the hypervisor I’ve been using all semester. I was able to resolve the issue with the network adapters not showing up after finding an thread on the OWASP GitHub repository. This thread suggested to release/renew the dhcp client ip addresses and that worked for me (link is below). As of this writing I was able to complete 11 of the challenges and some took me awhile, for example the challenge “What is Mobile Insecure Data Storage?”. I’ve learned to make sure to read the readme.txt file first because it may contain valuable information which could save you a lot of time troubleshooting.

    https://github.com/OWASP/SecurityShepherd/issues/551

    Log in to Reply
    • Kelly Sharadin says

      November 12, 2020 at 5:26 pm

      Hi,

      I agree reading documentation is the best first step in many scenarios.

      Log in to Reply
      • Anthony Wong says

        November 13, 2020 at 3:01 pm

        Completely agree here as well. Only thing I didn’t find in the documentation was the login credentials for Security Shepherd… I only knew once Professor Bailey mentioned it in class.

        Log in to Reply
        • Kelly Sharadin says

          November 14, 2020 at 9:32 am

          When you unzipped the security shepherd zip – you should have received a readme.txt thats where the instructions for install and password are

          Log in to Reply
          • Anthony Wong says

            November 15, 2020 at 11:44 am

            Oh I see it now… I was looking in the wrong folder the entire time.

            Log in to Reply
    • Zhuofu Wang says

      November 13, 2020 at 8:32 pm

      Agree. Any official file will help. And the community (The SecurityShepherd bug page https://github.com/OWASP/SecurityShepherd/labels/Bug) is also a useful way to find the solution.

      Log in to Reply
      • Amelia Safirstein says

        November 15, 2020 at 10:37 pm

        Youtube has been really helpful for me when I run into issues as well! There are tutorials on virtually everything.

        Log in to Reply
    • Bryan Garrahan says

      November 16, 2020 at 8:35 am

      Thanks for sharing nick! I’m going to see if this works with me in version 3.1

      Log in to Reply
  2. Anthony Wong says

    November 12, 2020 at 11:13 am

    I chose to use VirtualBox because my Kali and Metasploitable machines were deployed there and added Security Shepherd and Security Dojo to the same network. In the beginning of the semester, I tried to work with VMWare, but ran into a ton of issues and found it difficult to work with. As I completed more challenges, they became more difficult and took me a while to complete. I completed 8 challenges in Security Shepherd. Also, I briefly used Dojo to try XSS and generated an alert. Overall, both installations went pretty smoothly for me. The main problem I ran into was not being able to access Security Shepherd, but was resolved by rebooting the VM.

    Log in to Reply
    • Kelly Sharadin says

      November 12, 2020 at 5:28 pm

      Hi,

      Not related to the web apps but I understand what you’re saying about putting things on the same network. Actually, understanding virtual networks helped me understand networking in general. Every frustration is a learning process 🙂

      Log in to Reply
      • Anthony Wong says

        November 13, 2020 at 3:03 pm

        Hi Kelly,

        I definitely want to keep building on my network knowledge. I will have to take a look more into virtual networks to help with this. Thanks!

        Log in to Reply
  3. Kelly Sharadin says

    November 12, 2020 at 5:24 pm

    Deployed on VirtualBox and had no issues connecting. Each exercise builds upon the previous exploit so it’s a pretty logical path which I found very helpful in understanding the increasing complexity/ what to look for when sending requests. I got up to exercise 5 and received some operational issues that may be related to my build but I will have to investigate further.

    Log in to Reply
  4. Anthony Wong says

    November 13, 2020 at 3:06 pm

    As I went on past exercise 5 (?), I personally found them more difficult to solve. Did you experiment with Security Dojo at all?

    Log in to Reply
    • Kelly Sharadin says

      November 14, 2020 at 9:38 am

      Yes, I posted on the other discussion post. Overall I found security dojo is less intutive than security shepherd. I also didnt realize it was just the DVWA inside of the security dojo VM. When lockdown begin earlier this year – I spent sometime learning BurpSuite and played around with DVWA. There are some good walkthroughs avaliable to help guide you as I said its doesnt build as logical as Security Shepherd so you really need web app knowledge to move through the challenges

      Log in to Reply
      • Anthony Wong says

        November 15, 2020 at 11:51 am

        Completely agree. I struggled with Dojo and was lucky to find a decent amount of tutorial videos to help out.

        Log in to Reply
      • Amelia Safirstein says

        November 15, 2020 at 11:06 pm

        I did the same thing with DVWA! I agree though that Security Shepherd is more intuitive. I found myself needing to find hints and follow some video tutorials in DVWA to get through.

        Log in to Reply
  5. Anthony Wong says

    November 13, 2020 at 3:06 pm

    @ Kelly’s post.

    Log in to Reply
  6. Zhuofu Wang says

    November 13, 2020 at 8:16 pm

    I tried to deploy the Security Shepherd on VMware but failed. It kept giving me some error about the network connection. Although I have debugged and modified the settings, it still can’t be solved. Then I tried to deploy the Security Shepherd on VirtualBox, every thing is going smoothly. I have completed 4 exercises so far and am preparing to do more exercises during the weekend.

    Log in to Reply
    • Anthony Wong says

      November 15, 2020 at 11:50 am

      Hi Zhoufu,

      Browsing through the readme.txt., it does mention VirtualBox is recommended which makes me believe they are aware of all the VMware issues.

      Log in to Reply
      • Zhuofu Wang says

        November 15, 2020 at 7:25 pm

        Hi Anthony,

        Yeah, they provide a .ova file, which is the import format of VirtualBox. The import format of VMWare should be the .vmdk file. I’m more prefer to use VMWare, so I tried to deploy it on VMWare first. In most cases, VMWare supports the import of .ova format, but some minor problems may occur.

        Log in to Reply
  7. Amelia Safirstein says

    November 15, 2020 at 10:35 pm

    I deployed Security Shepherd in Virtualbox since I already had Kali running through that hypervisor on the machine that I wanted to use. I have completed four challenges so far and plan to continue practicing. The only issue I’ve run into so far is not being able to log into the admin account with the server admin login credentials. Reading the “Read Me” sheet the entire way through was useful!.

    Log in to Reply
  8. Bryan Garrahan says

    November 16, 2020 at 8:35 am

    I chose to deploy security shepherd via the VMware virtual environment I’ve been using this semester. I actually ran into the same issues we walked through in class when I was attempting to deploy version 3.1. Initially, I didn’t have much success troubleshooting the problem with YouTube videos and articles I was reading compared to some of the previous programs we needed to install. However, I ended up installing version 3.0 and had much more success doing so. At the moment, I’ve completed 2 challenges but plan on completing the rest by the end of the semester.

    Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (1)
  • Week 01: Overview (5)
  • Week 02: TCP/IP and Network Architecture (3)
  • Week 03: Virtualization (2)
  • Week 04: Vulnerability Scanning (2)
  • Week 05: System and User Enumeration (2)
  • Week 06: Metasploit (1)
  • Week 07: Social Engineering (2)
  • Week 08: Malware (2)
  • Week 09: Web Application Security (1)
  • Week 12: Wireless (2)
  • Week 14: Review of all topics (1)

Copyright © 2025 · Course News Pro on Genesis Framework · WordPress · Log in