Many people don’t realize that nmap has a print out function that displays everything the way script kiddies used to type way back in the day if you happened to be in a hackers IRC channel.  Its really more of a joke, but its fun to do once in a while.  Ok so you want to be elite? You want to be a first class hacker?  There is really only one way.  To quote an old joke, “ how do you get to Carnegie hall? Practice, Practice Practice!” .   I don’t mean read, read, read or hang out on the net.  You really need to practice your trade. Ok so how do you do that without getting the FBI knocking on your front door?  Well, you need your own lab.  All real hackers have one.  Whether they are a black or white hat, the attack lab is a must. If you don’t have one or access to one, then I cant see how you can call yourself a hacker. Its that important at this time.  In the past not so much, because most hacking a long time ago was 90% password cracking. Yup, that’s right, just cracking passwords.  Sometimes not even that because it was easy to log on to FTP servers as anonymous back then.  We would try guessing passwords first. That still works today and I am still amazed that 123, 123321, qwerty, name of company, etc... are still used! Even hackers can get lazy and I hope I didn’t embarrass too many readers here if I hit a nerve, LOL!  Stop reading and go change that password right now!   The movie War Games is a classic and perfect example of cracking computers back in the eighties.

Ok, so back to attack lab. I have noticed that most of us go through a natural progression when working with our labs.  The very first thing most do is download vmware and install an OS we want to crack. That is a good place to start and actually you will find that you will keep this tactic up for the rest of your hacking life. Even if you have a complex attack lab, attacking a single OS in vmware is still important. For instance, say you are waiting at an airport and you are trying to fuzz an app to create an exploit. You want to test it quickly so you load up your vmware on your laptop and try to run your exploit. The normal approach is to run your OS with no service packs or firewall. Then you begin to add patches one at a time. You keep hardening the OS until you can not crack it any more.  As you do that, you are keeping very careful notes.

The next progression is to actual build multiple vmware installations in order to simulate an entire network.  You can make a fun puzzle with this kind of set up.  Next time you are 30,000 feet in the air, try making a network with say 7 installations and the only way you can get to the target box is to hack and own each box one at a time. That is, you go from box 1 to box 2, then box 2 to box 3,etc. until you get to box 7. If you have a buddy set this up for you before hand its much better so you don’t really know how to get to box 7 other than trial and error.  There is a really good article on how to set up a vmware attack lab written by one of EH-nets most prestigious members Negrita.  Hmmm, I still haven't tried that brand of rum yet!  Is it really better than any others? Hey what can I say, I am not a rum expert, but if I get the chance I will have a shot in honor of you brother.
  http://www.ethicalhacker.net/content/view/63/1/

The next step is to actually build a real network of boxes. This doesn’t need to be elaborate.  You can basically build it from computers people are throwing away.  I like this approach the most because it has the most authentic feel of a network when you are hacking. You can easily change it from a hub to a switched environment which is crucial to developing your “sniffing” skills.  I wrote about this in the past and you can actually build this for way less than $600 now.
http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,1094.msg3450/#msg3450

The final place to go is where you potentially can reap the most benefits, but it’s a bit dangerous. Only think of doing this if you really feel  secure with your networking and monitoring abilities, because it could really bite you.  It involves turning your attack lab into a honeynet.  A honeynet is different from a honeypot. A honeynet involves creating a complete network that will appear “real” to an attacker. A honeypot is a simple box or two that is setup as easy prey for an attacker to distract him from the real target. This was an interesting concept early on but is really considered a bit dated.  One problem was it only caught the dumbest flies. Any highly skilled hacker could detect it even from the outside but even if he or she took the bait, the hacker could tell quickly what was going on and leave quickly.  On the other hand, a honeynet is virtually impossible to distinguish from being authentic because it is authentic!  Its amazing what you can learn if you are lucky enough to catch a big fish. You can actually see how many attackers plan their breach. You might even be lucky enough to sniff out an exploit that has never been published.  Basically you are being taught by some of the best attackers on the net if you set it up correctly.  But remember if you don’t set it up correctly, it can be very dangerous because attackers often use a network like this as a launch platform for other attacks. Believe me when I say its going to difficult to explain to the FBI that you are an innocent victim when they come to your place and see your attack lab with a copy of Hacking Exposed,etc.. laying on one of the towers! It would be better if you can set up the lab in a professional environment like a security business or university or if you work for an ISP and can talk then into it as a project rather than in your home.  But on the other hand if you are reasonably skilled you should be ok.  My rule of thumb is to reset the lab every few days even if I don’t see a breach. I guess I get a little paranoid about some unknown rootkit that cant be detected.  By the way, rootkits are not really an issue so far because they cant hide from an outside scan of the network and that’s part of a well monitored  honeynet.  Rootkits only “fool” the boxes they are installed on so never rely on scanning from the same box. If you are still interested in setting up a honeynet, “Know Your Enemy” by the Honeynet Project is an excellent book on the topic and I suggest anyone interested should read it completely before taking on a project like this.  I hope any one new to security reading this post can see how vital it is to having a lab to work with. In fact, in my opinion you cant really call yourself a skilled hacker if you don’t have access to one. One last thing to mention is all the above examples are valid and good and have their place. They should stay in your repertoire for as long as you are involved in hacking.

 Very nice article! Very well written; kudos to you mate.

Good post but christ, kev you arent you worried about getting a lot of newbie fingers burned?  giggles