HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 33 guests online
 
Advertisement

You are here: Home arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Pentesting Lab Question
EH-Net
May 19, 2013, 12:25:52 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Go back to The Ethical Hacker Network Online Magazine Home Page
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Pentesting Lab Question  (Read 4634 times)
0 Members and 1 Guest are viewing this topic.
millwalll
Guest
« on: June 24, 2010, 09:22:17 AM »
Hi all,

I am very new to security and want to set up a testing lab I have done a search on here and found some very useful informaiton I also have a wide range of books on security including Professional Penetration testing.

I currently have a desktop pc that has 4GB ram with 3TB HDD and amd phonom 3.40GHz  processor on 64 bit windows 7.

and a HP laptop that has 4gb ram 120gb SSD with intel i7 again running on 64 bit OS

However my question is what routers and switches should I go for I have been told cisco are the best as these are most common.

SO I had a look on ebay and found these would they do the job ?

http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=110549349403&ssPageName=STRK:MEWAX:IT


http://cgi.ebay.co.uk/ws/eBayISAPI.dll?ViewItem&item=330444293752&ssPageName=STRK:MEWAX:IT

Also Vmware is it best to buy the workstation version or should I only need the player or is it handy to have the workstation to make your images?

any help on this would be great thanks


Logged
sil
Hero Member
*****
Offline Offline

Posts: 549



View Profile WWW
« Reply #1 on: June 24, 2010, 10:17:21 AM »
Before you run out and spend any hard earned money on routers, what exactly is the purpose of you acquiring one for. I say one because in a pentesting lab environment its pretty uncommon that you would be pentesting against these unless you're of course phenolit.

For the most part, a router just like any other machine runs a service on it. You either telnet, ssh or console to it for connectivity. Once you have that connectivity, it's free reign however, the attackability perspective is the same as it is for any machine. Enumerate services if you can (nmap -T0 is your friend) and go from there. Little will be gained from the penetration testing LAB perspective unless you have a focus.

For example, you want to test/capture traffic between networks. Other than that, there are very little known remote exploits for any and most routers. So unless you're developing something router or switch specific. You'd treat the router from a pentest perspective the same as you would a server. Same tools, different variables.

As for spending, Cisco is the most affordable USED router that is commonly used in the enterprise. Unless of course you want to fork out major bucks for a Juniper. I say though, you need not buy a router unless you have specifics for it. I have who knows how many routers lying around that at one point had a purpose (CCIE Security studies) which now collect dust. With that said, you could theoretically get by tinkering with Dynagen/Dynamips/GNS3 without having to spend on a router.

http://dynagen.org/
http://dynagen.org/tutorial.htm
http://www.gns3.net/
Logged
http://www.infiltrated.net/mgz/puppylecter.jpg
chrisj
Hero Member
*****
Offline Offline

Posts: 1163


View Profile WWW
« Reply #2 on: June 24, 2010, 10:25:50 AM »
I have to go with Sil, unless you're doing something Cisco cert related, don't worry too much about the hardware.

However don't waste money on the 2500s. they don't support vlans (router on a stick model). The 2600 is a little limited on the amount of traffic it can do.

I have several 2500 and cat 2900s collecting dust (I was using them Cisco training) after finding out they're not what I needed for a lab. Glad I only spent about 100.00 total building the whole lab.

When I get money again, I'll be buying the stuff listed in the CURRENT editions of the CCNA study guide. But that's not for pen-testing. Smiley

If you want really good advice for a pen-testing lab, look up this book
« Last Edit: June 24, 2010, 10:27:25 AM by chrisj » Logged
OSWP, Sec+
millwalll
Guest
« Reply #3 on: June 24, 2010, 11:26:46 AM »
Hi thanks I already have that book and as yet not got round to reading it. At the moment I am reading Infosec career hacking.

What about vmware is it worth buying the workstation version ?
Logged
xXxKrisxXx
Hero Member
*****
Offline Offline

Posts: 512



View Profile
« Reply #4 on: June 24, 2010, 11:45:25 AM »
I wouldn't buy workstation. I had workstation installed & after the trial expired, I just re-signed up with a VMWare account and re-put in the trial license it ended up working. If you want to save yourself the issues, I'd highly recommend VMPlayer. Virtual PC is also worth looking into - you could get it here.

There's free Windows Virtual Hard Drives offered by Microsoft (Some Windows XP Machines SP3 with various versions of IE, as well as a Vista VHD) available here. These are apart of my lab at home.

-Kris
Logged
eCPPT, GCIH, OSCP, OSWP
secureseven
Jr. Member
**
Offline Offline

Posts: 79



View Profile
« Reply #5 on: June 24, 2010, 02:27:33 PM »
GNS3 is wonderful if you want to try attacks on routers. It doesn't quite work well with switches, but you can get a cheap switch on ebay.

Another virtualization alternative is VirtualBox.
Logged
http://twitter.com/mikesantillana
eLearnSecurity Team Member.
millwalll
Guest
« Reply #6 on: June 25, 2010, 01:41:35 PM »
Hi once again thanks for this infomation can you make images with windows virtual pc ?
Logged
pizza1337
Full Member
***
Offline Offline

Posts: 156

Resource is Power.


View Profile
« Reply #7 on: June 28, 2010, 05:24:48 PM »
http://www.irongeek.com/i.php?page=security/building-an-infosec-lab-on-the-cheap  and http://www.irongeek.com/i.php?page=videos/building-a-hacklab  They might help a little.
Logged
Knowledge Resource is Power.
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.064 seconds with 23 queries.
 
Exclusive Deal

sansfire13_245x90_cw90.jpg
SANSFIRE 2013
June 15 - 22

5% Off w/ Code: EHN_5

SANS Deals 4 EH-Netters
5% OFF Any SANS Course in Any Format!
Coupon Code: EHN_5 Including SANS Rocky Mountain 2013 & SANS Boston 2013
Polls
Compared to this year, 2013 will be:
 
Recent Forum Topics
EH-Net News Feeds
Latest Additions
 
         
Advertisement

© 2013 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.