at LSO we try to use Linux as the attack platform and try to force command line only interaction with the OS (ala SSHing into the lab)

this is usually good enough.  you will find that some tools are only GUI so you need windows or Xwindows and alot of code lately will only compile on windows, in which case you need a windows box.

soooooo

to answer you question a little more fully i would have at least 2 attack platforms a linux box (your choice) and a windows box (2k)

Well don's already mentioned my article "Virtual Lab with VMware" (see the link in don's post).

My CEH lab consisted of 1 host running VMware. The guests included Windows XP Pro, Windows 2003 Server, Backtrack 1.0, FreeBSD 6.0 and finally a LiveCD VM (usually reserved for Knoppix-STD 1.0). Even though I've already got my CEH I've just recently added an OpenBSD 3.8 VM just to mess around with. I don't have enough RAM to run them all concurrently but I usually have at least 2 or 3 on at the same time so that I can check things out.

The Windows XP Pro machine has been fine tuned in to a mean hacking machine that I find I use just as often as I use Backtrack. It's fully patched and has the following installed on it; Cygwin, WinPcap, Nmap, Netcat, Packetyzer, Cain & Able, John the Ripper, Nessus, Tor (including Vidalia and Privoxy), Metasploit Framework, Security Forest Exploit Tree, Sid2user and User2sid.

I also installed some other stuff on it like VMware Tools (obviously), Acrobat Reader for PDF's, AVG and Zone Alarm for protection and Textpad. I much prefer Textpad over Notepad or Wordpad because it does syntax highlighting of HTML documents and has quite a lot of other features. I also installed 3 browsers; Internet Explorer, Opera and Firefox. Firefox is the default browser and has a few extensions including; FoxTor, User Agent Switcher, DOM Inspector and HTTP Live Headers. Firefox also has bookmarked links to "all the best hacking sites". 

The Windows 2003 Server doesn't have any tools on it at all. It is however  Active Directory DC and holds the negrita.local domain name zone.

The Windows 2003 Server and FreeBSD machines were usually the victims of my experiments while the XP machine and Backtrack usually did the attacking (though they were sometimes the victims of each other).

   I agree completely that you should use both Linux and Windows as your OS for pentesting.  If I was forced to use just one and money was an issue, I would pick Linux. Linux comes in a lot of flavors and some are better for hacking than others, although if you are really an adept in Linux, you can make just about any distro work.  I would recommend starting with Ubuntu and Backtrack. 

   Backtrack is good simply because you can jump right into using programs like Kismet without having to fool around with installing wlan-ng drivers,etc.., which can be a headache sometimes. That way you can get the feel of certain tools right from the start. The problem with Backtrack is its moduler installation and it can be a pain to add new things to and the entire feel of it is not nearly as smooth as more polished distros  like Ubuntu or Fedora Core. So eventually you would want to take one of these and add all your tools as you learned more about how to recompile kernels,etc..  Fedora Core is great once you know enough Linux to tweek it to what you want. Once you have your Fedora the way you want it, cut off any more updates. Fedora is a beta testing ground for Red Hat and you don’t want to mess up your work with every download they send you. I will say that I like Fedora way more than Red Hat. Red Hat is way too conservative and slow to progress for my taste.

   If you use windows as an attack platform, I would recommend using XP pro that is not patched up to service pack 2.  Service pack 2 inhibits some scanner programs for example

Yes that would be great if they updated and came out with a more polished Distro.  My understanding is the nmap service pack 2 patch was a 90% fix but was not a complete work around. Perhaps its been updated again. I run nmap from Linux so I cant say for sure if nmap works as well on windows xp service pack 2 at this time so I need to check it out.

 I know super scan had an issue with it also, but again I hope they fixed that also. I don’t really like the raw sockets restrictions that were implemented by service pack 2 and I find its so much easier to code a tool for Linux.

VMware has an appliance already setup for BackTrack and many other Linux OSs. There's a really good hacking one based on SUSE. Just in case you're not familiar, appliances are virtual machines created by others that are already pre-packaged. Download and open in VMware. Saves loads of time and hassle installing from scratch.

http://www.vmware.com/vmtn/appliances/directory/

Don

Thanks for the tip. I have downloaded BackTrack 2.0 Beta and (installed it?) on VMWare from the .iso. I first logged in, did "xorg.conf" then "startx" to hop into KDE. From there, it seems i'm stuck with a 640x480 60Htz display. It also crashed on me when trying to open a term. Not a good sign...

i agree, i booted up a stable ISO and had no problems either