how do you create a home hack lab?

[info_genius]

hello everyone.
just joined. this looks like a GREAT site to learn network security and hacking!
i am trying to find out how to setup my own hack lab to practice hacking and security here at home. can anyone give me some pointers on this please? where do i start? what is the best hack lab software to use? are there any online network security/hacking schools with hack labs already set up that you would advice i look into? i have checked out www.sequrit.org but they have not emailed me back in a several days or sent me any addtional info..
has anyone experienced working with Sequrit.org

thanks everyone!

[Andrew Waite]

Hi and welcome to the site.

Check out Wilhelm's book on creating a pentest lab, I reviewed the book for this site here which also includes a sample chapter, which could actually be the best place to start for what you are attempting.

I've spent the last year+ building up a working environment and am starting to get to a point I feel the first version of my lab is 'complete'. I've documented a lot of my working on my blog, relevant posts are tagged with lab.

Hope this helps point you in the right direction, happy hacking

--Andrew Waite

P.S. Just taken a look at securit.org as I hadn't come across the site, and that is some coinage they asking in membership fees. I'll mirror info_genius' question; Anyone have any experience with securite.org?

[info_genius]

hi and thanks Andrew. do you know of any other online sites with more inexpensive fees than sequrity.org please 

thanks

[Equix3n-]

If you want to setup a virtual lab there's an excellent tutorial by Jhaddix and Laz3r here. Besides, you could also use this link.

[KamiCrazy]

Personally my lab at home consists mainly of two things.

I run all my OS's on VMware fusion on my MBP. With 4 gigs of ram I can do most things quite well. I also run backtrack as a fusion image.
For wireless testing, I simply plug in a USB WiFi card into Fusion and it bridges it over to Backtrack.

For cisco related stuff I run dynagen on my home desktop, which is an opteron 175 with 4 gigs.

Honestly fusion has made testing and labwork a breeze for me.

If you don't want to run a mac my suggestion would be to use a linux host and run something like KVM, or virtualbox etc. I personally don't recommend using windows as a host OS.

[sgt_mjc]

I'm lucky with my lab setup.  I have a lab at the office that we can use to practice with as well as at home.  My home lab has a couple of physical boxes.  One box is my game rig so I don't do too much with it, but my other box is my test bed system.  I use it to play with.  I have run every thing form Solaris 10 to Ubuntu to Server 08.  I have VMWare Server (Free) on my game rig since it has the most RAM and I can beef it up.  I use VMs for OSes that I don't want to rebuild or reinstall.  Unfortuneately, I don't have anything good for Cisco at the house.

My office lab has every thing in it or darn near.  I have three servers to hos VMs.  I have several SPARC platforms for various versions of Solaris.  I also have ISO files for various LiveCDs that can be run in a VM that have known vulnerabilities in them. 

Your lab is only limited by your imagination.  Have fun with it.  There are plenty of free tools out there like Sun Vitual box, Microsoft Virtual PC, and VMWare Server.  You can download pre-built VMs form the VMWare site.  Most Linux distros are free or there is a free version.  Good luck.

[ajohnson]

I'd go with ESXi if I had compatible hardware, but Workstation has worked very well for me so far. On the Microsoft side, I've got everything from Windows 3.1 (just for fun) to Windows 7 (Technet Download subscriptions are your friend), and various versions of CentOS, BSD, Solaris, etc.

A decent multicore processor, a load of memory (DDR2 is cheap), and several faster HDs is all you need. I actually found the HDs to be my bottleneck, so I just bought a bunch of cheap 160GB 7200RPM drives. Your VMs will usually range from 1-20GB, so you're more concerned with spindles than total storage.

[Basil1977]

hi info_genius

If you are new to EH/PT world I would suggest downloading Backtrack 3 or Backtrack 4 Prerelease and try to play with it.

It has most of the free tools .

[Laz3r]

As Equix3n- already said, Jhaddix and I did a couple tutorials. Network Pentesting Lab and Web Testing Lab.  We tried our best to keep costs at $0.  But to be completely legal, you need a legitimate copy of windows.  Though there is a legal way around this.  I haven't tried it personally, but based on where it's found, I'm sure it should work.  Check out Metasploit Unleashed (required files).  This should give you the links to a legal VM download of XP SP2.  Follow some of the steps they have to give you the control over the OS that you need.

From there you should be able to install everything we've got in the videos (that require windows) all free of charge.

[sgt_mjc]

Thanks Laz3r for the links.  I may follow your web test lab setup.  We don't do a lot of web app pentesting, but it is an integral part of a pentest. Thanks.

[UNIX]

I recommend the tutorials by Lar3r and Jhaddix as well, they did a great job. You might also try to get a copy of Grendel's bookProfessional Penetration Testing: Creating and Operating a Formal Hacking Lab which should show you some more points to consider.

[info_genius]

thanks guys!