.

Vmware, or Practicing Pentesting

<<

brianW85428

Newbie
Newbie

Posts: 8

Joined: Mon Sep 15, 2008 8:56 pm

Post Mon Sep 15, 2008 9:11 pm

Vmware, or Practicing Pentesting

Hello everyone!
First i want to say thank everyone that helps me out!

Second i wanna say that i have a very basic knowledge in hacking, I know most hacking terms, Your not talking to a noob here  :)

Okay so here is my question,
I wanna know what everyone setup is,
I suppose that everyone is running Vmware or something,
But what do you use to hack with, and what do you use to practice the pentesting on?

Like Windows --> Windows or
Linux --> Windows

And if your hacking Windows, what type of windows and what service pack?
Thank you for your replies in advance  ;D

<xHack^Wright>
<<

LSOChris

Post Mon Sep 15, 2008 10:22 pm

Re: Vmware, or Practicing Pentesting

both...all...whatever

linux to linux, linux to windows, windows to linux, windows to windos...etc
<<

NickFnord

User avatar

Full Member
Full Member

Posts: 117

Joined: Fri Sep 05, 2008 5:25 am

Post Tue Sep 16, 2008 8:22 am

Re: Vmware, or Practicing Pentesting

Your enthusiasm is really great, but your question is very much like asking: "Hi all - I want to learn how to drive, what does everyone use?  SUV's or hybrids, and what type of fuel?"

And the answer that has already been given is akin to: "What you drive and the type of fuel you use is entirely irrelevant to the task of getting somewhere in a vehicle"

What operating system you use is particularly irrelevant when you're trying to find or exploit a vulnerability in a remote system (which most of the time is what you would try to do), because it only matters what is running on that system and so long as the tool that you're using to do it works, then it doesn't matter what operating system you're running. And besides, due to VM tools you can essentially pick whatever you prefer anyway.

Take this article on writing windows buffer overflows in this particular case, the author used a windows box running VMware, but it could just have easily been done from a linux box running VMware or a separate physical machine could have been used just as easily. 

Another analogy would be: "Hi, I'm trying to learn how to make wooden things, does everyone use hammers or screwdrivers?"  you use the tool that is best suited for the job.

In addition to this, there are a number of Live CD linux distributions that come preconfigured with a number of useful tools.  So this makes it even more irrelevant what operating system you're running.  Some tools run equally well on windows and linux and so it doesn't matter which you have. 

Sorry if this post sounded like a rant.  You'll find that if you want a more specific answer, you'll need to ask more specific questions. 

Keep reading!
Last edited by NickFnord on Tue Sep 16, 2008 8:25 am, edited 1 time in total.
<<

sgt_mjc

Sr. Member
Sr. Member

Posts: 294

Joined: Tue Feb 05, 2008 8:34 am

Location: AL

Post Tue Sep 16, 2008 8:31 am

Re: Vmware, or Practicing Pentesting

We use various flavors of both Linux/Unix and Windows in the Lab to practice on. We attack form any and all as well. I am a little different than most though in that I like working out of Windows.
Mike Conway
CISSP
CompTia Security +
C|EH
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Tue Sep 16, 2008 9:32 am

Re: Vmware, or Practicing Pentesting

Welcome to the forum.
My lab I have a couple of laptops running vista and XP sp3. One laptop also have Ubuntu on it. I have my netbook with Linpus and BT3. Then I have a desktop machine that has unpatched or limited versions of patching for XP, 2000, 2k Server, 2003, Mandrake, Ubuntu and Fedora.
Also a switch, couple of routers, AP's and bluetooth carkits etc.

I also have a few live cds that people mentioned on here for giving pen testing environments, like the DE-ICE series etc.
<<

toggmeister

Post Thu Sep 18, 2008 2:46 pm

Re: Vmware, or Practicing Pentesting

Hi,

I use Windows XP SP3 base with fc8 and fc9 for my guest os.  Most of my stuff is on the windows side, duplicated onto linux for quickness as most of the tools I use are quicker on that OS  :D.

Duplication is for a reason, some networks I have come across only allow one mac so cannot use VM's.  I use windows as base as I have found that a lot of commercial scanners have to be on windows.

For testing you can practice on all sorts of platforms in vmware but that said each test that you perform will be different from the lab, you may have a solaris 10 build in the lab and testing solaris 10 but did that build in the lab have a really old Oracle install on it (for legacy reasons)? You can't basically test for all eventualities, you can get a semblance for each os but each network you will find is different, each sysadmin has a different way of implementing security (or circumventing it) to get the job done so no matter what you have got set up you will always find something out of the norm.

Its a keen mind that can adjust to curve balls that are thrown in of every single test.

Togg

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software