.

Resources for pentest lab scenarios?

<<

rframe

Newbie
Newbie

Posts: 2

Joined: Thu Feb 11, 2010 9:38 am

Post Thu Feb 11, 2010 9:52 am

Resources for pentest lab scenarios?

Hi,

I'm preparing for the CEH on my own (no formal classes), and would like exposure to more lab environments for pen testing.  I wanted to know if you've located any interesting lab environment resources for pen testing?

What I'm hoping to find are more resources like de-ice.net which provide vmware images and lab scenarios to test against.  Online labs would be great too.

I enjoy working against systems that I haven't setup myself.

The offensive security course and online labs look like a good value, but I think I'll wait until after I sit for my CISSP later this spring so that I can apply the continuing education credits earned toward future ISC2 requirements.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Feb 11, 2010 10:01 am

Re: Resources for pentest lab scenarios?

Good luck, and welcome to EH-Net, rframe.  You've found a good place to get you going.

There are other good live-cd lab scenarios you can use.  Hackerdemia, pwnOS, Webgoat and others will give you some other basics to look at and start studying with.  There's also a good book, written by Thomas Wilhelm (recently talked about on the forums here):  "Professional Penetration Testing: Creating and Operating a Formal Hacking Lab"  which I would highly recommend as a good resource for your learning pleasure.  The book is an excellent resource / read, and the DVD contains images for many of the live-cd's I listed above, as well as videos and tutorials from the heorot.net site.  If you're looking to get started, it's a good way to begin.  Also, another good book for building your OWN lab is "Build Your Own Security Lab: A Field Guide for Network Testing"

I think if you're looking for basic starting points, those will do you well!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Feb 11, 2010 11:27 am

Re: Resources for pentest lab scenarios?

Welcome to the forums, rframe.

In addition to what hayabusa already recommended, you could also take a look at Network Pentest Lab and Pentest Labs: Web Application Edition by Jhaddix and Laz3r.

There are some other resources as well, including Damn Vulnerable Linux, Foundstone's Hacme series and still some more.

You may also browse through similar threads, were some more recommendations were already given. Eventually you might also find similar questions in several newsgroups.
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Thu Feb 11, 2010 11:37 am

Re: Resources for pentest lab scenarios?

I'm remembering someone suggesting Damn Vulnerable Linux (http://www.damnvulnerablelinux.org).  It is a pre-configured Linux system with a ton of holes in it to poke around in.  There is also another project Dam Vulnerable Web App (http://sourceforge.net/projects/dvwa/), and of course Foundstone's Hacme series of tools (http://www.foundstone.com/us/resources-free-tools.asp).  OWASP's WebGoat Project (http://www.owasp.org/index.php/Category ... at_Project) may also be useful to you.

I also remember some servers which are setup for pen testing/exploration... maybe it was a honey net project or darknet or something.

My experience with the CEH, it is just as easy to setup the tools with two PCs and a virtual machine setup Snort, and bang out NMAP switches while running Wireshark.


(edit: awesec beat me to the punch in posting because I had to pay the plumber!)
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

h0les

Newbie
Newbie

Posts: 19

Joined: Thu Jun 18, 2009 2:07 am

Post Thu Feb 11, 2010 2:20 pm

Re: Resources for pentest lab scenarios?

<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Feb 11, 2010 3:58 pm

Re: Resources for pentest lab scenarios?

Overthewire.org war games are a pretty cool resource as well.
~~~~~~~~~~~~~~
Ketchup
<<

rframe

Newbie
Newbie

Posts: 2

Joined: Thu Feb 11, 2010 9:38 am

Post Thu Feb 11, 2010 8:02 pm

Re: Resources for pentest lab scenarios?

Thanks for all the quick suggestions, very helpful and you've given me plenty to work on.  I appreciate it.  ;D
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Feb 12, 2010 7:36 am

Re: Resources for pentest lab scenarios?

Wow!

I knew about half of them, but I am very happy to see this list too!
I think you can also get DefCon's capture the flag server images and answers from their web site.
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Tue Feb 16, 2010 1:08 pm

Re: Resources for pentest lab scenarios?

Man, this thread has been bothering me for days.  I knew there was another resource out there for pen testing.  I finally found it.  Netwars, Http://netwars.info/.

Also, there are easy ways to roll your own using VMWare images, http://www.vmware.com/appliances/, and then a visit to your local vulnerability database, http://www.exploit-db.com/.

Ok, I totally feel better now!
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software