So, you're unable to load up VMWare workstation or VirtualBox, even? How old are these boxes?
I know that without VT-enabled machines, you're not going to throw up Xen or anything, but you should be able to load up multiple VM's on VMWare workstation, regardless.
With regards to my lab, personally:
I have 3 rackmount servers, all running VMWare ESXi or KVM, so each of those has multiple guests.
I have multiple physical machines, as well, running flavors of Windows or Linux, and on some of those, I run VMWare workstation, to allow me a few additional (and portable, in the case of my laptops) guests, for demonstration purposes, or mobile tests. That said, Andrew's lab posts should help you to get some ideas, and there are plenty of lab setups discussed on the forums, here.
First, you should just start by getting your feet wet, and work on local exploits. Setup as if you're ON the local subnet, and understand things like sniffing, port scanning and enumeration, etc. Understand the different attack vectors, as they apply to the OSI layers, and how each comes into play in a pentest. Practice with nmap, netcat and other tools, against local machines, as the knowledge you'll gain for the underlying protocols and such is necessary to do the same testing for remote systems, etc. Learn about passing the hash, man-in-the-middle, etc. Then, move on to topics for remote exploits, like SQL Injection, XSS, and client-side attacks, and start to grow out your base.
Assuming your 'guest' OS availability is as limited as you infer, what I'd do, now, is make some decisions on where you want to START learning. Decide on which base OS's you want to begin with, such as unpatched Windows XP and older Linux kernel versions, load up a couple, and begin looking at the tutorials on hacking / pentesting, with those. Additionally, look at the DE-Ice cd images, etc, that give you some bootable images to toy with, and watch / learn from the tutorials on those. Start learning about the stack, about buffer overflows, about WHERE to research, learn about, and find public exploits, and begin to parse through them, to see how they do what they do.
But most importantly, have fun with your lab. Don't get tied into one specific topic, and frustrate yourself, if you don't get it right away. Mix things up enough that you'll get some successes here and there, to help you understand that you ARE progressing.
And ALWAYS ask questions. That's the key to being a good pentester, as there will ALWAYS be someone with more knowledge and experience out there. May not find them right away, but the key to learning, especially in this field, is to share with others.
Last edited by hayabusa
on Mon Mar 28, 2011 7:32 am, edited 1 time in total.
~ hayabusa ~
"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'
OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)