.

Another Pentest Lab Thread--with a twist? // intro thread

<<

Oceans80

Newbie
Newbie

Posts: 6

Joined: Tue Sep 27, 2011 6:39 pm

Post Tue Sep 27, 2011 7:11 pm

Another Pentest Lab Thread--with a twist? // intro thread

Hello everybody!! I am new here, obviously.  I am hoping that I am not going to be posting your typical n00b questions.

About me? Well, I am 23 years old student from the US.  I can't find a decent hacking forum anywhere that doesn't have malicious/skid motivations. I've always been into computers.  I went through the phase of being malicious/skid back in the middle school days with AOL, AIM, "nukers," "punters," (if anybody remembers those good ol' tools lol).

Anyway, I am now finally majoring in IT (used to be a Psych major, read a study once about monkeys not liking their hobby when they started getting paid for it and I liked computers too much, I wouldn't get a degree in it) and I am focusing on security.  After my script kiddie days, I gave up on the hacking scene (obviously, those tools rarely worked) then I would come back here and there. Now, I am serious again and with a new agenda. I want to learn. Learn it all, how it works, why it works, and I want to secure things. I would LOVE to make this my career.  Their are not many feelings that feel better than "solving the puzzle" and gaining access/getting the password (I did a lot of the lessons on HackThisSite!). 

My question is this.  I have a friend at school that I have interested in hacking.  I believe that his intentions are good and he isn't trying to do damage, he is just fascinated by it all.

Well, I am brainstorming ways to set up a pentest lab for us.  I see a lot about VMWare and what not, which is all good, but, we want to be able to attack the network from the outside. 

For example, if he is at home and wants to do some work, he can, or, we're both at school and want to work on it, we can. I do not, however, want to make my entire network vulnerable.

My idea was to set up a network of vulnerable ISOs (hackerdemia, de-ice, dvl, metasploitable, etc) where (i think only VirtualBox supports it) only the VMs can talk to one another. Then, set up Backtrack as it's own IP on the network so we could SSH into that then use the BT VM to attack the toher VMs.  I do not know how I would go about setting this up though.

Or if there are maybe better ideas?

What would be best is a way to attack the box directly from our laptops, however, like I said, I fear making my entire network vulnerable.

My router has an option to isolate everything on the network from one another, however, that ruins the file server setup my girlfriend and I have. 

I guess I am basically just looking for any alternate ideas that I may not have thought of.



So to summarize:

A friend and I would like to attack a computer on my network (preferably w/ our own OS, he runs blackbuntu, i have Arch w/ preferred tools) but I do not want to make the entire network vulnerable (what are the chances of someone actually hacking my network though unless I was out looking for trouble??)  SSH into a Backtrack VM (or even Backtrack as the Host OS) and attacking the VMs would work also.

Anybody wanna help?? =) 

Thank you in advance, I'll check back soon after I surf the forums some more =)
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Sep 27, 2011 7:32 pm

Re: Another Pentest Lab Thread--with a twist? // intro thread

Do you want to simulate attacking a network from outside, or just have access to this lab while not at school?

Simulating an attack from outside isn't too difficult.  You would be looking for exposed services, figure out what vulnerabilities exist and proceed.  That can be done without requiring a firewall.  Most of those hack OSes have what they need exposed to complete the exercise.

If you just want to access the lab when you are not at school well I wouldn't suggest SSHing into your backtrack system directly, I would setup a separate SSH server and then jump from there to your lab network, maybe configure SSH only use keyfiles so that not anyone can just try to hop on for added security.  Alternatively you can setup OpenVPN which I think allows up to 2 free VPN connections before you have to get the paid version.  That then gives you a nice VPN connection into your network and you can then freely connect to whatever you need to and even run attacks from your laptop.

Though this all depends on what you ultimately want to accomplish.
Certs: GCWN
(@)Dewser
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Tue Sep 27, 2011 7:36 pm

Re: Another Pentest Lab Thread--with a twist? // intro thread

You have many options but I do this:

1. I have Virtual Box in my laptop with all the OS that I need (xp, linux, 2003/2008, de-ice, etc). When I have time or I need to do a test I run it. You guys mention that you have laptops, just put it there.

2. If you want to have your own central network where to work, just built it in the machines(s) that you want at home and use something like logmein or any remote software to connect to a machine inside of your network and begin to work (for me that slow).

It is not good idea to open connection from internet to your vulnerable network, you could get bad surprises.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

Oceans80

Newbie
Newbie

Posts: 6

Joined: Tue Sep 27, 2011 6:39 pm

Post Tue Sep 27, 2011 9:45 pm

Re: Another Pentest Lab Thread--with a twist? // intro thread

I want to set it up so that he can access it from his house/school and I can access it from school/house...

I also want to simulate an outside attack because that is a weak point of mine. On a LAN, I can do MITM/Arp Spoofing/etc.  My weakness is finding the vulns and gaining access from a remote location...

I think I am going to just do the vuln OS and attack from my host OS and tell him to do the same.  It would be the easiest/fastest set up. 

I thought about SSH into the Attacking VM because that would give me access to all of the tools and allow me to attack the other running VMs..

I think TeamViewer/LogMeIn would be way too slow, however, what about using VMWare and using the "Connect to Server..." option...

I dunno, I have so many ideas in my head and I can't get a visual image of any of them or how they'd work (I guess I need an adderall increase)...

I hope I gave you a better idea of what I am shooting for...I think I will probably use my host OS or an attacking VM to attack a vuln VM...it will be the easiest/fastest way...

I appreciate the help, and like I said, hopefully you guys will have an idea of what i am trying to do and possibly provide me with a better idea...but I think I am probably just going to attack virtual VMs locally until I think up a better idea/plan
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Wed Sep 28, 2011 7:59 am

Re: Another Pentest Lab Thread--with a twist? // intro thread

Well keep in mind, any "affordable" hardware firewall solution for you will really only be forwarding ports, so finding the vulns on the outside, is really not going to be much different than finding them from the inside.  You have specific services running on the systems and you will pick those up doing some network mapping and enumeration.  Then its just about finding ways to exploit those vulns.  If you want to simulate a more advanced firewall then you can setup a software based one on the host system and use it to route your lab traffic through.  You should be able to do this with some of the networking options that Virtualbox or vmware workstation provide.

I would also setup the lab at your home, mainly because that is a network you control.  The school's network may not always provide the ability to remote into your lab, they may block that sort of traffic and they also may block the traffic from your attacks.  An OpenVPN setup may give you better performance/access than logmein.  Or you can just setup your attacking system on the lab and connect to it over VPN over SSH.  Like impelse suggested, opening that system to the Internet, may not be wise.  Just as something like Backtrack is used to pen test, people know how to crack it just as well and take over the system for their own means.
Certs: GCWN
(@)Dewser
<<

Oceans80

Newbie
Newbie

Posts: 6

Joined: Tue Sep 27, 2011 6:39 pm

Post Wed Sep 28, 2011 8:26 am

Re: Another Pentest Lab Thread--with a twist? // intro thread

Right, that is why I have been nervous of opening a vuln system up on my network

I think the best idea is just running VMWare/VBox on my laptop and attacking a VM w/ my host OS...

I think that'll be the best way to go...

I'll just keep my server as a file server/backup/torrent slave like it is now (not really sure what else to do with it, i need a 64bit processor though cause i have 8GB ram w/ Arch and PAE kernel)

I appreciate all of the help and insight

See you guys around the forum 8-)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software