.

[Article]-A Rant About Hacking Labs

<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sat Feb 11, 2012 4:40 pm

[Article]-A Rant About Hacking Labs

Tom is back with us for some thoughts and suggestions on hacking labs, education and career pen testing. Let us know what you think, if you agree and especially if you don't.

Be sure to join in by sharing your lab experiences and setups.

Permanent link: [Article]-A Rant About Hacking Labs


Image


By Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA

One of the more frequent questions I see on EH-Net pertains to creating pentest labs. Individuals new to the topic of hacking often have a limited understanding of what type of equipment is required, or how to go about setting up a lab to practice all of the cool attacks they have watched on YouTube. Details on how to get started using a single system and virtual machines are numerous – including some I have done. However, I think there is one question not being asked enough when discussing hacking labs… “Why do you want a lab?”

Most people create a lab containing a single host system and include virtual images of various Operating Systems. Unknowingly they have just restricted themselves to a very finite portion of real-world hacking – system attacks. I’m not even sure I can classify these “system attacks” as internal (within the corporate network) or external (Internet-facing services), due to a lack of support systems typically found in corporate networks. Absent are the routers, firewalls, IDS/IPSes, windows networks, switches, etc. Without these, we don’t really have a good example of what someone might face during a real pentest, nor do we create an effective learning environment. 



Don
CISSP, MCSE, CSTA, Security+ SME
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Sat Feb 11, 2012 7:08 pm

Re: [Article]-A Rant About Hacking Labs

Great article  ;D Even though, I know that it's not anyone who can afford a lab of 600$, and in some cases perhaps not even 300$ if their budget doesn't allow it. Some newbies, that wants to learn infosec might be young, and I think it's more attractive to play with system attacks that are free, compared to buying real hardware equipment.

Of course, with young people getting iphones and other expensive gear, perhaps they should put cisco routers and switches on their wishlist instead  ;D

I do agree that many, including me doesn't get that much exposure to network attacks, even though I have tested arp spoofing, isr evilgrade (it's a tool), and setting up a rogue dhcp server, on quite a few occasions, where it was multiple computers on a network, even used the default password on a real hardware switch once to get info about another network, but that was because I was lucky to have the opportunity to play with these things in real life, as not every newbie is.

Hacking a switch, with community strings, and perhaps tftp is quite fun, and I'm glad I have the opportunity to play with these things at the hacking dojo too.  :)
I'm an InterN0T'er
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Sun Feb 12, 2012 12:03 am

Re: [Article]-A Rant About Hacking Labs

This is a great article.
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

millwalll

Post Sun Feb 12, 2012 7:14 am

Re: [Article]-A Rant About Hacking Labs

Good read I am in the process of updating my lab as it was just all live cd before. I want add some more hardware and try get a lab that is as similar to a corporate network as possible without breaking the bank.

So far I have
Cisco 2610 Ethernet  Serial Routers 32Mb Dram / 8mb flash IOS 12.3
Cisco 2610 Ethernet  Serial Routers 32mb Dram / 8mb flash IOS 12.3
Cisco 2501  Router with 2 serial Ports Interfaces + Ethernet AUI Port
Cisco WS-c2912-XL-EN Switch upgraded latest Cisco IOS
2 x WIC-1T for the 2600 routers (100% Genuine Cisco)

But I am  not sure where to start never really hand any hands on experience with setting up corporate so hope it be steep learning curve. I hope I can mix the hardware with Vm images of xp and some servers etc

If anyone can recommended any good books or any advice where to start would love some help :)
<<

TheXero

User avatar

Full Member
Full Member

Posts: 112

Joined: Tue Dec 07, 2010 12:24 pm

Post Sun Feb 12, 2012 11:49 am

Re: [Article]-A Rant About Hacking Labs

I might purchase some used Cisco equipment off ebay soon :)

My lab currently is mostly System based with 1 router (running DD-WRT) connecting the lab to my normal network.
<<

alucian

User avatar

Full Member
Full Member

Posts: 228

Joined: Mon Dec 29, 2008 2:01 pm

Location: Montreal, Canada

Post Sun Feb 12, 2012 4:57 pm

Re: [Article]-A Rant About Hacking Labs

Very interesting, thank you!

Me too, I will add soon some network equipment to my lab. A
nd, I am interested in learning this type of hacking.
CISSP ISSAP, CISM/A, GWAPT, GCIH, GREM, GMOB, OSWP
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Feb 12, 2012 5:45 pm

Re: [Article]-A Rant About Hacking Labs

As Tom said in the article, network equipment can be nice and affordable, on eBay or other places.  In fact, I picked up 2 - Cisco 2501 routers, a Cisco 24 port catalyst switch and an HP DL380G3 with 12 GB of RAM, ALL for under $650, a couple of years ago, from eBay.

Just gotta watch and find the deals.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Feb 12, 2012 7:46 pm

Re: [Article]-A Rant About Hacking Labs

Quite true. I have lab equipment I have bought over the years, cisco routers and switches, and even an ASA. The problem is not having the knowledge or experience to properly build this network, or to intergrate it into your existing real network (It would be nice but I cant put 2 network connections in my room. And I quickly realized I need the internet to download software, update my host machine, view tutorials, ect. and while there are short term solutions, like using a usb stick. not very good idea to mix media between trusted and untrusted computers once you introduce new tools, or malware into the mix...) And a big issue for me has been the physical setup. Network hardware is not designed to connect to home internet connections.

So I think that we need to have some training on network connections, ect.
sectestanalysis.blogspot.com/‎
<<

pharmerjoe

Newbie
Newbie

Posts: 14

Joined: Sun Jan 29, 2012 1:45 pm

Post Mon Feb 13, 2012 5:46 am

Re: [Article]-A Rant About Hacking Labs

Could be a good business idea for someone to set up large hacking labs and offer it as a service to people, for x amount of dollars per month. I realise OffSec have this, but its only available when you buy their course.
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Feb 13, 2012 9:36 am

Re: [Article]-A Rant About Hacking Labs

pharmerjoe wrote:Could be a good business idea for someone to set up large hacking labs and offer it as a service to people, for x amount of dollars per month. I realise OffSec have this, but its only available when you buy their course.


Tom does this with Hacking Dojo. eLearn has their Coliseum labs, and The Hacker Academy may have something as well.

I think the article is well-written, and I agree with most of the points made, but I'm not sure why virtualization is so heavily discouraged. On a single ESXi box (QX9550/16GB RAM/6x160GB HDs), I have two AD sites (SQL Server, Exchange, DCs, client systems, etc.), a DMZ, IDS (Snort), and a few other random/non-MS systems. Check out Vyatta or XORP if you have an interest in more advanced routing, and PF and/or iptables can do your firewalling.

I think it's a very close to a real-world configuration, and you only really lose out on anything that is vendor-specific. It's obviously good to get your hands on some Cisco gear and other prevalent hardware that you'll come across in real-world situations, but I think you can construct a very accurate real-world lab in a virtual environment. Also, ARP poisoning attacks do work in a virtual environment (I just verified this in Workstation 7, but I'm pretty sure I've done this in ESX/ESXi as well -- virtual switches have to be configured to allow these types of activities though).

I think the best route is a blend of virtual and physical equipment. I actually have several NICs in that ESXi box that connect to a 3550 and ASA5505, which does indeed allow more opportunities for fun. I just like to contain things as much as possible because of power, space, and aesthetics.
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 13, 2012 10:16 am

Re: [Article]-A Rant About Hacking Labs

@dynamik- you're correct in that ARP attacks generally work fine in ESX/ESXi.  I test them there, all the time.  But I agree with you, that MOST (not all, but most) can be simulated, reasonably, with VM's, if you have the proper time and can set things up accordingly.

I run a couple of different IDS / IPS configurations in VM's, and I've looked at Vyatta in the past, but not XORP (so thanks for something else to add to my list of things to research and play with, after I finish CTP / OSCE...) ;D
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Mon Feb 13, 2012 10:40 am

Re: [Article]-A Rant About Hacking Labs

hayabusa wrote:I run a couple of different IDS / IPS configurations in VM's, and I've looked at Vyatta in the past, but not XORP (so thanks for something else to add to my list of things to research and play with, after I finish CTP / OSCE...) ;D


Full Disclosure: I only learned about XORP when I made that post :-[ I was trying to figure out why it appears that you can only get a 30-day trial of Vyatta now (they used to have a free virtual appliance). I guess they used XORP up to v3, but then they went to something proprietary starting in v4.

The more you know ===★
The day you stop learning is the day you start becoming obsolete.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 13, 2012 11:20 am

Re: [Article]-A Rant About Hacking Labs

Understood.  Still... thanks!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Feb 13, 2012 4:18 pm

Re: [Article]-A Rant About Hacking Labs

So I think Dynamik is volunteering to setup a VPN to his lab for all of us to use :D

As for the article, I certainly agree that you cannot adequately simulate a full pen test by just having your two VMs running a victim OS and an Attacker OS.  But for those new to the field it is enough to give them a taste. 

I think we do a good job though letting folks know there is more a pen test than simply popping the single victim system.  eLearning and OSCP cover the in's and out's of the pen test from the recon, enumeration and finally to the report.  The report I think is probably the most valuable piece to learn.  Like Tom had mentioned, you need to be able to explain to the client about the findings and that is where the report comes in. 

With regards to the experience portion, I think we here at EH-Net do a decent job at letting the newbies know that Ethical Hacking and Pen Testing are not entry level areas.  Many of us have backgrounds in System/Network Administration and/or programming.  It is important to be able to explain "here is why your box got popped, here is why we were able to get that data.  This is how you fix it..."  And being able to explain in non-robot speak is key.  If you can show the dollars flying out the cable modem that is even better.

Overall the article is great and I think we can all agree that the simple victim/attacker setup is really not enough.  But I think for a little taste to see if its something you want to do, it will suffice.  Then like all hobbies that become careers, you can invest more into it.  Throw in more layers to better challenge yourself.  This made me want to fire up the Cisco kit I have (two 2600 router and an 1850 catalyst) configure it and use it!  Two bad they are loud, guess I need to build a case :D
Certs: GCWN
(@)Dewser
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Mon Feb 13, 2012 4:36 pm

Re: [Article]-A Rant About Hacking Labs

3xban - good post,and I agree on all fronts. 

Tom's logic is well-grounded, and his reasonings are completely valid.  As you noted, the issue really lies on what you plan to do with it.  If it'll be your career, then the hardware, eventually, WILL become a necessary purchase.  Sooner or later, you'll need knowledge, specific to a certain router or configuration, and it just comes in handy to have at least a low-end model available, if not something more robust.  Thankfully, my past employers (and current) have had equipment I can move up to, if there's something I don't have, but need to validate on.

And I agree on the noise, from the Cisco gear.  For any of you who live in a house (as I do) where you can't adequately control sound levels, and where much of your training or testing time and effort come when wife and kids are sleeping, that's when the software routers come in handy.  (Thus my having BOTH physical and virtual / software routers.)

In my case, I'm working on relocating, soon, to a house (new city, hopefully, about 1200 miles south) with more space, and a home office that WILL accommodate my running what I want, when I want.  Thankfully, my current job allows me to work from my home, so I have flexibility on where I want to be, although the planned move would put me within close proximity to the company's headquarters.  ;)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
Next

Return to Opinions

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software