.

building an online lab

<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Tue Jun 12, 2012 5:53 pm

building an online lab

Ello all. I am curious to how to build an online lab? i have built a virtual lab using vbox and some iso's in the past. However, i know what to go a step further and be able to log into the virtual machines from the internet so i can be at school or on a trip and be able to practice pen testing against a safe environment.

How does one accomplish this task?

How do i allow the user(me) to see the GUI desktop of my  session so i can see what is going on? I basically want to be able to have a back track desktop GUI and then be able to attack the de-ice and other ISO's i have set up in the virtual machines

Well SSH give a GUI session? wait.. its just a shell. doh..

Since i need to be able to admin this and reset machines when i break them, i need a second account sorta speak to accomplish that. My goal is to have my friends and i practice some testing while we are not always at the same house.

Im just not entirely sure where to start with this project. VNC?

My host OS is win xp with 4GB of ddr 400 ram. AMDx2 4500+

I would want it to be as smooth as possible looking. Not to laggy.

thanks in advance guys.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jun 13, 2012 7:17 am

Re: building an online lab

You can share xWindows over ssh

Google on:

ssh -X

Personally, I'd setup a secure VPN, then use RDC over the vpn to your windows host, so you can control and / or reset your guests.  (But x over ssh is still an option.)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Wed Jun 13, 2012 7:23 am

Re: building an online lab

If you have issues setting up VPN, look into a prebuilt package, like Untangle or something, that provides a VPN solution (they have a free community edition, that contains VPN)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Wed Jun 13, 2012 12:18 pm

Re: building an online lab

Thanks for the reply my good friend.

I have used untangle and smoothwall in the past, but those were the firewall options that you installed onto a low end system and used that as your firewall and your somewhat routing solution. haha. Here is what im concerned with, since the lab is gonna be at my fathers place, i need to be respectful of his concerns. If it is at all possible to keep the centrylink DSL modem/router in place with out adding another box to firewall or route, that would be ideal.

Maybe i miss understood your post. i may have to re read. I have been having to re read alot lately. to much going on at once. haha

Is RDC the default that is on win xp or is it another software package that allows RDC?

Last question regarding VPN. never ever in my life have i ever set it up. I find that kind of sad that i have a ccna and have done my ccnp but have never ever set up vpn ever.. I have even done my RHCT stuff. oh well. no sense crying over spilt milk... oh yeah my question is, since i will be on the road sometimes when i want to use the lab, i know most hotspots or hotels use the 192.168.0.0 network space so i assume in order to not confuse the router, i should configure my home network to something different, maybe even the 10.10.x.x?

thanks

Thanks.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jun 14, 2012 7:35 am

Re: building an online lab

The vpn should give you an address, when you connect, that lies in the IP range of your private network (at your dad's.)  I wasn't suggesting Untangle as a final solution, however, it's a fairly simple vpn to get setup and use, and if done right, it will be secure for your purposes.

As far as RDC, yes, it's Windows' default Remote Desktop Connection tool.  If you keep it behind the routers, and can only acess for a vpn connection, you should be ok.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Jun 14, 2012 9:49 pm

Re: building an online lab

OpenVPN is another option.  If you have the ability to have a system running full time with vbox, vmware workstation or equivalent, you can install the OpenVPN appliance there and leave it running.  For a backup you can also have Logmein configured for the server in case you lose access, also you can do this with your lab as well. 

My current setup is with a Windows 2008 server running Hyper-V and the OpenVPN virtual appliance running.  To address the lack of static public IP, I created a Dynamic DNS account and the router updates regularly.  To make it even cleaner I created a custom DNS through my web hosting company that forwards to the DynDNS address.

Hope this helps.
Certs: GCWN
(@)Dewser
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Jun 14, 2012 10:32 pm

Re: building an online lab

Note - for some reason, I was thinking that Untangle used openVPN (and did much of the config for you.)  Thus the suggestion.  ;-)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Jun 17, 2012 9:14 am

Re: building an online lab

I haven't played with Untangle much, tried working with it a few years ago but just never had the time to put into it.  The OpenVPN VM wasn't too hard to install, tossed it on my Hyper-V system and got it running in like an hour total.  Untangle seemed like a firewall solution which I didn't really require. 
Certs: GCWN
(@)Dewser
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sun Jun 17, 2012 12:26 pm

Re: building an online lab

Hi all,
If you want to use vpn u must run a vpn server on your computer so you need to install Wnidows server 2008 but the problem is for vpn server your pc must has a public ip address with a private address you cant get access to it over the internet.

so with a public IP you can easily use Remote Desktop to connect to ur pc no VPN required. But if you dont have any Public IP like me i suggest you to use remote assistance its also microsoft product and i think its prety secure. you can get help here:

http://technet.microsoft.com/en-us/libr ... 57004.aspx

Goood Luck
Last edited by cyber.spirit on Sun Jun 17, 2012 12:28 pm, edited 1 time in total.
ICS Academy Network Security Certified
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Jun 17, 2012 8:41 pm

Re: building an online lab

Not so Cyber.Spirit, Untangle and the OpenVPN appliance can be installed on a physical box or virtual platform.  You can run VMware workstation, VirtualBox, VMware Fusion (Mac) or ESXi (as a main host server with all your VMs running on it).  Also anything hosting a service of some sort is technically a server.  Windows 2008 is not a cheap solution unless you are a member of the developer's network and you pay the yearly fee for the Dev licenses.  Not to mention setting up a Windows IPSec VPN solution is a bit of a pain in the ass since RRAS services in Windows 2008 is a bit more complicated and likes to have a type of router based setup (two NICs and such).  For OpenVPN, the free version gives you a single client connection and you can configure your current router to forward the needed ports to the device.
Certs: GCWN
(@)Dewser
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Mon Jun 18, 2012 1:00 am

Re: building an online lab

3xban i said u must run a vpn server on ur pc i said windows sever 2008 for example. First requirment is a public ip ur vpn server can be whatever but it needs that. As i mentioned before remote assistance is free and great!
ICS Academy Network Security Certified
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Mon Jun 18, 2012 5:57 pm

Re: building an online lab

So sorry for late reply. Work has been very busy. I have had no time to set up this lab. haha. However i did get a chance to try out teamviewer and htat seems pretty cool. However, i do not know how well and how fast that will be.

Not to sound stupid but please educate me on why a VPN is needed? Is it the only way RDC will work? I know that a VPN connects me to my dads network space and what ever is shared on his network or pc, i have access to. So if im thinking correctly, does RDC only work from a private machine to another private machine and in order to do that i have to be conneted to the private network via VPN?

My host system will only be win xp pro haha. I do not have access to new software through my MSDNAA student account anymore. :(

ok so i think the first thing i should  do is set up my VMware free server or VBOX and at least get a lab built. then worry about remote access? what say you guys bout VMware server(free) vs vbox?

thanks guys. ill try to respond faster. power just went out in our building from to much ac! hahahahahaha
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jun 19, 2012 8:09 am

Re: building an online lab

Our reason for suggesting VPN is multi-faceted:

First, you don't really want all sorts of traffic being directed into your father's network from the outside, in the clear, and in decipherable traffic.  Just bad practice, unless you WANT him to get hacked into.

Second, VPN permits you to connect with ONE open port, not many, to ensure you aren't leaving more services open to the public internet, to, again, avoid opening yourself up to disaster.

Third, no, VPN isn't requires for RDC, however, it's highly recommended, as leaving RDC open on the public side is an open invitation to get crushed.  Too many attack vectors against RDC, and it's just REALLY bad practice opening up your RDC to the world.

Fourth, MOST ISP's I know, these days, don't allow penetration testing activities, even for instrcutional / learning practice against your own network(s), and would very likely look to shut down your father's network, or the IP's / hosts you come in from.  VPN keeps that traffic hidden in a way that prevents them from knowing exactly what you're doing, while again, keeping everything 'safer.'

Hope that helps.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

LT72884

User avatar

Jr. Member
Jr. Member

Posts: 99

Joined: Thu Oct 15, 2009 3:11 pm

Location: Utah

Post Tue Jun 19, 2012 12:13 pm

Re: building an online lab

Perfect. Thanx for the info. I was not entirely sure if RDC needed a VPN in order for it to work.  But like you siad it is HIGHLY recomended. Dont need any one else trying to use RDC against my public ip once i have that port open. haha. SO i will use a vpn.

Ok, so once i have VPN set up, does RDC have a lot of lag? is my screen going to be glitchy when i try to do stuff?

Does any one have a youtube video showing how well RDC works over vpn for a online lab set up?

Oh yeah, one other question, With RDC, does it give me a different desktop than what my current one is? if so, how do i make sure that VM or VB is on the correct screen so when i log in, i can see it all?

thanks. sorry for all the questions. I just have never set up a vpn or RDC.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Jun 19, 2012 3:50 pm

Re: building an online lab

LT72884 wrote:Ok, so once i have VPN set up, does RDC have a lot of lag? is my screen going to be glitchy when i try to do stuff?

Does any one have a youtube video showing how well RDC works over vpn for a online lab set up?


Assuming you have decent connectivity / speed from your ISP, and your VPN machine isn't excessively slow, there shouldn't be much lag.  I regularly use RDC over VPN, heavily, in pentests, as well as in general support work, so I don't think you'll see HUGE delays, etc.  RDC is basically screensharing (like Citrix and others, albeit clunkier,) so you're not passing MASSIVE amounts of data.  If your bandwidth is heavily used, etc, then you might see some slow refresh, but it's not horrible, and generally should be pretty usable.

LT72884 wrote:Oh yeah, one other question, With RDC, does it give me a different desktop than what my current one is? if so, how do i make sure that VM or VB is on the correct screen so when i log in, i can see it all?


RDC generally gives you a separate environment than the local user.  You CAN leave applications running, from a previous RDC session (like you do with multiple logged in Windows users,) so that if you RDC in, fire up VM's and leave them running, so long as you tell it to disconnect, rather than logout, the next time you login, the VM's should still be running, on screen.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
Next

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software