TT1TTONE

Thank you very much guys for all your help! It's up and running, have been testing various thing (very basic stuff), it has been really fun. Quite surprised of Windows Firewall though, never thought it really worked. I've already got my stuff, but thank you anyways :) And I wouldn't like to imagine how much shipping would cost if you would send me one of those all the way from NZ...

OK, and AFAIK; the Meterpreter for instance - is not like a worm that will spread to non targeted computers even IF they would be in the same subnet, making it safe to play around with?

Thank you very much! Brilliant sum, as it reminds me of those parts that I had forgot :) And thanks to all others who have contributed to the thread aswell! Forgot to thank you in my previous post. So now when I've my "clean" computers on a subnet (192.168.0.X) and the VMs on another (192.168.2.X), would I be safe enough to play around with BackTrack, NMAP, Metasploit and what not on the "dirty" subnet without having to worry about harming the clean one?

So the host acts as the NAT which can be compared to what my router is doing (Internet <-> home network), I can understand that part. Except for the VM-host, right? Since that computer logically is in both subnets, if I've understood it correctly. The subnet masks of both networks are 255.255.255.0, isn't that how it's supposed to be in this case? I understand the underlined part as i think that it's pretty logical, but how can I confirm whether or not the router is forwarding broadcasts from the visualized network with or without that the host interferes? Well that is what I'm trying to avoid in this case, so it's its opposite that I should consider now I believe. That pretty much confirms what I thought, so I guess that this is what I'll try to setup on VMware :) Believe it or not, but I actually got a A on this when we read about it in school back in the days

I didn't really understand what you meant with "see the VM's"? The lack of configuration that can be done in VMware Player tires me... 192.168.0.1 [Router] / | |-192.168.0.X [Bunch of "clean" devices ++ the host] | |-192.168.2.43 [Where the victim VM is up] Now, the VM can ping the router, and some but not all of the "clean" devices and the host can ping the VM aswell. But whenever I try to ping the VM from a device on the other subnet, I get a reply from a what looks like an class-A IP-adress: C:\Users\Thomas&gt;ping 192.168.2.128 Pinging 192.168.2.128 with 32 bytes of data: Reply from 82.XXX.17X.1X5: TTL expired in transit. Reply from 82.XXX.17X.1X5: TTL expired in transit. Reply from 82.XXX.17X.1X5: TTL expired in transit. Reply from 82.XXX.17X.1X5: TTL expired in transit. What's going on?

OK, sounds better than I thought then. So this is the furthest I can go in order to separate the dirty and the good, without going as far as physically dividing them?

I know that this might sound like that I'm stupid, but I don't get where I should get to choose more specific options regarding the NATing? In VMware that is. Nevermind that... So now I've set up so that the VM gets an IP-adress (192.168.3.X) while the clean and non-experimental devices is in the range of 192.168.0.0-255. BUT, there is a major problem; I can ping across the subnets...

Thanks alot, much appreciated! :D

Anyone who can point me to the right direction? I've been trying to understand the differences between the various network connections that VMware supports, which are bridged networking, network address translation (NAT), and host-only networking, but don't understand which one that would do what I wanted to do (putting the VMs in their own network so that I don't target wrong devices on the LAN).

Initially, I will go with just 2 VMs, one running BackTrack and the other running Windows XP or Windows 7. I'm not so sure but I believe that since BackTrack basically is a Linux-dist it shouldn't be too hungry on resources? And the victim OS will not be running anything too demanding after all. Internet access would be needed for the host only, so that I can access info, tools, exploits, updates etc. But I would prefer if I somehow could put the two guests in their own "LAN".

I'll have to save that until I got some more time, but it definitely sounds like the way to go when I feel for advancing beyond the basics So I've got myself a decent computer with a Core 2 Duo @ 2,3 GHz and 4GB of RAM some days ago, but I have yet to install a (host) OS and a good virtualization software. Thought of Windows 7 and VMware, how does that sound? Oh, and I've got a D-Link 655 as a router at home, how would I go on if I would want to isolate the above mentioned computer from the rest of the network, but yet be able to connect through it wirelessly?

Sufficient for hosting the 2 virtual machines.

I do have some older(!) computers but I'm talking about 10 years old ones. I might buy a second hand laptop with a decent processor and double its RAM. I do think about that. Would a laptop with Intel Core 2 Duo @ 2,0GHz and 4GB of RAM be sufficient?

Hi! My interest for pen-testing or computer security in general keeps growing for each day. For a long time I've thought about setting up a computer with 2 guest OSes that would be in their own network if possible, - one of them being the attacker and the other being the victim. It has been kinda hard to realize this mostly because of the lack of a computer with decent hardware that is needed for virtualization, and because I don't have the money to spend on a new computer at the moment. Now, I've a pretty good main computer that I use for "normal" things (banking, storing personal images/videos, playing games, etc) and since my desire to start experimenting with pen-testing has become so big, I've actually started thinking about using that computer for hosting the earlier mentioned VMs. Is this stupid, as I've personal stuff on that computer that I absolutely wouldn't want to lose or contaminate with something nasty? To make things even worse, the computer mentioned is full-disk encrypted (Truecrypt), and needs to stay so. As Truecrypt's official forum doesn't allow members registered with certain e-mails to post or start any threads, I've failed to direct this question to their community. But I doubt that you wouldn't know more than them so I ask you guys instead; Is there any risk that the safety that is maintained by the encryption gets compromised as it runs VMs that maybe leads to data leaks or so? The pen-testing would be conducted using Back-Track (mainly NMAP, Metasploit and SET) on the attacker-side, and Windows XP SP2/SP3 on the victim-side. Thanks in advance, TT1TTONE

Thank you very much Infiltrator for your inputs! Does what you wrote apply to DNS-spoofing as well, or does it come with more/less/other risks? Even though that I know that they differ from each other (ARP poisoning and DNS-spoofing, that is) , I just want to make sure that I don't miss something important. And once again - thank you very much for your nice answers!

I just realized that this thread is at wrong forum, can any moderator or admin move it to the "Questions"-forum? Sorry for bumping, but don't know where else to report this.

I hope TS doesn't mind if I borrow his thread for some simple questions related to DNS-spoofing with Ettecap ;) I was thinking about doing the same type of spoof (DNS-spoofing with Ettercap, redirecting to a site cloned with HTTrack), but I wonder if it might cause any harm to the network infrastructure, spoofed "victims" or others? And how do I undo the spoofing, so that people gets to the correct site and not me anymore? Lastly, the target that gets spoofed in reality (logically) is the attackers (= my) default gateway, right? // TT1TTOne

Thanks for your advise! :) What about my questions? Would appreciate any kind of input!

Firstly; I want to mention that I'm new to the forums even though that I've followed the Hak5 show for a very long time, however - hi, everyone! :) Now, I've got some questions that I think you guys might be able to help me out with; I've been thinking for some time about doing a prank on my friends sometime when we are together at a LAN-party or so, by doing a DNS-spoof with Ettercap redirecting them to a clone of a regularly visited social site (Face...) which will have the look as if it had got hacked (or rather defaced). I've never used Ettercap before but I've seen a lot of tutorials on Youtube but unfortunately I've not been able to find its manual nor its official forums, so I'm not completely sure about how to go ahead. But if I've understood it correctly, the process of DNS-spoofing with Ettercap is done in the following 2 steps (very simplified): Ettercap tells the default gateway that the URL of choice - www.URL.com - refers to my computers IP-adress. When people who's inside of that gateway tries to browse the site with that URL, the gateway recalls "Oh, that belongs to this (internal) IP-address" and redirects them to me. Am I correct about this or is there something that I've missed or should be aware of? Is the DNS-cache poisoning harmful in any way? How do after the prank is done tell the gateway to forget about my spoof and go ahead and process/recognize that URL as it would usually do? I don't want it to keep thinking that I'm the holder of that URL. May I accidentally cause any harm to the network, my friends' computers or to someone/something else? I really don't want to risk their belongings such as online accounts or infecting their computers with malicious stuff. Another question that I got is about pen-testing in general. I've for a long time got more and more interested about and have tried to obtain as much knowledge as possible regarding this. However, I've yet to start doing some practicals and learn-by-doing but what draws me back from starting is my concern that I unwillingly might cause any harm to may it be my test computer, my private network and the connected computers or my friends' computers if I prank them as mentioned above. As for a starter-kit, I've found what I think might be 3 or 4 good applications to start with, being: Nmap - scanning/analyzing of devices on a network Metasploit - exploitation of the devices Wireshark - analyzing traffic between devices Ettercap - security testing of a network and for some pranks Any other software that you would recommend? Now the listed softwares is all open-source, but does it mean that one could trust the author(s) in the matter that the software is not doing things - or rather - only doing things that the user wants it to do? Are those tools/softwares of the kind that you would want to use as a professional pen-tester or are they considered more as script-kiddie tools? Is Backtrack better to start of with, and if so, is it itself as a distribution and the applications it contains safe aswell? If you have read all the way to here - thank you very much! I'm sorry if I've been unclear on something or if there is any eventual spelling/grammar errors, English is not my first language :) // TT1TTOne