Setting Up A Pentesting Lab

[TT1TTONE]

The subnet masks of both networks are 255.255.255.0, isn't that how it's supposed to be in this case?

Ah yes, their masks are the same, BUT, they are actually two different subnets. If however, the mask was 255.255.0.0., then they would both be able to see each other, as then, the network would be 192.168.0.0/16. and any address in 192.168.1.x and 2.x would be under the same subnet for the 192.168.0.0 network.

192.168.1.0/24 and 192.168.2.0/24, are two different subnets. The gateway in the first subnet is 192.168.1.1(or whatever you set it to) and its broadcast would be 192.168.1.255. The other subnet would be 192.168.2.1(or whatever vmware sets it to) and its broadcast would be 192.168.2.255. The network essentially ends at its broadcast address. They would only broadcast to their respective subnets, regardless if the mask is the same.

To illustrate it further, break down the 192.168.1.x network into 2 subnets. Using a subnet mask of 255.255.255.128, you effectively cut the ip range in half. You end up with a range of 192.168.1.0-192.168.1.127 (where usable addresses are 1-126, x.x.x.0 is the network and x.x.x.127 is the broadcast), the next range usable would be 192.168.1.128-192.168.1.255 (where usable space is 129-254 and the broadcast is x.x.x.255). These two subnets, would not be able to speak to each other with a subnet mask of /25 or 255.255.255.128. They share the same mask, but would be two independent subnets. Only way they could see one another, is a common gateway who has a 2 interfaces with 1 address for each subnet.

Thank you very much! Brilliant sum, as it reminds me of those parts that I had forgot :)

And thanks to all others who have contributed to the thread aswell! Forgot to thank you in my previous post.

So now when I've my "clean" computers on a subnet (192.168.0.X) and the VMs on another (192.168.2.X), would I be safe enough to play around with BackTrack, NMAP, Metasploit and what not on the "dirty" subnet without having to worry about harming the clean one?

Edited January 7, 2012 by TT1TTONE

[digip]

Thank you very much! Brilliant sum, as it reminds me of those parts that I had forgot :)

And thanks to all others who have contributed to the thread aswell! Forgot to thank you in my previous post.

So now when I've my "clean" computers on a subnet (192.168.0.X) and the VMs on another (192.168.2.X), would I be safe enough to play around with BackTrack, NMAP, Metasploit and what not on the "dirty" subnet without having to worry about harming the clean one?

So long as your subnet masks keep them in separate subnets, and when scanning with metasploit and nmap, you use proper masks, then yes, you should be fine. You would just use nmap to scan suchas:

nmap -A 192.168.2.0/24

and that will not hit your router and other live machines on the real lan side.

[TT1TTONE]

So long as your subnet masks keep them in separate subnets, and when scanning with metasploit and nmap, you use proper masks, then yes, you should be fine. You would just use nmap to scan suchas:

nmap -A 192.168.2.0/24

and that will not hit your router and other live machines on the real lan side.

OK, and AFAIK; the Meterpreter for instance - is not like a worm that will spread to non targeted computers even IF they would be in the same subnet, making it safe to play around with?

[Infiltrator]

OK, and AFAIK; the Meterpreter for instance - is not like a worm that will spread to non targeted computers even IF they would be in the same subnet, making it safe to play around with?

NO, it won't spread like a worm, that's not what exploits are designed to do, when exploiting a target, always remember to set the RHOST option to the victims IP address.

[digip]

Yeah, Metasploit is a legitimate security tool for pentesting. You could make your own worm as a payload, but thats not what its intent is, and as far as I know, Metasploit does not ship with any malicious code, only exploits that compromise the hosts to gain footholds and work you way up the food chain. What you do in post exploitation, is up to you, but in itself, it is not a virus nor contains any worms, virii or the like.

[Infiltrator]

Virus/worm are designed with the sole intent to spread and cause wreak havoc. That's because they employ methods/techniques to help themselves spread across systems, one of them is the use of exploits to gain root access to a system and spread from there. As long as you use the subnet assigned to your VMs and make use of the Rhost option in Metasploit there won't be any real danger in accidentally exploiting your "clean" machines.

Edited January 7, 2012 by Infiltrator

[danielbrthwt]

i know you don't want to spend money but if you do want to have a look at these ive been setting up some cheep web crawlers for about 300 NZD they have 64 bit processers so you could run proxmox and use full visualization there not the best computers but if you are looking for a cheep hack lab these could do

Parts :

AMD Sempron 145 2.8 GHz - http://www.ascent.co.nz/productspecification.aspx?ItemID=401348

Kingston HyperX Blu KHX1333C9D3B1K2 - http://www.ascent.co.nz/productspecification.aspx?ItemID=9390314

Cooler Master Elite Power - http://www.ascent.co.nz/productspecification.aspx?ItemID=382473

[TT1TTONE]

NO, it won't spread like a worm, ...

Yeah, Metasploit is a legitimate security tool for pentesting. ...

Virus/worm ...

Thank you very much guys for all your help! It's up and running, have been testing various thing (very basic stuff), it has been really fun. Quite surprised of Windows Firewall though, never thought it really worked.

i know you don't want to spend money but ...

I've already got my stuff, but thank you anyways :) And I wouldn't like to imagine how much shipping would cost if you would send me one of those all the way from NZ...