Advice On Starting Testing Lab @ Home

[Malachai]

Hello All,

I was wondering if anyone could give me some advice or point me in the right direction. what I'm trying to do is create a test lab at home. What I need the lab at home is to test out pentest OS, linux OS, and Metasplot. run some ubuntu on it and, some studing to get cert on MS and other things.

At the moment I have just got a switch at home with 8 ports that I'm about to create different vlans for it. I was able to figure that out after 2 weeks of reading and configuring it. Now I like to setup a lab at home. Do I need multi machines on or just one main machine with a log of diskspace...

Any example you guys have or links would really help me.

thank you,

[Infiltrator]

When setting up your pen-test lab, make sure you completely isolate your LAB from your main network or any production machine your have. Very important you do that, during the process of setting it all up, because if you don't, you could run the risk of exploiting or damaging other machines during your pen-testing.

To isolate your LAB machines from your main LAN, you can use a layer 3 switch that has Vlan capabilities, and place all your Lab machines into its own corresponding Vlan group, or if you have a second switch, you could just use that instead to create a second physical network.

In my pen-test lab, I have a laptop setup as the attacker machine running Backtrack and a single physical machine with Vmware Workstation that I use to run and create virtual machines on it, that way I don't have to have several physical machines, in my lab occupying space. I also have a wireless router, that I use as another entry point when attacking the system. So to make things more interesting and challenging.

When setting up the virtual machines, you could setup each virtual machine with a different role, for instance, on your 1st VM your could set it up as a webserver (Apache) and have some web application, like a login form, tied to a bandend system (Mysql) running on another VM.

This is just an idea of how you could setup your virtual machines and overall lab, remember we are just trying to create an environment in which we can practice and learn, when pen-testing in the real world, the environment will be a lot more complex, different and challenging.

There will be firewalls blocking your attacks, IDS logging and detecting your attempts into breaking the system and etc.

Edited August 5, 2012 by Infiltrator

[SaSk]

I second the above, but I am trying out a few things.

Consider the setup that Darren and the team made for their VM Server, Proxmox, a virtualization alternative to VMWare. I've tried out ESXI and while it is decent to mess around with, well, i dont like dealing with temporary licenses, and a somewhat anoying setup. So I choose VMWare Workstation as my virtualization platform, at least until i get home and I can try proxmox.

I would build out in your VM software, a full windows domain, including Windows 7, Server 2k8r2, set up DNS servers, DHCP, AD, WSUS, NAP, ect. This allows you to first practice your MS skills. Eventually I would look into adding some security devices, open source firewalls, IDS, ect. This lets you learn some defensive technologies, including packet analysis.

Lastly, set up BT, if you are particularly adventurous, you could try to install the tools on ubuntu and get them working, or you could just run BT5. Do some tests with different configurations, (What happens if you allow DNS Transfers?)

Specificly, I can suggest a few things to throw in there:

Security Onion: out of the box IDS

Metasploitable

Damn Vulnerable Linux

Heorot.net live cd's (the website i think isnt up anymore, i think its been transfered to their training program, but you should be able to find the ISO's.): Hcking Challenges with preconfigured vm's

[Infiltrator]

Metasploitable

Damn Vulnerable Linux

I'd definitely give the above a try.

[Malachai]

thank you both. I started to read about vmware ESXI and seen some videos on it. Looks good, it's almost like setting up vmware workstations but ESXI you have multi of of them running at the same time. Regarding the router I tried to find out if my switch is layer 3 but can't figure out where. But I'm able to create lan's The one I have is a linksys SRW2008P Business Series.

My job just told me that I need to get my MS cert 70-680. So a vmware would be really good. Just finding a good hardware to run it. What do you guys think about this? it's a

HP ProLiant N40L 1P 2GB-U Emb SATA NHP 250GB LFF 150W PS MicroServer

http://shopping1.hp.com/is-bin/INTERSHOP.enfinity/WFS/WW-USSMBPublicStore-Site/en_US/-/USD/ViewProductDetail-Start?ProductUUID=5L8Q7EN5zR8AAAEwi9FWzpJ4&CatalogCategoryID=H20Q7EN5z88AAAEuEQIsTi_9&JumpTo=OfferList

It just hard trying to learn on your own and see what works. I think that's why I'm the kind of tech guy that like to see it then do it. ...

thank's again for helping me out.

[Infiltrator]

thank you both. I started to read about vmware ESXI and seen some videos on it. Looks good, it's almost like setting up vmware workstations but ESXI you have multi of of them running at the same time.

Vmware workstation is a great virtualization platform to use and to learn, but it has limitations too, it requires the host system to have an OS pre-installed. Whereas, ESXi is designed to run on a bare-bone hardware, no OS requirements, just a supported hardware. In addition, the ESXI offers better performance than the Workstation, because, the VMs have direct access to the hardware, whereas on the Workstation, the VMs have to share the resources with the host OS.

Regarding the router I tried to find out if my switch is layer 3 but can't figure out where. But I'm able to create lan's The one I have is a linksys SRW2008P Business Series.

I don't know, if you've read this manual or not. But it talks about setting up Vlans and stuff.

http://www.cisco.com...10_UG_B-WEB.pdf

My job just told me that I need to get my MS cert 70-680. So a vmware would be really good. Just finding a good hardware to run it. What do you guys think about this?

You should definitely go with those certs, they will help you on the longer run and at some stage, you should also do the CCNA.

I have a quick look at the Vmware's hardware compatibility list, it doesn't look as if your server is supported, but you can double check that yourself too.

http://www.vmware.co...ahz2fqtWZZLQOAw

Edited August 7, 2012 by Infiltrator

[some1]

Hello All,

I was wondering if anyone could give me some advice or point me in the right direction. what I'm trying to do is create a test lab at home. What I need the lab at home is to test out pentest OS, linux OS, and Metasplot. run some ubuntu on it and, some studing to get cert on MS and other things.

At the moment I have just got a switch at home with 8 ports that I'm about to create different vlans for it. I was able to figure that out after 2 weeks of reading and configuring it. Now I like to setup a lab at home. Do I need multi machines on or just one main machine with a log of diskspace...

Any example you guys have or links would really help me.

thank you,

All you need is this: http://boot2root.info/

[Malachai]

Thank you all for the advivce. On the server spec's i seen some users loade the EXSI on a usb and run that way... Pretty simple I guess. We will see how it goes when I get it soon.

[Infiltrator]

Thank you all for the advivce. On the server spec's i seen some users loade the EXSI on a usb and run that way... Pretty simple I guess. We will see how it goes when I get it soon.

Let us know, how you go with it.