Build-Along: My hack-lab.

[pr0l3]

Saved as a space to detail and record my latest build, a dedicated pentesting lab.

I work for a small/medium IT provider. We have access to many different desktop and server configurations. We also install and service traditional and VOIP phone systems. On top of all of this, we got hit pretty hard by a very skilled individual last week. We didn't lose any data, but it was a very close call. Enough to make me want to very highly refine my skillset in this area.

So, today I started running wire. My current setup looks like this:

A complete clusterfuck of powercables and ethernet connections between my cable modem and Linksys E3000 router. Beside that, I have a Thecus NAS running a RAID 5 with 4X1TB drives.

I have a workbench where I do my after work or on-the-side repairs. On that bench I've got a simple gigabit switch / USB KVM setup. I've also got a little android tablet running Speaktoit Assistant, and I love it!

In another room, I've got my server, running on an LCD screen with a USB keyboard and mouse attached. I used to run the server at the same location as the router/modem and just log in via one of three different remote programs, but I elected to move it - I was having some RAID issues that required quick access and whatever, so now it has a little desk setup.

Upstairs, I've got the gaming rig, xbox and media server.

So, I ran new wiring (Cat6) from all locations to the server room. I'm going to bring the router and NAS in there. I left one wire going back to the modem because I think unfortunately if my ISP has to service the modem, they'll get all pissy if I move it.

On my bench, I've put together a Core 2 system running Ubuntu 12.04. I've installed Virtualbox and am waiting to get to work tomorrow to grab a few CD's to start installing pentesting OS's. I'm not as interested in the tailor made vulnerable OS's - I think learning on fully updated, modern OS platforms is more realistic. I'm likely going to run Windows 7 and Server 2008. Most servers I encounter today are running 2003/2008. It seems almost all desktops are moving towards 7, with the exception of computers that are running old software, that can't update.

I think I'm going to run the pentesting VM's on a separate network, with wireless. That way I can do the entire attack, top to bottom.

My attack platform is an i5 laptop running Ubuntu 12.04 with BT5r3 running as an installed VM. I've got a pile of hardware that can be added in - alfa's, storage etc...

Think I'm going to set up a one-line, one-set VOIP network as well, just attached as normal to the one the VM's are on.

Pics to follow.

Suggestions?

[SoulSaber1]

For your pentesting boxes I recomend adding CentOS to the list, if you haven't already.