Build your own hacking/security/pen-testing lab!

[ChimeraSecurity]

Afternoon all,

I recently wrote a guide on setting up your own security lab in a virtual environment. Have a read and let me know what you think!

Link: http://chimerasecurity.wordpress.com/2013/07/09/the-poor-mans-security-lab/

Regards

- J

[digininja]

While XP does offer a nice, easy, attack surface we really should be encouraging people to start testing against at least Windows 7 as it is becoming more prevalent in organisations and homes.

I know XP is still there in large numbers but we need to teach for the future.

[logicalconfusion]

@ChimeraSecurity it looks like a nice guide for people waiting to experiment with VMs and tools like OWASP Bricks. This guide seems focused on pen-testing XP machines and general vulnerabilities using Kali Linux, like digininja pointed out. M$ is going to pull the plug on XP in a few months. The OS is like 13 yrs old! We have to start disecting Win7 - ASAP. I am writing a script for Debian based distros to make it Kali (BackTrack5r3) like. What tools would you recommend?

Edited August 25, 2013 by logicalconfusion

[digininja]

It isn't really possible to recommend tools without knowing the job you are planning to do with the machine. A web app tester needs a completely different set to an IDS tester. You can't even say there is a good generic base set. That is why distros such as Kali have such a lot of tools in them, so try to cater for all users.

[logicalconfusion]

@dijininja

You can't even say there is a good generic base set.

You might want to re-consider. It's not immpossible. IIt's actually debatable, think about it. Every major Debian based distro out there is loaded with a set of generic applications (Open Office, Gimp, Firefox, Firestarter, Avast, etc). SystemrescueCD is really just a dumbed down version of like Knoppix. If the authors were to combine SystemrescueCD with all the tools in Hirens bootdisk somehow, it would probably be reffered to as Kali-resuceCD. Lifehacker.com actually has a list of what they feel ought be included in every 2013 distro to compete w/ Win7. I think we can muster a list for security and system tools for my script.

[digininja]

I don't want to reconsider and I didn't say it was impossible.

When you do a testing job the tools you use are dependent on the type of testing you are doing, as I said, an IDS test will be different to a web app. The number of tools that they have in common is very minimal, probably a port scanner, vulnerability scanner and something like netcat, the rest of the tools will depend on the tasks. Those basic tools are already in the standard Debian repos.

Unless your script is going to have a lot of tools then I suggest you pick an area and work on providing tools for that area otherwise you are going to have a thin spread of apps which aren't enough to do much with. If you focus on a specific area then you can build that up first then move on to a different area once you've done that to a point where it can be of practical use.

If you end up trying to add to many tools, i.e. have a large script, then you are just going to be recreating Kali.

[logicalconfusion]

@digininja

I concur w/ your opinion. My script is actually for meant certain IT certifications and VMware/VBox tools addons, scripts, and tools for Linux. Just like programming, C++ is not the answer to every system. ChimeraSecurity seems focused on basic VMware and portscanning/sniffing, which, again, doesn't require a 1.3+gig arsenel of security tools. The leaner the better is my mantra. You are right - MOST tools are readily available - in the Debian repos. Please help compile a list for my research endeavor.

[digininja]

For port scanning there isn't much else to use beyond nmap. Unicornscan is good for UDP.

Sniffing, tcpdump or wireshark and either ettercap or one of the other ARP tools.

[ksecurity]

@digininja Hey all, new to the forum, glad to be here yadda yadda :)..gotta agree though with you digi as while still an entry guy into pentest circuit (cry for help RHL9 post I made)..I do a decent amount of forensic study and while yes Kali et. al. are great to cover a wide spread of purposes for the user, what tools get picked for the job is dependant on the job I feel. Like logicalconfusion said "the leaner the better". One of my lab setups has a few VM's dedicated to what I'm doing forensics on. Like I got all the usual forensic distros i.e. SIFT, NIST, CAIN, even PlainSight lol, but in the end what I did is I got a winxp and 7, an OSX and couple flavors of Linux with just what I need on each one to get a job done. In forensics ppl have a lot of opinions and far be it for me to talk like an authority, but as an example, if I'm doing recovery/forensics on mac drive, I like to image it and load it in a mac with tools geared to mac partition schemes and all that..same goes for others. If need be I'll branch out and test elsewhere. Think what I'm getting at with the rambling is whether it be a lab or custom distro/toolkit, it's kinda difficult to make a be all and end all setup. Anywho, my 2 cents.

[roobixx]

Just my 2 cents....

For my personal testing lab I use a Proxmox server that I set up on a older desktop. By using the turn-key-linux packages available through Proxmox, such as OpenLDAP, Radius, Tomcat, file servers and more, I am to simulate a lot of network setup I have encountered. Granted I have pumped some money into my set up, it works so well for me.