HomeAboutMailing ListList Chatter /0/0 3.233.226.151

Looking for advice / fun discussion: Setting up a Pen Testing lab

2018-06-18 by: Lisa Harrison Ridley
From: Lisa Harrison Ridley 
------------------------------------------------------
Hey Chugalugers=E2=80=A6..

I=E2=80=99m looking to add some penetration testing skillsets to my =
repertoire (mainly because it=E2=80=99s of interest to me, but also =
because I=E2=80=99m becoming bored with my current position).

I just downloaded the latest version of Kali Linux and set up a =
Virtualbox VM with Vagrant on my work machine, and I=E2=80=99m looking =
to set up a pen testing lab. =20

I believe I have plenty of equipment here (I think, a lot of it is Apple =
centric):
* a MacBook Pro Quad core (my daily work machine),=20
* an Asus Windows 10 Pro laptop quad core with 16G RAM (a work machine =
used for client developer training when the workforce uses Windows),
* a NetGear Nighthawk X6 R8000 router (my main router here for internet =
connectivity),
* a few Mac minis (two Core2Duos with 8G RAM, one dual core with 8G RAM, =
and there may two or three be some older 4G minis in the garage in a =
box),
* a quad core 32 GB linux laptop running Ubuntu 16.04 LTS,=20
* a MacBook Pro dual core,=20
* an iMac quad core with 32g RAM,=20
* one or two MacBooks (plastic cases) with Core2Duos and 4G RAM,
* a 15=E2=80=9D MacBook Pro Dual Core with 8G RAM,
* a second generation MacBook Air, dual core with 4G RAM,
* two or three retired Apple routers (all in working condition, but =
needed something to take advantage of GB internet),
* a couple of AppleTVs (one I use),
* an Amazon Fire device,
* an old Linksys router (has an older version of OpenWRT on it, =
currently retired),
* a couple of old Dells with Windows XP, Celeron machines with 4G RAM (I =
used them for browser testing IE 6/7 for a couple of years, haven=E2=80=99=
t been turned on in at least 4 years),
* 3 Intel Dual Core NUCs (two i5s and one i7) with 16G RAM running a =
couple of different versions of Debian, with SSDs in all of them,
* a cluster of 6 Raspberry Pi 3s (currently running Kubernetes and =
Docker with a Drupal / MySQL cluster install), networked with a Netgear =
gigabit 5 port switch), hooked to the Nighthawk router,
* Several different older Android and iOS devices (phones (iPhone 3S, 4, =
6S) and tablets (some iPads, some older Samsung tables, and a Motorola =
tablet).

I think I have an old liquid cooled tower gaming machine with 8G RAM and =
a Pentium IV here somewhere too, in a box in the garage, that may or may =
not run.

(It=E2=80=99s ridiculous how much hardware you can accumulate, isn=E2=80=99=
t it?)

I can do pretty much what I want with all of the routers except the =
Netgear Nighthawk, and all of the machines except the MacBook Pro Quad =
Core and the Windows 10 Pro laptop, which belong to my employer. (I work =
from home and want to leave the Netgear router alone as it=E2=80=99s my =
primary internet connection).

For a good pen testing lab, given the equipment list above:

* what software would you install
* which machines would you use for what, and how would you configure =
them? =20
* What hardware/software you would add to this,=20
* What VMs you would set up in a cloud environment (I have active =
accounts Digital Ocean, Linode and RamNode).

(Let=E2=80=99s have some fun with this, go easy on my cloud pocketbook).



X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KQ2h1Z2FsdWcg
bWFpbGluZyBsaXN0CkNodWdhbHVnQGNodWdhbHVnLm9yZwpodHRwOi8vY2h1Z2FsdWcub3JnL2Nn
aS1iaW4vbWFpbG1hbi9saXN0aW5mby9jaHVnYWx1Zwo=

=============================================================== From: Stephen Kraus ------------------------------------------------------ Find a semi recent Xeon/Opteron machine and build a Xen or ESXi box, roll VMs, setup a basic network with firewall and router (pfsense is your friend here) and start building some target VMs. On Mon, Jun 18, 2018, 12:41 AM Lisa Harrison Ridley wrote: toire =99m becoming bored x en testing , d =99t been 5 a t =99t it?) re y internet ? s

=============================================================== From: Aaron welch ------------------------------------------------------ Yeah, I would follow Stephens suggestion and go the VM route. I can even do= some trading for a nice server for you to play with. ;-P Using VMware will not only give you another set of skills, it can also allow= you to replicate whole setups across virtual LAN/WAN links to really see ho= w nasty you can get in a controlled space. -Aaron This was sent from my iPhone, so I apologize for any brevity or spelling err= ors. Siri also hates the southern accent and autocorrect is on a mission to g= ive me an aneurysm. : Ms, setup a basic network with firewall and router (pfsense is your friend h= ere) and start building some target VMs. rote: toire (mainly because it=E2=80=99s of interest to me, but also because I=E2=80= =99m becoming bored with my current position). x VM with Vagrant on my work machine, and I=E2=80=99m looking to set up a pe= n testing lab. =20 entric): ed for client developer training when the workforce uses Windows), onnectivity), nd there may two or three be some older 4G minis in the garage in a box), d something to take advantage of GB internet), retired), sed them for browser testing IE 6/7 for a couple of years, haven=E2=80=99t b= een turned on in at least 4 years), le of different versions of Debian, with SSDs in all of them, with a Drupal / MySQL cluster install), networked with a Netgear gigabit 5 p= ort switch), hooked to the Nighthawk router, S) and tablets (some iPads, some older Samsung tables, and a Motorola tablet= ). Pentium IV here somewhere too, in a box in the garage, that may or may not r= un. t it?) ar Nighthawk, and all of the machines except the MacBook Pro Quad Core and t= he Windows 10 Pro laptop, which belong to my employer. (I work from home and= want to leave the Netgear router alone as it=E2=80=99s my primary internet c= onnection). ? =20 s Digital Ocean, Linode and RamNode).

=============================================================== From: Stephen Haywood ------------------------------------------------------ Lisa, Start here: https://www.amazon.com/dp/B071G4SCB4/ref=3Ddp-kindle-redirect?_encoding=3DU= TF8&btkr=3D1 Before he released it as a full book it was in PDF and called AVATAR. You may be able to find the free version still. I=E2=80=99m a penetration tester by trade and would be happy to answer any questions about pentesting. You can email me off list. Once you get your bearings, I would highly recommend the OSCP course from Offensive Security. Thanks, Stephen On Mon, Jun 18, 2018 at 12:41 AM Lisa Harrison Ridley wrote: toire =99m becoming bored x en testing , d =99t been 5 a t =99t it?) re y internet ? s

=============================================================== From: Stephen Kraus ------------------------------------------------------ Also: Start watching DEFCON videos. Good primers on security exploits and can help you find common issues that can be exploited/avoided. =3DUTF8&btkr=3D1 y rtoire =99m becoming bored o set up a ), y =99t been r 5 =99t it?) ore ry internet

=============================================================== From: Lisa Harrison Ridley ------------------------------------------------------ Thanks Stephen! I have access to this book at no cost through my Amazon = Prime membership as a Kindle Unlimited publication. I also found it in = PDF format on LeanPub (https://leanpub.com/avatar = ) =46rom some of the reviews on Amazon, the = PDF may be valuable simply because of the cross referencing from chapter = to chapter. I=E2=80=99ll download this and start reading hopefully tonight. wrote: and can help you find common issues that can be exploited/avoided. wrote: https://www.amazon.com/dp/B071G4SCB4/ref=3Ddp-kindle-redirect?_encoding=3D= UTF8&btkr=3D1 = You may be able to find the free version still. any questions about pentesting. You can email me off list. from Offensive Security. wrote: repertoire (mainly because it=E2=80=99s of interest to me, but also = because I=E2=80=99m becoming bored with my current position). Virtualbox VM with Vagrant on my work machine, and I=E2=80=99m looking = to set up a pen testing lab. =20 Apple centric): used for client developer training when the workforce uses Windows), internet connectivity), RAM, and there may two or three be some older 4G minis in the garage in = a box), needed something to take advantage of GB internet), currently retired), (I used them for browser testing IE 6/7 for a couple of years, haven=E2=80= =99t been turned on in at least 4 years), couple of different versions of Debian, with SSDs in all of them, Docker with a Drupal / MySQL cluster install), networked with a Netgear = gigabit 5 port switch), hooked to the Nighthawk router, 4, 6S) and tablets (some iPads, some older Samsung tables, and a = Motorola tablet). and a Pentium IV here somewhere too, in a box in the garage, that may or = may not run. =99t it?) Netgear Nighthawk, and all of the machines except the MacBook Pro Quad = Core and the Windows 10 Pro laptop, which belong to my employer. (I work = from home and want to leave the Netgear router alone as it=E2=80=99s my = primary internet connection). them? =20 accounts Digital Ocean, Linode and RamNode). pocketbook).