Scribd
Upload
796 views

Hack Lab

This document discusses building an inexpensive infosec lab. It provides tips on acquiring cheap or free hardware, software, and virtual machines. It recommends resources for vulnerable systems, security tools, and places to learn about exploits. The goal is to help people learn about tools, vulnerabilities and exploits without risking legal issues.

Uploaded by

bulentbk
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
796 views

Hack Lab

This document discusses building an inexpensive infosec lab. It provides tips on acquiring cheap or free hardware, software, and virtual machines. It recommends resources for vulnerable systems, security tools, and places to learn about exploits. The goal is to help people learn about tools, vulnerabilities and exploits without risking legal issues.

Uploaded by

bulentbk
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

Adrian Crenshaw

http://Irongeek.com
 I run Irongeek.com
 I have an interest in InfoSec
education
 I don’t know everything - I’m just a
geek with time on my hands

http://Irongeek.com
Building a “HackLab”
1. Inexpensive ways to acquire hardware and
software.
2. Learning about tools, vulnerabilities and exploits
without getting to know Bubba.
3. Software and items built for learning.

http://Irongeek.com
 A NAT box
 WiFi Routers (DD-WRT)
 Lots of network cable
 Switches
 Any networkable junk you can find
 KVMs
 Oh, and computers

http://Irongeek.com
Institution
 Out of date PCs and Servers

Private
 Dumpster diving

 School disposals

 Government disposals

 Friends giving you old hardware in exchange for


help
 Run a blog and just ask for it

http://Irongeek.com
 http://www.govdeals.com
 http://www.dealextreme.com
 http://www.techbargains.com

http://Irongeek.com
 Go open source
Linux, FreeBDS, Apache, etc.

 Microsoft
https://www.dreamspark.com/default.aspx

 Run a blog and just ask for it

http://Irongeek.com
http://Irongeek.com
To public Internet

 NAT = Network Address Translation


 1 public IP can be used as the 192.168.1.2

outside connection to many


internal IPs
 Reserved non-routable IP ranges 192.168.1.3
192.168.*.*
172.16.*.*-172.31.*.* 192.168.1.4

10.*.*.*
 You can stack NAT boxes, but it’s
best not to have IP range conflicts
10.0.0.2

10.0.0.2

http://Irongeek.com
 Air gap is best, but NAT will do

 Forward ports on the router for VPN/RDP/VNC

 You don’t want to accidentally attack boxes outside


of your lab

 Inside the lab you may have deliberately insecure


boxes you don’t want others to get to

http://Irongeek.com
http://Irongeek.com
 One computer can act like many

 You can hose a system, and easily recover from


backup

 Somewhat safer from a sandbox standpoint

 Easy to hand out a custom environment to a class

http://Irongeek.com
 Comparisons
http://en.wikipedia.org/wiki/Comparison_of_platfo
rm_virtual_machines
 VMPlayer
http://www.vmware.com/products/player/
Plus
http://vmxbuilder.com/
 VirtualBox
http://www.virtualbox.org/

http://Irongeek.com
 Host OS vs. Guest OS
 Snapshots
 Networking modes
Bridged: The VM acts as if it's part of your real network.
NAT: Your VM is behind a virtual NAT router, protecting it from the outside LAN,
but still allowing other VMs ran on the same machine to contact it.
Host-Only: You would want to choose this option if you don't want the VM to be
able to bridge to the Internet using NAT. It would be a good idea to use this
option if you are testing out any worm or viral code.

 VM Tools
 Sparse drive space
 USB Support
http://Irongeek.com
http://Irongeek.com
 VM Appliances
http://www.vmware.com/appliances/
http://ovfappliances.com/
 Formats
OVF:Open Virtualization Format
VMX/VMDK: VMWare
XML/VDI: VirtualBox

 C:\Users\adrian\.VirtualBox
http://Irongeek.com
 Linux 128MB: Could be more or less depending on the
desktop interface you use and what services you decide to
run.
 Windows 9x, 64MB: It should feel quite spry.
 Windows 2000/2003/XP, 128MB: yes, you would want more
if you can get it, but you can get away with 128MB if
necessary.
 Windows Vista, 256MB: Don't send me hateful emails, it can
be done. You have to set it to at least 512MB to install Vista,
but thereafter you can shrink it down to only 256MB. It's
ugly, but it works.
 Windows 7: Just go with 512.
http://Irongeek.com
 Deliberately vulnerably web apps

 Old software

 Specially build scenarios

http://Irongeek.com
 Hacme Series from Foundstone (Hacme Travel,
Hacme Bank, Hacme Shipping, Hacme Books)
http://www.foundstone.com/us/resources-free-tools.asp
 WebGoat
http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
 Mutillidae
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately-
vulnerable-php-owasp-top-10

http://Irongeek.com
 Check the vendors site for old versions

 Old, not slipstreamed OS CDs

 Old Apps Repository


http://oldapps.com/

http://Irongeek.com
 De-ICE & pWnOS Live CDs
http://heorot.net/livecds/

 Damn Vulnerable Linux


http://www.damnvulnerablelinux.org/

http://Irongeek.com
 So many tools, so little time to install them all:
•Nmap •Ettercap
http://nmap.org/ http://ettercap.sourceforge.net/

•Metasploit •Nikto
http://www.metasploit.com/ http://cirt.net/nikto2

•Wireshark •Paros Proxy


http://www.wireshark.org/ http://www.parosproxy.org

•Kismet Burp Suite


http://www.kismetwireless.net/ http://www.portswigger.net/suite/

•Nessus •XSS Me
http://www.nessus.org/nessus/ https://addons.mozilla.org/en-US/firefox/addon/7598

•Cain •SQL Inject Me


http://www.oxid.it/cain.html https://addons.mozilla.org/en-US/firefox/addon/6727?src=reco

•Netcat\Ncat •Tamper Data


http://netcat.sourceforge.net/ https://addons.mozilla.org/en-US/firefox/addon/966

 Great list of security tools


http://sectools.org/
http://Irongeek.com
 BackTrack
http://www.remote-exploit.org/backtrack_download.html

 Samurai WTF
http://samurai.inguardians.com/

 DEFT Linux
http://www.deftlinux.net/

http://Irongeek.com
 Milw0rm
http://www.milw0rm.com/
 SANS Internet Storm Center
http://isc.sans.org/
 PacketStorm
http://www.packetstormsecurity.org/
 BugTraq
http://www.securityfocus.com/archive/1
 RootSecure
http://www.rootsecure.net/
http://Irongeek.com
 Pauldotcom
http://www.pauldotcom.com/
 Exotic Liability
http://www.exoticliability.com/
 Security Justice
http://securityjustice.com/
 Securabit
http://www.securabit.com/

http://Irongeek.com
 Original Article:
http://www.irongeek.com/i.php?page=security/buil
ding-an-infosec-lab-on-the-cheap

 Insecure web apps


http://www.irongeek.com/i.php?page=security/deliberately
-insecure-web-applications-for-learning-web-app-security

 Hackerspaces
http://hackerspaces.org

http://Irongeek.com
 Lets watch the video
http://www.irongeek.com/i.php?page=videos/louisville-infosec-ctf-2009

Postit
2 VMs,
1 Laptop

Box to attach
via WiFi so
folks can sniff
the SSID

http://Irongeek.com
 Keep a box and hold it
 Set your flag by defacing the Windows
website with your team’s Box
name
 Must keep services running to
get points Linux
 Can patch to keep others out Box
OS X
 Can attack network layer

Scoring Box

http://Irongeek.com
 Free ISSA classes
 ISSA Meeting
http://issa-kentuckiana.org/
 Louisville Infosec
http://www.louisvilleinfosec.com/
 Phreaknic/Notacon/Outerz0ne
http://phreaknic.info
http://notacon.org/
http://www.outerz0ne.org/

http://Irongeek.com
 Folks at Binrev and Pauldotcom

 Louisville ISSA

 Free ISSA Classes

http://Irongeek.com
 Got old hardware you would like to donate?

 Is there a subject you would like to teach?

 Let others know about upcoming classes, and the


videos of previous classes.

http://Irongeek.com
42

http://Irongeek.com

You might also like