Scribd
Upload
274 views

How To Build A Pentesting Lab

How to Build a Pentesting Lab - Instructions

Uploaded by

Isuru Wijewardene
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
274 views

How To Build A Pentesting Lab

How to Build a Pentesting Lab - Instructions

Uploaded by

Isuru Wijewardene
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

Conducting Network

Penetration and Espionage


in a Global Environment

Bruce Middleton

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

MATLAB is a trademark of The MathWorks, Inc. and is used with permission. The MathWorks does not warrant the accuracy of the text or exercises in this book. This books use or discussion of MATLAB software or related products does not
constitute endorsement or sponsorship by The MathWorks of a particular pedagogical approach or particular use of the
MATLAB software.

CRC Press
Taylor & Francis Group
6000 Broken Sound Parkway NW, Suite 300
Boca Raton, FL 33487-2742
2014 by Taylor & Francis Group, LLC
CRC Press is an imprint of Taylor & Francis Group, an Informa business
No claim to original U.S. Government works
Printed on acid-free paper
Version Date: 20140206
International Standard Book Number-13: 978-1-4822-0647-0 (Hardback)
This book contains information obtained from authentic and highly regarded sources. Reasonable efforts have been made
to publish reliable data and information, but the author and publisher cannot assume responsibility for the validity of all
materials or the consequences of their use. The authors and publishers have attempted to trace the copyright holders of all
material reproduced in this publication and apologize to copyright holders if permission to publish in this form has not
been obtained. If any copyright material has not been acknowledged please write and let us know so we may rectify in any
future reprint.
Except as permitted under U.S. Copyright Law, no part of this book may be reprinted, reproduced, transmitted, or utilized in
any form by any electronic, mechanical, or other means, now known or hereafter invented, including photocopying, microfilming, and recording, or in any information storage or retrieval system, without written permission from the publishers.
For permission to photocopy or use material electronically from this work, please access www.copyright.com (http://www.
copyright.com/) or contact the Copyright Clearance Center, Inc. (CCC), 222 Rosewood Drive, Danvers, MA 01923, 978-7508400. CCC is a not-for-profit organization that provides licenses and registration for a variety of users. For organizations that
have been granted a photocopy license by the CCC, a separate system of payment has been arranged.
Trademark Notice: Product or corporate names may be trademarks or registered trademarks, and are used only for identification and explanation without intent to infringe.
Library of Congress CataloginginPublication Data
Middleton, Bruce, 1953Conducting network penetration and espionage in a global environment / Bruce Middleton.
pages cm
Includes index.
Summary: Penetration testing is used as a means to test the security of both private, government,
military and corporate computer networks. Suitable for both the novice and the experienced
professional, this book provides step-by-step procedures for using the mainly free commercially
available tools to perform these tests of computer networks. Covering basic and advanced tools
and procedures, the authors categorize tools according to their usage within the standard testing
framework and demonstrate how to perform an organized and efficient penetration test. Readers will
also learn techniques used to bypass anti-virus software and capture keystrokes of remote systems.
-- Provided by publisher.
ISBN 978-1-4822-0647-0 (hardback)
1. Computer networks--Security measures. 2. Penetration testing (Computer security) I. Title.
TK5105.59.M53 2014
005.8--dc23

2013047380

Visit the Taylor & Francis Web site at


http://www.taylorandfrancis.com
and the CRC Press Web site at
http://www.crcpress.com

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Contents
Preface.............................................................................................................xi
About the Author......................................................................................... xiii

1 What You Need to Know First.................................................................1

MATLAB and SimuLink (MathWorks.com)..............................................9


Recommended Defensive Measures............................................................11
Google News Groups..................................................................................14
Typical PT Process......................................................................................17
Recommended Books/Classes.....................................................................18
Last But Not LeastA Pet Peeve................................................................21
Training......................................................................................................23
Minimal Paperwork....................................................................................23

2 Attack from Christmas Island...............................................................25


3 Indirect Target Information Acquisition (ITIA)....................................43

Shodan....................................................................................................... 64
Using Google to Obtain Information.........................................................65
TheHarvester..............................................................................................72
Nslookup....................................................................................................73
Dig.............................................................................................................73
Dnsenum....................................................................................................74
Dnswalk.....................................................................................................75
Dnsrecon....................................................................................................75
Fierce..........................................................................................................76
Smtp-user-enum.........................................................................................76
Dnsmap......................................................................................................76
Dmitry....................................................................................................... 77
Itrace...........................................................................................................78
Tcptraceroute..............................................................................................78
Tctrace........................................................................................................78
Goorecon....................................................................................................78
v

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

viContents

Snmpenum.................................................................................................79
Snmpwalk...................................................................................................79
Snmpcheck.................................................................................................79

4 Direct Target Information Acquisition (DTIA)....................................81

Target Discovery.........................................................................................81
Ping...................................................................................................81
#ping -c 2 <target>............................................................................81
#ping -c 3 -s 1000 IP.........................................................................82
Fping.................................................................................................82
Genlist...............................................................................................82
Hping................................................................................................83
Nbtscan.............................................................................................83
Nping................................................................................................83
Onesixtyone..................................................................................... 84
P0f.................................................................................................... 84
Xprobe2.............................................................................................85
Enumerating Target....................................................................................86
Some Miscellaneous Items to Keep in Mind (Refer to as Needed)..............87
Start Networks..................................................................................87
Create Videos.....................................................................................87
Whois xumpidhjns.it.cx.....................................................................89
Whois 95.141.28.91.......................................................................... 90
Whois nucebeb.changeip.name......................................................... 90
Whois 64.120.252.74........................................................................ 90
Netcraft.............................................................................................91
Host...................................................................................................95
DNS Tools (More).............................................................................95
Nslookup...........................................................................................96

5 Nmap.....................................................................................................97
Nmap -T0 -O -sTV -vv -p- -PN IP...........................................................106
Nmap -O -sSV -vv -p- -PN IP..................................................................108
Nmapscript http-enum,http-headers,http-methods,http-php-version
-p 80 IP.................................................................................................... 110
Nmap -A -vvv -p- -PN -iL IPlist.txt.......................................................... 110
Nmap -f -f -vvv -p- -PN IP....................................................................... 111
Nmap -sP -PA IP.0/24............................................................................... 111
Nmap -sS -sU -p U:53,T:22,134-139 IP....................................................112
Nmap -O -sUV -vvv -p- -PN IP...............................................................113
Nmap -O -sXV -vvv -p- -PN IP...............................................................113
Nmap -O -sNV -vvv -p- -PN IP...............................................................113

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Contentsvii

Nmap -mtu 16 -vvv -p- -PN IP.................................................................113


Nmap -sM -vvv -p- -PN IP....................................................................... 114
Nmap -sC -p- -PN IP............................................................................... 114
Nmap -p 139,445 IP................................................................................. 114
Nmap -scanflags PSH -p- -PN IP............................................................. 114
Nmap -scanflags PSH -p135 IP................................................................. 114
Nmap -scanflags SYN -p135 IP................................................................ 115
Nmap -sA -scanflags PSH -p- -PN IP....................................................... 115
Nmap -sP IP.0/24 -oA Results.................................................................. 115
Nmap -sP -PA -oN Results IP.0/24........................................................... 115
Nmap -n -sP 192.168.4.1-20..................................................................... 115
Nmap -sP -oG Results IP.0/24.................................................................. 115
Nmap -v -sP 192.168.0.0/16 10.0.0.0/8..................................................... 116
Nmap -sP -PN -PS -reason IP................................................................... 116
Nmap -sL IP.1-255.................................................................................... 116
Nmap -sS -sV -O -v IP.............................................................................. 116
Nmap -T0 -vv -b FTP_IP TARGET_IP -oA Results................................ 117
Nmap -sF -PN -p22 IP............................................................................. 117
Nmap -sU -p0-65535 IP........................................................................... 117
Nmap -sU -v -p 1-65535 IP....................................................................... 117
Nmap -sU -p 161...................................................................................... 117
Nmap -sU -T5 -p 69, 123, 161, 1985 IP.................................................... 117
Nmap -PP -PM IP.................................................................................... 118
Nmap -sO IP...................................................................................120
Nmap -O IP....................................................................................121
Nmap -sV IP....................................................................................122

6 MATLAB, SimuLink, and R...............................................................149


7 Metasploit Pro..................................................................................... 161

Now Verify Database Connectivity with Metasploit.................................203


Perform an Nmap Scan within Metasploit................................................203
Using Auxiliary Modules in Metasploit....................................................203
Using Metasploit to Exploit..................................................................... 204
No Options to Set.......................................................................... 204
See Lots of Them............................................................................ 204
Did We Obtain a Command Shell?................................................ 204
See the Active Driver, such as postgresql......................................... 204
If You Get an Error While Connecting to the DB....................................205
Using the DB to Store Pen Test Results....................................................205
Analyzing Stored Results of DB................................................................205
Unfiltered Port......................................................................................... 206

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

viiiContents

Using Metasploit Auxiliary Module for Scans......................................... 206


Use................................................................................................. 206
Set.................................................................................................. 206
Run................................................................................................ 206
To Make the Scan Faster across Multiple Devices.....................................207
Target Services Scanning with Auxiliary Modules....................................207
Vulnerability Scan with Metasploit Using Nessus.....................................207
Scanning with Nexpose within Metasploit:............................................. 208
Note about Exploit-db..............................................................................209
Some Metasploit Exploit Commands........................................................209
Microsoft Exploit......................................................................................209
Exploiting a Windows 2003 Server...........................................................210
Exploiting Windows 7/Server 2008 R2 SMB Client.................................210
Exploiting Linux Ubuntu System.............................................................210
Client Side Exploitation and A/V Bypass..................................................210
Msfpayload Can Be Used to Generate Binary and Shellcode.................... 211
To Set Up a Listener for the Reverse Connection...................................... 211
Run Some Linux PPC Payloads against the FSB....................................... 211
Generate Shellcode in C............................................................................ 211
Meterpreter Commands............................................................................212
Executive Summary..................................................................................216
Detailed Findings..................................................................................... 217
Tools Utilized.................................................................................. 217
Recommendations to Resolve Issues.........................................................240

8 China, Syria, and the American Intelligence Community..................241

The Burning.............................................................................................245
China....................................................................................................... 246
Syria..........................................................................................................248

9 Building a Penetration Testing Lab....................................................253


10 Vendor Default Passwords and Default Unix Ports............................259
11 Oldies but Goodies If You Have Physical Access.................................331

SafeBack...................................................................................................331
New Technologies, Inc....................................................................331
GetTime...................................................................................................334
New Technologies, Inc....................................................................334
FileList and FileCnvt and Excel................................................................334
New Technologies, Inc....................................................................334
GetFree.....................................................................................................336
New Technologies, Inc....................................................................336
Swap Files and GetSwap...........................................................................336

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Contentsix

New Technologies, Inc....................................................................336


General Information...............................................................338
GetSlack...................................................................................................339
New Technologies, Inc....................................................................339
Temporary Files........................................................................................339
Filter_I..................................................................................................... 340
New Technologies, Inc................................................................... 340
Filter...................................................................................... 340
Intel........................................................................................341
Names................................................................................... 342
Words.................................................................................... 342
Keyword Generation................................................................................ 343
New Technologies, Inc................................................................... 343
TextSearch Plus.........................................................................................345
New Technologies, Inc....................................................................345
Crcmd5.................................................................................................... 348
New Technologies, Inc................................................................... 348
DiskSig.....................................................................................................349
New Technologies, Inc....................................................................349
Doc...........................................................................................................349
New Technologies, Inc....................................................................349
Mcrypt......................................................................................................350
New Technologies, Inc....................................................................350
Micro-Zap................................................................................................353
New Technologies, Inc....................................................................353
Map..........................................................................................................354
New Technologies, Inc....................................................................354
M-Sweep...................................................................................................354
New Technologies, Inc....................................................................354
Net Threat Analyzer.................................................................................357
New Technologies, Inc....................................................................357
AnaDisk...................................................................................................358
New Technologies, Inc....................................................................358
Seized.......................................................................................................359
New Technologies, Inc....................................................................359
Scrub....................................................................................................... 360
New Technologies, Inc................................................................... 360
Spaces.......................................................................................................361
New Technologies, Inc....................................................................361
NTFS FileList...........................................................................................361
New Technologies, Inc....................................................................361
Example.................................................................................362
General Information...............................................................362
Click here to buy Conducting Network Penetration and Espionage in a Global Environment

xContents

NTFS GetFree..........................................................................................362
New Technologies, Inc....................................................................362
Example.................................................................................362
General Information...............................................................363
NTFS GetSlack........................................................................................363
New Technologies, Inc....................................................................363
Example.................................................................................363
General Information...............................................................363
NTFS VIEW........................................................................................... 364
New Technologies, Inc................................................................... 364
Example................................................................................ 364
NTFS Check........................................................................................... 364
New Technologies, Inc................................................................... 364
Example................................................................................ 364
NTIcopy...................................................................................................365
New Technologies, Inc....................................................................365
Disk Search 32......................................................................................... 366
New Technologies, Inc................................................................... 366
Example.................................................................................367

12 Order of Operations for Your Tools....................................................369


Reconnaissance.........................................................................................369
Enumeration............................................................................................ 409
Exploitation............................................................................................. 422
Wireless Networks....................................................................................429
VOIP Networks........................................................................................429
Reporting................................................................................................ 430
Scripting/Programming/Debugging........................................................ 430

13 Using Your iPhone as a Network Scanner...........................................431

IP Scanner................................................................................................431
NetPro......................................................................................................452
WiFi Scanner............................................................................................475
iNet..........................................................................................................479
Net Detective........................................................................................... 484
Net Swiss Army Knife..............................................................................505
Ping Analyzer...........................................................................................532
WiFi Net Info...........................................................................................536
TraceRoute...............................................................................................538
PortScan.................................................................................................. 543
Net Utility................................................................................................ 551
zTools........................................................................................................554

Index............................................................................................................565
Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Preface
The past 40 years have seen a phenomenal growth in the area of data communications, to say the least. During the Vietnam War, one of my duty stations was on an
island in the China Sea. I was part of a signal intelligence group, intercepting and
decoding wartime communications traffic. We did our best to decode and analyze
the information we intercepted, but there were many times when we required the
help of a high-end (at that time) mainframe computer system. Did we have a communications network in place to just upload the data to the mainframe, let it do
the processing, and then download it back to us? Not a chance! We had to take the
large magnetic tapes, give them to the pilots on the SR-71 Blackbird, and fly them
to the United States for processing on the mainframe computer system. Once the
results were obtained, we would receive a telephone call informing us of any critical
information that was found. Its hard to believe now that 40 years ago thats the
way things were done.
Fast-forward to today. Now we have data networks in place that allow us to
transmit information to and from virtually any location on Earth (and even in outer
space to a degree) in a timely and efficient manner. But what did this tremendous
enhancement in communications technology bring us? Another place for criminal
activity to take place. Who are these criminals in cyberspace? You could start with
organized crime, such as the Mafia and others. What is their major focus here?
Financial activity, of course. They have found a new way to mismanage the financial resources (among other things) of others. We also have foreign espionage activities making good use of our enhanced communications systems. They routinely
break into government, military, and commercial computer networked systems and
steal trade secrets, new designs, new formulas, and so on. Even the data on your
home computer are not safe. If you bring your work home or handle your finances
on your computer system, both your personal data and your employers data could
easily be at risk. I could go on, but Im sure you get the picture.
Why is it like this? Why cant we make these communications systems fully
secure? Think about it. Banks and homes and businesses have been in existence as
far back as we can remember. Despite all the security precautions put in place for
banks, homes, aircraft, and businesses, we havent been able to fully secure them.
xi
Click here to buy Conducting Network Penetration and Espionage in a Global Environment

xiiPreface

There are still bank robberies, aircraft hijackings, businesses, and homes being broken into. Almost nothing in the physical world is really secure. If someone wants
to focus on and target something, more than likely he or she will obtain what he or
she wants (if he or she has the time, patience, and other sufficient resources behind
him or her). We shouldnt expect it to be any different in cyberspace. Just like in the
physical world, where we have to be constantly alert and on guard against attacks
on our government, military, corporations, and homes, in cyberspace we have to
be even more alert. Why? Because now people can come into your homes, your
businesses, and your secured government and military bases without being physically seen. They can wreak havoc, change your formulas, change your designs, alter
your financial data, and obtain copies of documentsall without you ever knowing they were there.
Where does this bring us? This brings us to the fact that we need to keep doing
the same things we have been doing for many years in the realm of physical security. Do not let your guard down. But it also means that we must continue to
enhance our security in the cyber realm. Many excellent products (hardware and
software) have been developed to protect our data communications systems. These
products must be further enhanced. Numerous new and enhanced laws over the
past 35 years have provided law enforcement with more teeth to take a bite out of
cybercrime and cyber espionage. What is also needed are those who know how to
test the security of computer networks via an art termed penetration testing. Just
as we have tested the physical security of banks and other institutions for thousands
of years, we must test the security of our computer networks. That is what this book
is abouttesting the security of computer networkscoupled with discussions
pertaining to ongoing global cyber espionage via the same tools used for testing the
security of computer networks globally.
Bruce Middleton, CISSP, CEH, PMP, BSEET, MBA
University of Houston Alumni (Go Cougars!)
[email protected]
MATLAB and Simulink are registered trademarks of The MathWorks, Inc.
For product information, please contact:
The MathWorks, Inc.
3 Apple Hill Drive
Natick, MA 01760-2098 USA
Tel: 508 647 7000
Fax: 508-647-7001
E-mail: [email protected]
Web: www.mathworks.com

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

About the Author


Bruce Middleton, CISSP, CEH, MBA, PMP, President and CEO of Security Refuge
LLC (SecurityRefuge.com), is a graduate of the University of Houston (BSEETGo
Cougars!) and has been involved with the security of electronic communications
systems since 1972, when he enlisted in the military (U.S. Army Security Agency
[ASA]) during the Vietnam conflict and worked overseas in the field for NSA. Since
that time he has worked with various government, military, and commercial entities such as NASA (Space Station Freedom communications systems design team),
CIA, DISA (Defense Information Systems Agency), The White House, NAVSEA
(Naval Sea Systems Command), and Boeing (ground station-to-aircraft communications systems). While employed at various Fortune 500 companies, Bruce has
held positions in engineering, management, and executive management (CIO).
Mr. Middleton has been the keynote speaker at select national and international
industry events and a trusted advisor in both the government and commercial sectors. He has written multiple books, e-books, and magazine articles in the fields of
communications security, cybercrime, and computer network penetration.

xiii
Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Chapter 9

Building a Penetration
Testing Lab

Only through practice can someone improve his skills.


Keep things as simple as possibledont unnecessarily complicate.
Re-creating old exploits is great practice.
A pen test lab must be completely isolated from any other network.
Cabled and wireless pen test labs should be isolated from one another.
Once you break into your wireless, move to your cabled.
You could put in shielding to have your secure lab not leak wireless signals.
You must secure the pen test lab from any and all unauthorized access.
Some of the things a malicious user would like to know is:
IP addresses of machines
Operating system versions
Patch versions
Configuration files
Login files
Start-up scripts
Be paranoid.
Change appliance labels or logos on systems to fool those who see your lab.
If possible, the lab should be in a secure room with no windows.
Do not leave install disks and other software around for others to see.
Store all software properly.
Do not forget CDs left in system disk trays.
If someone borrows your software, have a checkout sheet for him or her to sign.
253

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

254Conducting Network Penetration and Espionage

Detailed procedures must be enforced.


Patches etc. should come from secure channels, and MD5 checksum should
always be checkedand recorded for future reference.
MD5 hashes should be run against the install disks regularly.
The only safe way to transfer data is by using CDs or DVDs that have
been closed.
All CDs should be properly labeled.
Keep your lab area off-limits to unauthorized personnel.
Post warnings and lock.
Shred CDs no longer being used.
Reusable media must be properly degaussed.
Maintain your records in a secure area.
After each pen test project the lab and all associated systems/hard drives
should be sanitized.
Wipe via DoD 5220 standard.
To improve your protection:
Encrypt your hard drive.
Lock hard drives in a safe (or the entire computer if its a laptop).
Store systems in a secure room.
Perform penetration attempts against your own lab.
Use industry-recognized best practices.
The pen test team is a part of an overall security strategy.
A virtual pen test lab:
Can emulate multiple operating systems
Does not reflect the real-world network
Does not give you practice navigating through a network
Does not allow viruses and worms to work properly
Internal pen test lab:
Two systems connected by a router (router provides network services
like Domain Name System (DNS) and Dynamic Host Configuration
Protocol [DHCP]).
The objective with internal pen tests is to see exactly what vulnerabilities exist
on the corporate network, not to see if someone can break in to the network.
Can add an intrusion detection system (IDS)/intrusion protection system
(IPS), proxies, syslog servers, database servers, etc.
External pen test lab:
Follows the principle of defense in depth.
Have your IPL components plus a firewall, DMZ, proxies, Network
Address Translation (NAT), Network Interface Device (NID), etc.
Firewall admins often have to open up unexpected holes in their network
due to business reasons.

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Building a Penetration Testing Lab255

Project-specific pen test lab:


An exact replica of the target network needs to be created for some reason.
Rarely built due to the expense, but they do exist.
Extreme attention to detail is required.
Did the manufacturer change the chipset in the middle of the production line?
Even different network cables can alter the speed of an attack and change
the results.
Ad hoc lab:
Used to test one specific thing on a server.
Discourage the use of ad hoc labs except in rare cases.
A formal process should exist to determine exactly which type of lab is needed
for each pen test project.
Selecting the right hardware:
If money is no object, just get what you need.
Dual-purpose equipment can stretch your budget.
Focus on the most common.
If your work will be primarily web-based attacks, your focus should be on
firewalls, proxy servers, and web servers.
If your work will be mostly focused on network architecture vulnerabilities, then the important components you need are routers, switches, IDS,
and firewall.
If your team focuses on a niche target, like perhaps supervisory control
and data acquisition (SCADA) systems, then your pen test team may
have more work available than they can handle.
You can get diverted into hiring expensive subject matter experts or end
up with a team that needs significant now and ongoing training.
Pen test training is more expensive that many other types of training.
Using firewalls that are software based, along with swapping out for
IDS/IPS software, can help you stretch your budget.
It is often better to purchase the more expensive external versions of tape
backups, external hard drives, and monitors.
Have a KVM switch.
Planning is important in setting up your lab.
If your goal is to train or test on as many different scenarios as possible,
dual-use systems are the way to go.
Selecting the right software:
BackTrack live CD.
Using commercial tools can give you faster results, but open-source tools
make you understand what is happening and what you are doing.

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

256Conducting Network Penetration and Espionage

Running the lab:


Need a project manager, training plan, and metrics.
Need a team champion from the ranks of upper management.
Pen test teams are expensive, but they reward you by identifying vulnerabilities before they are exploited, which could cost a corporation dearly
in terms of both money and reputation.
If you can only afford to send one person on the team to training, send
him and have him train the others on what he learned when he returns.
Obtain DVD courses.
Make sure you are not violating copyright laws.
Keep improving the skills of lab personnel.
Selecting a pen test framework:
OSSTMM
Huge following in the industry
Copyrighted
Scientific method
Puts a lot of responsibility on the pen tester to be familiar with tools,
exploits, services, network, etc.
Targets in the pen test lab:
De-ICE.net.
Has multiple live CDs available to download for free.
At a minimum, we need one strong hardware box (attacker) with one or more
VMs (virtual machines) running on it (target). VM targets should be set up
to utilize minimal resources. You can install many VMs on an external hard
drive and load/run them as needed. Rather than reinstalling an operating
system or some other application such as a SQL server, its much easier to just
restart a VM.
Even better is two computers: one is the attacker and one is the target.
Best is to have one or more attack machines and several victim machines.
The PTL must be on its own network with no interface to any other network
(air gapped and no Internet connection).
Use hardwired Ethernet cables and switches to route traffic.
Be sure all wireless NICs (network interface cards) are turned off (unless you
are practicing wireless network PT).
You can either set up your own attack machine or use Kali Linux or BackTrack.
The software we will install:
Kali Linux
BackTrack
Metasploitablea Linux VM
Windows XP with no service packs installed
Wireshark
Our ultimate lab would have systems containing copies of all critical
systems/apps.
Click here to buy Conducting Network Penetration and Espionage in a Global Environment

Building a Penetration Testing Lab257

We want a variety of operating systems, two firewalls, IPS/IDSs, one web server,
web applications, one database server, a web application firewall, workstations
(two Windows, Linux), servers (one Windows, one Linux, one FreeBSD), one
domain controller (Windows 2008), one FTP server (Ubuntu), one wireless
router, one radius server, two laptops with WiFi, a debugger, one website, and
one Web 2.0 application.
Server/victim workstations = VMware Workstation 8.0.
Hardware platform must have at least 4 GB RAM and be at least
dual core.
Server operating systems:
MSW 2008 server
MSW 2003 server
Ubuntu 12.04 LTS = Linux Server OS
Workstations
MSW XP Pro
MSW 7 Pro
Router
ASUS WL-520gc = LAN/W LAN router
Laptop will be the attacker.
Samsung Galaxy Tab will be our WiFi target.
The web server, FTP server, and web app will all be free downloads.
Vulnerable web applications you can install:
DVWA
OWASP Broken Web Applications Project.
NOWASP Web Pen-Test Practice Application.
Our host workstation (target) can hold the following VMs using VMware
Workstation 8.0:
FTP server (Ubuntu Server 12)
Domain controller (MSW Server 2008) -.iso installer disk image
Win 7 Pro -.iso installer disk image
Win XP Pro -.iso installer disk image
Online hacking labs:
https://www.hacking-lab.com
http://try2hack.nl
http://www.HackThisSite.org
http://www.DareYourMind.net
http://hax.tor.hu

Click here to buy Conducting Network Penetration and Espionage in a Global Environment

You might also like