building your own hack lab
Post on 05-Apr-2018
225 Views
Preview:
TRANSCRIPT
-
8/2/2019 Building Your Own Hack Lab
1/4
Building Your Own Hack Lab
Jimmy Ray Purser| March 11, 2010 at 12:00 pm PST3,3982
Network Security is considered a self taught dark art like lock picking. Just like lock picking, if
you want to be good at it go purchase a lock and start picking. Going to your neighbors pad and
trying to pick their lock is frowned upon in most court systems. The same with network security,
if you want to be good at it build your own lab and start practicing. It is very important to hone
your skills on your own gear and never ever on the Internet with someone elses stuff.
I have always liked astronomy. I read every book I could find in our small school about the stars
and planets. At night, I would go outside and just look up in amazement at the incredible
vastness of Space. I really did not know what I was looking at until I purchased a telescope some30 years later. Book knowledge could only get me so far. Once I had practical experience with a
scope that knowledge was took to the next level and became a passion.
Many times in the field today, I bump into folks that could really stomp the tators out of anyone
with their command of network security knowledge, but ask them to show you what they are
talking about on the console and they will change the subject quicker then I change our phone
number when my mother in law finds it outwhich reminds me, I need to call the phone
company. We call these folks paper tigers and that is certainly something you do not want
tattooed on your arm next to the tribal USB key entangled in Cat6a cables ink.
The point of this paper is for you to avoid the mistakes I have made in building out my own hacklabs. Looking back, my lifes quote seems to be; if anything is worth doing, it is worth over
doing! I did not say overachieving, I said over doing. For example; playing video games is worth
doing; purchasing 10 commercial grade upright video games and turning my basement into an
80s style arcade is overdoing. When I started building out my hack labs, much like today, there
was no guidelines or advice, so in my typical fashion, I overdid them and made them to big and
complex they just ended up in a ton of frustration at the start and a pile of cash wasted. No need
for you to make those mistakes and have to explain all the stuff to your wife, save that argument
for your future boat or sports car.
Before we get started, please remember the hack labs are islands. Do not connect them to any
other network or to the Internet. Pen Testing can get out of control fast especially with newermethods and tools. Protect yourself from future trouble down the road and never ever physically
connect a hack lab to another network. There are basically three types of base hack labs to
increase you pen testing skills:
- Simplex Hack Lab. This is the best one to get started on. Simplicity is the key here, you are
just trying to get used to the tools and their behavior. This lab starts with the basics:
http://blogs.cisco.com/author/JimmyRayPurser/http://blogs.cisco.com/author/JimmyRayPurser/http://blogs.cisco.com/cin/building_your_own_hack_lab/#commentshttp://blogs.cisco.com/cin/building_your_own_hack_lab/#commentshttp://blogs.cisco.com/cin/building_your_own_hack_lab/#commentshttp://blogs.cisco.com/cin/building_your_own_hack_lab/#commentshttp://blogs.cisco.com/author/JimmyRayPurser/ -
8/2/2019 Building Your Own Hack Lab
2/4
- Pen Testing machine. Installed with your hacking tools to get started with. I recommend a
starting out with a port scanner like SuperScan for Windows, NMAP for Linux then understand
the results and options for the scanner before moving on to other methods of enumeration.
- Network Switch. If can swing it, get a Cisco switch. Now I work for Cisco and I am not trying
to turn this into a marketing paper. Cisco has the majority of switches out there; understandingbehavior thru a Cisco switch just makes statistical sense. Not required of course, just a
recommendation.
- Target to hack. This is your server installed with only one operating system. Use an OS you
know to get started. Laptops are more portable for road demos but laptop or desktop does not
matter. Use server software though and not workstation software. Install default services at first,
then test and now start adding a service at a time and retest each time. You can observe the
difference in behavior of your scanner results.
There is nothing rookie or Noob about this lab. I use a simplex lab for quick testing, taking on
the road for demos or writing/testing code. There are a ton of config options you can do withthis type of lab. Just when you think you squeezed everything out of this lab, add a VLAN to the
switch or plug in a Wireless Access Point and the game changes again.
- Virtual Hack Lab. Flexibility is king with this type of hack lab. This is designed for testing
multiple target operating systems with little hardware. Many folks make the mistake of starting
out with this lab first and get discouraged. This lab is more of a specialty testing lab. It requires
the hardware from above in the simplex hack lab plus the addition of virtualization software. I
recommend using open source software when available. For my virtual machines (VMs as we
decided to call it at the last Star Trek convention) I like Xen but that requires Linux to be the
host, so if you are not cool with Linux just yet, then VirtualBox works great with Windows or
Linux as the host system. Microsoft also offers VirtualPC however, in my experience the Linuxdrivers are not that good so whats the point. Virtual Hack Labs are good for understanding the
behavior of different operating systems with minimal hardware investment. I caution folks about
using this type of lab for testing bots or viruses since the behavior is massively different on a VM
then on a hard installed machine.
- Real World Hack Lab. This is the Jedi Trails of all hack labs. Normally my Real World Hack
Labs are large and left in place in a rack. With this lab I introduce ready made targets to practice
on or custom configured loads to attack. This is the lab I use to test the techniques hackers are
using today on the Internet. At a minimum, this lab should include the following:
-- Pen Testing machine or two
-- Internet (simulated) facing firewall
-- Screening router
-- Perimeter firewall
-
8/2/2019 Building Your Own Hack Lab
3/4
-- Choke router
-- 3 + servers target
-- Wireless Access Point
-- Client workstation target
This lab is always in flux based upon what you are testing. You do not need high end gear to test
the methods. If you work for a company that is willing to man up the cash for this gear, bonus
round time!! Do not let it stop your learning if they will not cut loose on the cash. This can be
done very low cost to still achieve excellent results. My Real World Lab for years looked like
this:
- Pen Testing machine or two: One running BackTrack, One running Windows
- Internet (simulated) facing firewall: 2 NICs on a low end desktop running Astaro
- Screening router: 2 NICs on a low end desktop running Zebra
-- Perimeter firewall: FreeBSD running IPtables/IPchains
-- Choke router: 2 NICs on a low end desktop running Zebra
-- 3 + servers target:LiveCD OSs
- Wireless Access Point: Laptop with a prism AP card running FakeAP (for noise) and a low
end AP I purchased off of eBay.
- Client workstation target: My kids machine they use to surfwww.techwisetv.com
I used all old gear in this lab that I picked up for mega cheap or retired from my general home
use. I have even used a couple old Xboxs for Linux servers and they worked great! This systemworked and still works great for my hack lab.
To really get the best use out of any of these models we need to have some good target
simulation packages to test against. Not many folks just starting out are Web Designers, DBAs
or Active Coders and configuring your own targets is almost like taking a Econ final with the
answer key setting right next to you, although, man that would have been sweet, plus it takes somuch timeEnter ready made target sims; Huzzah!! I use two different target sims; Foundstone
has sims know as the hackme series. They include simulated banks, bookstores, travel, etc.
They are great really just require the .Net Framework and Windows 2K. Plus check out their
Windows security tools while you are there. They are second to none. My favorite target sims are
the LiveCD distributions. They are available on an excellent Pen Testing Specialty Site
http://heorot.net/livecds/ The thing I like about these sims best is that the are complete
including the OS. No need to even redo a system, these are bootable images that you can place in
http://www.techwisetv.com/http://www.techwisetv.com/http://www.techwisetv.com/http://www.techwisetv.com/ -
8/2/2019 Building Your Own Hack Lab
4/4
the CDROM, bootup and your are ready to start pen testing. They have many images plus a ton
of resources. I highly recommend this site and its resources. You should use both target sims in
your hack lab. The Foundstone HackMe sims are Windows based whereas the LiveCD sims are
Linux (slax) based. You have to shout out Slackware (slax) when it is used or the Linux crowd
will keep losing your Star Trek Convention reservations.
After you have been practicing for a while surf on over to the Open Source Security Testing
Methodology Manual (OSSTMM) site and read up on their recommended methods for Pen
Testing. Do not do this before you practice your pen testing because it is wrote to the pen test
crowd so hands on experience is assumed. The OSSTMM is very well received in the security
industry so knowing it can really help your career. Truthfully though, the Information Systems
Security Assessment Framework; Penetration Testing Framework (whew)You know theISSAF PTF (all these acronyms remind me of the movie Dodgeball) is a much more practical
document. I speak the OSSTMM but I use the ISSAF PTF. The United States Government also
wrote a fairly good pen test guide NIST SP 800-42 not bad for government work!
Keep it simple when starting out and build on a piece at a time. You will be amazed at how fastyour knowledge will grow in security in just a month. You know if you are cut out for security
by how much time you spend just thinking about ways you compromise your hack lab.
Documentation is important to the learning process and giving back to the community as a
whole. When I test something cool in the lab, I twitter (jimmyray_purser) it out to my followers
so they can be aware or even double check my findings and I write papers like this one.
Looks like it is time for me to head outside and point my scope skyward. With a box of Popeyes
chicken in one hand, a star chart in the other, Ill be looking at the stars but no doubt thinkingabout cross site scripting
Jimmy Ray Purser
Trivia File Transfer Protocol
Before the Boston Tea Party, the British actually lowered tea taxes, not raised them.
top related