Wednesday, December 26, 2012

Lab - Take 2

Tis the season to have no spare time to work on fun projects (like pen testing).  Between all the family gatherings and social events I did find some time to to redo the lab.  It's not that it was broken mind you, but it wasn't quite what I wanted.  The previous setup had the attacking and victim systems all in VirtualBox.  Well this works, I have limited resources for the lab and I wanted to build out more victim machines to test against.  Also, I was maintaining a copy of my attack VM's on my laptop and in the virtual lab.  This soon became a daunting task  to keep both copies in sync (or move it between systems).  I thought it would be much nicer to keep the VM's on my laptop (for portability) and still have access into the lab for testing; so that's what I did by adding a VPN.

The Physical - same as last time
I have one system with a dual core Xeon processor, 5 GB of RAM and 150 GB of hard drive space. I know it's fairly dated hardware, but it will be enough for our needs. Of course you can use anything you have, there is no real need to go out and buy something new just for this.

 Software - Mostly the same
I'm still running CentOS as the host OS with VirtualBox to host all the guests.  The main difference is that I have removed the BackTrack5 and the Windows XP Attack systems.  In there place I've added a few more victims to 'play' with.  Here's a list of the systems as they stand today.
  • Firewall
  • DVL (Damn Vulnerable Linux)
  • WebServer (WebGoat)
  • Metasploitable
  • Windows XP
  • Windows 2003
  • LAMP (Linux, Apache, MySQL, PHP)
  • Snort
  • ISO (To load a bootable ISO when I want to)
The other main addition is a VPN using OpenVPN on the firewall.  If you've ever looked into using OpenVPN then you might already know you can either deploy a routed or a bridged VPN.  With a routed VPN you are basically adding a new interface to your firewall and treating your VPN clients as if they are on a different network (not truly on the LAN).  Since we want to sniff packets and perform man in the middle attacks, this just wont do.

With a bridged VPN your clients are directly attacked to the LAN at layer 2; now that's more like it.  Now I'm not going to break down every command I used to install and configure OpenVPN (well, not yet anyway) because there is a great tutorial at OpenVPN's site here.  The one thing I will say is that you need to put the network cards for the firewall into promiscuous mode via VirtualBox on the host system (doing this in the guest OS will not work).  Since it took me two days to figure this out, I figured it was worth sharing.

 For this change to work you first need to shutdown the firewall VM.  Then simiply runn these commands:
VBoxManage modifyvm Firewall --nicpromisc1 allow-all
VBoxManage modifyvm Firewall --nicpromisc2 allow-all

Now restart the firewall VM and you are good to go.

As time permits over the next week I will be creating a complete document as to how I built everything (step -by-step) so anyone can build a lab.  I'm taking the time to do this because I believe this is a very important step to learning the art of penetration testing.  After all, you wouldn't want to start your career into ethical hacking by being unethical and attacking live systems on the Internet would you?

Michael
Posted by

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)