Just a while ago, I was talking to another security enthusiast and we were discussing on "how to set up a pentest environment at home". The worse thing is that I only had access to Vmware workstation and attacking from a Backtrack 5 to a vulnerable machine. But that's just ONE hop and REAL environments have multiple hops (e.g. through a Firewall, DMZ, internal and one more internal).
Although I've read a couple of articles regarding setting up penetration testing environment, I still had no idea how to make one until yesterday. I was reading up on VMWare stuffs, I discovered this valuable page that can solve the problem of virtualizing your attacking and victim machines with firewalls and load balancers in the equation to test. Try reading this:
http://www.vmware.com/support/ws55/doc/ws_net_configurations_custom.html
Pre-requisite:
1. RAMS, LOTSA RAMS (I'm on 8GB)
2. Enough CPU resources (I'm on i5)
3. OF course, enough HDD space (I'm on 128SSD and 500HDD)
4. VMWare Workstation (I'm on a 8)
5. VMWare images (in this demo, I'll be using: BTR3, Smoothwall 3 Polar, An Exploitable Machine)
Configuring your VMWare Network Adaptors:
BTR5 - Two Network Adaptors
1. Bridged (or Vmnet 0)
2. VMnet 9 (Set Host-only)
Smoothwall 3 - Two Network Adaptors
1. VMnet 9 (Set Host-only)
2. VMnet 2 (Set Host-only)
Win XP / Metasploitable / KioptrixOther vulnerable victim machines
1. VMnet 2 (Set Host-only)
VMWare Workstation - Open Edit -> Virtual Network Editor
Add VMnet 2 and 9. DHCP is optional.
* Whatever IP you used for the VMnet, please do not use x.x.x.1 as they are used by the VMWare's Virtual Switches
Setting up your network:
BTR5 (*your eth[num] may be different, so adjust accordingly)
1. eth0 to your real local network address. For mine is 10.0.0.x/24. You'll be able to access internet from your backtrack5 for apt-get installs and wget of useful tools ;)
2. eth1 to 10.0.9.3/24
set your default gateway to 10.0.9.2 (Smoothwall 3's IP)
Smoothwall 3
1. Login as 'root' using 'happydays' as password
2. set your eth0 to 10.0.9.2/24
3. set your eth1 to 10.0.2.2/24
* Remember, don't get confused with your network adaptors connecting to their respective VMnets.
Win XP
1. Set your "Local Area Connection" interface to 10.0.2.100/24 and gateway to 10.0.2.2 (Smoothwall 3's IP also)
By now you should be able to do WIN XP -PING-> BTR5 and get a response.
However, you won't be able to have BTR5 ping WIN XP for some reasons.
Now it's a good time to WEB LOGIN to your Smoothwall 3's and start configuring it.
https://10.0.2.2:441/ using 'admin' and password as 'happydays'
This post I won't be sharing on the Smoothwall's configuration for port fowarding and other configuration. And REMEMBER, to make your Smoothwall's INTERFACE CONFIGURATION stay persistent, you'll need to CHANGE the Interfaces' IP address using the Web GUI.
Need help? Send me an email: breaktoprotect(at)gmail(dot)com
Thanks for reading. Happy fun times, people~
Break To Protect,
J.S.
Although I've read a couple of articles regarding setting up penetration testing environment, I still had no idea how to make one until yesterday. I was reading up on VMWare stuffs, I discovered this valuable page that can solve the problem of virtualizing your attacking and victim machines with firewalls and load balancers in the equation to test. Try reading this:
http://www.vmware.com/support/ws55/doc/ws_net_configurations_custom.html
Pre-requisite:
1. RAMS, LOTSA RAMS (I'm on 8GB)
2. Enough CPU resources (I'm on i5)
3. OF course, enough HDD space (I'm on 128SSD and 500HDD)
4. VMWare Workstation (I'm on a 8)
5. VMWare images (in this demo, I'll be using: BTR3, Smoothwall 3 Polar, An Exploitable Machine)
Configuring your VMWare Network Adaptors:
BTR5 - Two Network Adaptors
1. Bridged (or Vmnet 0)
2. VMnet 9 (Set Host-only)
Smoothwall 3 - Two Network Adaptors
1. VMnet 9 (Set Host-only)
2. VMnet 2 (Set Host-only)
Win XP / Metasploitable / KioptrixOther vulnerable victim machines
1. VMnet 2 (Set Host-only)
VMWare Workstation - Open Edit -> Virtual Network Editor
Add VMnet 2 and 9. DHCP is optional.
* Whatever IP you used for the VMnet, please do not use x.x.x.1 as they are used by the VMWare's Virtual Switches
Setting up your network:
BTR5 (*your eth[num] may be different, so adjust accordingly)
1. eth0 to your real local network address. For mine is 10.0.0.x/24. You'll be able to access internet from your backtrack5 for apt-get installs and wget of useful tools ;)
2. eth1 to 10.0.9.3/24
set your default gateway to 10.0.9.2 (Smoothwall 3's IP)
Smoothwall 3
1. Login as 'root' using 'happydays' as password
2. set your eth0 to 10.0.9.2/24
3. set your eth1 to 10.0.2.2/24
* Remember, don't get confused with your network adaptors connecting to their respective VMnets.
Win XP
1. Set your "Local Area Connection" interface to 10.0.2.100/24 and gateway to 10.0.2.2 (Smoothwall 3's IP also)
By now you should be able to do WIN XP -PING-> BTR5 and get a response.
However, you won't be able to have BTR5 ping WIN XP for some reasons.
Now it's a good time to WEB LOGIN to your Smoothwall 3's and start configuring it.
https://10.0.2.2:441/ using 'admin' and password as 'happydays'
This post I won't be sharing on the Smoothwall's configuration for port fowarding and other configuration. And REMEMBER, to make your Smoothwall's INTERFACE CONFIGURATION stay persistent, you'll need to CHANGE the Interfaces' IP address using the Web GUI.
Need help? Send me an email: breaktoprotect(at)gmail(dot)com
Thanks for reading. Happy fun times, people~
Break To Protect,
J.S.
Completely agree. This blog provide valuable information on penetration testing and clearly show its importance. Thanks for sharing
ReplyDelete