Penetration Testing mailing list archives

RE: Attack Server


From: "Kettlewell, Nate (Kansas City)" <Nate.Kettlewell () fishnetsecurity com>
Date: Wed, 8 Sep 2010 12:21:19 -0500

I used VmWare ESXi, PfSense as the Internet-facing VM with OpenVPN for remote access, it has 3 virtual
NICs configured for Internet, Attack, and Victim network, with the attack VM's on one segment that can
access the Internet and the victim subnet, the victim VM's are isolated and can only talk to the
attacker subnet.

It's worked nice for me so far, and I can route my attack machines out to the real world for the
one-off audit.

Cheers,

Nate Kettlewell | IT Network Administrator | FishNet Security | 816.701.3303


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Robin Wood
Sent: Wednesday, September 08, 2010 11:16 AM
To: Kurt M. John
Cc: pen-test () securityfocus com
Subject: Re: Attack Server

On 8 September 2010 16:04, Kurt M. John <kurt.md.john () gmail com> wrote:
Hey Guys,

I got another one for you. I'm looking to create a combination
attack/testing server. The idea here is to have a server than can
perform remote analysis and attacks (and perform such services as tftp).
The server will also double as a testing server. Ideally I'd like to
have a few VMs on there such as Damn Vulnerable Linux (for training) and
Windows Server 2003 (for fine-tuning attacks before launching it against
client systems).

Currently the server has the following hardware specs: 4gigs of ram and
1TB of space.

If you guys have any suggestions or links/documents which offer a good
setup for what I described that would be great.

Initial software I'm thinking includes:

Windows Server 2003
VMWare Workstation
     Helix     Backtrack4     Damn Vulnerable Linux     Windows XP, 7


I'd personally do it as separate machines. You don't want vulnerable
apps on your testing machines and to get some vulnerable apps working
you might need older libraries which stop new tools from working.

From what you've said I'd get a very basic host machine working then
install everything into VMs, your attack machine into one then the
rest into others. That way you keep them distinct.

I've been at an airport and seen someone running Karma to try to lure
people to his machine but he had left some vulnerable web apps running
as well. As far as Bob was concerned Karma meant an open invite to
access his machine and do some interesting modifications, I just sat
back and watched. Moral, don't make your attack machine vulnerable.

Robin

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration
test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------


Current thread: