Re: Lab OS Choices

["Peter Manis" <manis () digital39 com>]

Shaon,

You were correct in what you thought I was looking for, I just really
don't know enough about pen testing yet to know what setups are most
effective for learning.  With the equipment I have I probably can
setup a simulated inet.

Thanks for your help.

On 8/13/07, Shaon Diwakar <shaon.diwakar () yahoo com au> wrote:
> Hi Peter,
>
> I was under the impression that you might have wanted to setup a pen test lab for attack & penetration type of work. 
> As far as I know, there is no real learning benefit from working remotely versus locally - though, others on the list 
> might have further insights? Then again, I'm sure using your existing hardware & creativity - you'd be able to 
> simulate an external network locally :)
>
> Regards,
> sHz
>
> ----- Original Message ----
> From: Peter Manis <manis () digital39 com>
> To: "Shenk, Jerry A" <jshenk () decommunications com>
> Cc: pen-test () securityfocus com
> Sent: Sunday, 12 August, 2007 1:40:32 PM
> Subject: Re: Lab OS Choices
>
> Is there a benefit to performing pen tests on physical machines vs
> virtual machines?  I was under the impression that for the most part
> the differences are very slim.
>
> Shaon you mentioned that you thought I wanted to test remotely.  It
> isn't that I don't want to I just figured for a lab it would be fine
> to do it internal.  Is there a learning benefit to working remotely vs
> locally? I don't mean local like attack ip = 10.0.10.1 and victim ip =
> 10.0.10.2 both with a 24 bit subnet I mean with routers in between and
> subnet changes, etc.
>
> Thanks.
>
> PM
>
> On 8/11/07, Shenk, Jerry A <jshenk () decommunications com> wrote:
> > You definitely want something that you can exploit so that you can lean
> > how the exploits work.  You also want to have a variety of operating
> > systems with a variety of patch levels.  I'd also recommend having
> > enough stuff so that you can test a lot of the operating system that
> > you'll run into.  Having said that, you also need to start
> > somewhere...then you lab can grow.
> >
> > I think I'd start with an unpatched Windows 2000 server.  There are a
> > ton of exploits and you can get a good handle on how stuff works.
> > Honestly, you aren't gonna run into too many unpatched W2K boxes out
> > there so once you have that box set up, image the drive and start
> > applying service packs.  You will run into W2K boxes with a couple
> > service packs but not all of them.  You'll also want to have a box set
> > up that is fully patched so that you can understand how your exploits
> > work against a patched OS.
> >
> > Another really nice, fun system is a Windows 2003 server without any
> > patches.  You'll also want to take that unpatched W2003 server and take
> > an image of that up to the end of March.  That's fairly current but
> > still vulnerable to some REALLY nasty exploits - RPC/DNS for one lets
> > you own the box and in most cases, the box you'd be owning would be the
> > DNS server which also has AD so you can create a user and make them an
> > enterprise admin...definitely a HUGE hole for a relatively recent OS.
> > BTW, you can also play with that same exploit on any other DNS server
> > that's a DC....really nasty!
> >
> > You want to play with some workstation-class exploits too.  Set up a
> > mail server and an exchange client so you can do some of the exchange
> > client exploits.
> >
> > When I'm talking about "setting up a box", I have a couple old servers
> > with drives that I swap around for this type of stuff....stuff people
> > were throwing out.  So for me, "a box" is really just a single drive.
> > If you get used equipment, wipe the drives before you mess with 'em.
> > You really don't want to accidently leak somebody else' data.  I know
> > this is a lab environment and it shouldn't "leak" but still...they
> > probably didn't wipe the drive or I certainly wouldn't trust 'em.
> >
> > VMware is also very popular.  Each individual machine also fits my
> > definition of "a box".  I would recommend that you have at least a
> > couple "real machines" that you use but VMware is a really slick way to
> > test things out.  There are some attacks that act differently on VMware
> > and a "real machine"....that's why you have a lab, so you can learn
> > those differences.
> >
> > -----Original Message-----
> > From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > On Behalf Of Peter Manis
> > Sent: Saturday, August 11, 2007 6:40 PM
> > To: pen-test () securityfocus com
> > Subject: Lab OS Choices
> >
> > I am new to the world of pen testing and am working on building a lab.
> >  What operating systems and versions do you recommend for a good all
> > around lab.  Windows of course is a big one, but do you go back to 98?
> >  Being a beginner I would think having all the patches on XP or Vista
> > might make it difficult to learn.  I would also think adding a secure
> > OS like openbsd would be a waste of time for a beginner to try to gain
> > access to.  All advice is appreciated.
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE today!
> >
> > http://www.cenzic.com/downloads
> > ------------------------------------------------------------------------
> >
> >
> >
> > **DISCLAIMER
> > This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which 
> > they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the 
> > intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the 
> > message. If you have received this communication in error, please notify the sender and delete this e-mail message. 
> > The contents do not represent the opinion of D&E except to the extent that it relates to their official business.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------