RE: How to create a penetration test lab

["John Babio" <jbabio () po-box esu edu>]

I agree on the projectshellcode.com. I stumbled across it a little while ago. Seems to be pretty awesome stuff! Also 
the shellcoders handbook is great!

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jfvanmeter () comcast net
Sent: Tuesday, August 25, 2009 4:22 AM
To: krymson () gmail com
Cc: pen-test () securityfocus com
Subject: Re: How to create a penetration test lab

Hello,

I just finished the Backtrack Offensive Security courses, it was a blast, but it also made me understand that I know 
far less then what I thought I did. My job for the past 5 years is threat/vulnerability assessement and management, I 
know how to run most of the tools, and how to mitigate most treats. Know I would like to learn how the exploit is 
created.

The Backtrack course (for me) was by far the best training I've taken. It wasn't ungodly expensive and since I'm more 
of a hands on kind of person, it allowed me to read something (several times on some subjects) then go apply what I 
read. 

And that is the reason for the lab,I don't believe Backtracks has a extended option to stay in there lab, and since I 
want to learn shell coding, and vulnerability research in general but for me to learn I need to be able to apply what 
I've read and writtin (and not go to jail) 

The following link was sent to me http://projectshellcode.com/ it seams like a good starting point, I have the 
backtrack training stuff, I've purchased a couple of references this is one of them The ShellCoders Handbook second 
edition.

I started the lab lossly based around Syngress MetaSploit ToolKit for Penetration Testing Exploit Development and 
Vulnerability Research, I figured if I could get some input from the pentesting community it would only improve the lab.

The labs been a project over the last year, I bought the hardware from ebay, it cost 350 dollars, I've been using it 
mostly to learn NASL so I can write custom plug-ins for Nessus, and other custom scripts for clients. It also gives me 
a place to test mitigation strategies before I take them to a client. 

Another area of interest is learning and developing the ability to tunnel through a firewall over port 53 or 80, so I 
could make a covert connection to the inside of a network. I hear from clients all the time "but, John we have a 
firewall" I would like to show them that a firewall is just a speed bump, a big speed bump mind you, but I don't 
believe its a locked door.

I've worked with web appliance testing also, seams like everything has a web interface now. 

I've also be researching how to exploit old version of java that are not installed in a default location ie installed 
in something like the following program files\mycrappysoftware\jre1.3\bin. 

That was part of the reason I took the Offense Security course. I believe all I would need to do was change a exploit 
for jre 1.3 to now call down the new path program files\mycrappysoftware\jre1.3\bin for the exploit to work.  I had one 
client that wanted a security assessment for there new workstation build, I found various version of 1.4, 1.5 and 1.6 
installed, then if you add version that was installed in a proprietary path you could add more. 

any who 

Thanks for the input, I've learned that I need to walk before I can run, or just run and scrap my knees up alot. 

Take Care ::John

----- Original Message -----
From: krymson () gmail com
To: pen-test () securityfocus com
Sent: Monday, August 24, 2009 5:46:25 PM GMT -05:00 US/Canada Eastern
Subject: Re: How to create a penetration test lab

First, I second the recommendation on Metasploit. Unless you find detailed, easy-to-follow tutorials [0], Metasploit 
itself is probably the easiest example to look at.



Second, I'd possibly suggest the Offensive Security courses [1] if you don't mind swinging some money out (it's not 
expensive). Part of the coursework will be walking you through your first exploit, complete with shell code (along with 
labs to do your own). Now, you might not be able to churn out shellcode right away, but you will get hands-on 
experience working with existing shellcode or having some generated for you. That initial kick-in-the-pants is usually 
what I need to get past the first and often largest hurdle of experience. Kinda like not knowing what is possible, 
being shown what is possible, and now believing it can be done so it's easier to discover your own ways as you go. It's 
part of my own personal beliefs on the difference between children and us adults. :)



Third, you have a more extensive lab than most (w00t! esx, routers, switches, etc), so run with it! :)





[0] http://www.google.com/search?hl=en&source=hp&q=writing+metasploit+exploits&aq=f&oq=&aqi=g1



[1] http://www.offensive-security.com/penetration-testing-backtrack-online-training.php



<- snip ->

Hello Every one, I was hoping I could get some input about creating a Penetration Testing Lab. I currently have the 
following:



ESXi Hosting the following viruals

XP Pro 

XP Home

Vista Home

Centos

Fodora

Unbuntu

Mepis

Several LAMP build

Windows 2000 IIS5

Windows 2003 IIS6



The network is setup using a couple of Cisco 2500 series routers, Catalyst 3524 switch and a Pix 506.



I have a laptop that I run, BackTrack 3 and 4, SamuriaWTF, etc



What I want to learn is shell coding, I have some background in assembler from my time working with mainframes. Can 
anyone think of anything I should add? Suggestions on the best way to start? I have a couple of books that I'm using as 
a reference.



I look forward to hearing from everyone.



::John

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------