Penetration Testing mailing list archives
RE: How to create a penetration test lab
From: "John Babio" <jbabio () po-box esu edu>
Date: Wed, 26 Aug 2009 07:26:15 -0400
I agree on the projectshellcode.com. I stumbled across it a little while ago. Seems to be pretty awesome stuff! Also the shellcoders handbook is great! -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of jfvanmeter () comcast net Sent: Tuesday, August 25, 2009 4:22 AM To: krymson () gmail com Cc: pen-test () securityfocus com Subject: Re: How to create a penetration test lab Hello, I just finished the Backtrack Offensive Security courses, it was a blast, but it also made me understand that I know far less then what I thought I did. My job for the past 5 years is threat/vulnerability assessement and management, I know how to run most of the tools, and how to mitigate most treats. Know I would like to learn how the exploit is created. The Backtrack course (for me) was by far the best training I've taken. It wasn't ungodly expensive and since I'm more of a hands on kind of person, it allowed me to read something (several times on some subjects) then go apply what I read. And that is the reason for the lab,I don't believe Backtracks has a extended option to stay in there lab, and since I want to learn shell coding, and vulnerability research in general but for me to learn I need to be able to apply what I've read and writtin (and not go to jail) The following link was sent to me http://projectshellcode.com/ it seams like a good starting point, I have the backtrack training stuff, I've purchased a couple of references this is one of them The ShellCoders Handbook second edition. I started the lab lossly based around Syngress MetaSploit ToolKit for Penetration Testing Exploit Development and Vulnerability Research, I figured if I could get some input from the pentesting community it would only improve the lab. The labs been a project over the last year, I bought the hardware from ebay, it cost 350 dollars, I've been using it mostly to learn NASL so I can write custom plug-ins for Nessus, and other custom scripts for clients. It also gives me a place to test mitigation strategies before I take them to a client. Another area of interest is learning and developing the ability to tunnel through a firewall over port 53 or 80, so I could make a covert connection to the inside of a network. I hear from clients all the time "but, John we have a firewall" I would like to show them that a firewall is just a speed bump, a big speed bump mind you, but I don't believe its a locked door. I've worked with web appliance testing also, seams like everything has a web interface now. I've also be researching how to exploit old version of java that are not installed in a default location ie installed in something like the following program files\mycrappysoftware\jre1.3\bin. That was part of the reason I took the Offense Security course. I believe all I would need to do was change a exploit for jre 1.3 to now call down the new path program files\mycrappysoftware\jre1.3\bin for the exploit to work. I had one client that wanted a security assessment for there new workstation build, I found various version of 1.4, 1.5 and 1.6 installed, then if you add version that was installed in a proprietary path you could add more. any who Thanks for the input, I've learned that I need to walk before I can run, or just run and scrap my knees up alot. Take Care ::John ----- Original Message ----- From: krymson () gmail com To: pen-test () securityfocus com Sent: Monday, August 24, 2009 5:46:25 PM GMT -05:00 US/Canada Eastern Subject: Re: How to create a penetration test lab First, I second the recommendation on Metasploit. Unless you find detailed, easy-to-follow tutorials [0], Metasploit itself is probably the easiest example to look at. Second, I'd possibly suggest the Offensive Security courses [1] if you don't mind swinging some money out (it's not expensive). Part of the coursework will be walking you through your first exploit, complete with shell code (along with labs to do your own). Now, you might not be able to churn out shellcode right away, but you will get hands-on experience working with existing shellcode or having some generated for you. That initial kick-in-the-pants is usually what I need to get past the first and often largest hurdle of experience. Kinda like not knowing what is possible, being shown what is possible, and now believing it can be done so it's easier to discover your own ways as you go. It's part of my own personal beliefs on the difference between children and us adults. :) Third, you have a more extensive lab than most (w00t! esx, routers, switches, etc), so run with it! :) [0] http://www.google.com/search?hl=en&source=hp&q=writing+metasploit+exploits&aq=f&oq=&aqi=g1 [1] http://www.offensive-security.com/penetration-testing-backtrack-online-training.php <- snip -> Hello Every one, I was hoping I could get some input about creating a Penetration Testing Lab. I currently have the following: ESXi Hosting the following viruals XP Pro XP Home Vista Home Centos Fodora Unbuntu Mepis Several LAMP build Windows 2000 IIS5 Windows 2003 IIS6 The network is setup using a couple of Cisco 2500 series routers, Catalyst 3524 switch and a Pix 506. I have a laptop that I run, BackTrack 3 and 4, SamuriaWTF, etc What I want to learn is shell coding, I have some background in assembler from my time working with mainframes. Can anyone think of anything I should add? Suggestions on the best way to start? I have a couple of books that I'm using as a reference. I look forward to hearing from everyone. ::John ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- How to create a penetration test lab jfvanmeter (Aug 24)
- Re: How to create a penetration test lab Jerome Athias (Aug 24)
- Re: How to create a penetration test lab Derek Fountain (Aug 24)
- Re: How to create a penetration test lab Ty Miller (Aug 24)
- <Possible follow-ups>
- Re: How to create a penetration test lab krymson (Aug 24)
- Re: How to create a penetration test lab Javier Reyna (Aug 31)
- Re: How to create a penetration test lab jfvanmeter (Aug 25)
- RE: How to create a penetration test lab John Babio (Aug 26)