Re: How to create a penetration test lab

[¨˜”°º•C0D3w@lk3r•º°”˜¨ <c0d3walk3r () gmail com>]

The book mentioned by Javier is really good. For basics in Assembly
for shellcoding check some introductory videos here:
http://www.securitytube.net/Programming-Video-List.aspx

Also try including DVL (Damn Vulnerable Linux) to your collection.
Happy Hacking :)

-- 
¨˜”°º•C0D3w@lk3r•º°”˜¨

On Mon, Aug 31, 2009 at 10:07 PM, Javier Reyna<jreyna () onlinet com mx> wrote:
> I will also recomend checking metasploit but for a really good introduction in the basic technics, i
> recommend the book Hacking from Jon Erickson (http://nostarch.com/hacking2.htm), I own the first edition
> and the 2nd seems to bee really good.
>
> JRP
>
> On Mon, Aug 24, 2009 at 09:46:25PM -0000, krymson () gmail com wrote:
> > First, I second the recommendation on Metasploit. Unless you find detailed, easy-to-follow tutorials [0], Metasploit 
> > itself is probably the easiest example to look at.
> >
> > Second, I'd possibly suggest the Offensive Security courses [1] if you don't mind swinging some money out (it's not 
> > expensive). Part of the coursework will be walking you through your first exploit, complete with shell code (along 
> > with labs to do your own). Now, you might not be able to churn out shellcode right away, but you will get hands-on 
> > experience working with existing shellcode or having some generated for you. That initial kick-in-the-pants is 
> > usually what I need to get past the first and often largest hurdle of experience. Kinda like not knowing what is 
> > possible, being shown what is possible, and now believing it can be done so it's easier to discover your own ways as 
> > you go. It's part of my own personal beliefs on the difference between children and us adults. :)
> >
> > Third, you have a more extensive lab than most (w00t! esx, routers, switches, etc), so run with it! :)
> >
> >
> > [0] http://www.google.com/search?hl=en&source=hp&q=writing+metasploit+exploits&aq=f&oq=&aqi=g1
> >
> > [1] http://www.offensive-security.com/penetration-testing-backtrack-online-training.php
> >
> > <- snip ->
> > Hello Every one, I was hoping I could get some input about creating a Penetration Testing Lab. I currently have the 
> > following:
> >
> > ESXi Hosting the following viruals
> > XP Pro
> > XP Home
> > Vista Home
> > Centos
> > Fodora
> > Unbuntu
> > Mepis
> > Several LAMP build
> > Windows 2000 IIS5
> > Windows 2003 IIS6
> >
> > The network is setup using a couple of Cisco 2500 series routers, Catalyst 3524 switch and a Pix 506.
> >
> > I have a laptop that I run, BackTrack 3 and 4, SamuriaWTF, etc
> >
> > What I want to learn is shell coding, I have some background in assembler from my time working with mainframes. Can 
> > anyone think of anything I should add? Suggestions on the best way to start? I have a couple of books that I'm using 
> > as a reference.
> >
> > I look forward to hearing from everyone.
> >
> > ::John
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review Board
> >
> > Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> > and CEPT certs require a full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
> and CEPT certs require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------