Penetration Testing mailing list archives
Re: Attack Server
From: Robin Wood <robin () digininja org>
Date: Wed, 8 Sep 2010 17:15:36 +0100
On 8 September 2010 16:04, Kurt M. John <kurt.md.john () gmail com> wrote:
Hey Guys, I got another one for you. I'm looking to create a combination attack/testing server. The idea here is to have a server than can perform remote analysis and attacks (and perform such services as tftp). The server will also double as a testing server. Ideally I'd like to have a few VMs on there such as Damn Vulnerable Linux (for training) and Windows Server 2003 (for fine-tuning attacks before launching it against client systems). Currently the server has the following hardware specs: 4gigs of ram and 1TB of space. If you guys have any suggestions or links/documents which offer a good setup for what I described that would be great. Initial software I'm thinking includes: Windows Server 2003 VMWare Workstation Helix Backtrack4 Damn Vulnerable Linux Windows XP, 7
I'd personally do it as separate machines. You don't want vulnerable apps on your testing machines and to get some vulnerable apps working you might need older libraries which stop new tools from working.
From what you've said I'd get a very basic host machine working then
install everything into VMs, your attack machine into one then the rest into others. That way you keep them distinct. I've been at an airport and seen someone running Karma to try to lure people to his machine but he had left some vulnerable web apps running as well. As far as Bob was concerned Karma meant an open invite to access his machine and do some interesting modifications, I just sat back and watched. Moral, don't make your attack machine vulnerable. Robin ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Attack Server Kurt M. John (Sep 08)
- Re: Attack Server Robin Wood (Sep 08)
- RE: Attack Server Kettlewell, Nate (Kansas City) (Sep 08)
- Re: Attack Server TAS (Sep 08)
- Re: Attack Server Terry M (Sep 08)
- Re: Attack Server phillip () bailey st (Sep 08)
- Re: Attack Server Robin Wood (Sep 08)