Penetration Testing mailing list archives

Re: Attack Server

From: Robin Wood <robin () digininja org>
Date: Wed, 8 Sep 2010 17:15:36 +0100

On 8 September 2010 16:04, Kurt M. John <kurt.md.john () gmail com> wrote:

Hey Guys,

I got another one for you. I'm looking to create a combination
attack/testing server. The idea here is to have a server than can
perform remote analysis and attacks (and perform such services as tftp).
The server will also double as a testing server. Ideally I'd like to
have a few VMs on there such as Damn Vulnerable Linux (for training) and
Windows Server 2003 (for fine-tuning attacks before launching it against
client systems).

Currently the server has the following hardware specs: 4gigs of ram and
1TB of space.

If you guys have any suggestions or links/documents which offer a good
setup for what I described that would be great.

Initial software I'm thinking includes:

Windows Server 2003
VMWare Workstation
     Helix     Backtrack4     Damn Vulnerable Linux     Windows XP, 7


I'd personally do it as separate machines. You don't want vulnerable
apps on your testing machines and to get some vulnerable apps working
you might need older libraries which stop new tools from working.

From what you've said I'd get a very basic host machine working then

install everything into VMs, your attack machine into one then the
rest into others. That way you keep them distinct.

I've been at an airport and seen someone running Karma to try to lure
people to his machine but he had left some vulnerable web apps running
as well. As far as Bob was concerned Karma meant an open invite to
access his machine and do some interesting modifications, I just sat
back and watched. Moral, don't make your attack machine vulnerable.

Robin

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------

Current thread:

Attack Server Kurt M. John (Sep 08)
- Re: Attack Server Robin Wood (Sep 08)
  - RE: Attack Server Kettlewell, Nate (Kansas City) (Sep 08)
- Re: Attack Server TAS (Sep 08)
  - Re: Attack Server Terry M (Sep 08)
- Re: Attack Server phillip () bailey st (Sep 08)