Introduction
For education purposes, a penetration test lab is always necessary. I needed this for a relevant project, so I think it could be useful for colleagues and generally for security researchers to publish my experience in building a penetration test lab. I have used vulnerable Linux images which are publicly available over the Internet. However, the main subject of this post is how to build a vulnerable Windows machine (it would be not too difficult if I had decided to leave it unpatched! :p).
Last but not least, I will go through the common cliche and suggest you run all this vulnerable software in NAT mode; don't leave these security holes running in your local network with Internet access!
Prerequisites
First of all, we will need a virtualization software. I have used VMware player which is free and covers my needs for this post. The images used are the following:
- Backtrack 5 R3, available here.
- Metasploitable v2, available here.
- OWASP Broken Web Applications image, available here.
- Windows XP SP3 (should be installed from scratch)
What else? Topology!
Below you can see the network topology of my pentest lab. I have taken the liberty to watermark my pictures in order to protect myself from plagiarists.
Building Vulnerable Windows machine
First of all we will need a Windows XP machine. It could be fully patched or not; we will not focus on Windows vulnerabilities thus on vulnerabilities on software installed on a Windows machine.
Below is the software and the relevant exploit I used in order to build this vulnerable Windows machine:
- Java 7 update 2, exploitable by this metasploit exploit.
- Hacme bank vulnerable web application, available here.
- Easyftp server vulnerable versions <=1.7.0.11 and earlier, exploitable by multiple metasploit exploits (use search easyftp under the msfconsole)
Conclusion - TBC
I realise that this list is short, but I will come back with updates as my goal is to create a vulnerable Windows machine which is very close to reality and educative at the same time.
Links
- A very good repository for old, possibly vulnerable, versions of various software: http://www.oldapps.com
- How to install Hacme bank instructions: http://www.pingtrip.com/weblog/2008/09/installing-hacme-bank-on-xp-pro
- Metasploit exploits: http://www.metasploit.com/modules/
- Exploits Database by Offensive Security http://www.exploit-db.com
No comments:
Post a Comment