Tuesday, March 12, 2013

Building a pentest Lab

Introduction

For education purposes, a penetration test lab is always necessary. I needed this for a relevant project, so I think it could be useful for colleagues and generally for security researchers to publish my experience in building a penetration test lab. I have used vulnerable Linux images which are publicly available over the Internet. However, the main subject of this post is how to build a vulnerable Windows machine (it would be not too difficult if I had decided to leave it unpatched! :p).
Last but not least, I will go through the common cliche and suggest you run all this vulnerable software in NAT mode; don't leave these security holes running in your local network with Internet access!


Prerequisites

First of all, we will need a virtualization software. I have used VMware player which is free and covers my needs for this post. The images used are the following:
  • Backtrack 5 R3, available here.
  • Metasploitable v2, available here.
  • OWASP Broken Web Applications image, available here.
  • Windows XP SP3 (should be installed from scratch)

What else? Topology!

Below you can see the network topology of my pentest lab. I have taken the liberty to watermark my pictures in order to protect myself from plagiarists.






Building Vulnerable Windows machine

First of all we will need a Windows XP machine. It could be fully patched or not; we will not focus on Windows vulnerabilities thus on vulnerabilities on software installed on a Windows machine.
Below is the software and the relevant exploit I used in order to build this vulnerable Windows machine:
  • Java 7 update 2, exploitable by this metasploit exploit.
  • Hacme bank vulnerable web application, available here.
  • Easyftp server vulnerable versions <=1.7.0.11 and earlier, exploitable by multiple metasploit exploits (use search easyftp under the msfconsole)
Regarding the other VMs on my topology, there are plenty of good articles exploiting the vulnerabilities residing on them.

Conclusion - TBC

I realise that this list is short, but I will come back with updates as my goal is to create a vulnerable Windows machine which is very close to reality and educative at the same time.
 

Links

No comments:

Post a Comment