I've finally reached the point where i'm ready to move onto bigger and bolder projects, unfortunately everytime i decide to try exploring my network with Nmap, (etc), i come up against the same problem...I don't really have a network, (as such), to explore!

I'd also like to try out exploiting a system, setting up and securing a web server...by pentesting it, and plenty of other things that will hopefully make me employable as a network engineer.

So basically, i'm thinking of acquiring PCs from skips and wherever else i can get my hands on them in order to create a controlled environment to experiment with. I really don't have much money to spend, so can anyone suggest the bare minimum i'll need to get me started....PCs, freeware etc etc.

Forgive my vagueness, i'm not too clued up on the best way to go from here....i've studied tons of theory but have no practical experience, and until i get that nobody's going to employ me!

Naturally, i want to start small and build up from there. For the record this isn't just so i can learn to "hack"...I want to learn to setup servers, networks, network security etc etc etc, i'm sure those of you who are already Pros know what i mean and what i need to learn!!!

I am intending to do the Offensive Security course, but it'd be slightly disingenuous to go for a job as a network engineer without being able to setup an Apache server, (for example) and with my networking skills extending as far as attaching everything to a Hub. :rolleyes:

If anyone can offer some suggestions as to where i should start with this project i'd really appreciate it...thanks in advance,
TAE

An easy way to get started...

http://forums.remote-exploit.org/showthread.php?t=7275

I've finally reached the point where i'm ready to move onto bigger and bolder projects, unfortunately everytime i decide to try exploring my network with Nmap, (etc), i come up against the same problem...I don't really have a network, (as such), to explore!

I'd also like to try out exploiting a system, setting up and securing a web server...by pentesting it, and plenty of other things that will hopefully make me employable as a network engineer.

So basically, i'm thinking of acquiring PCs from skips and wherever else i can get my hands on them in order to create a controlled environment to experiment with. I really don't have much money to spend, so can anyone suggest the bare minimum i'll need to get me started....PCs, freeware etc etc.

Forgive my vagueness, i'm not too clued up on the best way to go from here....i've studied tons of theory but have no practical experience, and until i get that nobody's going to employ me!

Naturally, i want to start small and build up from there. For the record this isn't just so i can learn to "hack"...I want to learn to setup servers, networks, network security etc etc etc, i'm sure those of you who are already Pros know what i mean and what i need to learn!!!

I am intending to do the Offensive Security course, but it'd be slightly disingenuous to go for a job as a network engineer without being able to setup an Apache server, (for example) and with my networking skills extending as far as attaching everything to a Hub. :rolleyes:

If anyone can offer some suggestions as to where i should start with this project i'd really appreciate it...thanks in advance,
TAE

What I did was built myself a small network lab. first I installed a second internet connection so my enviorment would be sterile and free from my every day computing needs.then I got a router and a hub and set up a net work running msssql server. I have 4 desk tops and 2 laptops on my "network". I enabled file and printer sharing with a richola printer I lucked into. I use it because it has its own ip address and is on the LAN. It is also a entry vector to the network because telnet is enabled by default and I can use a netcat upload to jump to the next box. 2 of my desk tops have winblows xp. one is fully patched with sp2 the other is unpatched with sp1. Then I have a windows 2000 for the server and nt on the other. So with all this I have set up a net work and I can attack myself from inside the Lan and outside because I have 2 internet connections. any way I got most of the stuff on ebay and pawn shops and I did it pretty cheap.

An easy way to get started...

http://forums.remote-exploit.org/showthread.php?t=7275
They would have been perfect, unfortunately the ISOs have disappeared and the site seems pretty inactive now...it's a shame because it sounded like a really good project too!!! :(

I hadn't thought of looking for a Live install before but it'd be the perfect solution until i can get some more space sorted...so does anyone know of any others?

I've seen Bart's PE mentioned quite a lot on Irongeek's site but haven't looked into it very hard yet, presumably i could create a Windows box to exploit that way, which would give me something to start off with anyway. Ideally i'd like to learn about servers and other networking principles a bit more though, i'm fairly au fait with Windows, as this isn't so much about "hacking" as learning the proper workings of the networking tools too.

One day i'll have a setup like yours purehate, it'd be ideal, but i already have a recording studio with 4 networked PCs and god knows how much other equipment...so space really is at a premium, (until i can get a decent IT job and a bigger place anyway ;) )

T&E,

You might try the site again. I was able to successfully download them yesterday morning.

T&E,

You might try the site again. I was able to successfully download them yesterday morning.
Thanks Duritoxn, you're right, i found them straight away...i wouldn't be surprised if they were there all along and i was just being a retard last time i looked!!

Have you got very far with them yet, the first scenario of level 1 looks fun...and i suspect i have ideas on where to start with it, but the 2nd scenario looks a bit over my head at the moment.

I've been messing around with Barts PE, which looks like it's a good way to setup an entirely credible "home" Windows system to exploit but i'm more interested in learning about network admin at the moment, (in the hope someone will eventually give me a job), and these scenario based Live disks look the perfect solution to give me some insight into how a server network is setup.

Hmmm, Not there for me. Looks like a good project though.


Hehe, thanks Purehate, found them

What about using vmware? You could do an entire virtual network on one or two machines.

What about using vmware? You could do an entire virtual network on one or two machines.
I think its a very good idea. The biggest issue I have is finding decent vmware images (other than Linux). Other than that... :rolleyes:

You can find some really cheap, functional computers at thrift stores. King's Daughters, Goodwill, etc. It doesn't take a lot of box to run win 2000 or NT. Just don't ask them to do much. When you get done you could build a firewall box, router or wireless ap out of one of them.

The first computer I installed linux on was a gateway 2000. It had a 200 MHz processor and 32 screaming MB of ram. It ended up making a pretty good firewall box.

I've got a 1998 model laptop, with a little better resources, that acted as my ap when I was first learning to set them up. It did remarkably well with Damn Small Linux.

I've got several "junk" boxes in my shed right now. You'd be welcome to a couple of them, but shipping would probably be more than they're worth.

The vmware idea certainly has much to recommend it. Some of those older computers are loud and they take up space.

Good Luck

edited to add

I recently got a call to run some cat5 in a lawyers office. The box being networked was running windows 98. After pinging google to check connectivity, I tried to open up a browser. Instead, it opened up HP's sales pitch for dial up. The browser had never been opened before and of course the system had never been patched. I explained this to the office manager but she didn't seem to care. I said OK and left. There's more than one out there just like that one. No doubt, I'll be getting another call, soon.

Schools often have old boxes that they want rid of and will often let you have them for just a small donation.

Another good use for an old box is as a NAS using freenas (http://www.freenas.org/) or such like, it's one of those projects on my todo list.

Thanks for all your input, i i'll keep my eyes out for decent Live Distros to stick on junk boxes as and when i acquire them. Having a few headless boxes running various Live OSs would make an interesting adventure playground :D

I've finally got started on the first Distro that theprez mentioned and it looks like it's going to keep me occupied for a while. I think i've found a few angles but i'm still a bit of a noob, (this is my first ever attempt at an exploit), and i'm really trying to resist reading any of the discussions on their forum to give myself a head start.

I'd say i'm progressing ok, considering i'm mainly relying on Google and experimentation i'm quite happy to have a few angles to explore, and once i can actually get access to it, (i haven't got past the boot screen and they don't give you a login), then i've got a whole Apache Web Server to explore and learn. My one disappointment is that it's a live Distro, so the logs are deleted everytime everytime i switch it off...i'd love to see what sort of panic i've been causing it with my hyper-agressive Nmap scans :p

I won't discuss how far i've got with it in case anyone else reading this thread wants to give it a go, there's plenty of clues, (and the solution), on the main download forum so i won't give anything away here....thanks for the heads up theprez, this is going to keep me busy for days.

If you run it in a virtual machine then you can just pause the vm when you want to turn off and resume when you restart your box and all the logs will still be there for you to peruse later

If you run it in a virtual machine then you can just pause the vm when you want to turn off and resume when you restart your box and all the logs will still be there for you to peruse later
Good call to boot the live CD in VMware...

Thanks for all your input, i i'll keep my eyes out for decent Live Distros to stick on junk boxes as and when i acquire them. Having a few headless boxes running various Live OSs would make an interesting adventure playground :D

I've finally got started on the first Distro that theprez mentioned and it looks like it's going to keep me occupied for a while. I think i've found a few angles but i'm still a bit of a noob, (this is my first ever attempt at an exploit), and i'm really trying to resist reading any of the discussions on their forum to give myself a head start.

I'd say i'm progressing ok, considering i'm mainly relying on Google and experimentation i'm quite happy to have a few angles to explore, and once i can actually get access to it, (i haven't got past the boot screen and they don't give you a login), then i've got a whole Apache Web Server to explore and learn. My one disappointment is that it's a live Distro, so the logs are deleted everytime everytime i switch it off...i'd love to see what sort of panic i've been causing it with my hyper-agressive Nmap scans :p

I won't discuss how far i've got with it in case anyone else reading this thread wants to give it a go, there's plenty of clues, (and the solution), on the main download forum so i won't give anything away here....thanks for the heads up theprez, this is going to keep me busy for days.
hint-bootscreen-hydra

Good call to boot the live CD in VMware...

I have a good idea now and again, not that often admittedly;)

If you run it in a virtual machine then you can just pause the vm when you want to turn off and resume when you restart your box and all the logs will still be there for you to peruse later

Are you using a VM on you BT2 machine? If so which. Or is it on a Winbox?

As my post in BT2 forum, I'm trying to load VMWare.............. stupid slackware.

Are you using a VM on you BT2 machine? If so which. Or is it on a Winbox?

As my post in BT2 forum, I'm trying to load VMWare.............. stupid slackware.

I was talking about a VM on windows, not tried the other way round but I know you have to create the rc0.d -rc6.d stuff


cd /etc
mkdir init.d
for i in {0,1,2,3,4,5,6}; do mkdir rc$i.d; done


And maybe one other file, but there is a tutorial on here that works somewhere.

Schools often have old boxes that they want rid of and will often let you have them for just a small donation.

Another good use for an old box is as a NAS using freenas (http://www.freenas.org/) or such like, it's one of those projects on my todo list.

I've got freenas running on a box in my garage. Pretty cool distro.

interesting topic ....


i just found this book --

The entire purpose of Practical Hacking Techniques and Countermeasures
is to give readers the opportunity to actually put their hands on the tools and
techniques commonly used by todaies hackers and to actually learn how they
work. Up to this point, most security-related books have dealt mainly with
the theory and lecture of tools and techniques, but I wanted to provide more.
With the use of virtual computers the reader can concentrate on the tools
instead of the question of legality.


h***://w**.amazon.com/Practical-Hacking-Techniques-Countermeasures-Spivey/dp/0849370574

My suggestions:

VMWare (already mentioned)
Craigslist

Just a suggestion, if you are looking for something that works straight away that you can practice just the pentesting on (i.e. after you've lent to set up the servers etc.), a base server that can be started from a live CD fully functional (one that I use ocasionally) is SLAMPP. It's a live server with apache, webmin, usermin, and various other things. Investigate it anyway. It might be worth it.

http://www.irongeek.com/i.php?page=security/building-an-infosec-lab-on-the-cheap&mode=print

it may help someone

I don't know much about the project, so it may not be of much interest, but there's also a project around a bit like the ice one called DVL - Damn Vulnerable Linux - based on DSL I suppose. It *looks* like it's along the same lines as ice, anyway....
I think it's actually been around quite a bit longer(?) than ice.

EDIT: Actually, they've moved from the DSL base to BackTrack2!
Oh, here you go:
http://www.damnvulnerablelinux.org
http://www.linux.com/articles/60267?tid=35&theme=print