My PC up until a few weeks ago was a 3-core box with 8 GB of RAM and about 300 GB of disk space. This is the main PC that my family uses so a lot of that disk space was allocated and it left me with a little space for VMs, maybe 2-4 at a time. 8GB of RAM was also a limiting factor when running VMs. I had contemplated building a server to run VMWare ESXi or Hyper-V on that would house my whole lab but I really haven't been able to justify the cost. What I ended up doing was just buying 16GB of RAM and an additional 1TB hard drive to get my machine in a state that it could handle running 6-8 VMs at a time.
Here is a picture of what my lab looks like right now in VMWare Player.
A couple of things I wanted to have in my lab were:
1) Internet Access but segregated from my home network
2) 2 separate subnets with a firewall in between
3) a system that I could watch the traffic on with wireshark and snort
4) a mixture of vulnerable VMs to practice on
I created 2 separate networks within VMWare Player, one named secure and one named unsecure. I have 2 "attacking" machines on the unsecure network, Kali Linux and Windows 7. On the secure network I have a Windows 2012 domain controller mainly to offer DNS and DHCP services for that subnet. I also will probably add a client to the domain and just sniff that traffic to see what it looks like when the client authenticates among other things. I also have an older Ubuntu 9 server, Metasploitable, UltimateLAMP, and Win XP w/ SP2 that I can bang around on and practice some of the techniques I am learning.
On the unsecure network, I have a m0n0wall distribution as the gateway for Internet access. It is just a basic default setup and nothing special. On the box named "Snort" that connects the 2 networks together, I just have IP forwarding turned on and some basic firewall rules that allow traffic between the two networks. The 3 rules I had to add on that box are:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT
I had troubles getting the traffic between the two networks to work initially with the basic ACCEPT rules that are on iptables by default and adding these are the only way I could get it to work. I actually think just using the MASQUERADE rule is sufficient enough but I added the last 2 just in case. I intend to play around with iptables more at some point during my practicing to see how firewall rules will affect some traffic and see if there are ways to bypass the firewall. I have the box named "Snort" because when I originally created this VM it was going to just run Snort to watch traffic on the private network while I'm testing out techniques. I still haven't actually gotten around to setting up snort on the box but that is on my list of "To Dos".
Static routes are also needed on the Kali and WinPen boxes to the 192.168.10.0/24 that tell them to send traffic destined for that network to the 192.168.20.5 interface on "Snort". Otherwise, they will try to send the traffic out the 192.168.20.1 interface on "m0n0wall".
This is just a start to my lab, hopefully I will add some more vulnerable systems to the secure network. If you have any suggestions on good vulnerable systems to test with please let me know.
Nice post, very helpful for us.I will come back here again & again...:)
ReplyDeleteApplication Testing