Aim of this Lab:
- Provide a complete lab for Penetration Testing a Windows XP box, Linux box and a bit of Web Servers
- This lab provides three different scenarios:
- A fully vulnerable box with all kinds of vulnerabilities for a user to exploit.
- A fully vulnerable system behind a firewall/IPS
- A fully patched system fully patched and updated behind a firewall. While the vulnerable system will give the attacker a way to try out all the exploits and the tools, the firewalled system will give a real case scenario with the IPS/Firewall/Updates & Patches.
- A domain is created on a Windows Server 2008, with a Windows XP being a part of the domain. All domain related tests can be performed on these systems.
- Further expand it to include Web Application testing and Wireless Assessments
- Box 1: Attacking Machine
- 4 GB RAM
- OS: RHEL/Ubuntu
- BackTrack 5 (Attack)
- Box 2: Target Machine running multiple VMs
- 8 GB RAM
- OS: Ubuntu
- Snort, iptables (Defence)
- Plenty of HDD space in both
- Pre-built VMs or ISO for installing OS (Ubuntu, RHEL, Windows, Metasploitable)
- VMWare/VirtualBox/KVM … Any solution for a virtual infrastructure
Box 1: The Attacker System
- 4/8 GB RAM
- OS: RHEL/Ubuntu
- IP Address For Physical: 192.168.205.3
- Virtual Infrastructure: BackTrack 5: The Attacker
- IP: 192.168.210.2
- Virtual: Vulnerable Windows XP
- IP: 192.168.210.3
- Same Copy as Vulnerable Windows XP which is deployed on Box 2. This virtual machine is to attack the XP system without any Firewall/IDS/IPS in between
Box 2: The Target System
- 8 GB RAM
- Ubuntu with Snort (Snort on RHEL is not advisable – http://www.snort.org/snort-downloads/rhel5/)
- Install SE Linux and/or iptables
- IP of Physical: 192.168.205.2
- Windows XP SP3:
- Fully Patched: This will give a sense of the systems which are deployed in production environment. Attacking this system would be fun! Make sure to change your wallpaper to the “Try Harder” from Offensive Security!
- Make it a part of the Windows Server 2008 domain
- Windows XP:
- IP: 192.168.200.3
- Not at all patched; Automatic Updates are Off
- Windows Firewall Turned Off
- Use “Simple File Sharing” (Control Panel)
- Enable IIS and SNMP
- Install Microsoft SQL Server 2005. Set a simple password. Ensure this is running on port 1433 (netstat -ano)
- * Metasploitable:
- IP: 192.168.200.5
- Download it from here (http://updates.metasploit.com/data/Metasploitable.zip.torrent)
- * Windows Server 2008:
- IP: 192.168.200.6
- Install Directory Services
- Enable DHCP, DNS, FTP
- Firewall/Automatic Updates to be Enabled
- * Ultimate LAMP:
- IP: 192.168.200.7
- Ultimate LAMP runs Apache, MySQL, PostFIX, and older versions of other services
* While networking the systems, ensure the VMs on Box 2 is reachable from Box 1, and all traffic is being monitored by the iptables and Snort.
* Secure both the boxes if connecting to the Internet. It is the VMs which are vulnerable, the host machines should be secured before connecting to the Internet.
* Enable some simple routes to make the BT5 on Box 1 to reach the VMs on Box 2 and vice versa. I leave this as a home-work.
* Ensure no sensitive/personal information is stored on either of the Boxes. This is a testing environment.