Pen Test Lab

Aim of this Lab:

  • Provide a complete lab for Penetration Testing a Windows XP box, Linux box and a bit of Web Servers
  • This lab provides three different scenarios:
    • A fully vulnerable box with all kinds of vulnerabilities for a user to exploit.
    • A fully vulnerable system behind a firewall/IPS
    • A fully patched system fully patched and updated behind a firewall. While the vulnerable system will give the attacker a way to try out all the exploits and the tools, the firewalled system will give a real case scenario with the IPS/Firewall/Updates & Patches.
    • A domain is created on a Windows Server 2008, with a Windows XP being a part of the domain. All domain related tests can be performed on these systems.
  • Further expand it to include Web Application testing and Wireless Assessments

You Need:

  • Box 1: Attacking Machine
    • 4 GB RAM
    • OS: RHEL/Ubuntu
    • BackTrack 5 (Attack)
  • Box 2: Target Machine running multiple VMs
    • 8 GB RAM
    • OS: Ubuntu
    • Snort, iptables (Defence)
  • Plenty of HDD space in both
  • Pre-built VMs or ISO for installing OS (Ubuntu, RHEL, Windows, Metasploitable)
  • VMWare/VirtualBox/KVM … Any solution for a virtual infrastructure

Box 1: The Attacker System

  • 4/8 GB RAM
  • OS: RHEL/Ubuntu
  • IP Address For Physical:
  • Virtual Infrastructure: BackTrack 5: The Attacker
    • IP:
  • Virtual: Vulnerable Windows XP
    • IP:
  • Same Copy as Vulnerable Windows XP which is deployed on Box 2. This virtual machine is to attack the XP system without any Firewall/IDS/IPS in between

Box 2: The Target System

  • 8 GB RAM
  • Ubuntu with Snort (Snort on RHEL is not advisable –
  • Install SE Linux and/or iptables
  • IP of Physical:
  • Windows XP SP3:
    • Fully Patched: This will give a sense of the systems which are deployed in production environment. Attacking this system would be fun! Make sure to change your wallpaper to the “Try Harder” from Offensive Security!
    • Make it a part of the Windows Server 2008 domain
  • Windows XP:
    • IP:
    • Not at all patched; Automatic Updates are Off
    • Windows Firewall Turned Off
    • Use “Simple File Sharing” (Control Panel)
    • Enable IIS and SNMP
    • Install Microsoft SQL Server 2005. Set a simple password. Ensure this is running on port 1433 (netstat -ano)
  • * Metasploitable:
  • * Windows Server 2008:
    • IP:
    • Install Directory Services
    • Enable DHCP, DNS, FTP
    • Firewall/Automatic Updates to be Enabled
  • * Ultimate LAMP:
    • IP:
    • Ultimate LAMP runs Apache, MySQL, PostFIX, and older versions of other services

PenTestLab Network


* While networking the systems, ensure the VMs on Box 2 is reachable from Box 1, and all traffic is being monitored by the iptables and Snort.
* Secure both the boxes if connecting to the Internet. It is the VMs which are vulnerable, the host machines should be secured before connecting to the Internet.
* Enable some simple routes to make the BT5 on Box 1 to reach the VMs on Box 2 and vice versa. I leave this as a home-work.
* Ensure no sensitive/personal information is stored on either of the Boxes. This is a testing environment.

Available Resources: