# Setting up a penetration testing lab



## Scelerat (Oct 21, 2012)

Hey, I recently got back into IT security after an 8 year break due to some "issues" and I find myself wanting to grab some IT certifications (CEH, CHFI, Security +, GPEN). As a way of working my way back into it, I figured I'd set up a pen-test lab on my gaming PC (specs at end of post) 

I'm using Backtrack 5 and Metasploit as my main tools. 

I'm installing:
Win 7 SP 1 
Win XP SP 3
Windows server 2008 

As my targets. 

Am I missing anything with this setup? 

PC Specs. 

ASUS M4A89GTD PRO/USB3, Socket-AM3
AMD Phenom II X6 1100T Black Edition
Corsair Vengeance? DDR3 1600MHz 16GB CL9
2 TB WD caviar disk. 
2 x Powercolor Radeon 2gb in crossfire.


----------



## Josef (Apr 15, 2012)

That's a nice HW setup you got there buddy.
A linux box - server distro - should be a good target. I don't know if you'd have to install Apache on it, like a LAMP server maybe, but it could be interesting.


----------



## Scelerat (Oct 21, 2012)

Near said:


> That's a nice HW setup you got there buddy.
> A linux box - server distro - should be a good target. I don't know if you'd have to install Apache on it, like a LAMP server maybe, but it could be interesting.


Thanks. The only thing about the HW setup that bugs me is how stupid of me it was to safe a few hundred by only buying a 55gb SSD as a primary drive. Then again 100+ GB SSD disks were pricey a few years ago. 

Which linux server distro would you suggest? I haven't worked with Linux servers before and I'm more of a windows guy except for BT, so my familiarity with Linux is limited to say the least. 

I used to run a virtual apache server when I was doing .net and asp


----------



## Josef (Apr 15, 2012)

You can use Ubuntu/Debian, CentOS, Red Hat (any distro). CentOS is air tight with the amount of testing that goes onto the packages, I've seen it on servers before, it's a rock. If I had to pick one to be a target it would be Ubuntu Server because it's easy to set up.
Another factor is the company you want to work for - if those folks use windows only in their networks, you're already good to go. But if you've not set your eye on one, I'm guessing you'll have to pick up Linux eventually, Linux is a big deal in the server world.

After what I've written here, I'm sensing this could overwhelm you out of your task, so take it easy, you don't _have_ to do Linux right now, everything in moderation.


----------



## Scelerat (Oct 21, 2012)

Near said:


> You can use Ubuntu/Debian, CentOS, Red Hat (any distro). CentOS is air tight with the amount of testing that goes onto the packages, I've seen it on servers before, it's a rock. If I had to pick one to be a target it would be Ubuntu Server because it's easy to set up.
> Another factor is the company you want to work for - if those folks use windows only in their networks, you're already good to go. But if you've not set your eye on one, I'm guessing you'll have to pick up Linux eventually, Linux is a big deal in the server world.
> 
> After what I've written here, I'm sensing this could overwhelm you out of your task, so take it easy, you don't _have_ to do Linux right now, everything in moderation.


I'm aiming to do pen-test consulting, there is a huge gap in the market for it here. I don't get overwhelmed.


----------



## IIIIII (Oct 2, 2013)

Scelerat said:


> Hey, I recently got back into IT security after an 8 year break due to some "issues" and I find myself wanting to grab some IT certifications (CEH, CHFI, Security +, GPEN). As a way of working my way back into it, I figured I'd set up a pen-test lab on my gaming PC (specs at end of post)
> 
> I'm using Backtrack 5 and Metasploit as my main tools.
> 
> ...


You need a Linux Box definitely, try metasploitable for fun, otherwise use a Linux Server
Metasploitable - Metasploit Unleashed


----------



## Scelerat (Oct 21, 2012)

IIIIII said:


> You need a Linux Box definitely, try metasploitable for fun, otherwise use a Linux Server
> Metasploitable - Metasploit Unleashed


Thanks, I'm grabbing Metaspoitable, and putting it in there when I configure the closed VM network later today. I also switched to Kali Linux in place of backtrack 5 R3. 

One of the benefits of doing this is that my poor and neglected PC gets to be used again. I put it together for SW: The Old Republic, but that ended up sucking.


----------



## Josef (Apr 15, 2012)

It's just us three talking networks here. I don't know how I feel about this.

Anyway about your setup, I think you should be covered but to be honest I'm not working in this field, something parallel to it but not exactly. 
Also, have you considered cisco security certs? They may not fit your job description but it's something to glance at for a few minutes.


----------



## Scelerat (Oct 21, 2012)

Near said:


> It's just us three talking networks here. I don't know how I feel about this.


Are you worried that it may look like we're scanning each other's ports? 



> Anyway about your setup, I think you should be covered but to be honest I'm not working in this field, something parallel to it but not exactly.
> Also, have you considered cisco security certs? They may not fit your job description but it's something to glance at for a few minutes.


I have the CCENT on my list along with the CCNA Security, I'm working on getting my company to pay for them since most of our network is Cisco based. If I could get them to cover training + letting me get the training on the clock it would be quite helpful. 

So far it's looking like this: 

Targets:
Win 7 SP1 
Win 2008 server
Win XP SP 3
Metasploitable 

Tool: 
Kali Linux


----------



## Josef (Apr 15, 2012)

Scelerat said:


> Are you worried that it may look like we're scanning each other's ports?


 Heheh, we're what.



> I have the CCENT on my list along with the CCNA Security, *I'm working on getting my company to pay for them since most of our network is Cisco based.* If I could get them to cover training + letting me get the training on the clock it would be quite helpful.
> 
> So far it's looking like this:
> 
> ...


That's a very good idea, it's been done quite often in Cisco based businesses. Honestly I think you're where I want to be in 7-10 years.


----------



## Scelerat (Oct 21, 2012)

Near said:


> Heheh, we're what.


It was a joke. 



> That's a very good idea, it's been done quite often in Cisco based businesses. Honestly I think you're where I want to be in 7-10 years.


Where are you atm if you don't mind me asking?


----------



## Josef (Apr 15, 2012)

Scelerat said:


> It was a joke.


Yeah man I know.



> Where are you atm if you don't mind me asking?


I've got a CCNA, I could go either Security or Voice, haven't set my mind on it yet. My goal is to be a little more specialized in Cisco - I'm eventually going to get a CCIE in one of them. CCNA was easy which is very encouraging, in general cisco's technologies seem to be created by a smart bunch, everything is documented exhaustively. it's a good company.


----------



## Scelerat (Oct 21, 2012)

Near said:


> I've got a CCNA, I could go either Security or Voice, haven't set my mind on it yet. My goal is to be a little more specialized in Cisco - I'm eventually going to get a CCIE in one of them. CCNA was easy which is very encouraging, in general cisco's technologies seem to be created by a smart bunch, everything is documented exhaustively. it's a good company.


Cisco is as close as you can get to an industry standard in Networking. Given the current state of their products I think it's a fairly sound bet to assume that most of the world's network technology is going to be "Cisco inspired" in the future.

Good to know that the CCNA is easy, atm the highest I can see myself going with Cisco certs would be CCNA - Security. It may be a subjective argument, but I think if you plan on doing offensive security you're going to need breadth just due to the wide variety of systems you could run into.


----------



## Uralian Hamster (May 13, 2011)

Good setup, I was going to mention the kali release but I see you have that covered now. CCNA is easy but it is a bit dense, there is a lot of material to go through. Also, there's a gui for metasploit called armitage, it will give you a feel for what metasploit can do without having to keep looking up commands.


----------

