Home lab question
New to the forums and the world of pentesting ( and any real computing for that matter ). As I have seen many times in these forums, we are not here to break laws. So how does a person get this knowledge without breaking laws? Well I guess we must set up a lab to work in. I am looking for some input on setup options for a home lab. I really have no money to spend on more equipment so let me first start with a short list of the hardware that I have:
-2 Dell Desktops (one running XP and one running Ubuntu)
-1 HP Laptop (dual boot with Vista and Ubuntu)
-1 D-Link Wireless N router
-3 Cisco 2500 series routers with current IOS's ( all have CSU/DSU's and I have DCE and DTE cabling)
Now I am really no expert in any particular field of computing or networking, but am slowly learning programming (C, Visual Basic, Perl) and the Cisco IOS as I go. I am fairly new to Linux but have just started to read the tutorials listed in the "If you are new to Back Track or Linux read this thread!" thread. I have become seriously interested in pursuing a career in pentesting/ethical hacking and would like some input from those of you who have some experience in these fields. My questions are as follows:
1. With the hardware that I have, what would be the most realistic setup for me to experiment with?
2. Should I install any other OS's?
3. More of a legal question but: If I set up this lab, would I be breaking any laws if I attempt to exploit this lab from a remote location?
4. Should I connect this lab to the outside world?
Any help you can give would be greatly appreciated. :D
One of the greatest and for some people the worst part of Pentesting is the research that maybe involved. To wit all of your questions have been answered both here on this forum and the web in general.
Take a look around and you will find those answers.
Hints = hackme & de-ice. Those will get you started.
Thanks for the hints. I had run across those in a forum search that I had run earlier. I will look in to these further and cant wait to "get my hands dirty". ;)
1. Just about about anything you want. You can set up one little LAN, or duplicate a LAN with a WAN connection, or VLANs, or (fill in the blank.)
2. What archangel.amael said. However, try "hacme". They're Foundstone projects.
3. There is some likelihood of this being true. Check the federal, state and local laws for your locale in light of what you want to do. At the very least, you'd very likely be in violation of your ISP's TOS, not to mention the TOS of the ISP covering the remote location.
4. No. NEVER. While some of this is because of #3, the real reason is that if you really screw up on something, you don't want the problem to escalate beyond your own lab. Escaped worms and viruses are considered something of a faux pax among infosec types and it just isn't done. People with badges and guns who work for three-letter agencies also frown on those little non-nos, and they have the nasty habit of banging down doors at inconvenient hours.
That part isn't so bad, it's the party poppers they throw through the windows first that really suck. :D
Originally Posted by Thorn
I can neither confirm or deny how well those work. :cool:
Originally Posted by Barry
Yeah I probably should have been a bit more specific about this.
Originally Posted by Thorn
A little earlier I was actually typing hack me etc. into google and it does turn up a lot of bogus info.
As for the party poppers, they do have a way of getting the party started or stopped depending on how one looks at things. :D
It really depends upon if you're on the throwing or receiving end.
Originally Posted by archangel.amael
I've been on the receiving end of the chemical types. Didn't know you could laugh and puke at the same time. Unfortunately the effects last longer than you have the ability to puke, so it's kinda painful after the first five minutes.... You've not lived until the instructor says "Take off your masks and sing you abc's!"
Originally Posted by streaker69