Results 1 to 10 of 10

Thread: Home lab question

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    3

    Default Home lab question

    New to the forums and the world of pentesting ( and any real computing for that matter ). As I have seen many times in these forums, we are not here to break laws. So how does a person get this knowledge without breaking laws? Well I guess we must set up a lab to work in. I am looking for some input on setup options for a home lab. I really have no money to spend on more equipment so let me first start with a short list of the hardware that I have:
    -2 Dell Desktops (one running XP and one running Ubuntu)
    -1 HP Laptop (dual boot with Vista and Ubuntu)
    -1 D-Link Wireless N router
    -3 Cisco 2500 series routers with current IOS's ( all have CSU/DSU's and I have DCE and DTE cabling)

    Now I am really no expert in any particular field of computing or networking, but am slowly learning programming (C, Visual Basic, Perl) and the Cisco IOS as I go. I am fairly new to Linux but have just started to read the tutorials listed in the "If you are new to Back Track or Linux read this thread!" thread. I have become seriously interested in pursuing a career in pentesting/ethical hacking and would like some input from those of you who have some experience in these fields. My questions are as follows:

    1. With the hardware that I have, what would be the most realistic setup for me to experiment with?
    2. Should I install any other OS's?
    3. More of a legal question but: If I set up this lab, would I be breaking any laws if I attempt to exploit this lab from a remote location?
    4. Should I connect this lab to the outside world?

    Any help you can give would be greatly appreciated.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    One of the greatest and for some people the worst part of Pentesting is the research that maybe involved. To wit all of your questions have been answered both here on this forum and the web in general.
    Take a look around and you will find those answers.
    Hints = hackme & de-ice. Those will get you started.
    Also DVL
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    3

    Default

    Thanks for the hints. I had run across those in a forum search that I had run earlier. I will look in to these further and cant wait to "get my hands dirty".

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    1. Just about about anything you want. You can set up one little LAN, or duplicate a LAN with a WAN connection, or VLANs, or (fill in the blank.)
    2. What archangel.amael said. However, try "hacme". They're Foundstone projects.
    3. There is some likelihood of this being true. Check the federal, state and local laws for your locale in light of what you want to do. At the very least, you'd very likely be in violation of your ISP's TOS, not to mention the TOS of the ISP covering the remote location.
    4. No. NEVER. While some of this is because of #3, the real reason is that if you really screw up on something, you don't want the problem to escalate beyond your own lab. Escaped worms and viruses are considered something of a faux pax among infosec types and it just isn't done. People with badges and guns who work for three-letter agencies also frown on those little non-nos, and they have the nasty habit of banging down doors at inconvenient hours.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by Thorn View Post
    People with badges and guns who work for three-letter agencies also frown on those little non-nos, and they have the nasty habit of banging down doors at inconvenient hours.
    That part isn't so bad, it's the party poppers they throw through the windows first that really suck.

  6. #6
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by Barry View Post
    That part isn't so bad, it's the party poppers they throw through the windows first that really suck.
    I can neither confirm or deny how well those work.
    Thorn
    Stop the TSA now! Boycott the airlines.

  7. #7
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Thorn View Post
    2. What archangel.amael said. However, try "hacme". They're Foundstone projects.
    Yeah I probably should have been a bit more specific about this.
    A little earlier I was actually typing hack me etc. into google and it does turn up a lot of bogus info.

    As for the party poppers, they do have a way of getting the party started or stopped depending on how one looks at things.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by archangel.amael View Post

    As for the party poppers, they do have a way of getting the party started or stopped depending on how one looks at things.
    It really depends upon if you're on the throwing or receiving end.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #10
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    It really depends upon if you're on the throwing or receiving end.
    I've been on the receiving end of the chemical types. Didn't know you could laugh and puke at the same time. Unfortunately the effects last longer than you have the ability to puke, so it's kinda painful after the first five minutes.... You've not lived until the instructor says "Take off your masks and sing you abc's!"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •