Results 1 to 9 of 9

Thread: Penetration Testing Environment.

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Smile Penetration Testing Environment.

    Hey everyone!

    First off I wanted to take a second and introduce myself, I just turned 21, working for IBM and going to school. Ive been brought up around computers and have always loved em. Im familiar with programming in PHP, SQL, HTML, C, C++, VB. Through about the last year, year and a half (since I first stumbled upon backtrack), I've grown to have a very strong interest in penetration testing, computer security, etc. Im looking to focus on learning more about it and getting certified in school.

    As far as school, certificates, degrees, etc, I feel confused as to what people, companies, are looking for, what qualifications are generally accepted nad used across the board? What are the best ways to go about getting these certificates and degrees?

    In order to grow more in my knowledge of systems, Ive decided to start to put together my first 'powerful' machine at home, so far Ive purchased:

    ASUS P6T Deluxe V2 LGA 1366 Intel X58 ATX Intel Motherboard
    newegg/Product/Product.aspx?Item=N82E16813131365]Newegg.com - ASUS P6T Deluxe V2 LGA 1366 Intel X58 ATX Intel Motherboard - Intel Motherboards

    Intel Core i7-920 Bloomfield 2.66GHz 4 x 256KB L2 Cache 8MB L3 Cache LGA 1366 130W Quad-Core Processor
    newegg/product/product.aspx?Item=N82E16819115202]Newegg.com - Intel Core i7-920 Bloomfield 2.66GHz 4 x 256KB L2 Cache 8MB L3 Cache LGA 1366 130W Quad-Core Processor - Processors - Desktops

    CORSAIR CMPSU-750TX 750W ATX12V / EPS12V SLI Ready CrossFire Ready 80 PLUS Certified Active PFC Compatible with Core i7 Power Supply
    newegg/Product/Product.aspx?Item=N82E16817139006]Newegg.com - CORSAIR CMPSU-750TX 750W ATX12V / EPS12V SLI Ready CrossFire Ready 80 PLUS Certified Active PFC Compatible with Core i7 Power Supply - Power Supplies


    I still need to get graphics card as well as Hard drives and RAM.


    My idea is to make the systme multiple boot, thinking Windows XP, Windows 7, and backtrack. Within each OS I was going to run VMware Server, and then Id have multiple VMs of different operating systems, that way I can boot into whatever primary os, and then run vmwares of wahtever os to use for attacking into.

    I was wondering though, is this type of environment practical? Is there an amount of RAM you guys suggest? I specific type of Graphics card? Im not planning on playing games or anything, strictly using this for pen testing education and work, I was thinking of getting a beefy graphics card so I can generate rainbow tables and such faster, but how well will my processor be able to do that? How much should I spend on a good card? Im hoping to be able to run and try anythign and everything, from wireless security, to operating system vulnerabilities, etc. I've also heard of different vmwares that are setup strictly for attacking, are there any that you all have found to be more beneficial than others?

    If theres any advice or questions you guys have for me, feel free to send any information my way.

  2. #2
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    You don't always need to buy the latest and the greatest. A simple compatible BT machine and one or more chead/decent machines that can run windows and a Vmware images is a good start. Of course you will need some way for the machines to communicate on the network. A simple router can do this.

    As for a good machine of course the more the merrier is generally a good bit of advice. But you don't need 8 gigs of ram. Plenty of HDD space, and for graphics most would probably recommend one that is compatible with cuda/pyrit.
    This could go on for days and weeks but that should get you started.
    There are also several threads on setting up home-made labs etc here on the forums.
    See also de-ice and Damn Vulnerable Linux.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  3. #3
    Junior Member Valifake's Avatar
    Join Date
    Jan 2010
    Location
    Don't worry Sir, I'm from the Internets
    Posts
    38

    Default

    If you running VM's then you can't have enough ram. I recommend getting as much as you can fit into the box.

    For cracking passwords your new shiny I7 is going to net your about 4000 WPA2(AES) guesses a second. The same system with a GTX295 will get you about 20,000.

    For gpu's I'd get a cheap-as-chips one now and wait until February / March when Nvidia release there G300 range. These new card's should blow away the current gen in terms or CUDA performance(for cracking passwords) or they will make the current gen a lot cheaper. I prefer Nvida over ATI but the current ATI 5xxx series kicks ass. ATI also has open-source drivers for Linux but Nvidia doesn't. I don't know how good these drivers are though.

    As for host OS's id say Linux all the way and run the various M$ OS's in VM's unless you plan to play games in which case you should have either XP for DX9 games or 7 for DX10,11 games.

    You going to be using about 10-20GB per VM. I would get a 1.5TB drive or two for data storage and maybe a SSD for the host OS's but it depends on your budget.

    Screen resolution / multi-head would be a much better use of your cash than a SSD. I cant recommend enough to get a high-res screen or two or three . get monitors not HDTV's and look for 16:10 instead of 16:9.

    Read a lot of reviews before you buy as well.

    Enjoy your new rig.
    Mathematical reasoning may be regarded rather schematically as the exercise of a combination of two facilities, which we may call intuition and ingenuity.

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by Valifake View Post
    If you running VM's then you can't have enough ram. I recommend getting as much as you can fit into the box.
    Except that if he's running a 32Bit OS then there isn't much point in having more than 3.5G of RAM.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default

    Streaker, Can't I run something like windows server 2003 EE on a 32bit system thus giving me the ability to run with more RAM?

    Thanks for the graphics recommendation valifake, Im definitely going to look into that then as an upgrade. I'm hoping to get as much power and speed out of my system as possible.

    When it comes to the VMwares, would there be any difference in the performance if I had them all stored on a separate partition from wahtever the main os is, or would it be better to have a USB device attached for them all to access?

    Archangel, thank you for the suggestions on pentesting environments, those definitely seem like a great way to get started.

  6. #6
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by cbkman View Post
    Streaker, Can't I run something like windows server 2003 EE on a 32bit system thus giving me the ability to run with more RAM?
    Read this: Ask Dan: What's with the 3Gb memory barrier?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  7. #7
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by cbkman View Post
    When it comes to the VMwares, would there be any difference in the performance if I had them all stored on a separate partition from wahtever the main os is, or would it be better to have a USB device attached for them all to access?
    It would probably be a bit cumbersome and or difficult to do this. There really would be no need to have different partitions. Each vm image will be in it's own directory. This will make it easier if you need to move/edit/copy them etc. In vmware server and workstation each "place" a image is located is considered a data store as such you would be able to use different partitions but it could get cumbersome to manage. As for speed well that's not really going to change since the partitions will all run and the same speed. There might be some differences but these would be in the 1000'th of a second range. So that really isn't saying much.


    Archangel, thank you for the suggestions on pentesting environments, those definitely seem like a great way to get started.
    Your welcome and keep reading there is lot's of info out there.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    1

    Default What about VirtualBox?

    In my experience, VMware is bloated, and I've had better experience with VirtualBox with the exception of OpenBSD support. VBOX has yet to support it yet, and if I want to run OpenBSD - I'm forced to use VMware.

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    23

    Default

    When I was asking about the difference between a usb drive and seperating partitions, I meant that I plan on having my desktop multiple boot, Couple different os's on seperate partitions, then I was going to add a data partition for them to share files and such, and then also add a partition strictly for vmwares, that was formatted with a file system that no matter what OS I boot to, I could still run the vmwwares.

    Thanks boost for the virtual box suggestion, I will be sure to check that out.

    and streaker, that was a great, very informative article. Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •