Hardware vs. Virtualization for a first time pen-test lab

[GLaDOS]

Hello everyone,

I am completely new to the world of BackTrack and building penetration testing labs; I was hoping to gain some insight and suggestions from some of the more experienced users here. I am considering pursuing a career in information security and thought setting up a pen-test lab to learn about the tools offered in BackTrack might be a good way to get a very general view of what information security is all about. However, when it comes to building the actual lab, I am quite lost.

I am trying to decide between using either 2 laptops (probably Dell D620 Laptop Duo Core b/c I can find them under $200 online) or trying to set up a system using Virtual Machines. I tried going the Virtual Machine route last month using a Dell Optiplex, but I couldn't seem to figure out how to get one VM attack the other (plus the machine was slow as anything).

So my questions basically boil down to:
1.) Would you recommend using actual hardware or VMs for a completely new beginner to BackTrack
2.) Can I securely set up a pen-test lab using 2 laptops without having any traffic get on to/infect my family's regular wireless network?
3.) Would you recommend any particular hardware, resources, etc.?

I really appreciate anyone's advice with this setup. I've been reading up on this for the last few hours, but don't feel like I've really gotten anywhere on this. I'm really excited to get some experience in the world of BackTrack, and just am finding it very difficult to get started.

[rastamouse]

Since you are just starting out, I would avoid spending lots of money if you can. It's just not necessary at this stage. You can set up a virtual machine environment on a single computer using freely available software such as VirtualBox. This will also allow you to run multiple VMs of different flavours on a host-only network, so they cannot be interacted with on your home network. In terms of other hardware requirements, it would depend on the sort of stuff you want to learn. For example if you were going to study WiFi, you will probably want a USB card such as the Alpha AWUS036H and an access point to test with.

In time, you may want to buy other bits of kit to play with, but I suspect that will be quite far in the future Walk before you can run

[GLaDOS]

Since you are just starting out, I would avoid spending lots of money if you can. It's just not necessary at this stage. You can set up a virtual machine environment on a single computer using freely available software such as VirtualBox. This will also allow you to run multiple VMs of different flavours on a host-only network, so they cannot be interacted with on your home network. In terms of other hardware requirements, it would depend on the sort of stuff you want to learn. For example if you were going to study WiFi, you will probably want a USB card such as the Alpha AWUS036H and an access point to test with.

In time, you may want to buy other bits of kit to play with, but I suspect that will be quite far in the future Walk before you can run

Thanks for the suggestions rastamouse. I definitely see the points you are making. I have two additional questions I'd like to ask then:

1.) How do I go about getting one VM to attack another. I tried it with Virtualbox several weeks ago, but couldn't seem to figure it out. I set up two different virtual machines but couldn't get BackTrack to attack the Windows XP VM - did I need to set up a virtual machine inside the actual backtrack OS?

2.) Would you recommend anything to start learning for a completely new beginner? I feel like there's 100 different topics I could start with and I'm just kind of throwing it all up into the wind and seeing where everything lands.

Also, would it be safe to run such VMs (one with BackTrack and one with the victim) on my production machine or would it be safer to use a dedicated box? (My production machine can probably handle running 2 VMs better than the old Dell Optiplex I have, but if network safety is an issue I'll stick with the Optiplex.)

[rastamouse]

In the main VirtualBox Preferences, go to the Network tab. There will probably be a host network called vboxnet0 already created. If not, add a new network yourself. When you create your VMs, go to their network adapter settings and attach them to the vboxnet0 network. I have my BackTrack VM, configured with 2 adapters - the first is bridged with my Mac's internal AirPort and the second attached to vboxnet0. The vulnerable VMs are only attached to vboxnet0.

Quite hard to described succinctly, I've attached a few screenshots to try and make it clearer.

In terms of where to start, it's entirely down to you and your interests. For me, I started with WiFi since I was interested in their encryption schemes and how they worked. I'm not sure I could advice you on that front; you could just start doing simple stuff like using Wireshark whilst you visit websites, submit forms, enter passwords and that kinda thing.

Screen Shot 2012-11-27 at 21.00.48.jpg
Screen Shot 2012-11-27 at 21.01.09.jpg

[milomini]

Sounds like you possibly have a networking issue with your VM(s).

I'm a little unsure of you setup but as an example I use:

Windows host running 2 VMs, one BT, the other my target OS.

Make sure the networking VM network settings are set to 'internal networking'. The VMs can then contact each other but not the host Windows PC. (If you want a VM to be able to attack the Windows host use the 'Host' setting under the VMs network setting.)

[GLaDOS]

rastamouse - thank you so much for providing detailed instructions, that really clears things up! I can't wait to get started and try this out!

milomini - yes that is basically what I am aiming for. Would it be safe to run the VMs on my main laptop and not risk infecting files, programs, etc? I only ask because where I am at the moment, space is very limited and trying to get a second machine here would be difficult, at best. However, if using a Backtrack VM to attack a Windows VM would present any danger to my current machine, I would find a way to make a second machine possible.

[milomini]

rastamouse - thank you so much for providing detailed instructions, that really clears things up! I can't wait to get started and try this out!

milomini - yes that is basically what I am aiming for. Would it be safe to run the VMs on my main laptop and not risk infecting files, programs, etc? I only ask because where I am at the moment, space is very limited and trying to get a second machine here would be difficult, at best. However, if using a Backtrack VM to attack a Windows VM would present any danger to my current machine, I would find a way to make a second machine possible.

If the target Windows system and BT are both VM i'd have no worries re infecting ya host laptop etc. If the host PC doesn't need to interact with the VMs then they shouldn't be able to infect it in any way, lso bear in mind BT is 'friendly' when it's you using it so is unlikely to attack your main PC / lappy.

[rastamouse]

It would be a pretty epic fail for you to compromise your own host OS As you can see, my host computer is a Mac and I run BT5 and my target OS's as VMs. I'm not concerned about my BT5 VM putting my host Mac at risk. It would be more dangerous for you to expose a vulnerable VM (such as a boot2root challenge VM) to the Internet, as that would provide a pretty easy route into your network. Running those VMs in the host-only network as I described, prevents that.

[Dyndrilliac]

Going the virtualization route is by far the easiest, simplest, and cheapest solution. The only real downside is that in order to use WiFi you will need a USB adapter. My personal setup is on a Zeus M3 ultrabook (my "work" laptop), which has sufficient RAM and processor power to run one or two VM's in addition to my host Windows 7 Enterprise install. Any decent VM software can create a virtual network that exists only on your physical machine. In fact, if you want to be really safe, after you have your virtual network setup and all your VM's are communicating with each other (tip: use ping!), simply unplug the ethernet port and turn off any WiFi adapters. This will guarantee that no harmful traffic leaves your physical computer.

Here are a couple of links, one for a lab in VirtualBox and one for a lab in VMware (my personal favorite). They are a little dated but most info should still be mostly accurate:

http://securityxploded.com/setup-you...p#Introduction
http://www.ethicalhacker.net/content/view/63/2/

[GLaDOS]

Hey everyone,

Thank you for all of the advice and taking time to post your answers!

So just to make sure I have everything straight: it sounds like I can run 2 VMs on my main machine safely as long as they are set up as host-only network. On top of that I can simply disconnect the Ethernet cord and trun of the wireless radio just for an extra pre-caution. My last question then would be after I'm done attacking the victim VM (Windows XP maybe?) then do I have to somehow wipe or clean that VM before exiting my session and/or turning my internet capabilities back on? I'm pretty sure the answer to that question is no, but since I am completely new to this, I just thought I'd at least take the time to cover all my bases before I got started.

Again, thank you so much for everyone's help! You have no idea how much help you've really provided me, I was just spinning my wheels with this project before I came here - now I can finally start to make some progress with this!