Network Pentest Lab
Remember those good ole days in the sandbox? Where you threw stuff around learned where the sand goes and… doesn’t go? Well we’ve graduated from the sandbox, but our hearts and minds are still wired to play there. Maybe that’s why we love offsec, let’s get to the point though… We made a lab.
We wanted to address pentest labs. In this post in particular, Network pentest labs (webapp will be a separate post, challenge sites will be as well)
We used an existing set of hack challenge ISO’s, sandbox VM’s, vulnerable software, and vulnerable OS’s to create a 6 target lab that can be expanded upon.
Props to @_laz3r_ for the video and research he did for the project. No longer an intern, that didn’t last long did it? ;P
Pentest Labs: Web Application Edition
Over the last week, we busted out our red plastic shovel and our bucket shaped like a castle to dig a little bit deeper into our sandbox. Recently, we addressed the flexibility and overall necessity of a virtual lab for network pentesting, practice, and testing.
Today, we plan to expand upon that to encompass Web App. Our setup includes 7 target sites hosted on 4 VM’s. It’s important to note, that we only showcase the tip of the iceberg. The possibility of expansion is limited only by your imagination.
This lab takes substantially more prep and organization than our network lab did, as each target site has different requirements. We hosted most of our targets on XP Pro SP3 boxes, though many should work on Vista or maybe even Win7 RC.
No comments:
Post a Comment