Local lab build

How to build a local lab:

Start with

• Installing either free Virtualbox or VMWARE
• Installing Virtualbox - (problems with supporting older 32 bit images) https://www.virtualbox.org/wiki/Downloads
• Installing VMWARE https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html
• Installing Kali https://www.kali.org/get-kali/#kali-virtual-machines
• downloading metasploitable3 2 prebuilts (10GB)
• https://ceh-v11-20220609.s3.amazonaws.com/CEHv11-metasploitable3-win2k8.ova
• https://ceh-v11-20220609.s3.amazonaws.com/Metasploitable3-ub1404.ova

Local lab Mac/ VMware / Networking

• Remove extra network interfaces
• Only if on import you run into problems watch this https://vimeo.com/735791610

This discussion is for professionals who want direction

Professionals have many choices:
Time, money, and convenience are inputs to your professional setup choices. You cannot skimp on software and hardware of the testing environment because it must be very close to the real environment. We do not practice on our clients without practicing in our personal lab. This set up below is based upon 20 years of experience. Variations on this setup cost more time than they are worth. Build your own, support your own. To be clear: there is no support or troubleshooting by your instructor - if you need that see Certification seeker above.

Software:

GNS3, VMWARE, VRIL
GNS3: Virtualizes networking equipment, operating systems, and containers.(appliances) If it can be installed virtually this tool supports installing it. You must learn how to use this environment in a quick and efficient manner to replicate the production environment you are testing. Additionally capturing packets (artifacts/proof) on segments is builtin. The best course to learn GNS3 is "Certified Associate Official Course (GNS3A)" $40 U.S.D. https://gns3.teachable.com/courses/

VMWARE: There are other virtualization platforms; they do not translate or port as well as VMware. The workstation version will work for both Mac and Win environments. The professional version of VMware allows you to migrate VM's to and from the cloud more seamlessly. If you get into a situation where your local workstation does not have the horsepower for a large client test you can pull VMware images into an AWS account and use metal instances. (NOT GCE & Azure) You can learn the workstation product on your own but when you start porting to vSphere or cloud you need a class (some are free): https://www.vmwarelearningplatform.com/HOL/catalogs/catalog/1212

VRIL CISCO (GNS3 appliances): Inevitably you will encounter a route and switch environment and you will need to install Cisco virtual devices. Cisco sells a subscription that permits you to load true images into your testing environment for $199 per year. The old name for this was VIRL. https://learningnetworkstore.cisco.com/cisco-modeling-labs-personal/cisco-cml-personal

Other Appliances: After reconnaissance you may find that there are other devices in the path between you and your objective. GNS3 has 136 appliances in the marketplace that require you to identify and purchase your own license. Sometimes it is a matter of signing up for a trial other times vendors like Cisco require a contract. Even if you do not find a pre-built appliance you can still build your own. The only exception so far is if the appliance vendor required a physical dongle for licensing. https://gns3.com/marketplace/appliances

The next step in this process it's to install the appliances and build up the virtual machines used for testing both attacker and victim. Once you build up your library variations become a click and drag. Your base tool box for testing using Kali, Parrot or others will be 40-200GB. Your victim library will grow to 20-100 victim setups with 5-10 snapshot variations. This could easily be 20TB of storage space and a working set of 1TB.

Images & Appliances:
Attackers: Parrot or Kali
Victims:
Metasploitable 3 both Win & Lin (2-5 hours)
To build your own
Windows: Clients: Win10 Win8 Servers: Win12, Win16
Linux: Clients: Ubun14, Servers: RPM, Debian https://en.wikipedia.org/wiki/List_of_Linux_distributions
Every service that you attack in your lab must be setup by you and be as unpatched as possible. Install everything like the real world enterprise environment. Look at administrator training from the vendor. Watch youtube and see what mistakes administrators make.

Hardware: Virtual or physical

1. Amazon Web Services metal machines: if you are constantly changing your desktop setup or have under performing assets that do NOT mirror the production environment that you are going to test then AWS is your tool (sorry NOT GCE & Azure). AWS requires that you set up an account and use a great deal of Amazon storage to host your images. The good news is when you're done with the physical infrastructure: you turn it off, delete the machines and charges stop accruing. The downside is you must learn a lot about Amazon Web Services.

2. MacBook Pro +2019 16-32 gigs of RAM, 1-2TB SSD & Storage array: If you can afford it and/or you are typically disconnected from the Internet for periods of time a MBP is the way to go. For drives the thunderbolt 3 connector a must. For space 10-20 TB is the norm. You need 2 drives for fault tolerance and a third for back up.

Internet connection: big or biggest, & multiple For testing purposes moving or building virtual images will be incredibly time-consuming. There have been many times where testers are locked out by the network defenses due to a shun or block. If you are on a tight deadline you must have a back up Internet connection and not rely on your P.O.C. for configuring the remote firewall.

If this discussion is over your head go back to the top and do Certification seekers process.

• LAB thought process

What step of penetration testing are we currently performing?

Does this give us data for other steps?

Why are we doing this?

Is this an input or an output for another activity?

What is the attacker stimulus and the victim response at a packet level?

How am I documenting this process?

Can I reproduce this in the future?

Can I use this again for another client?

# If you want free unstructured labs ## These come in two major forms downloadable & login. They are not safe to run on production network. ### Downloadable: Do you have a lab you can sit this in? Can you setup a web server? Do you have virtualization tool that matches image? ### General: https://www.vulnhub.com/ ### Specific to web hacking and web apps: https://www.vulnhub.com/entry/damn-vulnerable-web-application-dvwa-107,43/ https://dvwa.co.uk/ http://www.itsecgames.com/ https://google-gruyere.appspot.com/part1 ### Login: https://www.offensive-security.com/labs/individual/ ### Paid: https://www.hackthebox.eu/ ### Free: https://overthewire.org/wargames/

Local lab

You will need to support your virtual infrastructure Set your IP addresses to internal for victims and bounce your Kali between private and public IPs when you need items from internet. Required: Download kali & setup https://www.kali.org/get-kali/#kali-virtual-machines Build your own victims Follow https://github.com/rapid7/metasploitable3 2-6 hours