IT Breathes!

My Virtual Lab

Throughout my career in IT security I’ve always seen hacks, exploits and vulnerabilities and thought ‘hey, that’s interesting, Too bad I don’t run XYZ to test this out’. Around last year I was given a client where I had to install software on my machine. Not wanting to actually install this software on my work laptop I obtained a VMware license. Now I have been using VMware at home for a long time to try out LiveCD versions of operating systems or to play around with stuff like OS X. Mostly with the free VMPlayer software. This software allows you to test out one vmware image but it’s a little locked down. Now that I had VMware installed I was able to actually setup some test networks with various operating systems. I tried this out last year and figured out (to my dismay) that VMware + Encrypted harddrive = A very SLOW death. With one image running VMware was barely usable, starting up a second image would just kill my machine. So I let the topic die for a while. Then earlier this year someone posted a harddrive image from a machine they found running Win95. They supposedly found this computer in a parking lot and made an image of the harddrive. The problem was, it was made for Virtual Box. Being curious about this harddrive image I installed Virtual Box and took a look. While there was nothing too excited about the image I found that Virtual Box ran really great on my system. I decided to try out another OS and installed Ubuntu. What would originally bring my computer to a crawl was now running at almost full speed. With this in mind I slowly built up a virtual lab to test various exploits, scanners etc against. This is the lab I’m currently using for my Backtrack articles and find it works great!

My Lab

The current lab I have setup was really more for my entertainment than anything else. I set it up in such a way that I can install software used for security (such at NetMiner, Wireshark, nmap, metasploit etc) but I wanted to be sure that the data flying around inside this network couldn’t get out to my actual network. Virtual Box has a nice feature were you can setup a simple internal network where all the machines can communicate with one another but not the outside network. But if you need to update a machine it’s as simple as changing the network type drop down booting the OS and making your updates. Virtual box also allows you to set a DHCP server for this internal network so you don’t have to worry about setting static IP’s (not that setting static IPs is a problem but when setting up WinNT, Windows 95/98/ME it saves time not having to reboot all the time.

Let’s walk through my current lab setup:

1)       Windows NT 4. This is an unpatched machine. Really super vulnerable. I just keep it around for nostalgic reasons. If you’re still running Windows NT run, don’t walk, do your IT guy and tell him to upgrade to the newest windows server version. If your vendor is telling you it’s because their software won’t run on a newer OS then you should weigh the cost of upgrading with a different vendor vs. the cost of having a data breach. But that’s a different article.

2)       Windows 2003. This is windows 2003 server. I use it to test Web apps to learn Injection techniques as well as a DNS server, Fileserver and MS SQL database server.

3)       Ubuntu Server 9.04. This the newest release from Ubuntu. I use this to test vulnerable web apps and web app scanning tools. I installed Damn Vulnerable Web App over the weekend and really like it.

4)       Windows 95. Just a nostalgic machine. Nothing really worthwile on it except ski-free.

5)       Windows XP. This is my XP machine with SP3. I don’t really run tests against it (though I will be shortly). Mostly it’s for testing out windows tools such as Net Miner, Cain & Able, L0pht Crack and running my Cisco emulator

6)       Cisco 7200 router. This is my cisco emulated hardware running a 7200 image. I used this in the most recent article about backtrack where I was testing the cisco tools. It runs on top of GNS3 (Graphic Network Simulator) and worked great.

7)       This is the Backtrack 4b image running. It runs from the ISO so as I do my testing I know I’m not changing anything from the default. Eventually I’ll install it to a harddrive image but not until I’ve gone through all the /pentest apps.

Once I got the lab setup it was easy to expand my knowledge about how to use the tools, which tools work which don’t etc.  One thing you’ll notice absent is a windows 2000 server. I’ll get around to setting one up eventually but for now I think what I’ve got works pretty good.