Pen Testing Project

What's the best way to setup a home network? Why should I care about BGP?

Pen Testing Project

Post by paulbuckley221 on Thu Mar 06, 2014 7:15 am
([msg=79744]see Pen Testing Project[/msg])

Hi all,

I'm a third year undergraduate studying computer forensics and it security.

I'm very interested in pen testing/ethical hacking and have decided to do my final year project on the subject.
I'm not exactly a novice on the subject but I am far (like observable universe far) from an expert.

Ideally I want to simulate a small business network (maybe a online retail shop or something) and hack into it, thus simulating/completing a pen test. The goal of the project is to create a pen test report and a document that could be used to improve awareness of vulnerabilities and thus solutions for small local businesses that could suffer greatly from an attack and are looking to beef up security.

I'm having a problem with setting up the network in a realistic way; trying to realistically simulate a online shop is obviously an issue without spewing traffic and my own credit card numbers everywhere so I've decided to go against the online retail idea and use just a generic small business network.

I'm gonna have metasploitable as one of the virtual machines on the network and implement the use of a sonicwall firewall (i can get my hands on one of them) to test the differences in how hard the network is to hack with/without firewalls, but aside from this I'm pretty stumped on what physical/virtual machines to put in the network to simulate a business network.

My question essentially is has anyone here ever via experiment done anything similar? And is there any other simulations like metasploitable out there that could be used on the network?

Also any input would be greatly appreciated and thanks in advance for the help. :)

Paul
paulbuckley221
New User
New User
 
Posts: 2
Joined: Thu Mar 06, 2014 6:52 am
Blog: View Blog (0)


Re: Pen Testing Project

Post by -Ninjex- on Thu Mar 06, 2014 7:26 am
([msg=79745]see Re: Pen Testing Project[/msg])

You could always use some vulnerable virtual machines, like the ones listed here:

http://vulnhub.com/ Credit to: weekend hacker

Are there other programs besides metasploit, to exploit websites; of course there are.
SQLmap, Burpsuite, Nikto, Webslayer, Xsser, Zap (Owasp), to name a few.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1306
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: Pen Testing Project

Post by paulbuckley221 on Thu Mar 06, 2014 7:46 am
([msg=79746]see Re: Pen Testing Project[/msg])

Ah mint that website is exactly what I've been looking for. I could set a few of them up as machines and make a virtual web server or something as well and stick them behind a firewall. Thanks for that.

I think I've gone off the website idea of it cause I'd have to set up the retail website myself. I'm am however thinking of having a company website on the internet for some generic small business that I can use for the 'simulated recon' work; ie so I can simulate finding related IPs etc.
paulbuckley221
New User
New User
 
Posts: 2
Joined: Thu Mar 06, 2014 6:52 am
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests