Setting up 'hackable' home networks?

What's the best way to setup a home network? Why should I care about BGP?

Setting up 'hackable' home networks?

Post by CIDR on Tue May 27, 2014 12:08 am
([msg=81002]see Setting up 'hackable' home networks?[/msg])

So far for the past year I've been studying a lot of Routing & Switching with hands on practical work following the CCNA course outline with some VOiP, Virtualization Administration and General System Administrator tasks, etc.
My mates and I thought it would be cool to each set up a server in our rooms and make each one hackable/vulnerable to attacks so we can all practice some penetration testing. Has any of the HTS community ever set something like this up before, if so, how well did it work out, and my main questions would be..

What was your network topology like, what operating system/version where you running and how did you manage to secure the rest of your own private network.

I'm also wondering which OS has the most exploitable features. Not sure whether to go open source or with windows.

(Yes I'm researching into this myself, just wanted to create a discussion on it for further information).
IF IT CAN'T BE HACKED | IT DOESN'T WORK
User avatar
CIDR
New User
New User
 
Posts: 2
Joined: Mon May 26, 2014 11:52 pm
Blog: View Blog (0)


Re: Setting up 'hackable' home networks?

Post by cyberdrain on Tue May 27, 2014 7:48 am
([msg=81003]see Re: Setting up 'hackable' home networks?[/msg])

Well, that is easy enough to do. I'd advise using a virtual machine, like VirtualBox and install stuff like Metasploitable and Damn Vulnerable Web Application. It depends on your focus, if you want to exploit operating systems and programs, use the first. If you're more interested in web app exploits, use the second. Then just use whatever tools you want on it, but be careful that your NAT doesn't allow the VM outside access, as it would leave the computer vulnerable (obviously).

I have some experience with the first and I know that a few other people here have experience with the second (iirc Ninjex and mShred). You could also just keep any operating system or programs running and not patch them. That will leave nice exploitable holes in your security. Either way, running a virtual machine is advised as it will make resetting the OS easier (after exploitation) and adds security. Lastly, disabling the firewall on the virtual machine might help with port scanning.

Edit: In regards to open source versus closed source, you can use either. In this case it doesn't really matter, as it's just a training environment and both could be equally vulnerable.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1098
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Setting up 'hackable' home networks?

Post by CIDR on Wed May 28, 2014 6:27 am
([msg=81018]see Re: Setting up 'hackable' home networks?[/msg])

cyberdrain wrote:Well, that is easy enough to do. I'd advise using a virtual machine, like VirtualBox and install stuff like Metasploitable and Damn Vulnerable Web Application. It depends on your focus.


Virtualization was a lingering thought I had and quite obviously is, the more sustainable option. Thanks for the recommendation for Meta$ploitable & DVWA. Since I'll be focusing primarily on Operating System vulnerabilities, I'll definitely tell the crew to play around with Metasploitable.

cyberdrain wrote:Be careful that your NAT doesn't allow the VM outside access, as it would leave the computer vulnerable.

Correct me if I'm wrong. This would be done through the Virtual Network Editor after I create the VM instance is that right? From there I could configure it to restrict NAT and prevent it from being visible out in the Internet.

I've been reading through VM Network Types just to determine which one best suits when it comes to pen testing. Host-Only catches my eye which is dominantly there to concentrate traffic between the VM Instance and Virtual Switch VMnet1.
Would it be possible to inter-connect boxes so that they can intercommunicate with each others internal VM Instance? Which I guess would help when it comes to leaving them unpatched.

Diagram | Layout of Host-Only Network Type.
Image

cyberdrain wrote:I have some experience with the first and I know that a few other people here have experience with the second (iirc Ninjex and mShred).

Will definitely join the channel if I don't hear from them in this thread :) thanks for the references, that really helps.

cyberdrain wrote:Either way, running a virtual machine is advised as it will make resetting the OS easier (after exploitation) and adds security. Lastly, disabling the firewall on the virtual machine might help with port scanning.

Awesome, I'm familiar with Nmap and Wireshark but are there any port scanners or traffic sniffers you would recommend when setting up these isolated home networks If I choose to focus on Web Applications vulnerabilities at some point?. I assume most of them are already on Kali.

Also just to expand cyberdrain:

Are there any further precautions I could take when it comes to possible, later configuration of NAT's behaviour that I/we should take into consideration. If I wanted to take the extra level of security could I change my box to connect to a Cisco 2811 router acting as a DMZ with just the vulnerable box within the zone/perimeter? Still have yet to really dig deep into Demilitarized Zones but I'm on the wiki now re-searching.
IF IT CAN'T BE HACKED | IT DOESN'T WORK
User avatar
CIDR
New User
New User
 
Posts: 2
Joined: Mon May 26, 2014 11:52 pm
Blog: View Blog (0)


Re: Setting up 'hackable' home networks?

Post by cyberdrain on Wed May 28, 2014 9:44 am
([msg=81019]see Re: Setting up 'hackable' home networks?[/msg])

Those are a lot of questions, I'll try to answer them to the best of my ability. You should know I haven't used VMWare before, but in my experience most of the set-up and settings are similar in all VM software.

CIDR wrote:Correct me if I'm wrong. This would be done through the Virtual Network Editor after I create the VM instance is that right? From there I could configure it to restrict NAT and prevent it from being visible out in the Internet.

I've been reading through VM Network Types just to determine which one best suits when it comes to pen testing. Host-Only catches my eye which is dominantly there to concentrate traffic between the VM Instance and Virtual Switch VMnet1.

This depends on the settings you use. As you probably know a NAT will just connect two different subnets. When creating a virtual network usually either bridged, NAT or host-only can be chosen. The first one will just make every virtual machine visible on your physical network, in which case NAT settings should be controlled from a physical router of your network. The second will create a virtual network with which all virtual machines are connected and just like a physical router, the virtual NAT connects the internal to the external subnet and should be set-up there. Lastly, the host-only option will create a virtual network, just like the NAT option, but it will not allow connections to the outside world (e.g. no Internet or connecting to other PCs in the network). In VMWare (from what I found) host-only will allow connections with the host operating system.

CIDR wrote:Would it be possible to inter-connect boxes so that they can intercommunicate with each others internal VM Instance? Which I guess would help when it comes to leaving them unpatched.

As it stands, without any seperation all of the network options should allow connections between the virtual boxes. To connect with the rest of the physical network the best option will be NAT (if only 1 machine & require port forwarding) or bridged mode (which will make the virtual machine just part of the network). Least privilege dictates that if you don't need connections to the rest of the network, choose host-only.

CIDR wrote:Awesome, I'm familiar with Nmap and Wireshark but are there any port scanners or traffic sniffers you would recommend when setting up these isolated home networks If I choose to focus on Web Applications vulnerabilities at some point?. I assume most of them are already on Kali.

For learning purposes both Nmap and Wireshark will be fine, but also learn what the tools are doing while using them (if you don't know already). You should be familiar with exactly which options do what on the network level to the point you could write your own tool. Kali does include Nmap and Wireshark and a few more, but learning the techniques will count for more than which tool you use.

CIDR wrote:Are there any further precautions I could take when it comes to possible, later configuration of NAT's behaviour that I/we should take into consideration. If I wanted to take the extra level of security could I change my box to connect to a Cisco 2811 router acting as a DMZ with just the vulnerable box within the zone/perimeter? Still have yet to really dig deep into Demilitarized Zones but I'm on the wiki now re-searching.

DO NOT USE DMZ FOR THE VULNERABLE MACHINE! Sorry, had to shout that. If I read you correctly, DMZ will do the opposite of what you think it does. It provides an option to show a computer completely outside of the network, without any protection from the router (e.g. no NAT or firewall etc.). Combine this with bridged mode and it's a recipe for disaster.

If you're going with host-only, you don't really need any more protection, as everything is just a program running on your computer. However, anything from disabling Wifi (yes, it can be securely configured, but it's easier if you're not going to use it to just disable it) to disabling port forwarding to upping the firewall settings will help. If you're not that paranoid, usually a router is configured to be secure enough.
Free your mind / Think clearly
User avatar
cyberdrain
Addict
Addict
 
Posts: 1098
Joined: Sun Nov 27, 2011 1:58 pm
Blog: View Blog (0)


Re: Setting up 'hackable' home networks?

Post by OS_13115 on Wed Sep 17, 2014 4:12 pm
([msg=83697]see Re: Setting up 'hackable' home networks?[/msg])

Cyberdrain makes a great point about learning. A personal lab is best for learning 'what' the tools are doing and 'why' they work the way they are. Also, you'll gain more understanding about how exploits work using a personal lab (home network hacking environment) than you would learn how to actually hack. I say this because most people, such as myself, generally set up labs with OSes that have known exploits. Not so much fun when you know exactly what to look for and exactly how to exploit is it? Maybe it is for the beginner. For the 'Guru' however, this type of learning is absolutely pointless because there is no challenge in the hack.

As for myself, I use a D-Link wireless router with a built-in firewal (duh) using DHCP and sometimes a ACL for safety. I may also use, either at the same time or for a different PenTest, a wired-connection to a basic Clear Router AP. My LHOST is Kali-Linux (duh), my RHOSTs are run in Virtualbox. I've had no success installing VMWare for some odd reason. I guess I just don't get it. Of course, the wises Network Config is either NAT or Host-Only, but I prefer to use a Bridged connection because the IPAddresses are on their own subnet.

A few .iso I use are Server 2008 Enterprise Edition, Debian netinstall with no GUI, ServerCore2008, Ubuntu LTS (not so much thought cause it's a pain to get the GuestAdditions to work properly) and of course, Windows 2000 because I can't find XP for the life of me.

PS. If anyone has a realiable link with a verifiable SHA1 or better hash to a downloadable WindowsXP SP1 .iso, I appreciate the solid.
OS_13115
New User
New User
 
Posts: 9
Joined: Sat Jul 05, 2014 1:07 pm
Blog: View Blog (0)



Return to Networking

Who is online

Users browsing this forum: No registered users and 0 guests