CEH Labs

SieSie Member Posts: 1,195
I know this must have been posted before, i did run a search but got a bit lost after that so im just going to ask.

Cheap labs. I bet you knew what i was going to ask before i did. OBviously you dont want to do this in the 'wild' but if you setup a lab at home, as you would for MS exams etc, you already know everything about it and kinda defeats the point a little.

So any ideas guys?
Foolproof systems don't take into account the ingenuity of fools

Comments

  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    In my lab I have several machines connected through a switch/access point that I can disconnect from my Internet router. I also have two laptops that I use as wireless clients. On some of these machines I run VMWare Workstation or Microsoft VirtualPC as practice "targets." On the older machines I run the OS direct from disk and re-image the disk when I want to clean the systems. There are also many Linux-variants that allow you to boot an OS directly from a CD.

    I typically run Windows and Linux (Knoppix) from the laptops and use them as attackers for experimenting with tools, vulnerabilities, and penetration tactics. One day when I have the time to actually go for the CEH, I'll get serious about building a real lab, but for now this is just an amusing hobby for testing software and Malware.
  • SieSie Member Posts: 1,195
    Sounds good to me but always seems like you will already know the setup and what is avail and what is blocked etc etc. SO part of the learning process and thought process to get inside the mind of a hacker is lost.

    Am i making much sense?

    ((Kind of a side note: had XP clients and i did trying running Redhat as a Vmachines but cant get Geforce 6600 card configured in RH))

    [edited for typos]
    Foolproof systems don't take into account the ingenuity of fools
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    Sie wrote:
    Sounds good to me but always seems like you will already know the setup and what is avail and what i blocked etc etc. SO part of the learngin process and thought process to get inside the mind of a hacker is lost.

    Am i making much sense?

    ((Kind of a side note: had XP clients and i did trying running Redhat as a Vmachines but cant get Geforce 6600 card configured in RH))

    Not really lost. Because one big part of getting in the mind of a hacker is getting in the mind of a systems administrator. Most sys admins learn how to build systems by going to vendor related or sponsered schools and classes. Those who don't still usually end up using various white papers and writings that are nothing but the same recommendations spread out across the internet. Understanding how to properly build a system (per the vendor whether it be Cisco, Microsoft or whoever), is a good precursor to learning how to circumvent that systems access control and auditing mechanisms. Besides, to many people coming into the security profession over use the concept of "I wanna think like a hacker". Thinking like a hacker does you good no if you don't have the technical skills needed to carry out the respective tasks needed to actually get past something. I know too many security "professionals" who can rattle off in a new york minute of exactly how to break WEP, but these same people often times couldn't actually sit down and do it if their lives depended on it. Look at it from this perspective; Thinking like a soccer player does not make you a soccer player. You have to also whip your body into shape otherwise you'll be used as a tool on the field. Same goes for pentesting. You might understand the concepts or think like a hacker (the popularity of this concept still amazes me since most skilled pentesters and "hackers" don't have a mystical "hacker" thinking forumla they use. Good advice has already been given to you. JD's setup is not much different than my own.

    As I've suggested before, spend some time on Microsoft's website looking at vulnerability patches. Find out what the patch is fixing, then try to exploit that vulnerability. Once you've done that, apply the patches and verify that vulnerability is actually fixed. Keep doing this and you will start to develop a "flow" for doing this, while at the same time, getting you in "shape". Spend time on security focus and other similar sites looking for vulnerability in other OS's, and carry out the same strategy. This is one place you will build your skill set. Once you're comfortable with the tools of the trade (and no two peoples favorite combination of tools are exactly the same), you'll be skilled enough and into it enough that "thinking like a hacker" will be far from your mind, because at that point you will possibly be just that. And by then you will have realized that "think like a hacker" means think like you, because no two people think exactly alike.

    By the way, speaking of thinking like a hacker, one of the most common first steps is to verify the last time a box has been rebooted, (for example a microsoft IIS server), then go the the vulnerabilty website check for patches and vulnerabilities noting patch and fix release dates. When you find a patch or critical security fix for IIS that was released sayyyyy yesterday, and you're looking at an IIS server that hasn't been rebooted in 3 months, chances are that server is still vulnerable to that vulnerability. This is how it's done (at least some of it). You will not study the way hackers think then magically one day wake up with the hacker mind and have Jedi like hacking abilities. Good luck to ya man. Keep reading and stay focused, and you will get there.

    Keatron.
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    Sie wrote:
    Sounds good to me but always seems like you will already know the setup and what is avail and what i blocked etc etc. SO part of the learngin process and thought process to get inside the mind of a hacker is lost.

    Am i making much sense?
    I see. You are interested in the psychological game too. I already have a "hackish" personality, so the mind-set is no mystery to me. If you can hang with a group of hackers and be accepted as one of them ("cut from the same cloth," as it were) then you've achieved a significant understanding of the people that you are up against.

    One interesting parallel with the white hat and black hat hackers are law enforcement officers and criminals. I've have more than one friend who works law enforcement describe to me how similar good detective and smart criminals are, but they each choose to walk on different sides of the "blue line." (I suppose this might apply to arson investigators and arsonists who have a "red line.") It's fascinating to ponder the circumstances that would make one or the other cross the line that they so closely walk.

    Have you read Kevin Mitnick's books? That's be a good start.
  • keatronkeatron Member Posts: 1,213 ■■■■■■□□□□
    If you insist icon_wink.gif

    Here's a favorite list of mine.

    The Art of Instrusion
    The Art of Detection
    Stealing the Network: How to own a Continent
    Stealing the Network: How to own an Identity
    Gray Hat Hacking

    The last one in the list deals with a little more technical stuff (but not much), and it also deals with a good bit of law and ethics stuff.
  • SieSie Member Posts: 1,195
    I have read both Mitnicks books, very interesting.

    I think my point was its two different things setting up a infrastructure, securing it and getting into that infrastracture though i it would involve very much the same type of mind and thinking.

    What im interested in doing is looking into how it is done from a 'hackers' point of view to give me a better understand of setting up networks etc but obviously in a safe and legal way. (By the way are you able to run two independant VM clients both connected externally [ie via router/modem] out into the internet and back in again to the second machine, thus setting up similar to a 'hacker' client and 'victim' server via internet, or is it better to set up to individual physical machines in the same way?)

    Remembered a quote i heard (no idea where from): A systems/network administrator has to block and prevent 10,000 holes and exploits a hacker has to only find one of these.

    Therefor surely it requires much more knowledge and skill from the tech than the 'hacker' outside....
    Foolproof systems don't take into account the ingenuity of fools
  • JDMurrayJDMurray Admin Posts: 13,023 Admin
    A VMWare client is just another host on your network. When running a Windows OS, it has a NetBIOS name, a host name, an IP address, an Active Directory object, and it can be bridged or NAT'ed to your LAN. A VMWare client can communicate over the Internet (WAN), your private LAN, or with other VWMare clients running on the same physical computer.

    When thinking about potential risks, you need to discern between "inside hackers" and "outside hackers." It has been estimated that 70% of information security breeches come from people internal to the organization. Not all inside hackers have all the passwords and permission that they need to break or steal stuff, but being on the inside sure gives them a big head-start on their outside counterparts for cracking the network and servers. The people on the inside are typically your biggest threats, so plan your safeguards and countermeasure accordingly.
Sign In or Register to comment.