Setting up ethical hacking labs, advise is needed
Hello,
Advise is needed before starting Ethical Hacking self study.
I am planning to buy a computer with 8 g.o memory with a suitable CPU, in order to set a hacking environnement, with 4 or 5 VMs.
I am planning to set up the environnement with vMware Server, so if you have some advice about the host system, config ,... how to set vMware ... please let me know
Thanks in advance
Advise is needed before starting Ethical Hacking self study.
I am planning to buy a computer with 8 g.o memory with a suitable CPU, in order to set a hacking environnement, with 4 or 5 VMs.
I am planning to set up the environnement with vMware Server, so if you have some advice about the host system, config ,... how to set vMware ... please let me know
Thanks in advance
Comments
-
grauwulf Member Posts: 94 ■■□□□□□□□□check the vm appliance store. there are all kinds of free vms out there for various servers and hardware. To start with I'd set up a few 'easy targets' I used Windows 2000 as a generic file and web server, because I had a license to it, and a few old linux distros. I think I had Red Hat 5, I know I had a Caldera system on there (pardon me while I date myself), that was my blue team.
On the same network I put a BT4, Pentoo, and Samuri WTF VMs. That was my red team.
Then I just opened up a 6 pack and fired up the scanners. Metasploit is not the end all be all of hacking. Not even close. It is, however, a great little tool and it works well for known bugs. Take a day and study the hell out of metasploit and meterpeter. Try moding a few payloads. Try exploiting a known vulnerability by hand. Pick an exploit that you can get shell with from metasplot, research it, and now try to do it by hand. Good old MS-068 is a place to start.
Just get your feet wet. Play around.
Once you feel ok wandering around and you know what tools you feel good with, set a goal for yourself.
"I want to deface the IIS site",
"I want to snag the apache config through traverse",
"I want to get the shadow file from that box."
"I want to make a previously limited user an admin."
Now, open another 6 pack and get to work
* 6 pack may refer to the caffeinated or alcoholic beverage of your choice.
EDIT: I did this all on my macbook with a paltry 4GB of ram and a eSata external 1.5TB. There really isn't a big reason to drop 2 large on a testing box. If you can, then do it, just know you 'can' do this cheaply.
Happy Hacking! -
contentpros Member Posts: 115 ■■■■□□□□□□There are a number of preconfigured vulnerable VMs that you can get your hands on. This is by no means a "complete" list but just a few to get you started. I don't have access to the url's at the moment but a quick google search should yield you some results:
Metasploitable
holynix
Herot de-ice discs (there are 3 or 4 of them)
Damn Vulnerable Linux
Damn Vulnerable Web App
OWASP has a number of vulnerable CTF discs (6 if I recall correctly)
Websecurity Dojo
Hackxor
Ultimate LAMP
WebappCTF
Kioptrix
NoVA CTF has regular challenges you can also participate in.
Hope this helps
~CP