Busy! Busy!
For the past two weeks I’ve been trying to get on here an blog some more about the hack lab, but I keep getting interrupted and never finish. I haven’t had any really big projects going on, it just seems all the little things keep me running around in circles.
Anyway, here’s a quick update on the HackLab. I’ve setup the server with OpenBSD 4.0 and it’s running Qemu 0.9.0 to run the VM’s on. I’ve got Windows 2K, 2K Server, XP, another OpenBSD workstation, and a HD install of BackTrack 2.0. I’ve run into some problems with the BackTrack install, so I’m working on updating some of the software. Specifically SVN and MetaSploit seem to be broken. So I’ve downloaded a new version of SVN, and when it’s finished compiling, I’ll update MetaSploit. Then I’m going to setup a W2K3 server VM, and I’m thinking about adding a couple of Linux distro’s. At the moment I’m leaving everything with it’s default installation, with no SP’s or updates of any kind. I thought we could explore some of the holes in the default installs.
My plan at the moment is to get everything setup, then I’ll put together some videos demonstrating some basic penetration testing techniques. I actually started this yesterday when I discovered SVN and MetaSploit were broken. We’ll begin with OS detection using tools such as nmap, nc, and telnet. Then we can look at some of the easier to use exploits. Then a demonstration of the autopwn feature of MetaSploit. Then sometime I’ll get this HackLab setup online with it’s own static IP and we can try a RootWar.
Hopefully I’ll get all this done in the next few weeks. This has been a side project that I’ve been mostly working on in the evenings, so it’s taking awhile. Hopefully it will be a good learning experience for all of us. 