EvilZone

Hacking and Security => Hacking and Security => : lucid December 15, 2013, 11:37:15 PM

: Argue about Labs 2013
: lucid December 15, 2013, 11:37:15 PM
So, obviously I'm not an idiot, and I can figure out how to do things myself. Not necessarily asking for help here. I am kind of a poor guy but due to a few recent life changes I've found ways to aquire a bit more income then usual. So, I'm going to be getting some cheap equipment to set up a PHYSICAL pentesting lab at home. I stress physical because I realized that no matter where you look, or what keywords you use, it seems that all Google/Startpage/whatever has to offer is how to set up a virtual pentesting lab.

Google sucks, now back on topic.

I've got two routers at home, plus a modem(I know), and I'm going to be getting some more cables and a switch. Oh, I also have two laptops. Going to be setting up two different subnets using the routers and switch and putting one laptop on one, and the other on, well, the other one. I'm satisfied with this set up for a rudimentary testing lab, for now at least. What I really wanted to do with this thread is drool and envy over what you guys may have set up. I know some of you have some pretty intense gear.

So maybe this could be like a post your desktop thread, except maybe with a little less focus on pictures and more on specs and physical set up and whatnot. I sort of already explained mine. Other details:

RouterA - 172.16.1.1 
- Windows Laptop
- Webserver
- Open Ports
- SSH client/server

RouterB - 192.168.1.1
- *Nix laptop
- SSH client/server
- Tools of the trade(wireshark, nmap, whathaveyou)

Obviously there isn't much else to explain. Certainly open up some ports on the Windows Laptop and go at it. Set up a webserver, SSH and all that. Then firewall it and blah blah. Anyone interested in sharing?

EDIT: Please, for the love of whoever, don't tell me I can do everything with a virtual machine and Kali or some other shit. Read my post before regurgitating all over the thread.
: Re: Post your Lab 2013
: noob December 16, 2013, 12:39:05 AM
You actualy dont need all that staff,you just need vmware player runing some vulnerable OS like: DVWA,pwn OS,Kioptrix,VulnImage,Holynix,De-ICE...and attacking machine
: Re: Post your Lab 2013
: lucid December 16, 2013, 01:29:16 AM
Didnt you read my post? I dont WANT a virtual lab, and it's frustrating that a virtual lab is all people ever want to talk about. There's benefits to having a physical lab that you cant get in a vlab. Besides as I said, not looking for help. I wanted to see what everyone else has got going on. Now, does anyone want to post something related to what this thread is actually for?

How did I know this would happen
: Re: Post your Lab 2013
: Matriplex December 16, 2013, 02:27:27 AM
: lucid  December 16, 2013, 01:29:16 AM
How did I know this would happen

Because logic.

I don't have anything special really, I mean what works for me is just setting up a little webserver on my old (Emphasis on old. Large emphasis.) *nix box  and, as you said, going at it. Sometimes I try my brother's windows box when he's on it. With his permission of course.
I'll keep an eye on this thread, I would also like to see what some people have set up.
: Re: Post your Lab 2013
: lucid December 16, 2013, 04:03:55 AM
: Matriplex  December 16, 2013, 02:27:27 AM
I don't have anything special really
No worries. Not all of us do. I know there's a few people who have some very respectable setups in here though, and I want to know how they've got their shit set up. Starting to doubt anyone is interested in this though.

My threads suck
: Re: Post your Lab 2013
: bluechill December 16, 2013, 06:00:09 AM
: lucid  December 16, 2013, 04:03:55 AM
No worries. Not all of us do. I know there's a few people who have some very respectable setups in here though, and I want to know how they've got their shit set up. Starting to doubt anyone is interested in this though.

My threads suck

I don't really see any advantage to a physical lab over a virtual one?  Care to elaborate on some advantages? A virtual lab has several advantages over a physical one:

1) It's easier (generally) to set up and tear down
2) You can have more machines than you physically have
and 3) It's a lot easier to backup, just copy the VMs and you have a true snapshot vs trying to have to do multiple block-by-block copies which will be the size of the partition which is probably bigger than is being used, as in you waste space.

This assumes it's purely for software only.  If you also want to do hardware stuff, well then a physical lab kind of has no equal.  You can also say you have a physical lab too which is kind of fun to say but beyond that I don't really see any advantages to a physical lab.  That's just from my experience, feel free to correct me etc. :)
: Re: Post your Lab 2013
: lucid December 16, 2013, 07:19:15 AM
Well obviously a virtual lab is cheaper, but I just figured from a real life instance point of view. For example, hardware firewalls etc. Hands on experience is immeasurably more valuable IMO than anything else.
If you also want to do hardware stuff, well then a physical lab kind of has no equal.
Exactly! I was just thinking that as far as practicality is concerned, if you are looking to gain valuable knowledge in hacking a real network, then you should have some practice hacking real network devices.

Seriously though, no one is grasping the concept of this thread at all.
: Re: Post your Lab 2013
: noob December 16, 2013, 01:28:45 PM
 
I was just thinking that as far as practicality is concerned, if you are looking to gain valuable knowledge in hacking a real network, then you should have some practice hacking real network devices.

Alote of real networks use Hyper-V and Vmware,the future is cloud  computing.
You can also downoad firewall virtual apliance like Vyatta and Untagle.
So from hacking perspective there is no any adventage of real pentesting lab from virtual,only if
you planning to do debugging on thous devices.

: Re: Post your Lab 2013
: Z3R0 December 16, 2013, 01:39:52 PM
Sorry to disappoint lucid, but I can run about 3 of these on a 5+ year old laptop. :/
(http://i.imgur.com/EQTYXqr.jpg)
: Re: Post your Lab 2013
: lucid December 16, 2013, 07:53:50 PM
Fine. This wasn't really supposed to be a discussion, but I guess my thread idea was crap anyway. Point taken.

/

Marked for deletion.
: Re: Post your Lab 2013
: RedBullAddicted December 16, 2013, 08:47:38 PM
Lucid, why are you so angry today  :P j/k.. I do fully understand your point. Hardware is awesome and I love Hardware too. There is nothing wrong with having a physical lab for whatever you gonna use it for. Sure, there aren't much benefits compared to a virtual lab but still I am collecting what ever I can effort or get my hands on. At the moment I do not have a diagram of my setup that I could post. I know there are a couple of good network simulators but where is the fun if you can't plug in cables (physically). I rebuild my network at least every two month creating weird routing scenarios and everything that comes to my mind.. lol. Don't think I would do that with a simulator :)
: Re: Post your Lab 2013
: lucid December 16, 2013, 09:05:53 PM
: RedBullAddicted  December 16, 2013, 08:47:38 PM
I know there are a couple of good network simulators but where is the fun if you can't plug in cables (physically). I rebuild my network at least every two month creating weird routing scenarios and everything that comes to my mind.. lol. Don't think I would do that with a simulator :)
Yeah see that's how I feel. I'm not trying to argue with people about whether or not a vlab is better. Sure, there might be no clear benefits to a physical lab. Obviously the previous posters have proven that to me. Just thought it might be a fun thread similar to Post your Desk.

I guess I can see how it might be a lot of work for someone to post their physical lab...

@m0rph - Wasn't supposed to be anger directed at you or anything. Was having a bad night.
: Re: Post your Lab 2013
: lucid December 17, 2013, 01:34:54 AM
Thread reopened to see where it goes. I apologize to any members may have offended. Feel free to post whatever you want. Virtual or physical.
: Re: Post your Lab 2013
: Darkvision December 17, 2013, 02:45:48 AM
Tell me how using a VM would you:
splice a piece of equipment into a power cart
practice splicing into various pieces of equipment like a card reader or even a ethernet cable to read data
learn to locate open PHYSICAL ports in a switch that you could compromise a network from
this list obviously can go on for days. hell you could even add lock picking locks to extract "protected" drives from machines.


Point being saying that VM's are obviously superior is incorrect. Their are a HUGE list of reasons to want an actual lab, a number of which dont deal with hacking at all and are just for the sake of knowledge, like learning how to keep your rack cool. Yes its more expensive, yes "redoing" everything takes longer, but if you want a complete learning experience you need actual hardware to play with.


Oh and dont forget that you also get to play around with the firmware in a much more direct way, and in a huge number of cases the only way to play with it.
: Re: Post your Lab 2013
: bluechill December 17, 2013, 07:52:06 PM
: Darkvision  December 17, 2013, 02:45:48 AM
Tell me how using a VM would you:
splice a piece of equipment into a power cart
practice splicing into various pieces of equipment like a card reader or even a ethernet cable to read data
learn to locate open PHYSICAL ports in a switch that you could compromise a network from
this list obviously can go on for days. hell you could even add lock picking locks to extract "protected" drives from machines.


Point being saying that VM's are obviously superior is incorrect. Their are a HUGE list of reasons to want an actual lab, a number of which dont deal with hacking at all and are just for the sake of knowledge, like learning how to keep your rack cool. Yes its more expensive, yes "redoing" everything takes longer, but if you want a complete learning experience you need actual hardware to play with.


Oh and dont forget that you also get to play around with the firmware in a much more direct way, and in a huge number of cases the only way to play with it.

If it's purely software you want the lab for, a physical lab has no advantages and a virtual lab has many.  If you *also* or solely want to do *hardware*/*physical* stuff then a physical lab has no equal.  I stand by that statement.  Most of the time people want to do software only stuff hence why virtual labs are more common.
: Re: Post your Lab 2013
: proxx December 17, 2013, 08:51:21 PM
: bluechill  December 17, 2013, 07:52:06 PM
If it's purely software you want the lab for, a physical lab has no advantages and a virtual lab has many.  If you *also* or solely want to do *hardware*/*physical* stuff then a physical lab has no equal.  I stand by that statement.  Most of the time people want to do software only stuff hence why virtual labs are more common.

I agree to some extend , but lets not forget that one might learn a lot from physical equipment, I know for a fact that I learned a lot from staring at loads and loads of UTP cables , finding that single cable :P
Its a poor example , oke I admit..
: Re: Post your Lab 2013
: Axon December 17, 2013, 09:10:54 PM
pffff I have Kali linux on a usb stick, for quick deployment. It's funny how lucid didn't intend for this to be a discussion thread, yet the members are still discussing VM or physical.
: Re: Post your Lab 2013
: lucid December 17, 2013, 09:37:39 PM
Yeah, clearly people don't read. It's ok I'm just letting whatever happen.
: Re: Post your Lab 2013
: proxx December 17, 2013, 10:01:18 PM
Oke lol back on topic.
I got dragged into it, you are right.

I dont have a pentest lab atm , all my gear is boxed up, I have quite some garbage lying around :P
One Cisco security gateway, never used that little bugger but I know they are expensive as hell.
: Re: Post your Lab 2013
: Darkvision December 18, 2013, 12:19:53 AM
: bluechill  December 17, 2013, 07:52:06 PM
If it's purely software you want the lab for, a physical lab has no advantages and a virtual lab has many.  If you *also* or solely want to do *hardware*/*physical* stuff then a physical lab has no equal.  I stand by that statement.  Most of the time people want to do software only stuff hence why virtual labs are more common.


You dont seem to get the point i was making, so i will state it slightly different. VM's are great for those on a budget or with a narrow focus. For ANYONE looking to really learn about computers you can not beat a physical setup.


VM's have either limited or no support for the following(again to name a few...):
firmware
stress testing
add on devices
unconventional cards/hardware


As well they are limited simply by the fact that they are an EMULATION. Meaning support for a number of things are going to be missing. Add to this that you can easily turn those pc's/servers into boxs running multiple vm's the only real advantage to using vm's on hardware you dont own is a cheaper per month cost. Im not saying that isnt a huge advantage, as we are all of us on some sort of budget. But if you have the spare parts/time/gear their is no reason not to set up a physical lab, and a huge number of reasons to do so.
: Re: Post your Lab 2013
: lucid December 18, 2013, 02:53:59 AM
Indeed, I am thoroughly surprised at the lack of love for hardware there apparently is on this forum. Sure you can set up 20 fucking VMs if you have the RAM, but why not set up a REAL network and practice on that. That way in real world situations you have knowledge of real world equipment.

What if you wanted to pentest a hardware firewall?

And yes, I know that real networks utilize VMs to a reasonably large extent. I'm not saying to never practice in a vlab.

I simply refuse to believe you can do absolutely everything and learn the exact same way in a vlab that you could in a physical one.
: Re: Post your Lab 2013
: noob December 18, 2013, 11:46:37 PM
Dude you have 2 routers and 2 PCs, its not even close to REAL infrastructure,so YOU will not learn nothing diffrent from us who use vmware.
And you can only dream about REAL infrastructure in your home,so if you wana learn how REAL network work go for MCSE or RHCE certificate,find a job and stop this pointless arguing.
: Re: Argue about Labs 2013
: lucid December 19, 2013, 12:07:13 AM
Oh so the only way to learn anything is by getting a job? Weird, I thought life had more freedom then it apparently does. This is stupid.

/