Argue about Labs 2013

[lucid]

So, obviously I'm not an idiot, and I can figure out how to do things myself. Not necessarily asking for help here. I am kind of a poor guy but due to a few recent life changes I've found ways to aquire a bit more income then usual. So, I'm going to be getting some cheap equipment to set up a PHYSICAL pentesting lab at home. I stress physical because I realized that no matter where you look, or what keywords you use, it seems that all Google/Startpage/whatever has to offer is how to set up a virtual pentesting lab.

Google sucks, now back on topic.

I've got two routers at home, plus a modem(I know), and I'm going to be getting some more cables and a switch. Oh, I also have two laptops. Going to be setting up two different subnets using the routers and switch and putting one laptop on one, and the other on, well, the other one. I'm satisfied with this set up for a rudimentary testing lab, for now at least. What I really wanted to do with this thread is drool and envy over what you guys may have set up. I know some of you have some pretty intense gear.

So maybe this could be like a post your desktop thread, except maybe with a little less focus on pictures and more on specs and physical set up and whatnot. I sort of already explained mine. Other details:

RouterA - 172.16.1.1 
- Windows Laptop
- Webserver
- Open Ports
- SSH client/server

RouterB - 192.168.1.1
- *Nix laptop
- SSH client/server
- Tools of the trade(wireshark, nmap, whathaveyou)

Obviously there isn't much else to explain. Certainly open up some ports on the Windows Laptop and go at it. Set up a webserver, SSH and all that. Then firewall it and blah blah. Anyone interested in sharing?

EDIT: Please, for the love of whoever, don't tell me I can do everything with a virtual machine and Kali or some other shit. Read my post before regurgitating all over the thread.

[noob]

You actualy dont need all that staff,you just need vmware player runing some vulnerable OS like: DVWA,pwn OS,Kioptrix,VulnImage,Holynix,De-ICE...and attacking machine

[lucid]

Didnt you read my post? I dont WANT a virtual lab, and it's frustrating that a virtual lab is all people ever want to talk about. There's benefits to having a physical lab that you cant get in a vlab. Besides as I said, not looking for help. I wanted to see what everyone else has got going on. Now, does anyone want to post something related to what this thread is actually for?

How did I know this would happen

[Matriplex]

How did I know this would happen

Because logic.

I don't have anything special really, I mean what works for me is just setting up a little webserver on my old (Emphasis on old. Large emphasis.) *nix box  and, as you said, going at it. Sometimes I try my brother's windows box when he's on it. With his permission of course.
I'll keep an eye on this thread, I would also like to see what some people have set up.

[lucid]

I don't have anything special really

No worries. Not all of us do. I know there's a few people who have some very respectable setups in here though, and I want to know how they've got their shit set up. Starting to doubt anyone is interested in this though.

My threads suck

[bluechill]

No worries. Not all of us do. I know there's a few people who have some very respectable setups in here though, and I want to know how they've got their shit set up. Starting to doubt anyone is interested in this though.

My threads suck

I don't really see any advantage to a physical lab over a virtual one?  Care to elaborate on some advantages? A virtual lab has several advantages over a physical one:

1) It's easier (generally) to set up and tear down
2) You can have more machines than you physically have
and 3) It's a lot easier to backup, just copy the VMs and you have a true snapshot vs trying to have to do multiple block-by-block copies which will be the size of the partition which is probably bigger than is being used, as in you waste space.

This assumes it's purely for software only.  If you also want to do hardware stuff, well then a physical lab kind of has no equal.  You can also say you have a physical lab too which is kind of fun to say but beyond that I don't really see any advantages to a physical lab.  That's just from my experience, feel free to correct me etc.

[lucid]

Well obviously a virtual lab is cheaper, but I just figured from a real life instance point of view. For example, hardware firewalls etc. Hands on experience is immeasurably more valuable IMO than anything else.

If you also want to do hardware stuff, well then a physical lab kind of has no equal.

Exactly! I was just thinking that as far as practicality is concerned, if you are looking to gain valuable knowledge in hacking a real network, then you should have some practice hacking real network devices.

Seriously though, no one is grasping the concept of this thread at all.

[noob]

 

I was just thinking that as far as practicality is concerned, if you are looking to gain valuable knowledge in hacking a real network, then you should have some practice hacking real network devices.

Alote of real networks use Hyper-V and Vmware,the future is cloud  computing.
You can also downoad firewall virtual apliance like Vyatta and Untagle.
So from hacking perspective there is no any adventage of real pentesting lab from virtual,only if
you planning to do debugging on thous devices.

[Z3R0]

Sorry to disappoint lucid, but I can run about 3 of these on a 5+ year old laptop. :/

[lucid]

Fine. This wasn't really supposed to be a discussion, but I guess my thread idea was crap anyway. Point taken.

/

Marked for deletion.

[RedBullAddicted]

Lucid, why are you so angry today  j/k.. I do fully understand your point. Hardware is awesome and I love Hardware too. There is nothing wrong with having a physical lab for whatever you gonna use it for. Sure, there aren't much benefits compared to a virtual lab but still I am collecting what ever I can effort or get my hands on. At the moment I do not have a diagram of my setup that I could post. I know there are a couple of good network simulators but where is the fun if you can't plug in cables (physically). I rebuild my network at least every two month creating weird routing scenarios and everything that comes to my mind.. lol. Don't think I would do that with a simulator

[lucid]

I know there are a couple of good network simulators but where is the fun if you can't plug in cables (physically). I rebuild my network at least every two month creating weird routing scenarios and everything that comes to my mind.. lol. Don't think I would do that with a simulator

Yeah see that's how I feel. I'm not trying to argue with people about whether or not a vlab is better. Sure, there might be no clear benefits to a physical lab. Obviously the previous posters have proven that to me. Just thought it might be a fun thread similar to Post your Desk.

I guess I can see how it might be a lot of work for someone to post their physical lab...

@m0rph - Wasn't supposed to be anger directed at you or anything. Was having a bad night.

[lucid]

Thread reopened to see where it goes. I apologize to any members may have offended. Feel free to post whatever you want. Virtual or physical.

[Darkvision]

Tell me how using a VM would you:
splice a piece of equipment into a power cart
practice splicing into various pieces of equipment like a card reader or even a ethernet cable to read data
learn to locate open PHYSICAL ports in a switch that you could compromise a network from
this list obviously can go on for days. hell you could even add lock picking locks to extract "protected" drives from machines.


Point being saying that VM's are obviously superior is incorrect. Their are a HUGE list of reasons to want an actual lab, a number of which dont deal with hacking at all and are just for the sake of knowledge, like learning how to keep your rack cool. Yes its more expensive, yes "redoing" everything takes longer, but if you want a complete learning experience you need actual hardware to play with.


Oh and dont forget that you also get to play around with the firmware in a much more direct way, and in a huge number of cases the only way to play with it.

[bluechill]

Tell me how using a VM would you:
splice a piece of equipment into a power cart
practice splicing into various pieces of equipment like a card reader or even a ethernet cable to read data
learn to locate open PHYSICAL ports in a switch that you could compromise a network from
this list obviously can go on for days. hell you could even add lock picking locks to extract "protected" drives from machines.


Point being saying that VM's are obviously superior is incorrect. Their are a HUGE list of reasons to want an actual lab, a number of which dont deal with hacking at all and are just for the sake of knowledge, like learning how to keep your rack cool. Yes its more expensive, yes "redoing" everything takes longer, but if you want a complete learning experience you need actual hardware to play with.


Oh and dont forget that you also get to play around with the firmware in a much more direct way, and in a huge number of cases the only way to play with it.

If it's purely software you want the lab for, a physical lab has no advantages and a virtual lab has many.  If you *also* or solely want to do *hardware*/*physical* stuff then a physical lab has no equal.  I stand by that statement.  Most of the time people want to do software only stuff hence why virtual labs are more common.