Creating a pentesting lab

[vanity]

Hello everyone, I am in the OSCP PWK course and I ran out of lab time and plan on purchasing more time in the near future but before then I would like to try and create my own lab to practice against prior to extended my lab time.

I did some digging as I assume this is already been discussed and did not find exactly what I am looking for.

How PWK is setup:
PWK gives you access to a subnet range that has 50+ hosts on it with a mix of windows/linux clients and hosts. with various applications and ports opened for exploitation.

What I want to setup
I want to create a small lab of about 10 hosts, (mixture of clients and OS's) with various applications and opened ports. Essentially I want a smaller version of the PWK lab.

I know we can get exploitable linux ISO's from vulnhub and I plan on getting some from there. However I don't know of any Windows ISO's out there that have pre-installed applications to exploit (maybe a licensing issue) I may have to just create the windows VM's and install various services on them to exploit. But before I go ahead and do that I thought I would ask if anyone knows of any already on the webs. (no sense in recreating the wheel) If anyone does know of any can you offer feedback? Have you used any of them? Were there multiple attack surfaces?  If no one knows of anything out there I will create some of my own, and possibly package the entire thing for others to make use of.

Long run what I would like to do
One of the things I have struggled with while in PWK is understanding how the exploits work and how they are delivered. Through my trials and tribulations I have been taking good notes and hope to create some tutorials off of some of the vulnerabilities I have successfully exploited. I think this type of setup could make really good tutorials for beginners with explanations.

@admins and @moderators if this has already been covered elsewhere my apologies. Please let me know and I will delete this post and continue off of the existing one.

Thanks in advance guys.

V

[white-knight]

There isn't many win vulnerable OSs because windows is not free.

If you really want you can torrent some  but you willl still have to install the software you want in them.
If you dont want to torrent them you can use these free  30 day trial VMs XP - WIN 10  https://dev.modern.ie/tools/vms/windows/

Here you can find old software and install it into whatever OS you plan on practicing on  http://www.oldapps.com/
You can also get some vulnerable applications from exploit-DB  https://www.exploit-db.com/

Linux OSs are free to download , well most  and if you want old versions   https://old-linux.com/


* forgot to mention Vulnhub has alot of Vms that are prebuilt with vulnerabilities and are good to add inside your practice lab.

[vanity]

white-knight thanks for the resources I will definitely look into these. I assumed there aren't many Win OS's out there, might be worth making the VM's. I have most all of the flavors of windows already downloaded from when I was in school. Adding vulnerable apps would be the tedious part, as well as creating some of the services on them ei. ftp, mysql db's, iis services and such.

Again thanks for the feedback.

V

[novaccainne]

Hello,
If you are doing oscp then I think it is worth it to extend your access time to the lab.  Here is a good book for creating your virtual penetration testing lab :

http://www.allitebooks.com/building-virtual-pentesting-labs-for-advanced-penetration-testing/

Anyway, there are a lot of useful machine on vulnhub.
I suggest you to try the following machines for oscp :
- Brainpain 1-2-3
- Hades
- Kioptrix
- Kvasir
- Xerxes
- Troll 1 , 2

These machines can improve your "hacking" skills which is enough for oscp, and practice simple bof (corelan,fuzzysecurity).  For enumeration I suggest you to use the following tools :

- https://github.com/rebootuser/LinEnum
- www.securitysift.com/download/linuxprivchecker.py
-  https://code.google.com/p/windows-privesc-check/source/browse/#svn%2Fbranches%2Fwpc-2.0

Linux enum tutorial :
- https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/

Windows :
- http://www.fuzzysecurity.com/tutorials/16.html

[vanity]

Thank you very much novaccainne. I do plan on extending my lab time, however I think it would be beneficial to have my own virtual lab to walk myself through some of these exploits and then extend my lab time to treat it like the exam more or less.

Thanks for the resources.

V

[0E 800]

Just create your own vulnerable Windows boxes.

Or:

Check this out:
https://kat.cr/strategic-security-pentester-candidate-program-2015-t11215662.html

Hint: review attached txt files.