So, I got my hands on a handy, used Dell Latitude 620 with 2GB ram for next-to-nothing.
I’m looking for something to do with it…
How about, set up a penetration testing platform complete with: safe, internal-only networking; hosts as attackers; hosts as targets; and do the whole thing for $0.00. And, how about doing the entire thing on a single piece of hardware? Sweet.
Purpose
The purpose of this exercise is to establish a safe environment to perform penetration testing on different target hosts and applications.
A single computer with host-only networking will be used to avoid sending attacks across the network where other hosts may reside.
Goals
- Establish the lab with no additional hardware or software investment.
- Ensure that the box does not leak attacks over the network.
- Provide an easy-to-maintain platform where new attackers and targets can be added or modified over time.
Basics: Establishing the virtual environment
The lab-in-a-box comprises a used Dell Latitude D620 with 2 GB ram, and 80GB hard disk space. Not a bleeding edge host, but more than adequate for this endeavor.
Software used:
- Host OS – Ubuntu Linux 9.04, Jaunty Jackalope
- Virtualization – Sun VirtualBox
- Attacker – BackTrack 4 pre-release
- Target – De-ICE Lab CD 1
Step 1. Download and install the Host OS
Download and install Ubuntu on the host. Get it up-and-running, patched, and configured to your tastes.
Step 2. Download and install VirtualBox
Virtual box can be downloaded from: http://www.virtualbox.org/
I’m using Ubuntu, there are a few kernel modules you may need depending on the version of Ubuntu you are working with. If you are using a different OS, do a little research. The VirtualBox site has pretty good info on installing.
Step 3. Download the BackTrack and De-ICE ISO images
BackTrack can be found at Remote Exploit.
The De-ICE images can be found at De-ICE.net.
Step 4. Create the hosts in VirtualBox
Follow the installation instructions on the BackTrack site.
The De-ICE image is a bootable image, so you don’t need to create a big hard disk for this. I created a simple 1GB disk for it, and have the VM configured to mount the De-ICE ISO on boot. Pretty simple.
Step 5. Set up host networking
When I set up the VM’s, they had bridged networking. This means that each VM connects to the local network through the host computer. It is as though they are separate hosts on the network, and each receives an IP address via DHCP if so configured.
The problem is that two virtual machines on the same host will still communicate with one another over the LAN – and that could mean trouble.
The image below shows, in the upper-left hand corner, my BT4 VM doing an Nmap scan of my De-ICE VM in the upper right-hand corner. The window at the bottom is my host (physical box) doing a tcpdump.
Clik here to view.
Data Traveling Across Lan
As you can see from the host tcpump, the network traffic from BT4 is traveling across the net. That’s a big problem in fat-finger space.
I don’t want to be in the coffee shop and inadvertently fat finger a target and end up in the joint.
The solution, set the virtual machines to use a local-only network. In VirtualBox, this is called “Internal Networking.”
VirtualBox supports two types of local only networking. One is called “Host Only.” With this configuration, the host can still interface with the VMs, but the VMs cannot communicate off the host. This is pretty good. But I’m going for maximal safety. That is where “Internal Only” comes in. In this configuration, the virtual machines are assigned to a named network that is created by VirtualBox. Hosts on that virtual network can communicate with other VMs on that network, but not with hosts outside that network. Even your physical box (host) cannot communicate with the VMs…
Shut down and set both the network interfaces on the BT4 and De-ICE VMs to Internal Networking as shown in the screen shot below.
Clik here to view.
VirtualBox Internal Networking Setting
Note the default internal network name (in the screen shot it is “intnet”) as you will need this when configuring the VirtualBox DHCP server…
Next, we will set up the DHCP Server for the internal network. You may not need to do this step, but I’m following the instructions for the De-ICE CD which specifies that the DHCP server should be on 192.168.1.1 and have a lower DHCP lease range of 192.168.1.2. I set the upper range at 2.254 to accommodate other De-ICE CDs.
Using a terminal on the host, run the following command (all on one line):
VBoxManage dhcpserver add --netname intnet --ip 192.168.1.1 --netmask 255.255.0.0 --lowerip 192.168.1.2 --upperip 192.168.2.254 --enable
Sweet. All is well and good. Boot up the two images.
I performed two tests to make sure there was no data leakage.
First, I ran a similar test as I had above – running tcpdump on the host while running Nmap from the BT4 VM targeting the De-ICE VM.
Second, I disabled the host’s network connection and performed the same test.
In both cases the two VMs could talk to one another, but no data leakage, as shown in the screen shot below.
Clik here to view.
Internal Networking Enabled
Step 6. Have fun!
You are good-to-go. Fire up those virtual machines and have some fun!