Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hacking "labs"

  1. #1
    Senior Member linuxcomando's Avatar
    Join Date
    Sep 2001
    Posts
    432

    Question Hacking "labs"

    Hey all,

    I'm going to be giving a pretty in-depth network security course at the end of the month (5 days long). I would like to incorporate several "labs" so the student actually get a hands on feel for hacking. I have designed a few labs for cracking WEP/WPA; however, I would like to have a total of 5-10 labs. I was figuring on doing some password cracking, Jumping Vlans, and some DDOS. Then having them "Catch" and "Prevent" the attacks. I want to see what your guys thoughts are on some "labs". Any input would be great. So If you have any ideas as to what sort of labs I should do let me know!


    Thanks,
    Linuxcomando
    I toor\'d YOU!

  2. #2
    AO's MMA Fanatic! Computernerd22's Avatar
    Join Date
    Mar 2003
    Location
    Miami, FL
    Posts
    795
    I'm going to be giving a pretty in-depth network security course at the end of the month (5 days long). I would like to incorporate several "labs" so the student actually get a hands on feel for hacking. I have designed a few labs for cracking WEP/WPA; however, I would like to have a total of 5-10 labs.
    How many computers in each 'lab'? If I was you, I would cover windows 2000 pro, windows xp Pro, windows server 2003 and apache. Also, Linux/unix distros of course. What applications do you plan on running to do this? If not through applications, what vulnerabilities do you plan to exploit to do this?

  3. #3
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    linuxcommando, while a bit old, you might want to look through and review my tutorials on WarGames. Might give you an idea as to how to setup the network/labs.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  4. #4
    Senior Member Opus00's Avatar
    Join Date
    May 2005
    Posts
    143
    How about a capture the flag type event, with a twist. Once you've captured the flag (pwned the computer) patch it before some one else can take it away from you. Make it so it has several remote exploits, the one who closes the last hole and prevent anyone else from taking it away, wins.
    There are two rules for success in life:
    Rule 1: Don't tell people everything you know.

  5. #5
    Junior Member
    Join Date
    Apr 2002
    Posts
    16
    We have something called "SPARSA Challenge" boxes during our hacking competition which can essentially be mini labs. This year we're using the "Hacme Bank" application by Foundstone and modifying it heavily such that the hackers can flex their skills on SQL injection and see if they can find a "terrorist" bank account in a bunch of fake accounts and transactions. Needle in a haystack style they have to find one account out of 10,000 and the odds of doing it in real life are even smaller. It would make a good lab (in my opinion) to setup a Hacme Bank installation and teach from the solution guide, how attacks are done and what was the design flaw that caused this.

    Note: Hacme bank needs to be modified in the Main.aspx to allow for anyone other than localhost to access the website...
    Vice President of Practices
    RIT\'s Security Practices and Research Student Association
    http://www.sparsa.org

  6. #6
    Also just jumping off what was said earlier in regards to some systems to try it on, Windows NT comaptible machines may offer a bit more with regards to versatility. Also with regards to the actual attacks a good one to have them excercise might be getting them to try exploiting the vulnerability of a buffer overflow in some systems along with other DOS attacks.

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Hey Hey,

    I'm kinda curious... you're ding a 5-day intensive course on network security.... And you want to cover password cracking, vlan jumping, wep/wpa cracking and DDOS... Who are you targetting? Who will be taking this class..

    How do you plan to cover password cracking? JtR, Hydra, Rainbow Tables, LC....
    Why VLAN Jumping?? WIth yersinia out you could cover a whole combination of attacks on networking equipment...
    Why WEP Cracking? I've always wondered about this... WEP cracking is great... but unless you're training Pen Testers being able to crack a WEP key is useless for legit purposes... and DDOS You're going to teach people DDOS?? This makes it sound like a joke..

    Assuming that this is targetted at professionals (IT Admins, etc)... you want to cover things that will actually be useful to them in their environment..

    They say the best way to defend is to know how to attack... but the things you have mentioned (WEP Cracking, Password Cracking, DDOS) you really can't defend against.. Sure password policies can be put into place, but that means nothing when you look at pre-computed hashes.... WEP Cracking... if you only support WEP or have a hybrid OS environment you'll need WEP.. so even if you can crack it it doesn't help you defend against it and DDOS is generally just a pipe saturation... which you can't stop.... we've seen that in the DDOS attacks against some of the big players on the net..

    How about teaching things like
    Nessus... Introduction: Setup, Usage, etc
    Nessus... Advanced: NASL Scripting
    Metasploit... Introduction: Setup, Usage, etc
    Metasploit... Advanced: Writing custom exploits
    Security Tools: Introduction... Detail things like dsniff, nmap, hping2, netcat, etc
    Security Tools: Advanced... What can you do with these tools
    SQL Injection
    Code Auditing
    IDS Evasion (this builds on your Metasploit stuff)
    Writing Better IDS Rules (This builds on IDS Evasion which provides a better understanding of what a good rule needs)
    Access Control Lists
    Physical Security
    Cryptography
    Scripting (Be it Bash, Perl or Python)

    You say you are teaching Network Security... People like to apply these titles... Network Security, Application Security, Physical Security... The simple matter is that those are all seperate areas of "IT Security" and without knowledge in all of them everyone of them will fail...

    What you currently plan on teaching sounds like some little skiddie group sitting around right now, hopefully you don't take offense to that... but that's what I get out of it.

    Peace,
    HT

  8. #8

    Good point

    Come to think of it - HT Regs has a good point, why such intense offensive strategies for beginner introduction to the world of system and network security? if it isn't aimed at the introductory audience then fine, but if it is...good luck.

  9. #9
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915

    Re: Good point

    Originally posted here by heiress
    Come to think of it - HT Regs has a good point, why such intense offensive strategies for beginner introduction to the world of system and network security? if it isn't aimed at the introductory audience then fine, but if it is...good luck.
    I sure hope you don't think that was my point... if so.... ouch.

  10. #10

    Buster

    Wow, you really are funny. Considering that you make fun of yourself. Actually that was my point but in case you didn't notice I was congradulating you on perceptive thinking.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •