-
May 21st, 2004, 09:22 AM
#1
Junior Member
What would be involved in setting up a hacking lab?
Howdee all
I wanna get into computer security, and I can get access to some spare PC's, and I'm wondering if I can set up a security lab for me to practise some basic hacking skills on... Be it a few Linux machines and Windows Machines
I'm good at the social engineering side of things, just I would like to pick up on my tech side of things
Thanks
-
May 21st, 2004, 09:45 AM
#2
Member
I'm good at the social engineering side of things
Is this considered a really bad or really good attempt at social engineering? It boggles the mind. Too stupid to mask the attempt, or so smart they know to appear un-informed?
If you have the hardware... sure, you can setup a lab. I have 2 desktops running win or *nix and a laptop that can be connected to the network either wirelessly or wired. Not much to it really. I have a Linksys 802.11g wireless router and a cable modem. So I can test my own systems from the inside, or go to a free wap and test from the outside. But you should get the WAP owner's permission before testing from there. (make friends with the local coffee shop owner)
So, setup your network... hit the bookstore, google, this site, etc... Just don't ask "How do I hack into hotmail" or "my friend's ip is xxx.xxx.xxx.xxx can someone here hack it for me?"
And for software, the gnu development tools are a necessity. Nmap, snort, all those tools. pick up a linux distro like slackware and most importantly: read read read
You are so bored that you are reading my signature?
-
May 21st, 2004, 07:10 PM
#3
Banned
Ok, You can run a wargame on almost any system (and in a few easy steps, too)
Step1) Get a 50 Gig hard drive (for a few OSs and later patches)
Step 2) Clean install the OSs you want to try and 'hack' (may I reccomend Debian[sarge|woody|potato|, *BSD, and possibly Windows)
Step 3) 'hack' into the system, after you do, google for bugs relating to what you did. If they exist, patch, and try again. If not, report them and continue.
It would be awesome if you were willing to do this for the AO community
-
May 22nd, 2004, 12:46 AM
#4
I would recommend that you take great care setting up any public box where you invite people to play around. They WILL try to do nasty things to it.
Running it directly on physical hardware is a liability in itself, as someone who gains root access and potentially damage the hardware.
Network setup needs to be done very carefully, to prevent unauthorised egress from the systems - even if they are comprimised (as may be the intention). Otherwise you will rapidly finding your systems festering irc-bot bounce servers full of unauthorised proxies and warez dumps.
Finally you need to ensure that denial of service is not easy - otherwise (from my experience), you will get people turning up with the sole purpose of denying you and anybody else who might want a go, any service at all.
Slarty
-
May 22nd, 2004, 01:31 AM
#5
Banned
Just quarantine the system from any other computers in your network. He did say he was going to use old hardware, so I don't think it would matter much if anyone 'damaged' it.
-
May 22nd, 2004, 02:09 AM
#6
MsMittens has a nice wargames tutorial that I think you may find helpful.
This link should provide you with plenty of information to get you going also.
-
May 22nd, 2004, 06:08 AM
#7
Kez,
Try this PDF on creating a home security lab:
http://www.giac.org/practical/GSEC/R...liott_GSEC.pdf
Also check out this Word document about creating a security lab with virtual machines:
www.giac.org/practical/Edwin_Hart_GSEC.doc
Have fun hacking yourself ![big grin](https://antionline.com/images/smilies/biggrin.png)
mjk
-
May 22nd, 2004, 06:12 AM
#8
How advanced do you want to get?
I would set up 2 boxes, both dual booting Windows and Linux, and a separate box running whatever you want to act as sort of a monitor. Run Ethereal to capture the interactions between the machines. Watch the interactions from all sides. Watch how they talk to each other. Scrutinize the logs from the attacked machine. Make sure you you actually understand what you are reading. Look into more than just basic exploits. Set up anything that would require server based authentication (ex: access a shared (password protected) file on one machine from the other), and watch the interaction as your "legitimate user" accesses something on the network.
Once you've had your fill of this, set up a webserver, have some fun, and move on...
Real security doesn't come with an installer.
-
May 29th, 2004, 01:29 AM
#9
Junior Member
Originally posted here by annihilator_god
Is this considered a really bad or really good attempt at social engineering? It boggles the mind. Too stupid to mask the attempt, or so smart they know to appear un-informed?
haha, I just realised that, it could be taken either way, but d/w, I'm smart, but I am uninformed about the tech side of things. And no, it wasnt an attempt at social engineering ![smile](https://antionline.com/images/smilies/smile.png)
I'm not doing anything illegal by setting up a hacklab in my basement am I?
And it's not going to be hooked up to the net as yet, as I only have 56/k :P, but once i get ADSL, I'm more than happy to allow AO memebers to access it
-
May 29th, 2004, 01:35 AM
#10
I'm not doing anything illegal by setting up a hacklab in my basement am I?
If you're using it by yourself or with those that visit? No
And it's not going to be hooked up to the net as yet, as I only have 56/k :P, but once i get ADSL, I'm more than happy to allow AO memebers to access it
Be careful of this option. Opening it up to those that you don't know can be risky and your goodwill may be used as an opportunity to attack others. There can be some serious legal implications that you'd be responsible for if you do set it up without appropriate "legal mumbo-jumbo". So you may want to reconsider this option. It's not to say that AO members would do it but we have no mechanism to verify the "ethics" of some of the members.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|