first thing: go get a nice stable version of Xen or get the free for 30 days VMware workstation. (buy it, you will like it!) second thing: put on some Above and Beyond or Armin van Buuren. if you can't hack to trance music, then stop here.
ever wished you had two computers, one for playing on the evil internet, the other for doing important stuff, say playing solitaire, balancing your checkbook, painting mustaches on your family portait in GiMP, or hacking your neighbors wireless? now you can! if you put a virtual computer on your existing computer and let it have access to your network connection, you can cruise the internet inside a virtual machine that will not force you to cry when it gets a virus. you just shut off the virtual machine, restart it, and presto, no virus!
i am actually going to go further than that here: what if you want to research a virus, or watch how one works? what if you want to learn to hack (the good kind!!) and don't want to practice on a live site? (don't even think it, unless you are getting paid to do it, and are sitting on a get out of jail free card!) you can create a virtual network, complete with firewalls, web servers, workstations, even exotic flavors of OS's you haven't ever used (windows ME anyone?).
i will leave the installation to you and the friendliness that is Google. however, i use vmware for most of my virtualization, so take it or leave it. very easy to install, especially in Suse or Ubuntu. specs of my server: 4 GB of DDR2, Dual Core 2 proc, 1.8 TB of space, low end everything else. its a server!!! my main machine (yes, i have 14 computers): 2 GB of 4-5-4-12 DDR2, E6600 OC'd to 2.9 Ghz, and 600 GB RAID 0+1 SATA-II. i can get 8 VM's on my server, and up to 5 on my main machine. the server usually sees 80% utilization when really hammering it, my main machine really never breaks a sweat, but i haven't pushed it either.
two things here: there is a VMware workstation and a viewer application. there are many other products, but these are the two i focus on. if you are wanting to get the aforementioned safe browsing utility that allows you to shut it off and reboot it without saving any malware, get the viewer. its free! then google for vm browser applications. you can even get them right off of VMwares site. download them, unzip them, and then load them up. it brings a tear to my eye how easy they are....
the vmware workstation is a different animal. this is how you create the vm images. i will not go into optimization here, if you really do get that into it, buy books and use google. great stuff. but not here. all you have to do in order to build a virtual machine is get the workstation product, have a copy of the OS you are going to virtualize, and a computer with enough ram to play. (i say 1 gb for windows, for linux you can do far more with far less, but 1 gb is a great #) the vm shares the processor, the ram, and some hdd space, so make sure you realize that you can't play Doom 3 and run 3 vm's on a 386 processor with 256 mb of ram.
Server setup: Main OS is 64Bit OpenSuse 10.1, the rest as follows:
| OS |
RAM |
Purpose |
| Windows 2003 Server |
512 |
Active Directory, DNS, SQL Server, Visual Studio |
| Windows XP |
384 |
Bit Torrent |
| Ubuntu 64 Bit Server |
512 |
DNS backup, DHCP, Oracle DB |
| Ubuntu 64 Bit Server |
256 |
MySQL server |
| OpenSuse 10.1 64 Bit |
384 |
test server (code, applications, linux interface with Win) |
| Fedora Core 5 |
384 |
Apache web server |
| Free BSD 6 |
256 |
play |
| Gentoo 2006.0 |
256 |
log repository |
you can see the power of VM here! i have multiple versions of OS's, and if one crashes, it doesn't require a complete reboot of any of the others (unless the main OS crashed. hasn't happened yet) upgrades are simple too. the real reason i switched to vm's? i have one powerful machine, eating 500 watts of power instead of 7 eating 400 each. less noise, and my circuit breaker doesn't blow nearly as often =) all of this aside, we are more interested in my main computer, the hack test machine.
i dual boot my main machine (Windows for using MS specific software, and OpenSuse 10.1 for everything else) so that i can use both OS's one at a time. ever wanted to use Linux full time, but couldn't live without the occasional game of Rise of Nations? okay, fine, but thats just me i guess. and no, you can't really play games in vm, the graphics card doesn't translate. so, lets say we want to try out the bestest hack tools and learn to firewalk a firewall, but don't want to do it on a live, out of our control host network. no problems. just build a few VM's, set them up in a virtual network, and hammer away!
first off, you have to build your proposed network diagram on a paper napkin. they do that in the movies don't they? or is that just IBM commercials? either way, lets say we want to test hack a small company. we need a firewall, a web server, an email server, a file / apps server, and a few workstations. (i am assuming you have legal copies of the software, or downloads of the always legal linux systems in question here) we also need an IP addressing scheme, and i recommend static here. the main reason: no errant packets. this is essential if you are new to the networking world, you would hate for netcat to be running on your network without you knowing!
fire up vmware workstation, and create your firewall. lets use Fedora Core 5 for the firewall. standard rules apply here, strip it down, no GUI, no unneeded services. (i also use snort IDS in the vm environment, but we won't cover that yet) this is your default gateway for all the other machines in the virtual network. let me add one thing here: in order to download certain patches and software, you will have to let the vm out on the net. just change the IP settings and let vm handle the DHCP and bridge the connection to your physical NIC, then download the data, then put it back on the internal net. you can't test patch levels and other software without it in linux. this is also a wonderful thing about vm: you can install software you don't want on your main machine and use it on the vm. if it screws up the OS, no biggie, just copy the data to your main machine and reformat. painless! but i digress.
we now have the firewall. build the web server, the email server, the file server and workstations in a similar way, just like you would if you were building them in a small company. give them common sets of applications if you want, set the patch levels how you want, and make sure they are able to ping the gateway. i build one at a time in the beginning. now, depending on diskspace: take snapshots. this way you can revert back to a clean install and not have to completely reinstall every time you break one. this is important if you are playing with viruses. oh yeah, and label them so that they make sense =) i have spent many hours trying to solve the mystery of "linux vm 1" and so on..... next, build your hackbox. get all the tools you want, get them installed, and take a snapshot. i love the backtrack live cd for this, but it is good practice to know how to install the tools. you will need one hackbox for linux, and one with Windows. they don't have to both be on all the time while hacking, but you can't run all the tools on either system.
last but not least, build a low memory machine with ethereal / wireshark on it. this will be your sniffing machine inside the network. you can put one on the firewall too, that will help sniff the incoming traffic. remember the IDS above? this is were i build that too. put it in place inside the network, and have it sniff the traffic to the gateway. this is a bit advanced, and not always needed, but you really can't get good at IDS evasion otherwise.
okay, turn on your hackbox, turn on the firewall, the sniffer box, then the servers, then the workstations. your cpu will probably be blitzed, but thats okay, hacking is patience defined. once everything is up and can communicate inside the network, start port sniffing with your hackbox. firewalking is very difficult. if you find you can't get inside the firewall, do a default allow on the firewall, and use it as a router. start your port scanning, nessus detection and metasploit on the inner network. start with trying to compromise one of the servers or web server, and then practice moving tools to them to continue to worm your way into the network. most of the time i will try one technique, stop the packet sniffer, dump the pcap file and save it, then restart it and move on. if you are using IDS, dump the logs from time to time and track your movement through the network. keep a good copy on a thumb drive or your main OS's hard drive. always have a goal when you start, such as setting up a database on one of the vm's and try to extract info from it, or compromising the web server for anonymous file storage and spamming. these aren't things that us good guys would ever do, but it arms you against the bad guys that will use these intrusions for their own means.
don't get discouraged, and don't cheat, unless you just want to test an exploit to see how it works. this system really allows you to improvise solutions that you can't do in production, as well as being the best training money can buy. all with one computer! happy hacking!
</sp00ky> |