Simulating A Real Lab Environment for Pen Testing (Part 1)

September 1, 2016 | Views: 14595

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Hi Guys,

Today I’m going to show you how to build a real lab for pen testing.

As all of you know, pen testing in the real world is not just dealing with 2 vms, one for an attacker and the other for the victim. In the real world, we should deal with a network, and in standard networks there are a bunch of devices that could detect devices, such as IDS/IPS, Firewalls and etc. So how can we simulate a real world scenario to well prepare for pen testing? Stay with me.

The best simulator to do this is GNS3, GNS3 is a network simulator and it lets you deal with real devices, such as Cisco routers and switches, Juniper and ASA firewalls and so on. Also you can connect your virtual machine to it which could be vmware or virtual box. You can also connect your host machine to it. Seems cool!!!

If you are not familiar with networking, I suggest you spend some time on Cybrary and learn Network+ if you are a beginner, and then go to Cisco CCNA. You can also try learning how to configure firewalls in the next steps. Doing these, you will learn how to configure a network and this knowledge help you on how to attack a network.

Get Ready Steps:

  1. So, for the beginning, download gns3 which is free
  2. Then download some Cisco router IOS such as c3600 and c7200
  3. Download ASA842 for gns3
  4. You need an attacker which in this case it will be kali linux, and some poor victims, that is a windows machine, so prepare them.
  5. Requirements are finished and now we should start creating our fantastic lab

Creating Our Lab:

  1. Start adding IOS to GNS3, GNS3 Documentation, Dont forget to use Idle-PC option
  2. Add ASA842 to GNS3, GNS3 Docs
  3. Now we should design an standard network,
    1. Add one or more switches to your lab, and some kind of host to each switch
    2. If you use more than one switch, add one router to your lab, configure router interfaces and also run routing protocol on it.
    3. Firewalls should be placed in the network edge, where you network is connected to the outside world. so connect router(s) to firewall interface
    4. It is much more interesting to add DMZ to your network. DMZ will be connected to the firewall separately from your internal LANs, in the cases that your organization provide some services like web to outside world is used, and web service will be placed in DMZ.
  4. To add your virtual machines (here I used vmware):
    1. Drag and drop a cloud element from the toolbox, right click on the cloud and select configure, In the Ethernet tab, From generic Ethernet IO select VMware Network Adapter (select vmnet that is connected to your virtual machine). For each machine that you wish to add please follow step 4 and be aware of which Ethernet IO you select.
    2. Connect the cloud NIC to one of swithes, it’s optional based on the your scenario.

Note: Maybe you want to attack this network from outside world, so instead of connecting the cloud to the internal switches you can connect it to the outside port of firewall.

Suggestion: find a well defined network topology in the internet, try to simulate it using GNS3, and try different kinds of attacks.

Woohoo! Congratulations! By finishing this tutorial, you have created a very professional lab for your own pen testing work.

Good luck with Hacking,

Jahankohan.

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
33 Comments
  1. Do you think to continue and complete this parts?

  2. Could someone give the specific websites that I should use to download “Cisco router IOS such as c3600 and c7200” as well as “ASA842 for gns3”. A hyperlink or even the name of the host site will suffice. Just so I get the correct, up-to-date downloads.

    • I think you find since you comment here but for other who ask, cisco IOS are not free but in good hacker you are, you Can easily find them for free with Google.

  3. yep ! good !!! thank you, GNS3 is downloading 🙂

  4. thanks for this 🙂

  5. Thank you for sharing this really helpful guide 🙂 !

Page 5 of 5«12345
Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel