Setting Up A Test Lab
In this section, this documentation explains setting up a penetration testbed and installing a custom high interaction honeypot for research purposes and vulnerability testing. This documentation will help you with your research in honyenets.
We will be using virtualization. Download both VMware Player or Virtualbox. Most of the vulnerable OS uses vmdk files used in VMWare Player. If you possess a Mac, a free version of VMware does not exist. You will have to install a trial version of VMware Fusion.
Setup Metasploitable ISO on Virtual Box' - Install Metasploitable on Virtual Box or VM Ware or dedicated machine. Dedicate 256 - 512 Mb of RAM and 5-10 Gbs of dynamic memory depending upon your resources. I like installing vulnerable systems as VM because it is extremely easy to re-image once your honeypot gets compromised or malfunctions.
Install Back Track 5 R1' - BackTrack is an "all in one" live cd used on security audits. Its penetration testing framework contain tools used for testing wired and wireless networks.
Install WMware Tools Virtual Machine->Install VMware Tools Setup shared folder by going into Virtual Machine->Settings->Sharing. Press the + button and add your shared folder. cp /cdrom/*.gz /tmp/ cd /tmp tar xvzf VM*.gz cd vmware* sudo ./vmware-install.pl
tcpdump -w SambaRCI.pcap -s 0 -i eth0
-w = write to file -s = snaplength or bytes of data from each packet. "-s 0" sets it to the default of 65535 bytes
Windows XP SP0 Be warned, Win XP SP0 is hard to find. I suggest using a bit torrent such as Pirate Bay. In the past Win XP was located on megaupload. However, megaupload's website was recently seized by FBI a month ago and taken down. It took me 2 hour to find a torrent file with 3 peers at PirateBay . If you need this iso to create a honeypot, let me know.
Note: While installing, If you install Win XP SP0 on Mac, press FN + F8 instead of F8. Pressing F8 on Mac starts itunes. I learned this mistake the hard way.
Metasploitable Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql
Federal Desktop Core Configuration The draft download packages contain recommended security settings; they are not meant to replace well-structured policy or sound judgment. Images from FDCC can be found at: VMWare, Virtual PC, and FDCC Images
Convert to Honeypot
- Install and Configure Sebek
Various of organizations possess penetration labs that we can use to learn more about vulnerabilities.
Metasploit Test Lab Metasploit contains resources for setting up a test lab for a single box and for multiple boxes.