Mastodon Hillbilly StoryTime: Building a New Pentest Lab

Thursday, September 12, 2013

Building a New Pentest Lab

A while back I decided that I was going to start a personal infosec “re-education” process during which I hope to learn new tools/techniques, polish up on the abilities I already have, and enhance any areas where I may be lacking.  In order to facilitate this, I needed a work area.  As with any project (woodworking, automotive, or information security), having the proper work area can make a huge difference in one’s ability to succeed in their endeavors.

For my information security “re-education” project, one key part of my “work area” needed to be a wide variety or operating systems to target/test against.  There are a few different approaches I could have taken to achieve this:

1) Use what is available.
Look around your house/office.  You probably have a few older Windows/Unix systems which you do not use on a regular basis.  Odds are you also have a personal printer and/or other network attached devices.  All of those make excellent targets.

2) Use what you can borrow.
Much like the previous option, but in this one, you should ask around with friends/family/etc… to see if anyone has any old/unused hardware/system which they can loan/give you.  If lucky, you can obtain some good (possibly rare) equipment this way.

3) Use a simple virtualization approach.
Since you probably do not have access to lots of unused desktops/laptops/etc..  on which to install your desired target operating systems, you should look into virtualization.  There are several good virtualization solutions available to use (and in most cases, the software itself is free).

  • VMWare PLayer
  • QEMU
  • VirtualBox

Any of these solutions can be easily setup/installed on a personal laptop/desktop.  Depending on the number of “guest” operating systems you wish to install and run at one time, you may encounter resource contention.

4) Build a full virtualization solution.
If the previous option does not provide you with the options/flexibility/resources that you need, you can always build a system solely dedicated to running your “guest” operating systems.  This option may require the expenditure of additional money in order to build your new virtualization host system.

Note: The above options/approaches are NOT mutually exclusive.  You can make use of any/all of them as needed/desired.

The approach I decided to take was a combination of #1 and #4.  I first took inventory of all the systems I had connected to my home network (laptops, desktops, printers, etc…) and then to house/host all of the other “test/target” systems I thought I would/may need, I decided to build a dedicated virtualization host.  For this I decided to go with VMWare’s ESXi server.  The reason I chose ESXi, is that I have had some experience with it in the past, I can easily get the parts to quickly build a decent system, and it is free.

Below is my shopping list of parts I bought to build my system:

  • ($189.99) Seagate Desktop HDD 4 TB SATA 6Gb/s NCQ 64MB Cache 3.5-Inch Internal Bare Drive ST4000DM000
  • ($78.99) Silverstone Tek Micro-ATX Mini-DTX, Mini-ITX Mini Tower Plastic with Aluminum Accent Computer Cases PS07B (Black)
  • ($17.99) Lite-On Super AllWrite 24X SATA DVD+/-RW Dual Layer Drive - Bulk - IHAS124-04 (Black)
  • ($168.99) SUPERMICRO MBD-X9SCM-F-O LGA 1155 Intel C204 Micro ATX Intel Xeon E3 Server Motherboard
  • ($279.99) Kingston Technology ValueRAM 32GB Kit (4 x 8GB) 1600MHz DDR3 ECC CL11 DIMM with TS Intel Desktop Memory KVR16E11K4/32I
  • ($233.99) Intel Xeon Qc E3-1230 Processor
  • ($59.99) Corsair Builder Series CX 600 Watt ATX/EPS 80 PLUS (CX600)
  • TOTAL COST = $1029.93

All of the parts were purchased from (mostly because I have an Amazon Prime account and thus did not have to pay for shipping).

As can be seen, the total cost of the system was just over $1000.  I may have been able to shave some $$$ off of the cost by reusing some of my old/surplus hardware, but I opted to go with all new equipment.

Now that I had my ESXi server built, I need to populate it with various “guest” operating systems.  First, I started by installing a couple old Windows XP and Vista licenses I had, but I needed more operating systems than that.  Luckily for me, there are lots of free VMs and operating systems available: Debian, Ubuntu, Fedora, Mint, etc…  In addition, there are great “target” operating systems available as well:

  • Metasploitable 2
  • Damn Vulnerable Web Application
  • Search on “” for additional targets.

If I needed additional Windows guests, I could:

  • Download any available “trials” from the Microsoft website.
  • Purchase a MSDN Operating System subscription.

I also need “Hacker” boxes to perform all of my scans from.  For this I could either build my own 
system, follow one of the many guide on the internet to build a pentest windows/linux machine, or simply download one of the prebuilt systems.  Here again, there are LOTS of options to choose from.  Personally, I like Kali (the new version of BackTrack).

Well, that is a quick overview of my pentest lab.  If you have any comments/questions/suggestions, please feel free to contact and/or leave a comment below.

No comments: