I finally had the time to finish a nice help document which describes how to install a VMware virtual network to run the De-ICE Penetration Testing LiveCD’s. So why did I do all of this?
For the longest time I have been looking for a way to create a training type program for a small corporate penetration testing team. The problem is that the people that conduct internal penetration tests within small and large corporations are usually part of a larger Information Security department. These are the people that usually have to wear many hats in Info Sec, not to mention that they have to do other things as well. This all leads to a decrease in time and hence, skill set! Since the corporate guys (and gals) don’t conduct pen tests everyday or every week (like our consulting brethren) there needs to be some sort of training program that corporate pen tester’s can use to keep their skills up-to-date.
The training program needs to consist of the following:
– Easy to setup in a lab or virtual environment.
– Scenario based challenges that replicate real world situations.
– A “level” type of achievement system. Levels should build upon one another.
– Real hacking tools need to be pre-installed and ready to use, no time to mess with configurations.
– Scenario’s that make you actually learn the tools and to think “outside the box”.
– Scenario’s need to be challenging and fun!
These are some of the high level requirements that I was looking for when it came to developing this training program.
I was lucky enough to attend the Defcon conference in Vegas this summer and sat in on a presentation entitled “Turn-Key Pen Test Labs” by Thomas Wilhelm. Thomas described these LiveCD’s (bootable on any kind of “intel” hardware) in which you can create your own pen test lab with some great real world scenarios. Thomas basically took scenarios that he did in real life pen testing assignments, recreated and re-engineered these on the LiveCD’s. What a fantastic idea! The LiveCD’s are based off of Slax. They contain real, live running services like telnet, ssh, ftp, etc..and even include a web server. So what do you do with the LiveCD once you pop it into a machine? You use Backtrack 2! Backtrack 2 is a LiveCD which contains over 300 tools pre-installed and ready to use. No need to configure anything. So..setup a small lan with two computers and a dhcp server and you are all set.
One thing I wanted to do was take the LiveCD’s that Thomas put together and create the lab environment in VMware. That way you can have the Backtrack 2 LiveCD and the De-ICE Pen Test LiveCD’s all on a virtual network contained on one laptop or desktop. Perfect for the corporate pen tester! I found (through the forums on Thomas’ website) that there were lots of questions and/or problems with setting up a virtual network to run the testing environment so I put together a document which guides you through the setup of the network and the LiveCD’s. This is the setup that I have used for the LiveCD’s and it has been working out great! One thing to note about my setup. I am running VMware Workstation 5.5 on Suse 10.2. These instructions should work with VMware Workstation 6 and server as well. I note that the Windows version is similar. I will need to update the document with the Windows instructions as well. This is version 1.0 so I plan on releasing updates to this in the future.
So where do you find all of this stuff?
You can download the De-ICE LiveCD’s from the De-ICE website here. There are also some really good “spoiler” and help forums if you get stuck. Thomas has done a great job on these LiveCD’s so please support his website and the forum community that is growing around these CD’s. I encourage you to learn more about these LiveCD’s and get involved with helping create scenarios for future LiveCD’s.
VMware Documentation for De-ICE Pen Test LiveCD’s
The VMware Configuration Document I created is available for download here. I also have a sticky in my forums with a download link as well. You can post questions or improvements to the document in the forums linked to this post either on spylogic.net or on de-ice.net. You can always send me an email as well. agent0x0 [aT] spylogic [d0t] net.