Monday 16 September 2013

Joe's Pentester Lab




Hello All, today I’m really excited to tell you about something new and very interesting. My good friend  Joe McCray  has just built and launched his Pentester Lab Network. I met Joe for the first time at Hacktivity 2011 and since then we've been really great friends. Being the curious type I decided to take a look for myself. I sent an email to Joe and requested if I could have access and check it out myself. After I signed up I spoke to Joe about how it all worked and he even gave me some access to the management side of the infrastructure as well.
If you don't have too much time to read this in detail, scroll down to the end of this post! The rest of the post is a quick walk through of what I saw and how much it impressed me!

How You Connect To The Lab
The lab network must be accessed via an OpenVPN client. So you can use any host such as BackTrack/Kali Linux, your Mac, your Windows machine, even a tablet, or smartphone. Joe provides you with an Ubuntu virtual machine that is pre-configured to connect to the lab network VPN. Both the username and password for this virtual machine is ‘strategicsec’




 

You’ll be presented with an empty desktop.  Open a Terminal window by holding down [Ctrl+Alt] and then pressing T.  Or find it through the left sidebar by clicking on Dash home


then typing “terminal” in the search bar

and selecting “Terminal”. 

At the newly open Terminal window, type the command: vpn


The VPN service will start and will ask you for your username, then your password.  This is the Username and Password that has been provided to you by Joe McCray.


When this completes, you can open another Terminal window or tab and type the command: ifconfig

This will show you all of your network interfaces and you can verify that a tap0 interface has been created and you have been assigned an IP address in the lab.



Congratulations you are ready to begin working in the Strategic Security Lab!


What is a Pathway?
Joe provides what he calls ‘Pathways’ which basically step-by-step walk-throughs of attack sequences in the network. These pathways are designed to take the student through learning a myriad of pentesting skills by performing the steps in each respective pathway. Students are strongly encouraged to submit pathways as well. I decided to try a pathway and see what it was like. Here is one that walks a user through a web application attack that transitions to a host-based attack.






In the search field I checked for the first step of sql injection a nice single quote in the search bar


Well that’s a nice error message
After playing around with site a bit and some google searches I tried to execute operations in the URL bar.


This shows me that there is SQL injection and I can execute operations. To try and get a shell ill use metasploit and a sql injection exploit (ideas for this also came from the pathway pdf)
Lets check it with metasploit

Setg LHOST 10.10.5.128
Set RHOST 10.10.10.105
Set GET_PATH  /bookdetail.aspx?id=2;[SQLi]
Using the reverse tcp meterpreter payload



 
This is not the complete pathway of course. Each pathway that I looked at was well over 50 pages. The pathway goes on to cover post-exploitation steps such as hashdumping and pivoting. I must say that I was very impressed.

How big is this infrastructure?
Joe gave me a great deal of access to the infrastructure so I could understand how all of it worked. Brace yourself ladies and gentlemen – this network is HUGE.




 

Joe uses a VMWare ESX infrastructure with several ESX servers managed by VMWare VCenter.



 
When this screenshot was taken there were only 9 ESX servers, but Joe has told me that he now how has nearly 50 ESX servers and is deploying a few each month. Each ESX server can comfortably run dozens of virtual machines.


 
What kind of support do you get?
Joe told me that he built a trouble ticket system so partipants can submit trouble tickets when a target host is no longer exploitable or has become unresponsive. He built an IRC server and Wiki for the lab network participants to communicate with each other and get help as well.

Joe is going to give you a one-time price of $300 for 6 months of access starting on 1 October. Go ahead and jump on this because it is only going to make this offer to the first 50 people that sign up.

Don’t wait – sign up now!

Here is the payment link for this offer:
Sign Up with Paypal!!!

Main Lab Page:

Lab Network Datasheet:
http://strategicsec.com/What-Is-The-Pentester-Lab-Network.pdf