In the classes I taught i use Vmware Workstation 7 to create penetration testing Lab
and use Vyatta to simulate as Router, you can use Vyatta to simulate many scenario such as hack into DMZ ... etc, Vyatta support zone-base firewall.
you can download vyatta at the following link:
http://www.vyatta.org/downloads
Vyatta Document:
http://www.vyatta.org/documentation
Lab Diagram
Vm Image:
R1 - Vyatta have 2 nic , eth0 simulate as Wan , eth1 are Lan
Victim - Linux(u can use other operating system to create vuln image)
Attacker - Blackbuntu Linux
Vmware Configuration:
1. Create Vmware Team and add Lan segment in team, for Attacker-Network
please read http://www.vmware.com/support/ws5/doc/ws_team_create_wizard.html for more information how to create team in vmware
2. Add Vyatta image to team, set eth0 connect to NAT, eth1 connect to Lan segment in team
3. Add Blackbuntu to to team, set network interface (in my case are eth0) connect to eth1
3. Vuln Image (Victim) set network connect to NAT
Vyatta Configuration:
set hostname and ip address, etc..
set system host-name R2
set system domain-name blackbuntu.lan
set interfaces ethernet eth0 address 172.16.14.11/24
set system name-server 172.16.14.2
set system gateway-address 172.16.14.2
set interfaces ethernet eth1 address 192.168.1.1/24
set service ssh
Configuring DHCP Server:
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 start 192.168.1.20 stop 192.168.1.200
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 default-router 192.168.1.1
set service dhcp-server shared-network-name ETH1_POOL subnet 192.168.1.0/24 dns-server 172.16.14.2
## Configuring NAT
set service nat rule 1 source address 192.168.1.0/24
set service nat rule 1 outbound-interface eth0
set service nat rule 1 type masquerade
## Configuring Firewall:
## Define a firewall rule set:
set firewall name ALLOW_ESTABLISHED
set firewall name ALLOW_ESTABLISHED rule 10
set firewall name ALLOW_ESTABLISHED rule 10 action accept
set firewall name ALLOW_ESTABLISHED rule 10 state
## Apply the rule set to an interface:
set interfaces ethernet eth0 firewall in name ALLOW_ESTABLISHED
set interfaces ethernet eth0 firewall local name ALLOW_ESTABLISHED
commit
save
After commit and save, at this point you should ping and can connect from Blackbuntu(Attacker) to Victim (and internet too)
### Config port forward ###
Scenario/Question:
When we hack into victim, if we want to reverse shell back to Blackbuntu box that locate at inside network behind NAT,What can we do?
Solution/Answer:
Configure DNAT rules with port destination and firewall destination rules.
Example: on Blackbuntu box we listening on port 80 for incoming connection with command
$nc -lvvp 80
on vyatta should config DNAT like this:
No comments:
Post a Comment