crazylazy.info

txtI'm that VM guy: uses root in a VM to do the tests. That's very comfortable because you can't break your OS, unless you're really stupid, you can stop immediately, you've got more control and monitoring ability and you save time setting up everything every time for the specific purpose.

In the past I wrote about:

davix - a visualisation specific Live distribution to do analysis.

Hex and Helix - Hex is a special FreeBSD Live CD for network forensics, Helix is a Live CD for data specific recovery issues.

SamuraiWTF - is a beta project Live distribution for webapplication pentesting.

Of course Backtrack Linux, but that's standard and doesn't need further descriptions. It contains a lot, but not everything. And yes: if you need anything not in bt3 jet, you can add it. Or build your own SLAX based Live Linux.
In fact I believe that Linux only is popular because of exactly this flexabilities.


Turns out you can have more stuff: pentoo i. e.: Look here:
that's a gentoo based pentesting Live distribution. Includes Nessus (still?) some Security Forest stuff, and it's modular: extendable. But gentoo. You know: The last thing I want is to emerge stuff in a VM. I doubt that useflags come in handy in a pentesting Live gentoo VM. If performance matters - you don't use a Live CD.
Therefore this is not the cool new bt3 duellist. But it has got some interesting tools to offer, too.


You can have some fun in the lab, using DVL - Damn Vulnerable Linux. After login you can downlod it at Bootcamp. It's an easy to compromise Linux to help you practise your tools like hydra, netcat or so in your local lab. Doing these first steps on the internet is a very bad idea. Believe me. ISP notice, IDS so, logfiles... world is chaotic.




In a similar direction goes the hackademia project: it has a forum to look for help if you can't successfully penetrate the VMs.
Stage 1 takes 2 minutes, but that's for the kids. Just some PW cracking and many open services.
Stage 2 takes a little longer. But that's just gaming nowadays because the project is rather old. If you don't use the fastest way to compromise, or want to test out several other methods - you're right there.
Actually there's a 3rd CD, but I didn't look into it. Some demo videos, some fun. I'm not sure, but it seems interesting:
you could build up a learning WepApp Pentesting Live CD and use Samurai to compromise it. Depends on the setups - maybe an OWASP related WepApp for hardending. Some fun with an Apache, php... or the python vulnerabilities; ruby had some too.


And now for the really lazy ones: badfoo.net has a torrent for us. This MultiIso contains several Live distributions at once. It boots them up via Grub. But it seems to be a goof idea to replace the multi-media stuff with some pentest-distributions.


Considering that you might want to own a Windows box. That's more work in the setups. I personally have my VMs - but you can't share them. Hirens is a bad idea, because that's no real Windows - it's reverse engineered and somehow different from Redmond Windows. ReactOS is something else too: Exploits from the Metasploit or other repositories may not work. And Windows often gets compromised via 3rd party apps. Therefore the ability to do Setups is necessary important.


So 3 things to remember:
You can set up a VM lab to test and enhance your skills very easily.
There're ready designed images for pentesting and serving the comprisable services/OSes.
You can build your own stuff or share this at the hackademia project.


Have fun,
wishi