Every hacker I know is always looking for ways to practice and improve their skills. One of the things I feel that is in short supply, is access to realistic networks to actually break into. Even here on this blog, we have a lot of posts about systems you can create to subsequently hack. In the real world, though, you will need more skills than running (or even creating an exploit) to exploit a network. Being able to pivot, pillage, and even protect a network are all essential for becoming a great pen tester. The goal of this post is to get you started on creating your own realistic lab network to build these skills. Specifically we begin by creating a segmented network using ESXi and PFsense. Everything will be virtual, so you only will need the hardware for the ESXi system. The assumption is that you have an ESXi server set up and know how to create virtual machines. Shall we begin?
Creating a Network Segment in ESXi
Assuming you have your ESXi system set up (I am using 5.5) so you can access it with the vSphere client and you have created a PFSense device on it, the next step is to begin creating our network segments. I have to admit, I found this article (on PFSense’s website too) after I wrote a lot of this guide and it covers a lot of this section, but I have come too far already. It also has steps for installing PFSense, so if you are stuck there now you have another resource. Use whichever seems easiest for you to follow! Anyway, on to the content!
- First, use vSphere to connect to your ESXi box and select that device specifically.
- Change over to the configuration tab and click “Add Networking”
- In the pop-up, select Virtual Machine
- Create a vSphere standard switch
- Name the network and finish the configuration
- Right click on your PFSense device in ESXi and hit “edit settings”
- Under the hardware tab, click add
- Select the “Ethernet Adapter” option
- Select the switch you just made and hit ok
- Restart your PFSense box
- Open the web console. You will typically need to be on the LAN network for the device
- Login using your PFSense credentials
- Hover over interfaces and click assign
- Add another interface
- Click on the new interface
- Check the enable interface box
- Rename the interface and select your required settings (recommended shown below) and hit save
- Hit apply changes
- If the web interface didn’t work, open the PFSense console in ESXi. Otherwise skip to 24
- Choose option 1, Assign Interfaces
- Answer like so:
- Choose option 2
- Complete the remaining like so, changing settings as desired
- To add a machine to this subnet, select its network interace and change to the appropriate network
Creating a VPN into Your Lab Network
A VPN can be very useful. In the lab I am building here, we wanted to be able to make it simple to practice different types of assessments, so we added a VPN into the different subnets. This may make it somewhat less realistic, but you will have to suspend some reality to gain functionality.
- Open the PFSense web interface
- Go to VPN > OpenVPN
- Click on the Wizards tab
- Select Local User Access and next
- Click Add new CA
- Name the CA appropriately then click Add New CA
- Click Add New Certificate
- Name the certificate appropriately and create the certificate
- Rename the VPN appropriately, select a new port, change the tunnel network , and change the local network. Then hit Next.
- The tunnel network should be set up as a new network.
- The local network should be the network you want the VPN to join
- Leave the next two options selected unless otherwise needed.
- Hit finish and complete setting up the VPN
Adding a User to the VPN
What good is a VPN if you can’t add users? Here’s how to do it!
- Open the PFSense web interface
- Go to System > User Manager
- Hit the add user button
- From here enter information into the following boxes
- Enter a username and password
- Enter a descriptive full name
- Enter a descriptive name for the certificate
- Enter a Certificate Authority with the CA for the specific VN you are choosing (from step 6 from creating a VPN)
- Hit save to finish
Connecting to the VPN on Linux
Now we get to enjoy the fruits of our labor and connect to the VPN!
- If you don’t have the config files for the VPN, connect to the web interface, otherwise skip to step 7
- Go to VPN > OpenVPN
- Go to the client export tab
- Scroll down until you see “Client Install Packages”
- Click on Archive under Standard Configurations
- Copy and extract the downloaded file
- In linux run the command: sudo openvpn –config <config file>
- Enter the username and password
- Now you should be on the network!
On Our Lab Network TO DO List
We covered a lot of material getting this far and we are not even close to being finished creating our full network. We have accomplished a lot, though. Now that you have these subnets created, you can practice pivoting (a very important skill), you can configure PFSense to prevent some of your attacks, you can learn how to build these systems and configure the environments. All are great steps on your hacking journey. But there is still much to do. Let’s take a look at some of the things that I plan on putting into my lab and hopefully will be covered in future blog posts. If I do, they will be linked below.
- Truly segmenting the lab (currently we just have it separated into subnets)
- Creating machines to practice common techniques
- Netbios spoofing is a common attack in windows domains
- Machines for hunting for credentials (e.g. machines to use Mimikatz on)
- Designing defensive systems for monitoring the network
- Iteratively improving your defenses and attacks to improve your skills
- Continuously updating your lab to be like legitimate machines