War Room

Shells from above

RSM logo

Home > R&D > Development > Building a Lab Network in ESXi

Building a Lab Network in ESXi

By

Every hacker I know is always looking for ways to practice and improve their skills. One of the things I feel that is in short supply, is access to realistic networks to actually break into. Even here on this blog, we have a lot of posts about systems you can create to subsequently hack. In the real world, though, you will need more skills than running (or even creating an exploit) to exploit a network. Being able to pivot, pillage, and even protect a network are all essential for becoming a great pen tester. The goal of this post is to get you started on creating your own realistic lab network to build these skills. Specifically we begin by creating a segmented network using ESXi and PFsense. Everything will be virtual, so you only will need the hardware for the ESXi system. The assumption is that you have an ESXi server set up and know how to create virtual machines. Shall we begin?

Creating a Network Segment in ESXi

Assuming you have your ESXi system set up (I am using 5.5) so you can access it with the vSphere client and you have created a PFSense device on it, the next step is to begin creating our network segments. I have to admit, I found this article (on PFSense’s website too) after I wrote a lot of  this guide and it covers a lot of this section, but I have come too far already. It also has steps for installing PFSense, so if you are stuck there now you have another resource. Use whichever seems easiest for you to follow! Anyway, on to the content!

  1. First, use vSphere to connect to your ESXi box and select that device specifically.
    ESXi Lab Network
  2. Change over to the configuration tab and click “Add Networking”
    add_networking
  3. In the pop-up, select Virtual Machine
    add machine
  4. Create a vSphere standard switch
    add switch
  5. Name the network and finish the configuration
  6. Right click on your PFSense device in ESXi and hit “edit settings”
    edit settings
  7. Under the hardware tab, click add
    add hardware
  8. Select the “Ethernet Adapter” option
    use interface
  9. Select the switch you just made and hit ok
  10. Restart your PFSense box
  11. Open the web console. You will typically need to be on the LAN network for the device
  12. Login using your PFSense credentials
  13. Hover over interfaces and click assign
    assign interface
  14. Add another interface
    assign interface 2
  15. Click on the new interface
    use interface
  16. Check the enable interface box
    enable interface
  17. Rename the interface and select your required settings (recommended shown below) and hit save
    rename interface
  18. Hit apply changes
    apply changes
  19. If the web interface didn’t work, open the PFSense console in ESXi. Otherwise skip to 24
  20. Choose option 1, Assign Interfaces
    console assign interface
  21. Answer like so:
    console assign interface 2
  22. Choose option 2
    console assign interface 3
  23. Complete the remaining like so, changing settings as desired
    console assign interface 4
  24. To add a machine to this subnet, select its network interace and change to the appropriate network

Creating a VPN into Your Lab Network

A VPN can be very useful. In the lab I am building here, we wanted to be able to make it simple to practice different types of assessments, so we added a VPN into the different subnets. This may make it somewhat less realistic, but you will have to suspend some reality to gain functionality.

  1. Open the PFSense web interface
  2. Go to VPN > OpenVPN
    OpenVPN
  3. Click on the Wizards tab
    OpenVPNWizards
  4. Select Local User Access and next
    Authentication Backend
  5. Click Add new CA
  6. Name the CA appropriately then click Add New CA
    CA Settings
  7. Click Add New Certificate
    Add Certificates
  8. Name the certificate appropriately and create the certificate
    Name Certificate
  9. Rename the VPN appropriately, select a new port, change the tunnel network , and change the local network. Then hit Next.
    1. The tunnel network should be set up as a new network.
    2. The local network should be the network you want the VPN to join
      vpn settings 1vpn settings 2
  10. Leave the next two options selected unless otherwise needed.
  11. Hit finish and complete setting up the VPN

Adding a User to the VPN

What good is a VPN if you can’t add users? Here’s how to do it!

  1. Open the PFSense web interface
  2. Go to System > User Manager
    add vpn user
  3. Hit the add user button
    user manager
  4. From here enter information into the following boxes
    user vpn settings

    1. Enter a username and password
    2. Enter a descriptive full name
    3. Enter a descriptive name for the certificate
    4. Enter a Certificate Authority with the CA for the specific VN you are choosing (from step 6 from creating a VPN)
  5. Hit save to finish

Connecting to the VPN on Linux

Now we get to enjoy the fruits of our labor and connect to the VPN!

  1. If you don’t have the config files for the VPN, connect to the web interface, otherwise skip to step 7
  2. Go to VPN > OpenVPN
    openvpn connect
  3. Go to the client export tab
  4. Scroll down until you see “Client Install Packages”
  5. Click on Archive under Standard Configurations
    vpn export
  6. Copy and extract the downloaded file
  7. In linux run the command: sudo openvpn –config <config file>
    vpn connect
  8. Enter the username and password
  9. Now you should be on the network!

On Our Lab Network TO DO List

We covered a lot of material getting this far and we are not even close to being finished creating our full network. We have accomplished a lot, though. Now that you have these subnets created, you can practice pivoting (a very important skill), you can configure PFSense to prevent some of your attacks, you can learn how to build these systems and configure the environments. All are great steps on your hacking journey. But there is still much to do. Let’s take a look at some of the things that I plan on putting into my lab and hopefully will be covered in future blog posts. If I do, they will be linked below.

  1. Truly segmenting the lab (currently we just have it separated into subnets)
  2. Creating machines to practice common techniques
    1. Netbios spoofing is a common attack in windows domains
    2. Machines for hunting for credentials (e.g. machines to use Mimikatz on)
  3. Designing defensive systems for monitoring the network
  4. Iteratively improving your defenses and attacks to improve your skills
  5. Continuously updating your lab to be like legitimate machines

 

References

https://pfsense.org/download/

Configuring OpenVPN on pfSense

http://blog.outsidesys.com/2015/02/19/home-lab-with-pfsense-workstation/

https://doc.pfsense.org/index.php/OpenVPN_Remote_Access_Server