Build a Pentest LAB using GNS3 (Part 1)

The newer versions of GNS3 off an exciting platform for practicing Pentests. As shown below, additional appliances can be added such as Kali Linux, a server (can be windows or open source, a lot of options are provided) in addition to the routers and switches.

In this lab, we observe how possible it is to build such a lab. Depending on how you want to approach the network,you can place the Kali appliance strategically to intrude to the network.

In this first part 1, we explore the network from the internet point to the Kali appliance. In the future,we hope to have a few applications running within the LAN, in various devices such as servers. This will be supported by full connectivity from the routers within the LAN, up to communication with the internet using the NAT interface that Kali provides.

As shown, having connectivity to the internet is easy with the NAT interface provided by GNS3. The figure below illustrates how we were able to ping the google servers from the Kali appliance.

The Kali Machine gets an IP from the NAT interface in the 192.168.122.0/24 subnet. This sub-interface is created for GNS3 in our host machine. Hopefully, in our next tutorial,we shall be able to provide full connectivity for our internal LAN and try using wireshark in our Kali appliance to monitor traffic and launch attacks. The IP provided in our case is as shown:

 

Conclusions:

Virtualization is great when testing new applications and how they would behave in a real-world environment. I believe virtual-box offers a lot. However, with these GNS3 features, it makes even more sense to be able to build a whole network from scratch and keep track of changes, configure your own routers, servers, firewalls.

As we progress, one can come up with ideas of how to break into your network. Perform cool stuff like enumeration, looking for vulnerabilities in more appliances such as un-patched routers, firewalls, servers and end devices. With good knowledge of the network, one can advance to even more interesting stuff like lateral movement and even owning the network. All this will be demonstrated in the coming blogs.

Challenges:

  1. Getting IOS for the routers. However there are a couple online or you can buy some.
  2. Installing GNS3 appliances such a Kali, ASA firewall, servers etc. If this is your first time (also my first in many aspects), be patient and google,a lot.

Leave a Reply

Your email address will not be published.