top of page
Search

Virtual Router Pentest Lab

A penetration test, also known as a pen test, is a simulated cyber attack against your computer system to check for exploitable vulnerabilities.

Pen testing can involve the attempted breaching of any number of application systems to uncover vulnerabilities, such as unsanitized inputs that are susceptible to code injection attacks.


A wide variety of security assessment tools are available to assist with penetration testing, including free-of-charge, free software, and commercial software.


Software frameworks:

⤿ BackBox;

⤿ Hping;

⤿ Metasploit Project;

⤿ Nessus;

⤿ Nmap;

⤿ OWASP ZAP;

⤿ SAINT;

⤿ w3af, ...


Penetration testing phases

The process of penetration testing may be simplified into the following five phases:


⤿ Reconnaissance: The act of gathering important information on a target system. This information can be used to better attack the target. For example, open source search engines can be used to find data that can be used in a social engineering attack.

⤿ Scanning: Uses technical tools to further the attacker's knowledge of the system. For example, Nmap can be used to scan for open ports.

⤿ Gaining access: Using the data gathered in the reconnaissance and scanning phases, the attacker can use a payload to exploit the targeted system. For example, Metasploit can be used to automate attacks on known vulnerabilities.

⤿ Maintaining access: Maintaining access requires taking the steps involved in being able to be persistently within the target environment in order to gather as much data as possible.

⤿ Covering tracks: The attacker must clear any trace of compromising the victim system, any type of data gathered, log events, in order to remain anonymous.

Once an attacker has exploited one vulnerability they may gain access to other machines so the process repeats i.e. they look for new vulnerabilities and attempt to exploit them. This process is referred to as pivoting.


VyOS

VyOS is a Linux-based network operating system that provides software-based network routing, firewall, and VPN functionality. Its configuration syntax and command-line interface are loosely derived from Juniper JUNOS as modeled by the XORP project.

This is an open source routing operating system and is the successor to Vyatta. VyOS is considered an enterprise solution and while it is freely available, there are some limitations as VyOS does offer support contracts to it’s customers and paying customers have access more features.


Download Vyos iso image here

Credentials: vyos / vyos

You can developing an advanced pentesting lab using VMware, Metasploitable3, Kali, and VyOS.


Now roll up our sleeves and get busy building your network!



82 views0 comments

Recent Posts

See All

MacOS | Recording a Packet Trace

A packet trace is a record of traffic traveling across the network. It’s useful for investigating complex network problems related to both correctness and performance. Once you start a packet trace on

DNS Guard

Absolutely everything is connected to the internet these days, from TV to smart light bulbs, from mobile devices to smart cars. Given those ads and ad trackers are everywhere on the Internet, a browse

Cyber Security Interview, Q&A

Can you explain the difference between symmetric and asymmetric encryption? When would you use one over the other? Answer: Symmetric encryption uses a single key to both encrypt and decrypt data, whil

bottom of page