Throughout the book, we discussed various techniques and methodologies that, with practice, continual research, and diligence, will allow you to perform a penetration test from start to finish. This chapter allows you to put some of that information to work and bring it into perspective.
We will discuss the following items in this chapter:
As we prepare for the challenge, we need to build the core firewalls; there will be three firewalls that we will use in this chapter. They are as follows:
The concept will be to create the network architecture and then connect machines to it. Follow the processes and steps we discussed throughout the book and perform a professional penetration test. The main point is, this architecture can support the majority of network types you might encounter and will be an excellent resource for building your skills. An example of the firewall architecture is shown in the following diagram:
As the diagram shows, we will configure three firewalls within our challenge environment and connect with six switches. This is an architecture that is representative of many of the networks that the author has encountered. There is a tendency to have two firewalls inline as we do here. One change that has been made is that the Debian 5 machine is placed outside pfsense-1. On most network designs this is not the case; it is normally placed inside the pfSense firewall. We made this change because it is one that is recommended with respect to defense, because it separates the public required data from that of the internal user network; furthermore, it allows the network administrator to configure only a minimal number of services on the firewall that has the internal network behind it. This design greatly reduces the attack surface.
We will begin with setting up the
m0n0wall firewall. If you used pfSense in previous chapters, you will note that the setup is very similar. Our m0n0Wall instance will have three adapters in this case: WAN, LAN, and OPT1. Begin by downloading m0n0wall at http://m0n0.ch/wall/downloads.php. We will be using the cdrom-1.8.1.iso
release, although any future releases should be very similar in setup. m0n0wall is a well-established, small firewall that will work perfectly for our needs due to the limited resources required.
In VMware, use the following settings to set up a new virtual machine:
m0n0wall
FreeBSD
128 MB
20 GB
This machine will need three network adapters configured using the network manager:
VMnet2
, which will be our WAN connectionVMnet1
,
which will represent our LAN connectionVMnet9
and will be tied to our internal network (the OPT device)The m0n0wall will need to be installed on the new Virtual Machine.
Once you have reviewed the network configuration, we need to work through the process of creating the machine configuration. Let's get started with that now!
m0n0wall
by clicking on Power on this virtual machine; once the system boots, choose the 7) Install on Hard Drive option.ad0
).Now that m0n0wall has been installed, we must configure the interfaces:
em0
adapter is assigned to VLAN 1, em1
to VLAN2, and em2
to VLAN 3. These VLANs can be any unused number between 1 and 4094.VMnet1
. The WAN adapter should be assigned to the VMnet2
adapter, and the VMnet9
adapter should be assigned as the OPT device:The firewall has been installed on our hard drive and the adapters have been assigned to VLANs. Now, we need to set up the LAN IP address and connect to the web interface for further configuration. As an optional step, the default password can be changed. For the sake of simplicity, we will continue using the default password for the rest of this exercise.
192.168.50.10
with a mask of 24
.We can now boot up a Kali instance on the VMnet1
internal network and connect to the web interface of the firewall by first obtaining a new DHCP address on the appropriate range and then directing our web browser to http://192.168.50.10
. Login with a username of admin
and a password of mono
:
We need to set up our other interfaces to perform the tasks we have in mind, which is to provide the 192.168.175.0/24
subnet with a firewalled route to our vulnerable host, which will be located at 192.168.175.100
(connect a Debian machine to VMnet9
). Select the OPT1 interface from the navigation menu on the left of the screen and enable it by checking the appropriate box. Leave the Bridge with option as none, and type the IP address for this interface: 192.168.175.10
. Ensure that the drop-down lists 24
. Click on the Save button after applicable changes have been made.
We can enable the DHCP server on the OPT1 interface. Choose DHCP server from the left navigation menu and the OPT1 tab under Services: DHCP server. Check the box that enables the DHCP service on this port and enter the Range as 192.168.175.100
to 192.168.175.150
. After your changes have been selected, click on the Save button to continue.
There are currently no default rules set up for the OPT1 interface. Let's set up some basic rules to allow our system in 192.168.50.0/24
to ping those in 192.168.175.0/24
.
Click on the Firewall Rules option in the left-hand navigation bar and select the OPT1 tab. Selecting the icon that looks like a plus symbol within a circle will bring you to the screen that allows new rules to be configured. Click on this icon to continue.
In this initial rule, we want to allow ICMP packets to the OPT1 interface from everywhere. The following settings need to be selected:
Pass
OPT1
ICMP
Any
Save your settings, and click on the APPLY button to load the changes.
We can now traceroute
from our Kali Machine to our Target Machine (in this case, a Debian machine).
Using m0n0wall allows us to use a lot of powerful options with very limited space. This can become very important when you want to place several firewalls in your virtual lab environment.
The next machine we will create is the pfsense-1 firewall. Create a virtual machine that matches the following:
pfsense-1
pfSense (FreeBSD)
pfsense-1
FreeBSD
256 MB
20 GB
This machine will need three network adapters configured using the network manager:
VMnet2
, which will be our WAN connection.VMnet3
,
which will represent our LAN connection.VMnet4
and will be tied to our internal network (the OPT device); pfsense will need to be installed on the new virtual machine.VMnet8
(this is an optional step to connect a network adapter, which allows you to easily download and install the necessary packages. This adapter should be disabled as soon as possible).Now that the network adapters are defined it is time to perform the following additional steps:
pfsense
by clicking on Power on this virtual machine and once, the system boots, press the I key to install to the hard drive.X.X.X.100-X.X.X.150
80
, 443
, 53
, 161
, 25
, 22
, 23
, and 21
TCP/UDP from the WAN net to the LAN netThe following screenshot shows a work in progress of setting the firewall rules for pfsense-1:
The pfsense-1 firewall will have an IDS and a WAF installed. We can use the package manager that pfSense makes available to us to install this additional functionality on our system.
The pfSense-1 system will need temporary access to the Internet to be able to access and download these packages. This can be configured using VMnet8
on the OPT2 interface. Be sure to disable any of the other test machines before connecting to the Internet. Enabling the Internet on the WAN interface will enable all of the systems using pfsense-1 to access the Internet.
We install additional packages into the firewall by performing the following steps:
The next machine we will create is the pfsense-2 firewall. Create a virtual machine that matches the following:
pfsense-2
pfSense (FreeBSD)
pfsense-2
FreeBSD
256 MB
20 GB
This machine will need two network adapters configured using the network manager:
VMnet4
, which will be our WAN connectionVMnet5
, which will represent our LAN connectionOnce the network adapters are defined and configured, it is time to configure the firewall itself by performing the following steps:
pfsense
by clicking on Power on this virtual machine. Once the system boots, press I to install to the hard drive.