Skip to main content

Building a multi-user Ethical Hacking Range

For last two years, I've been teaching introductory and advanced Ethical Hacking. An issue that I wanted to resolve was the issue of targets without context. Pulling down a vulnerable virtual machine from vulnhub or participating in a hackthebox challenge is all well and good if you want to serially go after unrelated vulnerabilities.

What I wanted to do was teach via a series of interrelated targets. An example of this would be a teaching a quick module on Linux authentication, followed by a quick lab on brute force login and subsequent password cracking of say a shadow file. Immediately after, the students would engage a target within the context of an overall theme that is loosely based on a corporation. This target might itself provide information for a future target.

Range Control as a Point of Departure

Range Control can be used deploy linked clones of base virtual machines that students can configure based upon the course or lab requirements. This is not sufficient for an ethical hacking range. A range needs fully provisioned targets. For this reason, we use post provisioning automation and some imaginative networking to produce a bare bones ethical hacking range.

Target Development

This is the hard part, developing a set of targets that

  • Incorporate a story line and to some extent link to other targets

  • Require reconnaissance and vulnerability research

  • Are relatively new (No MS08-067 or Windows 7/Me/XP)

  • A handful of these targets should have unique vulnerabilities including custom web applications and/or poor configurations.

    Target Development as a Capstone Project

    Several college seniors have used range target development as part of their capstone project. Their efforts seed the Champlain Ethical Hacking Range with new vulnerable systems. Targets can be refreshed and reskinned via ansible every semester or so.