Previous Step
Objectives for this Step
- Ensure that we can access the target environment using our attack box
Reviewing the Setup
Reviewing the network diagram for the GOAD environment, note the following about the lab environment
The original lab environment had the following
- VLANs
native
—10.0.0.0/24
(LAN)666
—10.6.6.0/24
(SEC_EGRESS)999
—10.9.9.0/24
(SEC_ISOLATED)80
—10.80.80.0/24
(AD_LAB)
- The attack box is on the
native
VLAN and can reach any of the other VLANs
The GOAD lab environment adds
- VLANs
10
—192.168.10.0/24
(GOAD)
- The provisioning CT is on
native
- The GOAD hosts are on
10
- The attack box can still reach all of the VLANs, including
10
Positioning the Attack Box
Why this Matters
Certain network attacks only work when the attack box is on the same Local Area Network as the target(s), because some attacks require broadcasts and snooping at layer 2.
10.0.0.0/24
and the targets are on 192.168.10.0/24
, then certain attacks won't work, but there is still a wide variety of attacks you can try on the GOAD lab from this positionLeaving Attack Box on Native VLAN
This will keep the attack box on the pfSense internal LAN of 10.0.0.0/24
. In the original lab design we give the attack box — Kali Linux — a DHCP reservation of 10.0.0.2
.
10.0.0.2
from your home network via SSH or some remote desktop protocol.Log into your attack box and you should be able to begin the penetration test against the 192.168.10.0/24
network.
Putting Attack Box on VLAN 10
This will move the attack box to VLAN 10 — 192.168.10.0/24
— and put it on the same LAN as the rest of the GOAD hosts.
Configure the Static Route
Refer to the documentation on configuring static routes and add the following:
- Destination Network:
192.168.10.0/24
- Gateway: pfSense WAN IP address
Give Attack Box a DHCP Reservation
Configure a WAN Firewall Rule
Connecting to Kali on VLAN 10
Now that you've added the firewall rule on the WAN, use a SSH or remote desktop client of your preference and target 192.168.10.2
. With the static route, this will send the traffic to pfSense WAN IP, which will pass the traffic internally to complete the connection.
Connectivity Check
Attacking the Lab
Conclusion
That was quite the adventure getting everything built and configured ...😅
I tried my best to think of most cases where someone reading may get stuck, but if I have missed anything, if there are any errors, please do let me know and I'll work to get it corrected. However, at this point, that should be about it. I hope you have lots of fun pwning GOAD!