As it turns out, people aren't so happy if you just start scanning their networks and trying to connect to their computers, so, after a bit of reading, I decided I needed to get a laboratory set up.
Luckily I've inherited a fair amount of secondhand technology over the years as friends and family have gotten rid of things that are old, "broken," or need some minor repairs.
First, I needed a dedicated hacking/InfoSec laptop because I my primary laptop, a pre-retina 13" Macbook Pro, is necessary for my web design and development work and I didn't want to risk bricking it, infecting it, or accidentally exposing anything on it to anything malicious. An Asus Republic of Gamers laptop leftover from my days of playing WoW and other MMOs on the go seemed to fit the bill.
Note: You will likely need an external WiFi card. You can find lots of information out there regarding what is recommended. I've followed that advice and purchased one of the oft-recommended Alfa models. I'll leave you to find your own way since I cannot speak with any authority on the subject.
Quick Getting Started Guide
DBAN the Computer - So we can start with a fresh, clean HD. This can take awhile, too.
Install the OS - I decided to run Arch Linux as my OS for two reasons: 1) I've been itching to try it out and force myself to get more comfortable with Linux, and 2) It seemed to be the easiest to truly customize to suit your exact needs. If you go with Arch, this step might take awhile, but it's worth it. Go ahead, we'll wait.
Install Virtual Box - We'll use this to host some VMs so we have a virtual exploitation machine and some virtual exploitable machines. There are several other Hypervisors you could use, I'll leave you to research these on your own.
Install Kali Linux VM - This will be our exploitation machine.
Start reading/practicing/learning - Yeah, we aren't really ready to do too much yet, I've been going through Offensive Security's Metasploit Unleashed, Enigma Group's Hacking Challenges, and Over the Wire's Wargames for practical examples and practice. Do your best to resist Googling for OTW walkthroughs, I broke down on a few sections of the Bandit wargame and missed out on some valuable learning.
Install Other Tools - Instead of loading Arch up with every conceivable tool, which you could do using either the BlackArch Linux distro or by installing all of the Black Arch packages, I've taken the approach of installing things as I come across a need for them so that I learn to use each tool when I install it. So far I've got: John the Ripper, Hashcat, Aircrack-ng, WireShark, nmap, and a few others.
Some Other Things
Remember that pile of technology I mentioned earlier? It's time to start putting it to good use.
My pile included:
- several older laptops in various states of disrepair( most just need a new HD and a few keys on the keyboard replaced)
- several mobile phones (both Android and iOS devices of varying ages a few of which need new screens or other replacement parts)
- an older Linksys WiFi router
- Bluetooth USB adapter
- WiFi USB adapter
- a few microSD cards of various sizes
- various flash drives
What this all means is that I can move beyond my virtual exploitation network and set up a physical network to practice with.
To begin, I swapped the Linksys router's firmware out for DD-WRT. This taught me more about the router and opens up many more options for future configuration. I set up a network called Pentest Lab and secured it to hopefully prevent any nosey neighbors from connecting and ending up with their machine exploited, infected, or otherwise compromised in some way.
Next I took stock of the various parts and repairs the devices (laptops and phones) were in need of to begin researching the repairs and finding and ordering the parts. I'm going to be replacing some iPhone screens, it seems.
There was an iPhone 4 in there that worked perfectly and did not have a cracked screen so I rooted it and began setting it up with a Terminal and several of the tools I have been learning about (nmap, aircrack, wireshark, etc.). Now I don't have any real use for the mobile pentesting device just yet, but it will be interesting to play with in the future. The other devices will mostly be used to test mobile exploits on my internal Pentest Lab network.
We won't always want to use Kali in a VM and it's not really recommended as a daily driver (and I've already picked Arch as my primary distro), so I also created a bootable Kali flash drive.
The rest of the flash drives could have many different privacy and/or security-related uses:
So far my lab is serving me well at this stage in my learning. I'll post updates here as I make them.