Building a Offensive Security Test Lab with ESXi and pfSense

In this post, I am going to create an offensive security test lab using the VMware ESXi hypervisor and the pfSense firewall. Once complete, this lab can be used to set up various attack and defense scenarios that can be used for any organization.

Why build a test lab?

As a security researcher and offensive security professional, building labs that reflect real-world corporate networks and security policies is a great way to test new ideas and new attack/defense methods on an ever-changing landscape.  The idea is to create a network environment in which you need to navigate only with the paths provided by the vulnerable or misconfigured code, in which your end goal would be to compromise the entire network.

Build Overview

My intentions for this lab build will be to simulate a real-world environment using both Windows and Linux operating systems, with items such as a Windows Active Directory server and a handful of workstations machines.  Since I won’t be adding vSphere or vCenter virtual appliances to this build, I will be using pfSense as my router and firewall combo.  I am going to create a handful of subnets to simulate different departments within a fictional company, in which only specific machines have access to specific subnets. This will force attackers to constantly change their attack methods based on the current rule-set applied.

For the hardware, I will be installing all of this on a Dell T-320 Server Tower containing an Intel Xeon E5-2420V2 processor, with 32 GB of RAM and 4+ TB of storage; this should be enough to get me started, so let’s take a look at setting up ESXi.

VMware ESXi Setup

The first step would be to set up the VMware ESXi hypervisor by downloading the ISO from the official vmware.com website.

If you don’t have a VMware user login to download the files, you can download it from here.

Once we have the ISO, we can either burn it to CD or image it to a USB stick for install.  Either method you choose, you can use the installation guide here to set it up, as the install is straight forward.  Once the initial install is complete, you should be able to access your ESXi dashboard using a web browser by navigating to the HTTPS version of the IP address you set during the install process and login with the user and password.

Once you are logged in you should see the VMware ESXi 6.7 dashboard, as seen in the image below.

VMware ESXi 6.7 dashboard
VMware ESXi 6.7 dashboard

Since we are planning to use pfSense within our environment as our network router/firewall, we need to make a few changes to the ESXi networking configuration.  We want to remove all of the default Port Groups except the Management group, which we want to keep.  Once the other default Port Groups have been removed, the new Port Groups should look like the image below.

VMware ESXi Port Groups
VMware ESXi Port Groups

Now we need to create some Virtual Switches by navigating to the Networking tab within the ESXi dashboard and click on Virtual Switches as seen below.  Each Virtual Switch will act as a separate subnet within our virtualized environment.

VMware Virtual Switch Creation
VMware Virtual Switch Creation

Once the new Virtual Switches have been created, we can go back to create a few Port Groups to simulate the subnet interfaces for our pfSense router.  This can be done by navigating to the Port Groups tab and click on Add port group to then add the WANLAN and OPT1 entries as seen below.

VMware PortGroups
VMware PortGroups

Now that we have the ESXi networking part complete, we need to download the latest version of pfSense, and upload it to the ESXi datastore of your choice.  If you are unsure how this is done, you can refer to the official VMware documentation. Once the ISO has been uploaded to the ESXi datastore, we can proceed with creating the pfSense Virtual Machine.

pfSense VM Creation
pfSense VM Creation

If everything installed correctly, we should now have a pfSense Virtual Machine set up in the powered down state.

pfSense Firewall Setup

The next step in this process is to configure the pfSense firewall so that we can create the different subnets, as well as setting up a VPN connection into our network using the OpenVPN package.

Since we created 3 Virtual Switches within ESXi, we will need to map those within our pfSense firewall.  In the image below, you can see that since we have three interfaces, you may need to check the MAC addresses of each Virtual Switch when setting up the pfSense interfaces to make sure it matches what you want.

pfSense Configuration
pfSense Configuration

Now that we have the interfaces set up on pfSense, we need to now setup IP address information for each interface using the information below.

pfSense pre-settings

Once pfSense has been set up with the settings above, it should look like the image below.

pfSense final settings

More coming soon…

Leave a Reply

Your email address will not be published.