Trial and error, and more trials and more errors…

I learned a lot setting this lab up. This was not only a technical lesson, but also a lesson on when sometimes stepping away and taking a break can be the best way to find the solution. The toughest hurdle, for sure, was the Security Onion setup. I spent no less than 15-20 hours over a weekend troubleshooting the installation and sensor configuration. It wasn’t until I stepped away and rested that I finally got it to work (don’t ask me how). But alas, it was a great experience overall and I cannot be happier with it at the moment.

Diagram (changes pending..)

Currently this is a 4 network architecture. All of the networks are connected via a pfSense firewall, with exception to the isolated vulnerable network. The layout is ever evolving though, so I’m sure by the time you are reading this, it’s already changed.. ![[Pasted image 20250529161435.png]]

Why do this?

I am doing this for numerous reasons. One of the main reasons if just to learn anything I want. It’s one thing logging into a HTB or THM room and trying your hand at things, and that is an excellent way to learn. But setting up your own environment and doing these things yourself if a whole new kind of learning experience. Here are a few ways I’ve leveraged my lab already:

  • Learning Ansible
  • Studying for my RHCSA
  • Playing around with Kali
  • Playing around with SO and configuring it to detect various exploits

Overall, it’s been an amazing experience, and I would recommend to anyone that is interested in tech. An amazing addition to this is having a home VPN set up, so no matter where I am in the world, I always have access to my lab!

Future Plans

Looking ahead, I’m excited to add a local DNS server to the mix. This will boost the lab’s functionality and make it feel even more like a real-world network.

Demo

Here’s a super quick demo of an FTP vulnerability on my metasploitable machine. First I’ll run a quick nmap scan to see what all is running:

sudo nmap -sV -sC 192.168.255.10 -T 5 -oA metasploitable_2025-10-04

![[Pasted image 20251004230656.png]] A quick search shows a proof of concept: ![[Pasted image 20251004230821.png]] Let’s grab that PoC and see if it works: ![[Pasted image 20251004230452.png]] Looks like I need to install telnetlib3 and edit exploit.py to reflect that module name ![[Pasted image 20251004230514.png]] And easy as that, I have root access on the metasploitable machine. If only it were always that easy! ![[Pasted image 20251004230539.png]] ![[Pasted image 20251004230610.png]]