wallhack

Cyber Range

The GitHub repository contains a Docker Compose environment for practicing network pivoting: a self-contained set of isolated networks simulating a realistic penetration testing scenario. Configuration files are in the examples/cyber-range directory of the wallhack repository.

Environment Overview

The cyber range includes multiple isolated networks simulating a realistic penetration testing scenario: DMZ, office network, and secret subnets.

Docker Compose Setup

Get the files: Clone the repository and navigate to the cyber range example:

git clone https://github.com/block65/wallhack.git
cd wallhack/examples/cyber-range

Start the environment:

docker-compose up -d

docker-compose.yml

version: '3.8'

services:
  dmz-host:
    image: alpine:latest
    container_name: wallhack-dmz
    volumes:
      - ../../target/release/wallhack:/usr/local/bin/wallhack
    networks:
      dmz:
        ipv4_address: 10.0.0.10
      office:
        ipv4_address: 10.1.0.5
    command: sleep infinity

  internal-host:
    image: alpine:latest
    container_name: wallhack-internal
    networks:
      office:
        ipv4_address: 10.1.0.10
      secret:
        ipv4_address: 10.2.0.5
    command: sleep infinity

  target:
    image: alpine:latest
    container_name: wallhack-target
    networks:
      secret:
        ipv4_address: 10.2.0.10
    command: sleep infinity

networks:
  dmz:
    driver: bridge
    ipam:
      config:
        - subnet: 10.0.0.0/24
  office:
    driver: bridge
    ipam:
      config:
        - subnet: 10.1.0.0/24
  secret:
    driver: bridge
    ipam:
      config:
        - subnet: 10.2.0.0/24

Practice Scenarios

  • Single-hop pivot: Practice pivoting from the dmz-host (representing a compromised entry point) to the office network.
  • Multi-hop pivot: Chain through the DMZ and office networks to reach the secret subnet. This requires manually transferring the binary from the dmz-host to the internal-host to simulate lateral movement.
  • Route Configuration: Test connectivity and verify routing table configurations across hops.

The dmz-host is pre-configured with the binary via a volume mount to simulate an initial compromise. To practice realistic lateral movement, you must manually transfer the binary to the internal-host. The target container remains clean, as it is the final objective.