Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)


CompTIA PenTest PT0-002

In this tutorial we will be setting up the Lab Environment which we will use through out the course of CompTIA PenTest+ Tutorial.

We would be needing a lab setup to practice the pentesting so let us setup our own dedicated pentesting lab. You have different options to create a lab depending upon your convenience such as you can have a dedicated hardware where you basically launch the operating system with all the tools in it. You can also setup your lab on cloud environments such as AWS.

But we will keep it simple and use Oracle Virtual Box to setup our pentesting lab by creating different virtual machines which will act as server and client.

Here is a topology diagram of our Lab where we are using 3 virtual machines to perform the entire testing:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

We will install Kali Linux which will act as the client initiating attacks on DVWA and Metasploitable. All these VMs would be connected over virtual host-only network so that our physical host network is not impacted.

 

Download and Install VirtualBox

VirtualBox is a an open source product from Oracle and is freely available so let's start by downloading this software from their official page. You can choose the software variant as per your host machine:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Since I am running my host on Windows so I will choose the first option. At the time of writing this tutorial, version 7.X was available from Virtual Box which may not be the case when you are reading it. So it is possible that some of the configuration options may vary based on the version you choose.

The installation of Virtual Box on Windows is pretty straight forward and I am afraid I won't be able to guide you through the installation steps but you basically have to just follow the screen and the default options should be enough in most cases. You can always refer VirtualBox Reference Guide for more information.

If you are using Linux host then you can refer How to install Oracle Virtual Box on Linux (CentOS / RHEL 7)

Once Virtual Box is installed, it is also recommended to download and install the Extension Pack of the same version which you can find on the same virtual box page.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Create Host Only Network in VirtualBox

Next we will create some virtual host only network which will be used by our virtual machines throughout the tutorial. Click on Files -> Tools -> Network

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

On the right hand side panel, select Host-only Networks. Here you will find a default VirtualBox Host-Only Ethernet Adapter with some default Adapter configuration. We will modify it with below values:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Next switch to DHCP Server Tab and make the following changes:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Click on Apply to save the changes.

 

Download and Install Kali Linux

Now that our Virtual Box network setup is ready, lets go ahead and install Kali Linux. Now Kali Linux is a distribution of Linux that's specifically oriented for pen testers. In other words, it's a collection of tools in your toolbox, all open source, all free stuff, and it's a great way to start building your toolbox.

You can access the official page to choose your Kali Linux platform. I will choose the Virtual Machine option so that I don't have to go through the complete installation stage and I can just import the downloaded VM files into Virtual Box.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Next based on my host environment, I will choose my downloaded file:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Next open the Virtual Box software and click on Machine -> Add.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

I have extracted the downloaded kali image file under Downloads. So navigate to the extracted path and select the vbox file.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

This will add a new VM to your Virtual Box software. Next let's configure the network settings for this VM. Select the VM and click on Settings. Here we will enable Adapter 1 and set it to Host-only Adapter which we created earlier.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

We will also need to enable Adapter 2 and set that to NAT because we will be connecting to Internet as well. I will go one step ahead and also configure Port Forwarding to able to connect to the VM using SSH.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Click on start to power on the VM.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Once you get the access to the login console, login using kali/kali which is the default login credential of the image. If this doesn't work then you can again check the official download page to get the updated login credential.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Next we will enable SSH access, on the GUI, right click and Open a new Terminal.

If you want to enable root based SSH access then open /etc/ssh/sshd_config using sudo access and update the value of PermitRootLogin to yes to enable root based SSH access.

Enable and start SSH server:

sudo systemctl enable ssh --now

Once connected I can verify my network details:

+--(root?kali)-[~]
+-# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.10.1.10  netmask 255.255.255.0  broadcast 10.10.1.255
        inet6 fe80::570:f0af:411c:e577  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:1e:36:4a  txqueuelen 1000  (Ethernet)
        RX packets 35  bytes 8616 (8.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 25  bytes 3762 (3.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.3.15  netmask 255.255.255.0  broadcast 10.0.3.255
        inet6 fe80::cbec:5e79:51cb:9218  prefixlen 64  scopeid 0x20<link>
        ether 08:00:27:83:cb:99  txqueuelen 1000  (Ethernet)
        RX packets 50  bytes 6912 (6.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 58  bytes 10134 (9.8 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

Download and Install DVWA

Now that we have our Kali Linux up and Ready, next we need a web application server which we can target and attack, so we will use Damn Vulnerable Web App i.e. DVWA. We are choosing this framework as it is deliberately vulnerable and will help us practice for our course.

I have downloaded DVWA 1.0.7 ISO from DAMN VULNERABLE WEB APPLICATION (DVWA): 1.0.7 which I will use to create a new Virtual Machine.

Open your Virtual Box software and click on Machine -> New to create a new VM. Provide the required details as shown in the screenshot:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

I am giving 2GB RAM and 1 vCPU for this VM:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Virtual Disk size of 10GB should be sufficient as we don't intend to add too many software and data on this VM. By default the provided size will be dynamically allocated i.e. the entire 10GB will not be reserved and based on the usage the storage will be used.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Finish the configuration process. Next change the network setting of this VM to Host-Only Adapter for Adapter 1.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Save the changes and start the installation by clicking on Start in the next step:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Once the DVWA boots up you can see the following screen on the console. Here you can either choose to run the application directly from the image by choosing first option i.e. boot the Live System or in our case we will go ahead an install the application using start the installer directly.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

and that's it, DVWA is UP and Running.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Verify the Network Address of this VM:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Download and Install Metasploitable

Metasploitable is another framework which is one of the options for ethical hackers to perform pentesting as a vulnerable application. So we will download and install it with Virtual Box as a VM.

We have downloaded metasploitable-linux-2.0.0.zip from the official page. Here is the extracted content of the archive:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Let's create a new VM using these files. Open Virtual Box and click on File -> New to create a new VM. The Name of the VM must be same as the extracted folder which contains the above VMDK files.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Click on Expert Mode and choose the existing downloaded VMDK file as the hard disk instead of creating a new one.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Click on Finish to apply the changes. Configure the Network to use Host-only Adapter for Adapter 1.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Start the new VM.

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

and that's it your environment is ready to start the pen testing. The default login credential are msfadmin/msfadmin which is provided under logging-in-to-metasploitable-2

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

 

Verify the network address of this VM:

Setup Lab Environment for CompTIA PenTest+ Exam (PT0-002)

Now we have three virtual machines, two victims and one attack surface and we also can attack our host which is the Windows box.

 

Deepak Prasad

Deepak Prasad

He is the founder of GoLinuxCloud and brings over a decade of expertise in Linux, Python, Go, Laravel, DevOps, Kubernetes, Git, Shell scripting, OpenShift, AWS, Networking, and Security. With extensive experience, he excels in various domains, from development to DevOps, Networking, and Security, ensuring robust and efficient solutions for diverse projects. You can connect with him on his LinkedIn profile.

Can't find what you're searching for? Let us assist you.

Enter your query below, and we'll provide instant results tailored to your needs.

If my articles on GoLinuxCloud has helped you, kindly consider buying me a coffee as a token of appreciation.

Buy GoLinuxCloud a Coffee

For any other feedbacks or questions you can send mail to admin@golinuxcloud.com

Thank You for your support!!

Leave a Comment