Table of Contents
Setup hacking lab - Introduction
With the rise of cyber crime there has come a need for more cyber security experts which is bound to increase in the coming days. In this tutorial I will help you setup hacking lab. A hacking lab is where you can carry out your penetration experiments without the fear of having to go against the laid cyber security laws and policies. We will install Kali Linux (a penetration testing operating system) and Metasploitable (a vulnerable Linux image to practice penetration testing on).
A penetration hacking lab consists of an attack orchestrating Operating System which in our case we will use the Kali Linux operating system and a vulnerable operating system which in our case is the Metasploitable 2. Kali Linux will be used to perform attacks against the vulnerable Metasploitable. These attacks are simulations of real life attacks which are known by the penetration tester but are done in a safe and controlled environment
Overview on Penetration testing
Penetration testing also known as pentesting, is the art of attempting to evaluate security of an IT system by simulation of attacks on known vulnerabilities of a system. A pentester is a hacker authorised by the system owner to carry out attacks on the system in order to help the IT team harden their systems before they are put to use in order to avoid attacks which may cost a fortune.
Overview on Mesploitable 2
Metasploitable is a Linux operating system which has the commonly known vulnerabilities. It was developed by Rapid 7 organization for the purpose of training aspiring penetration testers in a safe environment. In the below tutorial, we will be downloading and installing it on our Virtual Box to complete building our hacking lab.
- A PC running windows operating system 7/8/10.
- OS capable of running all of the required applications.
- VT-x/AMD-V Supported Processor recommended.
- A minimum of 30GB hard disk space.
- A minimum of 4GB RAM.
- Have Oracle virtual box installed on your windows machine.
- Have Kali Linux installed on your virtual box. Navigate to https://www.golinuxcloud.com/kali-linux-virtualbox/ to check our article on installing kali Linux in a virtual box.
Steps to setup hacking lab for penetration testing
Step-1: Download Metasploitable Image
In this tutorial we are going to use oracle VirtualBox to deploy Metasploitable. But you can use the same image to install it via VMware Workstation Player as well.
Download metasploitable using the official sourceforge.net.
After download is complete, extract it to the folder of your own liking as shown below.
Step 2: Create new VM
We can now run our oracle virtual box to install metasploitable 2. Open Oracle Virtual Box → Machine → New to create a New VM.
We are going to create VM in Expert Mode so that we can be able to adjust the disk space to be used and other settings as required. Hence on this screen we choose to install in expert mode.
Step-3: Configure VM (Disk, RAM)
We first need to create a virtual hard disk drive so that we can later add metasploitable virtual machine disk as shown below and click create.
We also need to enter the amount of RAM to be used by our metasploitable machine. Metasploitable has no GUI, we can only access it via the terminal hence it does not require that a large amount of RAM. In our case we will use 2 GB of RAM. This will be enough for carrying out our penetration testing.
The main purpose of metasploitable is just to carry penetration tests on it hence the virtual disk does not require large amounts of space so we will just one additional disk of 8GB. To add another disk, select the VM -> Click on Settings icon -> Select Storage -> Click + icon in the corner to Controller:IDE to add Hard Drive -> Click on Create to create a new disk -> Select VDI -> Select Dynamically allocated -> Provide the path of the disk and size (We choose default 8GB) and click on create to create a new virtual disk.
Next select your disk and Attach to the VM. Click OK to save.
Step-4: Configure Network
It is recommended to use the default network settings for the VM. But I have some use case to use it across my private network so I will choose Bridged Network.
Step-5: Power on the VM
Next we fire up the virtual machine.
Once the VM boots up, we can see that our metasploitable VM is ready for penetration testing.
We are now through with setting up a hacking lab and ready to start penetration testing.
Step-6: Get Network details of Metasploitable VM
Next check the IP details of your Metasploitable VM. We will use this IP to access the metasploitable dashboard on the browser. Here as you can see, my IP address is 192.168.0.160
Step-7: Access Metasploitable dashboard
Now we can use the same IP to access our metasploutable dashboard using any browser:
Now we can click on any of the options to access the respective tool as shown above.
In the above guide, we have setup hacking lab on which we can perform our penetration testing without the fear of going against the law. We have full control of the lab as we can adjust space required by the Operating System on virtual box and other important factors such as the RAM and the network configuration. We can now be able to perform penetration testing of the commonly know vulnerabilities for machines running on Linux operating system. No damage or loss can be incurred while using the lab for penetration testing.