By Dave Howe
OK, so thought I would write this one up in more detail. The cheapest way to build a home lab for pentesting purposes is virtualization – obviously, physical hardware is still required, but provided you have an existing machine with enough ram, that is good enough (my preferred configuration is a dedicated, if old, laptop with ubuntu+kvm, so I may write that up later)
For virtualization on an existing os, vmware workstation is usually the best choice – but also costs a LOT, so second best choice is the completely free virtualbox – So before we go any further, download and install this. The extension pack is optional, but installation is recommended. (note – the extension pack is NOT gpl licenced, but as long as this is personal use, this is still fine. just don’t do it at work :D)
What pentesting lab is complete without Kali, so this is going to be our first port of call. Grab the ISO (I would say the 64 bit full image there)
Launching the Virtualbox Manager app, you should be presented with an empty vm list and a “new” button – so hit “new”. This starts a wizard to set up your first vm.
- First Screen – I called it “Kali” (duh) and selected Linux > Ubuntu 64bit.
- Second Screen – 1024mb ram (the default)
- Third Screen – Create new virtual disk (and hit create)
- Type – VDI
- Storage – Dynamic (this way it only takes up as much room as it needs)
- Location and Size – called it “kali-sda” and 50GB
So at this point, we should have a new VM called Kali. However, while it is CALLED Kali, clearly its still empty as of yet, so let’s fix that next.
Click on your new VM in the virtualbox manager, and select the “Settings” icon on the toolbar. in the screen that appears, navigate first to “Storage” then to “Empty” (with a cd rom icon) and finally click the far right CD rom icon to get to the pulldown menu for “Choose Virtual Optical Disk File…” Pick your new Kali iso, and hit “OK”.
Next, select “Network” and on adaptor 1, select “Bridged Adapter” and select your machine’s network card or wifi card (this puts your new Kali directly onto your lan, which is convenient for many reasons). We are done here now, so can hit “OK” and close settings.
Start your new VM by hitting START on the toolbar. You will want to select INSTALL on the menu that appears on boot. Not going to walk you though installing Kali in detail – just take sensible values for language, let it get its IP address via DHCP, pick a sensible password, and unless you have any preferences for disk layout, just use the default (guided) setting for that. Nothing set in stone here – if you decide in future you wanted it set up differently, just reinstall it 😀
Our first test target
PentesterLab offer some decent and free test targets for this sort of thing – as bootable live ISO images, so little or no configuration needed. For this example we will be specifically using the Web For Pentester that has some common web vulnerabilities to play with – so download the ISO for that.
Again in virtualbox manager, select the “new” button. Call this VM “Live ISO” as Linux -> Other Linux (64 bit). Give it 1GB ram, but no hard disk at all, then complete the config.
In the settings for this new VM, we will want to specify the ISO we got from PentesterLabs, and tick the “Live CD” button. We also need to specify bridged networking on the “Network” tab as before. Now, go ahead and boot this – it should drop you to a debian linux prompt, and typing “ifconfig” will get you the IP of the machine (eth0, inet addr).
Go back to your Kali. Launch a web browser and type in the IP address you just found. If you see a “Web For Pentester” page, congrats, you now have a working lab! 😀
One final note – the Web For Pentester VM is one of the two specified for this Cybrary course. While the PentestLab page does give its own hints and instructions, if you are wanting to do the Cybrary course mentioned, you are now all set. Happy Hacking 😀
Once more, with feeling – Windows 10 Hyper-V
OK, so lets repeat the exercise, but this time, using Windows 10 Hyper-V 🙂
Out of the box, Hyper-V doesn’t seem to set up networking for you, which seems like a bit of a drawback, so lets fix that first.
- Launch the HyperV Manager
- Right click your machine (Bottom item on the left hand side) and select “Virtual Switch Manager”
- Assuming there isn’t already one listed (there wasn’t for me), click the “Create Virtual Switch” button
- Give your switch a name (maybe “HV Bridge”?) and make sure External Network is selected, and your active network card is in the pull-down box below it
- Hit “OK” then assuming all goes well, close the VS Manager
Right, so lets press on… to creating our Kali machine!
- First, again right click your machine, and select New->Virtual Machine
- Hit “Next” on “before you begin” assuming you start there
- In “Specify Name and Location” give the VM a name (I would suggest “Kali”. Also if you don’t like the default location, go specify where you would like your new VM (this is just the VM config file, not the HD). Hit “Next”
- We are going to want to stay with G1 on the next pane, so ensure that is selected, and again, “Next”
Give your new VM 1GB of memory, but leave “dynamic” checked (this means it isn’t going to reserve that memory, but will be given it as it needs it). Then, you guessed it, “Next”
- On the networking pane, select your newly created bridge, and… “Next”
- Create a new hard disk, for your new machine. Going with my previous theme, I picked “KaliSDA.vhdx” – again, you can browse to a different location if the one defaulted to is not to your liking. Decide how much space to give it (I went with 50GB) and -> -> “Next”.
- Under “Installation Options” select to install from CD/DVD-ROM, Image file, and pick a kali iso (downloaded from site as previously specified)…..And just for the variety, hit “Finish”
Our Kali VM is now ready to boot and install – It should show up in the list of Virtual Machines (back in Hyper-V Manager) and can be right clicked. Do so now, and select “Connect”. This will give you a new window, and on that window’s toolbar, a nice, round green power button that will boot your VM into life
(See previous posting above for a brief installation guide)
now you should have a nice, working Kali, and just need a moving target 😀
Live CD VM
This is slightly more complex, as HV doesn’t know it can do this 😀
- Again as before, Select “New” -> “Virtual Machine”
- Give your new machine a name (I went with “Live CD”)
- Again, G1
- Network should be “not connected”
- Hard drive should be “I will connect one later”; there is no option for “you don’t get one” so….
- Hit “Finish” to complete this step.
some more config work required though before we can use this new vm
- Right Click and connect to your new vm
- On the “File” menu, select “Settings”
- On the hardware list, look for a “Network Adapter” – if you find one, click on it, and hit the “Remove” button.
- At the very top of the hardware list, find “Add Hardware” and select “Legacy Network Adapter”. Hit “Add”.
- Your new device should be selected – make sure it is on the correct virtual switch (the bridge we added earlier) then hit “OK”
- On the “Media” menu, back on the VM window, select DVD -> “Insert Disk” and select an iso (again, I am using the Web Pentester one)
- Finally, hit the green power button to start the vm
If all has gone well, you should be now able to use “ifconfig” to show the IP of your target machine, and connect to it from Kali. Mission Accomplished! 😀
This article was originally posted on Peerlyst