Penetration test

All posts tagged Penetration test

Good evening everybody. Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pentest lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

pentestlab1

 

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

pentestlab2

 

Do the same for Metasploitable virtual machine.

pentestlab3

 

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

pentestlab4

 

Type the command “ifconfig” to see the IP addresses of interfaces.

pentestlab5

 

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

pentestlab6

 

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

pentestlab7

 

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

pentestlab8

 

The connection is successful. Our penetration testing lab is ready. Happy practising.

Virtual penetration testing lab is a lab created on a single system using any virtualization software. It can be very helpful for people practising for CEH or similar certification. Any penetration testing lab has two machines, attacker and victim. In this lab we will set up Kali Linux as the attacker and Windows XP( most favourite victim machine ) as the victim. I am going to set up this lab in Vmware Workstation 9. Hope this will be helpful.

First of all install Kali Linux and Windows XP in Vmware Workstation.

vpl1

 

vpl2

Shut them down. In the Vmware Workstation menu, Select Edit” and click on Virtual Network editor.

vpl3

The window below will open showing the virtual network adapters. Click on “Add network”.

vpl4

Vmware provides nine virtual networks from 0 to 9. Vmnet0, Vmnet1 and Vmnet8 are automatically assigned for  bridged, Host-only and NAT types of network respectively. Select the network “Vmnet3″.

vpl5

We can see that our network is added as Host-Type with a automatically assigned subnet IP.

vpl6

 

Click on our network. We can see its settings below.

vpl7

 

Deselect the option ‘Connect a host virtual adapter to the network‘.This will make our network a custom type. Change the subnet IP to 10.10.10.0( choice is yours).  Select the ‘Use local DHCP service to distribute IP address to VMs‘ option. This will automatically assign IP addresses to our machines. Click on ‘DHCP settings‘.

vpl8

You will see the below window. Make changes if you like. I am going to leave it default. Click OK twice to exit.

vpl9

 

We have successfully created our custom network. Now let’s add our machines to the network. Open the tab of Kali Linux and click on ‘network adapter‘ setting.

vpl10

In the settings, select the ‘custom radio button and select the network Vmnet3 from the dropdown menu. Click on OK.

vpl11

Do the same for Windows XP. Then let’s boot up our victim machine and check it’s IP address by typing ‘ipconfig‘ in the command line.The DHCP server has automatically assigned it the IP address 10.10.10.129.

vpl12

 

Boot the attacker machine and check it’s ip address by typing ‘ifconfig’ in the terminal. It has been assigned the address 10.10.10.128.

vpl13

Ping the victim IP machine (10.10.10.129) to see whether the two machines can communicate.

vpl14

 

We have successfully created a virtual penetration testing lab. Happy testing.