pentest lab

All posts tagged pentest lab

Good Evening friends. Today we will see a step by step guide  on how to create a web application pentest lab .

For creating this lab, I am using a host machine with Windows 7 installed on it.  We also need the following softwares.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation   or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above softwares to your system. Install Wamp server.  For this WAPT lab,  we will use vulnerawa as a vulnerable website or target website. Extract the contents of the folder to the root folder of the wamp server. Now open a browser and and type localhost in the urlbar to see if you can see the victim webapp as shown below.


Click on “Create Database” to create some data which we will use in our future howto’s.


Now let’s change the permissions of the wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.


You should see the httpd.conf as shown below.  Type CTRL+F and search for word “stuff”. After you find it, make changes  as shown below in the red box. Save the file by typing CTRL+S  and restart the wamp server.


Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is


Now start your attacker machine( Kali Linux ), open browser and type the address in the url bar and see if you can access the victim web application as shown below.




Your web application pentest lab is ready. Happy hacking.

Good evening everybody. Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pentest lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.



Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.



Do the same for Metasploitable virtual machine.



Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.



Type the command “ifconfig” to see the IP addresses of interfaces.



The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 netmask up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.



Power on Kali Linux. In the terminal, type command “ifconfig eth0 netmask up”. Verify if the IP address is set by typing command “ifconfig”.



Test whether this system can communicate with victim system by pinging the victim machine as shown below.



The connection is successful. Our penetration testing lab is ready. Happy practising.