Samer Aoudi
EH Lab Environment Network Traffic Wi-Fi Security Malware Analysis Reconnaissance Social Engineering Scanning Sniffing
Courses CTF Platform Security Tools Commands Cheatsheet Awareness Blog About
Setting Up a Lab Environment

In this practical activity, you will set up an Ethical Hacking (Pentesting) lab environment.

Why this activity? Setting up your own penetration testing lab allows you to practice your pentesting skills in a controlled environment.

Prerequisite Knowledge: None
Requirements: VMWare Workstation
Duration: 50min
For HCT students, the three machines should be available on your lab computer. Check with your instructor.
Files: Kali Linux, Windows 10 Target, Metasploitable 2
Related Videos:
Setting Up Your First Ethical Hacking Lab
Task #1: Install Kali Linux
Kali Linux Kali Linux is the new generation of the industry-leading BackTrack Linux penetration testing and security auditing Linux distribution. Kali Linux is a complete re-build of BackTrack from the ground up, adhering completely to Debian development standards.” (Source and to learn more: http://docs.kali.org/). Kali Linux is a free open source toolbox with more than 600 penetration testing tools included. Kali Linux will be our main tiger box (toolbox).
Note: We are downloading a pre-installed VM that we can simply open. The alternative is to download a disk image (i.e. an ISO file) and do the installation yourself. The 2nd option is time consuming and more advanced.
Note: The virtual networking components in Workstation Pro include virtual switches, virtual network adapters, the virtual DHCP server, and the NAT device. You can configure bridged networking, NAT, and host-only networking for virtual machines.
Bridged Networking Bridged networking connects a virtual machine to a network by using the network adapter on the host system.
NAT Networking With NAT, a VM does not have its own IP address on the external network. Instead, a separate private network is set up on the host system. In the default configuration, a virtual machine gets an address on this private network from the virtual DHCP server. The VM and the host system share a single network identity that is not visible on the external network.
Host-Only Networking Host-only networking creates a network that is completely contained within the host computer. Host-only networking provides a network connection between the VM and the host system by using a virtual network adapter that is visible on the host OS.

In this activity, you will install Kali Linux as the Tiger Box for the course.

Expert Mode
  1. Download the latest version of Kali Linux (skip this if your instructor already provided Kali)
  2. Install Kali Linux as a VM on your physical machine
  3. Configure Kali's network settings to NAT
  4. Power on Kali, log in, and obtain the IP address
  5. Update Kali's system using apt update
  6. Upgrade Kali's system using apt upgrade
For HCT students, the three machines should be available on your lab computer. Check with your instructor.
Regular Mode
Task in details »
    Note: The steps below are based on VMWare.
  1. Visit the Kali Linux Download page, and find the Virtual Machines category (skip this if your instructor already provided Kali)
  2. Choose your architecture (64 vs. 32 bits). If not sure, most modern computers are 64 bits.
  3. Download the VM file that suits your hypervisor:
    • For VMWare Workstation, download the 7z file: kali-2022.2/kali-linux-2022.2-vmware-amd64.7z (version may vary)
    • If you are using Oracle VirtualBox, download the OVA file: kali-2022.2/kali-linux-2022.2-virtualbox-amd64.ova (version may vary)
    • If you want to perform a full installation (advanced), you can download the appropriate Bare Metal (i.e., .iso disk image) version. This is the best option if you want to install on an Apple machine with an M1 chip
  4. Load the VM using your hypervisor:
    • For VMWare Workstation, extract the 7z file into your Document/Virtual Machines folder (create it the folder if needed); open the extracted VM using your VMWare Workstation (File»Open)
    • If you are using Oracle VirtualBox, open the OVA file
    • If you are doing a full installation (advanced), read the detailed guides Virtualization Guides »
  5. Click the VM menu and select Settings
  6. Click Network Adapter and select the NAT option. Click OK when done
  7. Note Kali's credentials in the Description section, and power it on
  8. Log in using the following credentials: (kali/kali)
  9. Start a new Terminal window
  10. Type the following command to get the IP address: ip a
  11. First let's update the system. Type the following command: sudo apt update
  12. Now let's upgrade the system. Type the following command: sudo apt upgrade
    13. Update vs. Upgrade The update command only updates the package list with the latest available versions, however, it does not install or upgrade the package. The upgrade command actually upgrades and installs the latest versions of packages that are already installed.
    Note: If you get 403 Forbidden Error during the update, do the next step.
  13. Open the etc/apt/sources.list file (as root) and update the dep http:// entry to deb https://
    14. Note: The update and upgrade might take a while
  14. Explore your Kali and make sure you know your way around it. This is the absolute minimum knowldge you should have: a) file system; b) available applications; c) basic linux commands; d) installing new tools and updating existing ones
Vulnerable Targets Now that we have a Tiger Box (Kali Linux), we need some targets for practice. There are hundreds of intentionally vulnerable VMs that you can use. One popular sourse is VulnHub »
Warning! Running a vulnerable VM on your machine can be risky. To ensure you are protected, isolate the vulnerable VM using the network adapter settings discussed in the previous task. When you use discoverable settings, you can disconnect from the Internet.

In this activity, you will add two Target Machines for practice and testing.

Expert Mode
  1. Download Metasploitable 2 from VulnHub (skip this if your instructor already provided Metasploitable 2)
  2. Extract and open in VMWare Workstation
  3. Set the network settings to NAT
  4. Power on Metasploitable
  5. Repeat the steps above for the Windows 10 target (download here »)
  6. From Kali, ping the two targets
Regular Mode
Task in details »
  1. Visit VulnHub and search for Metasploitable (skip this if your instructor already provided Metasploitable 2)
  2. Click the Metasploitable: 2 VM to go its page
  3. Read the description and other details on the page. This will help you select other targets in the future. Notice the Format: Virtual Machine (VMware) and Operating System: Linux
  4. Download the metasploitable-linux-2.0.0.zip file from one of the download sites
  5. When the download is complete, unzip the file in your Documents/Virtual Machines folder
  6. Open your VMWare Workstation and from the File menu, select Open
  7. Navigate to the unzipped folder and select the Virtual Machine Configuration file VMX to open (it would be the only accessible file)
  8. The VM should now be present in your Worstation. Edit Settings → Network Adapter Settings → NAT
  9. Run the new target VM
  10. Run Kali
  11. In Kali, start a new Terminal window
  12. Get Kali's IP ip a
  13. Copy the entire IP address with the /24 from eth0 interface
  14. Scan the network to discover the target's IP using the following command and your own IP address nmap -sn 192.168.135.154/24 NMAP Host Discovery
  15. Ping the target's IP address ping 192.168.135.155
  16. Download the Windows Target here » (skip this if your instructor already provided Windows 10)
  17. Extract the contents and open in VMWare Workstationas you did before
  18. Ensure the network adapter is NAT and power on the machine
  19. Login using the credentials samer/password
  20. Launch a terminal window and get the IP address ipconfig
  21. Conduct a host discovery scan using nmap as you did before nmap -sn <Your Network IP>
  22. You should be able to see the Windows target IP address in your scan results
Name
Red fields are required.
Oracle VirtualBox
VMWare Workstation
Microsoft Hyper-V
Kali Linux
Metasploitable 2
Windows 10
Bridged
NAT
Host-Only
Virtual Machine Configuration (VMX)
Virtual Machine Configuration (VMW)
Virtual Machine Metadata (VMDK)

               
© Samer Aoudi 2005-2024