Before We begin our hacking & pen-testing journey its very important for us to set up a lab, where we can try out all the testing in a very safe environment. I have seen many tutorials and videos on this topic at various blogs & channels on youtube. But what i found missing was most of these tutorials just explained the very basics such as how to install a pen testing distro like Kali Linux or backtrack on a Virtualization software such as virtual box, & how to attack a pre-configured vulnerable box or a vulnerable distro. Most of these tutorials failed to explain simple settings and tweaks that can be done to create various hacking scenarios like for example tweaking the network settings from bridged to NAT etc., Also there are not many articles or guides on setting up a lab for intermediate and Advanced Users. Due the above reasons i have decided to write a series of very detailed articles on this topic
Today we will start off with a very simple lab setup which can be used by beginners to get started in the field of Hacking and Pen-testing
Setting Up A Professional Hacking & Pentesing Lab for Beginners
The very first thing that you should do before beginning to setup a lab, Is to ask yourself what is the purpose of my Lab ?, what are the attacks that i am going to try out in my Lab ? What are things i am planning to learn ? etc. Once you jot down the answers for the above questions you can start building your lab according to your needs. Since we are building a lab for beginners we will keep things simple
Purpose Of Our Beginners LAB
- To Learn how to use Metasploit
- To Learn how to use Pre compiled Exploits
- To Learn How to PWN routers
- To Learn and carry out basics Network Pentests
- To Learn how to attack web applications
Once we are clear with our purpose, we can proceed building a lab accordingly. Following are hardware & software requirements for our beginner lab
- PC / Laptop * running Windows or Mac or Linux
- 4 Gigs of RAM or more * (If not at least 2 to 3 Gigs of Ram )
- 100 Gb of Hard disk space
- Good Internet Connection
Note :- If you just have 1 GB of ram do not proceed any further, you will not be able to run your Virtual machines efficiently
Software Requirements
- Virtualization Software *
Virtual Box (Recommended If your using Mac or Linux )
- Pen-testing Distros
Kali Linux * (Recommended)
Black Box Linux (Optional)
- Vulnerable Distros
UltimateLAMP
- Other Boxes To Pwn
Windows 2002 or 2003
Building Our Beginner Lab
Once you install the Virtualization software. Now lets start installing our Pen Testing Distors, Vulnerable Distros & other boxes mentioned above
Pentesting Distros & Vulnerable Boxes
Kali Linux *
Kali linux is a must have pentesting distro for every hacker/Pentester. Kali is the successor of backtrack pen testing distors, Kali is debain based Linux which is well maintained with regular updates by offensive security. It has all the tools for carrying out a penetration test .For more details about Kali linux please visit their official website
Back Box (Optional )
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.
Vulnerable Boxes
Bridged Mode
When you set your virtual machine to bridged mode, Your virtual machine will get an IP address in the range of the host computer when you compare it in real world its more like a computer which is on your LAN (Local area Network ), These computers are easy to hack since they have the ip in the same rage, so you can attack them directly. It is highly advised to set your Network settings to Bridged Mode when trying out the guides and tutorials given below. Once your comfortable with it you can try other network settings like NAT etc
NAT Mode
When your Virtual machine is in NAT mode . The virtual machine will get an IP address in Private Ip address range (10.X.X.X). when you compare this to real world, its more like a computer which is sitting behind a router so basically you can not attack the system directly.
Tutorials, Guides and Walkthroughs
(Note :- Will be updated when i find some good tutorials and guides )
Kali linux is a must have pentesting distro for every hacker/Pentester. Kali is the successor of backtrack pen testing distors, Kali is debain based Linux which is well maintained with regular updates by offensive security. It has all the tools for carrying out a penetration test .For more details about Kali linux please visit their official website
Back Box (Optional )
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.
Vulnerable Boxes
- Windows 2002 & 2007
- Metasploitable 1 & 2 Installation Guide
- Vyatta
- When installing the above the boxes make sure you allot enough hardisk space, anything over 10gb (15 gb recommended )
- Dedicate each box at least 1 gb ram (Metasploitable,Ultimate lamp 512 gb)
- Make sure you install guest additions on each box if your using virtual box and vmware tools if your using Vmware, this will give you some additional functionality like resizing the size of your virtual machines screens, allowing you to copy from host machine to virtual boxes etc.
Tutorials , Guides & Walkthroughs
Now before i give you the links for various walkthroughs and guides, i will first talk about the network settings and how you can tweak themBridged Mode
When you set your virtual machine to bridged mode, Your virtual machine will get an IP address in the range of the host computer when you compare it in real world its more like a computer which is on your LAN (Local area Network ), These computers are easy to hack since they have the ip in the same rage, so you can attack them directly. It is highly advised to set your Network settings to Bridged Mode when trying out the guides and tutorials given below. Once your comfortable with it you can try other network settings like NAT etc
NAT Mode
When your Virtual machine is in NAT mode . The virtual machine will get an IP address in Private Ip address range (10.X.X.X). when you compare this to real world, its more like a computer which is sitting behind a router so basically you can not attack the system directly.
Tutorials, Guides and Walkthroughs
(Note :- Will be updated when i find some good tutorials and guides )
Filed Under: Blog , Guides , Tutorials
John is a Cyber Security Enthusiast, Infosec researcher and a blogger.
Srinivas is a Cyber Security Enthusiast, Infosec researcher and a part time blogger.
0 comments : Post Yours! Read Comment Policy ▼
PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.