Wednesday, 25 November 2015

How To Setup A Lab For Penetration Testing and Hacking (Level-1 Beginners )

Before We begin our hacking & pen-testing journey its very important for us to set up a lab, where we can try out all the testing in a very safe environment. I have seen many tutorials and videos on this topic at various blogs & channels on youtube. But what i found missing was most of these tutorials just explained the very basics such as how to install a pen testing distro like Kali Linux or backtrack on a Virtualization  software such as virtual box, & how to attack a pre-configured vulnerable box or a vulnerable distro. Most of these tutorials failed to explain simple settings and tweaks that can be done to create various hacking scenarios like for example tweaking the network settings from bridged to NAT etc., Also there are not many articles or guides on setting up a lab for intermediate and Advanced Users. Due the above reasons i have decided to write a series of very detailed articles on this  topic

Today we will start off with a very simple lab setup which can be used by beginners to get started in the field of Hacking and Pen-testing

Setting Up A Professional Hacking & Pentesing Lab for Beginners

The very first thing that you should do before beginning to setup a lab, Is to ask yourself what is the purpose of my Lab ?, what are the attacks that i am going to try out in my Lab ? What are things i am planning to learn ? etc.  Once you jot down the answers for the above questions you can start building your lab according to your needs. Since we are building a lab for beginners we will keep things simple

Purpose Of Our Beginners LAB 

  • To Learn how to use Metasploit 
  • To Learn  how to use Pre compiled Exploits 
  • To Learn How to PWN routers
  • To Learn and carry out basics Network Pentests 
  • To Learn how to attack web applications

Once we are clear with our purpose, we can proceed building a lab accordingly. Following are hardware & software requirements for our beginner lab

Hardware Requirements

  • PC / Laptop *  running Windows or Mac  or Linux
  • 4 Gigs of RAM or more * (If not at least 2 to 3 Gigs of Ram )             
  • 100 Gb of Hard disk space
  • Good Internet Connection
Note :- If you just have 1 GB of ram do not proceed any further, you will not be able to run your Virtual machines efficiently 

Software Requirements 

  • Virtualization Software *
                VMware Workstation or VMware Player ( Recommended If your using Windows)
                Virtual Box (Recommended If your using Mac or Linux )

  • Pen-testing Distros
                Kali Linux *  (Recommended)
                Black Box Linux (Optional)

  •  Vulnerable Distros   
                Metasploitable 1 & 2 *

  • Other Boxes To Pwn
                Windows 2002 or 2003
                Vyatta (Virtual Router )
                Windows 2007 (optional)
                Any Linux box (optional)

Building Our Beginner Lab

Once we have the required hardware & software, we can start building our beginner lab. First we will install the virtualization software, which will help us run multiple boxes (operating systems) on our host machine. You can choose between VMware Workstation and Virtual box, if your using windows i would highly recommend you to go with VMware, it handles memory very efficiently when running multiple boxes at the same time. If your using Linux such as Ubuntu it is highly recommend that you go with Virtual box, & if your using Mac your only option is to go with Virtual Box as VMware does not support Mac. Since there are new updates of the software almost every few months, For the Instillation guide, its a good practise to check the vendors website. I will give you the links for the official installation Guides of both VMware and Virtual box, which you can use to set VMware or Virtual box on your host machine 

Once you install the Virtualization software. Now lets start installing our Pen Testing Distors, Vulnerable Distros & other boxes mentioned above 

Pentesting Distros & Vulnerable Boxes

Kali Linux *

Kali linux is a must have pentesting distro for every hacker/Pentester. Kali is the successor of backtrack pen testing distors, Kali is debain based Linux which is well maintained with regular updates by offensive security. It has all the tools for carrying out a penetration test .For more details about Kali linux please visit their official website 

Back Box (Optional )

BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking tools.

Vulnerable Boxes
  • When installing the above the boxes make sure you allot enough hardisk space, anything over 10gb (15 gb recommended )
  • Dedicate each box at least 1 gb ram (Metasploitable,Ultimate lamp  512 gb)
  • Make sure you install guest additions on each box if your using virtual box and vmware tools if your using Vmware, this will give you some additional functionality like resizing the size of your virtual machines screens, allowing you to copy from host machine to virtual boxes etc.

Tutorials , Guides & Walkthroughs 

Now before i give you the links for various walkthroughs and guides, i will first talk about the network settings and how you can tweak them

Bridged Mode 

When you set your virtual machine to bridged mode, Your virtual machine will get an IP address in the range of the host computer when you compare it in real world its more like a computer which is on your LAN (Local area Network ), These computers are easy to hack since they have the ip in the same rage, so you can attack them directly. It is highly advised to set your Network settings to Bridged Mode when trying out the guides and tutorials given below. Once your comfortable with it you can try other network settings like NAT etc

NAT Mode  

When your Virtual machine is in NAT mode . The virtual machine will get an IP address in Private Ip address range (10.X.X.X). when you compare this to real world, its more like a computer which is sitting behind a router so basically you can not attack the system directly.

Tutorials, Guides and Walkthroughs
(Note :- Will be updated when i find some good tutorials and guides )

  1. Metasploit Guides
  2. Metasploitable Walkthrughs
  3. Web Application Pen-testing tutorials With Mutillidae by irongeek 

0 comments : Post Yours! Read Comment Policy ▼
We have Zero Tolerance to Spam. Chessy Comments and Comments with Links will be deleted immediately upon our review.