Posted on 27 Comments

Create Virtual pentesting Lab in VirtualBox

Hello aspiring hackers. In this howto you will see how to create virtual pentesting lab in Virtualbox.  Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pen test lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

Do the same for Metasploitable virtual machine.

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

Type the command “ifconfig” to see the IP addresses of interfaces.

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

The connection is successful. Our virtual pentesting lab is ready. Happy practicing.

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

27 thoughts on “Create Virtual pentesting Lab in VirtualBox

  1. Same problem here: i followed all your steps and were worthless. Changing from internal network to NAT gave me the same result: nothing. Don’t know what i’m doing wrong. I’ll paste here both machines

    -with both meta and kali having NAT configuration:

    Metasploitable:

    I just have realized that i can’t copy and paste from meta but you have to trust me, i have performed the “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up” command so many times that i now have it present my mind all day.

    kali:

    root@kali:~# ifconfig
    eth0: flags=4163  mtu 1500
            inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255
            inet6 fe80::a00:27ff:fe04:5c0b  prefixlen 64  scopeid 0x20
            ether 08:00:27:04:5c:0b  txqueuelen 1000  (Ethernet)
            RX packets 2  bytes 650 (650.0 B)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 26  bytes 2326 (2.2 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    lo: flags=73  mtu 65536
            inet 127.0.0.1  netmask 255.0.0.0
            inet6 ::1  prefixlen 128  scopeid 0x10
            loop  txqueuelen 1  (Local Loopback)
            RX packets 34  bytes 2402 (2.3 KiB)
            RX errors 0  dropped 0  overruns 0  frame 0
            TX packets 34  bytes 2402 (2.3 KiB)
            TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

    root@kali:~# ping 10.1.1.2
    PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
    ^[c^C
    — 10.1.1.2 ping statistics —
    16 packets transmitted, 0 received, 100% packet loss, time 15001ms

    ##here i started to enter numbers that i saw they could share a pattern like 000.0.00.0 so not very important##

    root@kali:~# ping 10.1.1.255
    PING 10.1.1.255 (10.1.1.255) 56(84) bytes of data.
    ^C
    — 10.1.1.255 ping statistics —
    6 packets transmitted, 0 received, 100% packet loss, time 5017ms

    root@kali:~#

    same with internal network configuration

    What can I do?

    1. i also tried with both machines having the same netmask (as in the tutorial) although in the example i pasted the machine having 255.255.255.0 netmask

      1. See my reply and try.

    2. Hey Angel. I can understand your frustration. Seeing the above data you sent me, it seem- s both machines are not on the same subnet. Do this to fix the problem. Turn off both the machines. On Virtualbox machines, click on each machine. Then go to “settings”. In “settings” opt ion, click on “Network” option. You should see a “Enable network adapter” screen. Make sure it is “NAT”. Click on “OK”. Do this in both machines. Your problem should be solved.

  2. Ok I’ve done all the steps and I guess it worked but my kali machine will not stop pinging, this has been going on for an hour now and i’m getting really frustrated. I just want to start practicing
    and get on with all of these tutorials and courses but nothing any of theses instructors teach is working and i feel that by the time get everything to start working all this info will be worthless.
    what the hell am i doing wrong?

    1. @Afterimage, Hit on CTRl+C to stop it.

  3. […] With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab. […]

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.