Posted on 26 Comments

Virtual hacking lab for beginners

Hello aspiring hackers. In this blogpost, you will learn how to create a virtual hacking lab in VirtualBox. Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pen test lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

Select Kali Linux, Go to settings > network. Enable “network adapter 1″.Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK”to save the settings.

Do the same for Metasploitable virtual machine.

virtual pentesting lab

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

Type the command “ifconfig”to see the IP addresses of interfaces.

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

The connection is successful. Our virtual pentesting lab is ready. Happy practicing.

Follow Us

26 thoughts on “Virtual hacking lab for beginners

  1. […] evening friends. We have seen how to create a virtual pentest lab both in Oracle VirtualBox (see here) and Vmware Workstation(see here). Although both penetration testing labs were almost similar, […]

  2. Hi there! Good tutorials! Just want to ask if this can be done using a Windows XP virtual machine? Thanks! and More power!

    1. Thank You, John. Yes, you could use any OS for that matter.

  3. is it possible do this with Android os and Win 7 ,kali linux?

    1. @harsha, just replace Windows Xp with Windows 7 and for android you have to install Android x86 version.

  4. Hi, I did evey step but when I type ping 10.10.10.2 nothing happens. It just says PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.

    1. Hi Alexander, Can you send me screenshots of your IP addresses in Kali and Metasploitable.

      1. I dont know if I can. I tried print screen but it wont let me paste it on here. I took a picture on my iphone but I dont know how to put it on here either 🙁 The IP for kali is 10.10.10.1 and for metasploitable is 10.10.10.2

  5. Hi Kanishka,
    Installed Metasploitable and Kali with no problem. It is also setting ip addresses correctly as 10.10.10.2 and 10.10.10.1 with the ifconfig. Kali is however not able to ping Metasploitable and says destination host is unreachable. Not able to figure out the problem. Help?

  6. Hi Kanishka,
    In continuation of my earlier comment regarding inability to ping metasploitable from kali details are as under:
    root@kali:~# ifconfig
    eth0: flags=4099 mtu 1500
    inet 10.10.10.1 netmask 255.0.0.0 broadcast 10.255.255.255
    ether 08:00:27:fa:25:8e txqueuelen 1000 (Ethernet)
    RX packets 0 bytes 0 (0.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 0 bytes 0 (0.0 B)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73 mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10
    loop txqueuelen 0 (Local Loopback)
    RX packets 37 bytes 2912 (2.8 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 37 bytes 2912 (2.8 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    root@kali:~# ping 10.10.10.2
    PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
    From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=4 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=5 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=6 Destination Host Unreachable
    ^C
    — 10.10.10.2 ping statistics —
    7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6008ms
    pipe 3
    root@kali:~#
    metasploitable ip is correctly set to 10.10.10.2
    help to resolve?

    1. @Sankaran, sorry for the delayed response. Change the options of network adapter from “internal network” to “NAT” for both the machines. You don’t need to set the IP address manually. Ping and tell me the result.

  7. Thanks.Sorry for delayed response as well. I kept trying and reinstalled VB and the two VMs.It is working fine with internal network settings. Thanks once again.

  8. hello,
    the above worked very well, I was just wondering if there was a way for it to be persistent? or would i have to retype this in every time i boot up the two machines?
    thanks in advance,
    michael

    1. @Michael, the arrangement is persistent.

  9. I have the same problem

    root@kali:~# ping 10.10.10.2
    PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
    From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
    From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
    ^C
    — 10.10.10.2 ping statistics —
    6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5015ms
    pipe 3

    1. Hey Tony, you are getting this error becaus -e KALI could not find the Metasploitable. Are you sure both the machines are on the same network. Check once again. Check the IP add -ress by using ifconfig command. If you have followed the instructions correctly, there shou- ld not be a fuss.

  10. Hi, Everything worked as expected. However when i power down the virtual machines, and re-launch them, the settings applied , adding the IP addresses etc. have not been saved and has reverted to the start. Meaning everytime i want to do this, i need to keep following this tutorial.

    Is there any way to save all the settings and commands done, so i don’t have to keep doing this?

    thanks.

    1. Sam, I am uanble to comprehend as to why it’s happening to you. Did you folow the tutorial exactly? No problem though. You can still have a workaround by using Host-Only networking or Nat networking. By the way, which version of Virtualbox are you trying this on.

  11. Same problem here: i followed all your steps and were worthless. Changing from internal network to NAT gave me the same result: nothing. Don’t know what i’m doing wrong. I’ll paste here both machines

    -with both meta and kali having NAT configuration:

    Metasploitable:

    I just have realized that i can’t copy and paste from meta but you have to trust me, i have performed the “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up” command so many times that i now have it present my mind all day.

    kali:

    root@kali:~# ifconfig
    eth0: flags=4163 mtu 1500
    inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
    inet6 fe80::a00:27ff:fe04:5c0b prefixlen 64 scopeid 0x20
    ether 08:00:27:04:5c:0b txqueuelen 1000 (Ethernet)
    RX packets 2 bytes 650 (650.0 B)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 26 bytes 2326 (2.2 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    lo: flags=73 mtu 65536
    inet 127.0.0.1 netmask 255.0.0.0
    inet6 ::1 prefixlen 128 scopeid 0x10
    loop txqueuelen 1 (Local Loopback)
    RX packets 34 bytes 2402 (2.3 KiB)
    RX errors 0 dropped 0 overruns 0 frame 0
    TX packets 34 bytes 2402 (2.3 KiB)
    TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

    root@kali:~# ping 10.1.1.2
    PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
    ^[c^C
    — 10.1.1.2 ping statistics —
    16 packets transmitted, 0 received, 100% packet loss, time 15001ms

    ##here i started to enter numbers that i saw they could share a pattern like 000.0.00.0 so not very important##

    root@kali:~# ping 10.1.1.255
    PING 10.1.1.255 (10.1.1.255) 56(84) bytes of data.
    ^C
    — 10.1.1.255 ping statistics —
    6 packets transmitted, 0 received, 100% packet loss, time 5017ms

    root@kali:~#

    same with internal network configuration

    What can I do?

    1. i also tried with both machines having the same netmask (as in the tutorial) although in the example i pasted the machine having 255.255.255.0 netmask

      1. See my reply and try.

    2. Hey Angel. I can understand your frustration. Seeing the above data you sent me, it seem- s both machines are not on the same subnet. Do this to fix the problem. Turn off both the machines. On Virtualbox machines, click on each machine. Then go to “settings”. In “settings” opt ion, click on “Network” option. You should see a “Enable network adapter” screen. Make sure it is “NAT”. Click on “OK”. Do this in both machines. Your problem should be solved.

  12. Ok I’ve done all the steps and I guess it worked but my kali machine will not stop pinging, this has been going on for an hour now and i’m getting really frustrated. I just want to start practicing
    and get on with all of these tutorials and courses but nothing any of theses instructors teach is working and i feel that by the time get everything to start working all this info will be worthless.
    what the hell am i doing wrong?

    1. @Afterimage, Hit on CTRl+C to stop it.

  13. […] With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab. […]

Comments are closed.