Download the above software to your system. Install Wamp server. For this WAPT lab, we will use Vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the Wamp server. Now open a browser and and type localhost in the URL bar to see if you can see the victim webapp as shown below.
Click on “Create Database” to create some data which we will use in our future howto’s.
Now let’s change the permissions of the Wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.
You should see the httpd.conf as shown below. Type CTRL+F and search for word “stuff”. After you find it, make changes as shown below in the red box. Save the file by typing CTRL+S and restart the Wamp server.
Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.
Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.
Your web application penetration testing lab is ready. Happy hacking practice.
Hello, aspiring ethical hackers. In this blogpost, you will learn how to create virtual hacking labs for practicing hacking. No matter how many articles or blogposts you read or how many hacking courses you take, you cannot truly understand the concept of hacking until you perform those hacking tutorials practically. To practice hacking effectively, you need a secure environment without the risk of compromising the security of a safe network or systems and attract legal consequences due to your actions.
A hacking lab is a lab that provides a safe environment to practice hacking without the above-mentioned risks. The most basic hacking lab consists of two machines: attacker system (the system from which you hack) and target system (the system which you hack).
What is a virtual hacking lab?
Just now, you have learnt that a basic hacking lab needs to have one attacker system and target system. They can be installed on separate hardware but this may prove expensive especially as you upgrade your hacking lab in future. Luckily, hacking labs can be created on a single system itself using virtualization solutions. Virtualization allows you to install multiple operating systems on a single machine. Some of the popular virtualization solution are Oracle VirtualBox, Parallels Desktop, VMware vSphere, Hyper-V, QEMU etc.
The hacking labs created using this method is called virtual hacking labs. They are inexpensive compared to the cybersecurity lab and easily adaptable. Of all the solutions mentioned above, I will be using VMware Workstation as its rich in features. VMware Workstation can be downloaded from here and installed on Windows, Linux, macOS, Solaris etc. Here, I have installed it on a Windows machine.
We will be creating various types of hacking labs. They are,
Let’s first see how to create a simple or basic hacking lab in VMware. A basic hacking lab just has an attacker system and target system on the same network. The operating system on which VMware workstation (or any another virtualization software) is installed is known as the Host machine. The operating systems that are installed in VMware are called as GUEST machines.
So here, in VMware, we will be installing two guest machines: one is Kali Linux (attacker system) and Metasploitable 2 (target system).
Once both the virtual machines are installed successfully, turn ON both the machines. Login into the Metasploitable 2 VM. Default username and password are “msfadmin / msfadmin”.
Type the command “ifconfig” to find out the IP address of your target system.
Similarly login into the Kali Linux machine and in the terminal, type command “ip a” to find out its IP address.
Test whether the attacker system can communicate with the target system by pinging the target system from the attacker system as shown below.
The connection is successful. Our virtual hacking lab is ready. Happy practicing hacking.
2. Firewall hacking lab
The above lab is a simple and easiest lab to practice ethical hacking. But if you notice one thing in the above lab, both attacker and target system are on the same network. But this is rarely the case in real-world. In real-world, target systems are in most cases behind a firewall.
So, the second lab we create is a Firewall Lab. In this lab 2, we will create a real-world ethical hacking lab where not only the attacker system and target system are on different networks but also the target system is behind a firewall. We will create this lab in VMware and we will be needing three operating systems for this hacking lab. They are,
Attacker system: Any pen testing distro like Kali Linux, Parrot security OS, Black Arch Linux etc. (We will be using Kali Linux). Target system: The system we want to target. It is your choice. We will be using Windows XP SP2 here. Network Firewall: This is a firewall that protects the target system. You can choose from various choices like PFSense, OPNsense, Untangle, IPfire, etc. We will be using PFSense.
Install all these machines in VMware. We already have installed Kali Linux on VMware. See how to install Windows XP SP2 in VMware. See how to install PFSense in VMware.
After all the three distros are installed successfully, open VMware Workstation. Go to Edit->Virtual Network Editor. The below window should open. Click on “Add network” to add a new network adapter.
Here we created a new network named ‘vmnet4’. Select the network we just crated to make the required changes. First and foremost, make it a Host-only network. Unselect the option “Use local DHCP service to distribute IP address to VMs”. That’s because we don’t want VMware to allocate IP addresses for this network. We want that job be performed by our network firewall “PFSense”. Choose subnet IP of 10.10.10.0 and subnet mask of 255.255.255.0. Click on “OK”.
Then, go to virtual machine settings of “PFSense firewall”. The below window will open.
By default, any new virtual machine created in VMware will be assigned to NAT network which you can see in the above image. But note that our Firewall needs two network adapters as it will be connected to two networks. Click on “Add” and add a new network adapter.
Then assign this adapter a network we just now created “VMnet4”.
Click on “advanced” and note the MAC addresses of both the adapters. This is useful while assigning the network adapter as external and internal networks.
Why do we need two network adapters?
Any firewall or Router act as a wall between two networks. They are,
Public network (External or WAN network).
Private network (Internal or LAN network).
Now turn ON the “PFSense” machine. After it boots, you will see the menu shown below.
Let’s first classify the WAN and LAN interfaces. Select option ‘1’. Do you remember I told you to note the MAC addresses of the network adapters? Assign the NAT interface to WAN and “VMnet4” interface to LAN.
After the network adapters are assigned, we need to assign IP addresses to these interfaces. Select ‘2’ from the menu.
Then, select the number of the interface you want to configure. Make sure that WAN interface takes IP address via DHCP server of VMware (Since it is a NAT adapter).
While configuring the LAN interface, select “NO” while it asks you to configure the interface via DHCP, Then, enter the IP address (intranet) for the LAN network as “10.10.10.1”. We selected a subnet bit count of 24. Press “ENTER” while you are asked to enter the new LAN IPV4 upstream gateway address.
While you are asked to configure IPV6 address, select ‘NO’.
When the system asks you if you want to enable DHCP server on this Firewall select “yes” and give the IPV4 addresses range it can assign to its clients. Here, we have chosen 10.10.10.10 to 10.10.10.100.
You can access this Firewall’s web interface from any machine connected to the local network using the IP address 10.10.10.1. This is how you configure the firewall. Firewall is all set and ready now.
The external IP address of our PFSense firewall is 192.168.249.160 whereas internal IP address of the Firewall is 10.10.10.1. Connect the target system ,Windows XP SP2 to VMnet4 (the network adapter of LAN networks).
Turn ON the target system. After turning ON, check its IP address from command line.
Since we selected the client IP address range from 10.10.10.10 to 10.10.10.100 and this is the first machine connected to the LAN it has been assigned IP address of 10.10.10.10. Let’s see if we can access the web interface of the Pfsense firewall from Windows XP. Open a browser and type 10.10.10.1.
As you can see, you can access web interface of firewall successfully. The default username and password of PFSense are “admin” and “Pfsense” respectively. Firewall and target systems are ready. Let’s ready the attacker system. Make sure the attacker system is connected to NAT network. Turn it ON.
From the attacker system, perform a nmap scan of the firewall.
Your firewall lab is ready.
3. Vulhub lab
The next lab we will set up is “Vulhub lab”. To understand what is a vulhub lab, you need to first understand what vulhub is. Vulhub is a open-source GitHub repository that provides a collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning or demonstration. The best thing about Vulhub is that readers don’t need any pre-existing knowledge of dockers and their operation. The only requirement is Docker should already be installed on the system to be able to use Vulhub.
Let’s see how to setup Vulhub Lab for practising ethical hacking. We will do this in Kali Linux on which we already installed Docker earlier. In Kali Linux, open a terminal and use wget or Git to download the zip archive of Vulhub as shown below.
Once the download is finished, extract the contents of the archive “vulhub-master.zip” using unzip command.
This will create a new directory named vulhub-master.
Start the Docker service as shown below.
sudo systemctl start docker
Once the Docker service is started, navigate into the “vulhub-master” directory and you should see many docker images. All of these are vulnerable.
Let’s start the WordPress docker container for testing. Although this container is vulnerable with a particular vulnerability, we will use it for showing exploitation of a different vulnerability. Navigate into the WordPress directory and start the docker container as shown below.
docker-compose up -d
Once the container is started, use command “docker ps” to see all the docker processes running.
docker ps
Every docker container has a container ID. The one with container ID 2522cc4********* is our WordPress docker container. We can use command shown below to get more information about the particular Docker container.
docker inspect <container id>
The IP address of our WordPress docker container is 172.22.0.3. The gateway address is that of the Kali host machine (172.22.0.1). Enter the IP address of the docker container in the browser and you will be prompted to set the password for the WordPress instance.
Here is the WordPress website we just created (we wanted to set the site title as docker test but misspelled it to docket test).
Go to Exploit Database and download the vulnerable wp-responsive-thumbnail-slider plugin. The plan is to install this vulnerable plugin in WordPress.
Login into the WordPress dashboard with the credentials you set up.
Upload the plugin and activate it.
Now, start Metasploit and load the wp_responsive_thumbnail_slider_upload module.
Set the docker container IP address (172.22.0.3) and check if the target is vulnerable.
The “check” command confirms that the target is indeed vulnerable. It’s time to exploit it. Set the LHOST option to the IP address of the gateway (172.22.0.1). Set the WPusername and WPpassword options to the credentials you have set in the beginning and then execute the module.
The target we set on docker is exploited successfully. The Vulhub Lab we set up is working successfully. Similarly you can start and test and vulnerable dicker container you want.
Virtual pentesting lab is a lab created on a single system using any virtualization software. It can be very helpful for people practicing for CEH or similar certification. Any penetration testing lab has two machines, attacker and victim. In this lab we will set up Kali Linux as the attacker and Windows XP( most favorite victim machine ) as the victim. I am going to set up this lab in Vmware Workstation 9. Hope this will be helpful.
First of all install Kali Linux and Windows XP in Vmware Workstation.
Shut them down. In the Vmware Workstation menu, Select “Edit”and click on Virtual Network editor.
The window below will open showing the virtual network adapters. Click on “Add network”.
Vmware provides nine virtual networks from 0 to 9. Vmnet0, Vmnet1 and Vmnet8 are automatically assigned for bridged, Host-only and NAT types of network respectively. Select the network “Vmnet3″.
We can see that our network is added as Host-Type with a automatically assigned subnet IP.
Click on our network. We can see its settings below.
Deselect the option ‘Connect a host virtual adapter to the network’. This’. This‘.This will make our network a custom type. Change the subnet IP to 10.10.10.0( choice is yours). Select the ‘Use local DHCP service to distribute IP address to VMs‘ option. This will automatically assign IP addresses to our machines. Click on ‘DHCP settings‘.
You will see the below window. Make changes if you like. I am going to leave it default. Click OK twice to exit.
We have successfully created our custom network. Now let’s add our machines to the network. Open the tab of Kali Linux and click on ‘network adapter‘ setting.
In the settings, select the ‘custom‘ radio button and select the network ‘Vmnet3 from the dropdown menu. Click on OK.
Do the same for Windows XP. Then let’s boot up our victim machine and check it’s IP address by typing ‘ipconfig‘ in the command line. The DHCP server has automatically assigned it the IP address 10.10.10.129.
Boot the attacker machine and check it’s IP address by typing ‘ifconfig’ in the terminal. It has been assigned the address 10.10.10.128.
Ping the victim IP machine (10.10.10.129) to see whether the two machines can communicate.
We have successfully created a virtual pentesting lab. Happy testing.
