Tag: pentest lab

Posted on by 2 Comments

How to create a web application pentest lab

Good Evening friends. Today we will see a step by step guide  on how to create a web application pen test lab .

For creating this lab, I am using a host machine with Windows 7 installed on it.  We also need the following software.

1. Wamp server ( Download here)

2. Vulnerawa ( Download here )

3. Vmware Workstation   or Oracle Virtualbox ( Download here )

4. Kali Linux ( Download here )

Download the above software to your system. Install Wamp server.  For this WAPT lab,  we will use Vulnerawa as a vulnerable website or target website. Extract the contents of the vulnerawa.zip folder to the root folder of the Wamp server. Now open a browser and and type localhost in the URL bar to see if you can see the victim webapp as shown below.

Click on “Create Database” to create some data which we will use in our future howto’s.

Now let’s change the permissions of the Wamp server to access it from our attacker machine. Go to Apache>httpd.conf as shown below.

You should see the httpd.conf as shown below.  Type CTRL+F and search for word “stuff”. After you find it, make changes  as shown below in the red box. Save the file by typing CTRL+S  and restart the Wamp server.

Now install Kali Linux in Vmware Workstation or Oracle Virtualbox (see how ). Set the network adapter to NAT. Now open command line in your host machine and check the IP address assigned to your host machine as shown below by typing command “ipconfig”. Since I am using Vmware Workstation my network adapter is Vmware network adapter vmnet8. The IP address assigned to my host machine is 192.168.64.1.

Now start your attacker machine( Kali Linux ), open browser and type the address 192.168.64.1 in the url bar and see if you can access the victim web application as shown below.

Your web application pentest lab is ready. Happy hacking.

Posted on by 27 Comments

Create Virtual pentesting Lab in VirtualBox

Hello aspiring hackers. In this howto you will see how to create virtual pentesting lab in Virtualbox.  Sometime back, I wrote an article on how to set up a virtual penetration testing lab using Vmware Workstation. But Vmware Workstation is a commercial product.

Today I am going to show you how to create a pen test lab in VirtualBox absolutely free of cost. I hope this tutorial will be helpful for many beginners into cyber security domain.

What do we need?

1. Oracle VirtualBox. (Download)

2. Kali Linux. (Download)

3. Metasploitable 2. (Download)

Oracle VirtualBox is the virtualization software we will be using to create our lab. We will be using Kali Linux as the attacker machine and Metasploitable 2 as the victim machine. Install Kali Linux and Metasploitable 2 in VirtualBox.

See how to install Kali Linux in VirtualBox.

See how to install Metasploitable in VirtualBox.

Select Kali Linux, Go to settings > network. Enable “network adapter 1″. Set the “Attached to” option to “internal network”. Set the name of the network adapter to “intnet”. Click on “OK” to save the settings.

Do the same for Metasploitable virtual machine.

Power on the metasploitable VM. Log into the system. Default username and password are “msfadmin”.

Type the command “ifconfig” to see the IP addresses of interfaces.

The ‘lo’ interface is the loopback. Now we are going to set the IP address on the interface “eth0”. Type the command “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up”. The sudo password is “msfadmin. Verify that the IP address is set by typing command “ifconfig”.

Power on Kali Linux. In the terminal, type command “ifconfig eth0 10.10.10.1 netmask 255.0.0.0 up”. Verify if the IP address is set by typing command “ifconfig”.

Test whether this system can communicate with victim system by pinging the victim machine as shown below.

The connection is successful. Our virtual pentesting lab is ready. Happy practicing.