Hello, aspiring ethical hackers. In this blogpost, you will learn how to create virtual hacking labs for practicing hacking. No matter how many articles or blogposts you read or how many hacking courses you take, you cannot truly understand the concept of hacking until you perform those hacking tutorials practically. To practice hacking effectively, you need a secure environment without the risk of compromising the security of a safe network or systems and attract legal consequences due to your actions.
What is a Hacking lab?
A hacking lab is a lab that provides a safe environment to practice hacking without the above-mentioned risks. The most basic hacking lab consists of two machines: attacker system (the system from which you hack) and target system (the system which you hack).
What is a virtual hacking lab?
Just now, you have learnt that a basic hacking lab needs to have one attacker system and target system. They can be installed on separate hardware but this may prove expensive especially as you upgrade your hacking lab in future. Luckily, hacking labs can be created on a single system itself using virtualization solutions. Virtualization allows you to install multiple operating systems on a single machine. Some of the popular virtualization solution are Oracle VirtualBox, Parallels Desktop, VMware vSphere, Hyper-V, QEMU etc.
The hacking labs created using this method is called virtual hacking labs. They are inexpensive compared to the cybersecurity lab and easily adaptable. Of all the solutions mentioned above, I will be using VMware Workstation as its rich in features. VMware Workstation can be downloaded from here and installed on Windows, Linux, macOS, Solaris etc. Here, I have installed it on a Windows machine.
We will be creating various types of hacking labs. They are,
1. Basic hacking lab
2. Firewall hacking lab
3. Vulhub lab
1. Basic hacking lab
Let’s first see how to create a simple or basic hacking lab in VMware. A basic hacking lab just has an attacker system and target system on the same network. The operating system on which VMware workstation (or any another virtualization software) is installed is known as the Host machine. The operating systems that are installed in VMware are called as GUEST machines.
So here, in VMware, we will be installing two guest machines: one is Kali Linux (attacker system) and Metasploitable 2 (target system).
What do we need?
1. Kali Linux. (Download)
2. Metasploitable 2. (Download)
Install Kali Linux and Metasploitable 2 in VMware.
See how to install Kali Linux in VMware.
See how to install Metasploitable 2 in VMware.
Once both the virtual machines are installed successfully, turn ON both the machines. Login into the Metasploitable 2 VM. Default username and password are “msfadmin / msfadmin”.
Type the command “ifconfig” to find out the IP address of your target system.
Similarly login into the Kali Linux machine and in the terminal, type command “ip a” to find out its IP address.
Test whether the attacker system can communicate with the target system by pinging the target system from the attacker system as shown below.
The connection is successful. Our virtual hacking lab is ready. Happy practicing hacking.
2. Firewall hacking lab
The above lab is a simple and easiest lab to practice ethical hacking. But if you notice one thing in the above lab, both attacker and target system are on the same network. But this is rarely the case in real-world. In real-world, target systems are in most cases behind a firewall.
So, the second lab we create is a Firewall Lab. In this lab 2, we will create a real-world ethical hacking lab where not only the attacker system and target system are on different networks but also the target system is behind a firewall. We will create this lab in VMware and we will be needing three operating systems for this hacking lab. They are,
Attacker system: Any pen testing distro like Kali Linux, Parrot security OS, Black Arch Linux etc. (We will be using Kali Linux).
Target system: The system we want to target. It is your choice. We will be using Windows XP SP2 here.
Network Firewall: This is a firewall that protects the target system. You can choose from various choices like PFSense, OPNsense, Untangle, IPfire, etc. We will be using PFSense.
Install all these machines in VMware. We already have installed Kali Linux on VMware.
See how to install Windows XP SP2 in VMware.
See how to install PFSense in VMware.
After all the three distros are installed successfully, open VMware Workstation. Go to Edit->Virtual Network Editor. The below window should open. Click on “Add network” to add a new network adapter.
Here we created a new network named ‘vmnet4’. Select the network we just crated to make the required changes. First and foremost, make it a Host-only network. Unselect the option “Use local DHCP service to distribute IP address to VMs”. That’s because we don’t want VMware to allocate IP addresses for this network. We want that job be performed by our network firewall “PFSense”. Choose subnet IP of 10.10.10.0 and subnet mask of 255.255.255.0. Click on “OK”.
Then, go to virtual machine settings of “PFSense firewall”. The below window will open.
By default, any new virtual machine created in VMware will be assigned to NAT network which you can see in the above image. But note that our Firewall needs two network adapters as it will be connected to two networks. Click on “Add” and add a new network adapter.
Then assign this adapter a network we just now created “VMnet4”.
Click on “advanced” and note the MAC addresses of both the adapters. This is useful while assigning the network adapter as external and internal networks.
Why do we need two network adapters?
Any firewall or Router act as a wall between two networks. They are,
- Public network (External or WAN network).
- Private network (Internal or LAN network).
Now turn ON the “PFSense” machine. After it boots, you will see the menu shown below.
Let’s first classify the WAN and LAN interfaces. Select option ‘1’. Do you remember I told you to note the MAC addresses of the network adapters? Assign the NAT interface to WAN and “VMnet4” interface to LAN.
After the network adapters are assigned, we need to assign IP addresses to these interfaces. Select ‘2’ from the menu.
Then, select the number of the interface you want to configure. Make sure that WAN interface takes IP address via DHCP server of VMware (Since it is a NAT adapter).
While configuring the LAN interface, select “NO” while it asks you to configure the interface via DHCP, Then, enter the IP address (intranet) for the LAN network as “10.10.10.1”. We selected a subnet bit count of 24. Press “ENTER” while you are asked to enter the new LAN IPV4 upstream gateway address.
While you are asked to configure IPV6 address, select ‘NO’.
When the system asks you if you want to enable DHCP server on this Firewall select “yes” and give the IPV4 addresses range it can assign to its clients. Here, we have chosen 10.10.10.10 to 10.10.10.100.
You can access this Firewall’s web interface from any machine connected to the local network using the IP address 10.10.10.1. This is how you configure the firewall. Firewall is all set and ready now.
The external IP address of our PFSense firewall is 192.168.249.160 whereas internal IP address of the Firewall is 10.10.10.1. Connect the target system ,Windows XP SP2 to VMnet4 (the network adapter of LAN networks).
Turn ON the target system. After turning ON, check its IP address from command line.
Since we selected the client IP address range from 10.10.10.10 to 10.10.10.100 and this is the first machine connected to the LAN it has been assigned IP address of 10.10.10.10. Let’s see if we can access the web interface of the Pfsense firewall from Windows XP. Open a browser and type 10.10.10.1.
As you can see, you can access web interface of firewall successfully. The default username and password of PFSense are “admin” and “Pfsense” respectively. Firewall and target systems are ready. Let’s ready the attacker system. Make sure the attacker system is connected to NAT network. Turn it ON.
From the attacker system, perform a nmap scan of the firewall.
Your firewall lab is ready.
3. Vulhub lab
The next lab we will set up is “Vulhub lab”. To understand what is a vulhub lab, you need to first understand what vulhub is. Vulhub is a open-source GitHub repository that provides a collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning or demonstration. The best thing about Vulhub is that readers don’t need any pre-existing knowledge of dockers and their operation. The only requirement is Docker should already be installed on the system to be able to use Vulhub.
Let’s see how to setup Vulhub Lab for practising ethical hacking. We will do this in Kali Linux on which we already installed Docker earlier. In Kali Linux, open a terminal and use wget or Git to download the zip archive of Vulhub as shown below.
wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip
Once the download is finished, extract the contents of the archive “vulhub-master.zip” using unzip command.
This will create a new directory named vulhub-master.
Start the Docker service as shown below.
sudo systemctl start docker
Once the Docker service is started, navigate into the “vulhub-master” directory and you should see many docker images. All of these are vulnerable.
Let’s start the WordPress docker container for testing. Although this container is vulnerable with a particular vulnerability, we will use it for showing exploitation of a different vulnerability. Navigate into the WordPress directory and start the docker container as shown below.
docker-compose up -d
Once the container is started, use command “docker ps” to see all the docker processes running.
docker ps
Every docker container has a container ID. The one with container ID 2522cc4********* is our WordPress docker container. We can use command shown below to get more information about the particular Docker container.
docker inspect <container id>
The IP address of our WordPress docker container is 172.22.0.3. The gateway address is that of the Kali host machine (172.22.0.1). Enter the IP address of the docker container in the browser and you will be prompted to set the password for the WordPress instance.
Here is the WordPress website we just created (we wanted to set the site title as docker test but misspelled it to docket test).
Go to Exploit Database and download the vulnerable wp-responsive-thumbnail-slider plugin. The plan is to install this vulnerable plugin in WordPress.
Login into the WordPress dashboard with the credentials you set up.
Upload the plugin and activate it.
Now, start Metasploit and load the wp_responsive_thumbnail_slider_upload module.
Set the docker container IP address (172.22.0.3) and check if the target is vulnerable.
The “check” command confirms that the target is indeed vulnerable. It’s time to exploit it. Set the LHOST option to the IP address of the gateway (172.22.0.1). Set the WPusername and WPpassword options to the credentials you have set in the beginning and then execute the module.
The target we set on docker is exploited successfully. The Vulhub Lab we set up is working successfully. Similarly you can start and test and vulnerable dicker container you want.
Follow Us
[…] evening friends. We have seen how to create a virtual pentest lab both in Oracle VirtualBox (see here) and Vmware Workstation(see here). Although both penetration testing labs were almost similar, […]
[…] http://kanishkashowto.wordpress.com/2013/09/05/how-to-create-free-pentest-lab-using-virtualbox/ <– some info could be gathered to .. […]
Hi there! Good tutorials! Just want to ask if this can be done using a Windows XP virtual machine? Thanks! and More power!
Thank You, John. Yes, you could use any OS for that matter.
is it possible do this with Android os and Win 7 ,kali linux?
@harsha, just replace Windows Xp with Windows 7 and for android you have to install Android x86 version.
Hi, I did evey step but when I type ping 10.10.10.2 nothing happens. It just says PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
Hi Alexander, Can you send me screenshots of your IP addresses in Kali and Metasploitable.
I dont know if I can. I tried print screen but it wont let me paste it on here. I took a picture on my iphone but I dont know how to put it on here either 🙁 The IP for kali is 10.10.10.1 and for metasploitable is 10.10.10.2
Hi Kanishka,
Installed Metasploitable and Kali with no problem. It is also setting ip addresses correctly as 10.10.10.2 and 10.10.10.1 with the ifconfig. Kali is however not able to ping Metasploitable and says destination host is unreachable. Not able to figure out the problem. Help?
Hi Kanishka,
In continuation of my earlier comment regarding inability to ping metasploitable from kali details are as under:
root@kali:~# ifconfig
eth0: flags=4099 mtu 1500
inet 10.10.10.1 netmask 255.0.0.0 broadcast 10.255.255.255
ether 08:00:27:fa:25:8e txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 37 bytes 2912 (2.8 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 37 bytes 2912 (2.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@kali:~# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
From 10.10.10.1 icmp_seq=4 Destination Host Unreachable
From 10.10.10.1 icmp_seq=5 Destination Host Unreachable
From 10.10.10.1 icmp_seq=6 Destination Host Unreachable
^C
— 10.10.10.2 ping statistics —
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time 6008ms
pipe 3
root@kali:~#
metasploitable ip is correctly set to 10.10.10.2
help to resolve?
@Sankaran, sorry for the delayed response. Change the options of network adapter from “internal network” to “NAT” for both the machines. You don’t need to set the IP address manually. Ping and tell me the result.
Thanks.Sorry for delayed response as well. I kept trying and reinstalled VB and the two VMs.It is working fine with internal network settings. Thanks once again.
hello,
the above worked very well, I was just wondering if there was a way for it to be persistent? or would i have to retype this in every time i boot up the two machines?
thanks in advance,
michael
@Michael, the arrangement is persistent.
I have the same problem
root@kali:~# ping 10.10.10.2
PING 10.10.10.2 (10.10.10.2) 56(84) bytes of data.
From 10.10.10.1 icmp_seq=1 Destination Host Unreachable
From 10.10.10.1 icmp_seq=2 Destination Host Unreachable
From 10.10.10.1 icmp_seq=3 Destination Host Unreachable
^C
— 10.10.10.2 ping statistics —
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time 5015ms
pipe 3
Hey Tony, you are getting this error becaus -e KALI could not find the Metasploitable. Are you sure both the machines are on the same network. Check once again. Check the IP add -ress by using ifconfig command. If you have followed the instructions correctly, there shou- ld not be a fuss.
Hi, Everything worked as expected. However when i power down the virtual machines, and re-launch them, the settings applied , adding the IP addresses etc. have not been saved and has reverted to the start. Meaning everytime i want to do this, i need to keep following this tutorial.
Is there any way to save all the settings and commands done, so i don’t have to keep doing this?
thanks.
Sam, I am uanble to comprehend as to why it’s happening to you. Did you folow the tutorial exactly? No problem though. You can still have a workaround by using Host-Only networking or Nat networking. By the way, which version of Virtualbox are you trying this on.
Same problem here: i followed all your steps and were worthless. Changing from internal network to NAT gave me the same result: nothing. Don’t know what i’m doing wrong. I’ll paste here both machines
-with both meta and kali having NAT configuration:
Metasploitable:
I just have realized that i can’t copy and paste from meta but you have to trust me, i have performed the “sudo ifconfig eth0 10.10.10.2 netmask 255.0.0.0 up” command so many times that i now have it present my mind all day.
kali:
root@kali:~# ifconfig
eth0: flags=4163 mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fe04:5c0b prefixlen 64 scopeid 0x20
ether 08:00:27:04:5c:0b txqueuelen 1000 (Ethernet)
RX packets 2 bytes 650 (650.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 26 bytes 2326 (2.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73 mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1 (Local Loopback)
RX packets 34 bytes 2402 (2.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 34 bytes 2402 (2.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
root@kali:~# ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 56(84) bytes of data.
^[c^C
— 10.1.1.2 ping statistics —
16 packets transmitted, 0 received, 100% packet loss, time 15001ms
##here i started to enter numbers that i saw they could share a pattern like 000.0.00.0 so not very important##
root@kali:~# ping 10.1.1.255
PING 10.1.1.255 (10.1.1.255) 56(84) bytes of data.
^C
— 10.1.1.255 ping statistics —
6 packets transmitted, 0 received, 100% packet loss, time 5017ms
root@kali:~#
same with internal network configuration
What can I do?
i also tried with both machines having the same netmask (as in the tutorial) although in the example i pasted the machine having 255.255.255.0 netmask
See my reply and try.
Hey Angel. I can understand your frustration. Seeing the above data you sent me, it seem- s both machines are not on the same subnet. Do this to fix the problem. Turn off both the machines. On Virtualbox machines, click on each machine. Then go to “settings”. In “settings” opt ion, click on “Network” option. You should see a “Enable network adapter” screen. Make sure it is “NAT”. Click on “OK”. Do this in both machines. Your problem should be solved.
Ok I’ve done all the steps and I guess it worked but my kali machine will not stop pinging, this has been going on for an hour now and i’m getting really frustrated. I just want to start practicing
and get on with all of these tutorials and courses but nothing any of theses instructors teach is working and i feel that by the time get everything to start working all this info will be worthless.
what the hell am i doing wrong?
@Afterimage, Hit on CTRl+C to stop it.
[…] With this we successfully finished installing Metasploitable in Virtualbox. See how to create a penetration testing lab. […]