If you are interested in sharpening your skills or simply interested in getting started with penetration testing this this article will be of interest. The hard cold truth is that under no circumstances should you ever perform penetration testing on any network or resource that you do not own or have explicit written permission.
There are a number of virtual solutions out there which include VMWare, Parallels, and VirtualBox just to name a few. I leave the decision up to you as to what works best in your given environment. For me that answer is Virtualbox and I am running this solution on a MacBook Pro with 8 Gig of RAM. I have ran anywhere from 3-4 virtual operating systems at the same time and to be honest I have noticed little to no performance issues. VirtualBox is a Virtualization product from Oracle. The advantage of VirtualBox is that it is free and Open-Source. It supports resizing the guest Operating System screen according to the VirtualBox window. You need to have scale mode enabled for this purpose.
If you have not caught on yet, I am a fan of Kali Linux in terms of hacking penetration testing. This being said jump over and download your preferred flavor of Kali and once you have done so you also need to have your virtual solution installed and ready to go. Remember, my directions are for Virtualbox, but the concept is the same across the different vendor solutions. Remember to grab the VirtualBox Extension Pack should you need it.
Define Victims and Attackers
The lab demonstrated here with consist of both Windows and Linux operating systems whereas the Attack host is of course Kali. The remaining hosts will be the targets and they consist of Windows 7, Windows 8, and Metasploitable. It is important to define your networking options in order to allow communications across these virtual instances. The following serves as an example to my local setup.
Install Virtual Box and Operating Systems
Go ahead and install Virtualbox and the extension pack if needed. Once Virtualbox has been installed you are ready to begin the creation and installation of your virtual operating systems. The process is essentially the same for every operating system.
Configure Victims and Attackers
This single most important step at this phase is to ensure that your test lab is isolated from the outside world. In fact you may also want to take additional steps and isolate the lab from you own network just to be cautious. I leave this decision up to you, but at the minimum ensure you do not have communications to the internet. I say this because mistakes can happen and a simple typo may either probe or impact a domain that you are not authorized to penetration test and land you in trouble.
Configure Network Adapter
Recall earlier I said that we will isolate the network traffic? Well to do so all that you need to do is add the host-only adapter. Expand the advanced options and change promiscuous mode to allow all. By doing so we can pass all traffic and monitor much more.
Once you have your adapter properly configured go ahead and set your IP address, subnet, and gateway for each of the virtual machines that you have created. Reference your network map that you defined earlier. If you are not entirely sure how to do this on Windows be sure to visit the knowledge-base article Change TCP/IP Settings. For Kali Linux open a terminal and execute the following command:
vim /etc/network/interfaces
It is likely you will see the following configuration:
auto eth0 iface eth0 inet dhcp
Since we are going to set a static IP, go ahead an implement your changes.
auto eth0 iface eth0 inet static address 192.168.1.199 netmask 255.255.255.0 network 192.168.1.0 broadcast 192.168.1.255 gateway 192.168.1.1
Explanation:
- auto eth0 – enable at start-up the eth0 interface
- iface eth0 inet dhcp – consider that iface eth0 comes from interface eth0, inet tells you that the network configuration is IPv4 and static that your network interface has static ip adresses.
- address – the network’s IP address
- netmask – the network’s mask address
- network – the network’s address
- broadcast – the broadcast address
- gateway – the gateway address
When it is all said and done, you should have a configuration similar to the following.
At this point your test lab configuration is complete. You very likely noticed that I did not discuss installing any hotfixes, patches, or service packs and this was for good reason. We want the victims in a state that we can can exploit vulnerabilities. Of course if you want to target victims that are realistic based upon your pen test then you could always apply patches as you wish. On the other hand, you could simply create additional virtual machines. At the end of the day, it is your call as to what works best.