Tuesday, April 16, 2013

Starting a Pentesting Lab [How-To/Linux/Windows]

Recently I bought a gaming computer with some of the best specs out there (i7, gtx670, 16gig ram, ssd, etc) and decided to finally set up my own Pentesting lab so I can practice breaking and securing "real" boxes of my own.

My current setup consists of my router connected to my apartment's WAN using DHCP, which issues private DHCP leases to the connected boxes on my network. I have a Windows 7 laptop of my own, a Windows 7 desktop host machine running VMs, and a Ubuntu 12.10 server for all my main Linux needs (I have SSH set up so I can access this box from work and other places).
My friends also connect to this network via Wifi, so there are random Win7 and OSx computers connected to it.
As for my virtualized boxes, I have Windows XP (different SPs), Windows Server 2003, 2008, and 2012, Metasploitable 2, DVL (Damn Vulnerable Linux), BackTrack5R3 (I hack from this box), and a few other exploitable machines. I will be setting up a Windows Vista and a couple other *nix distros to exploit, as well.

I am using VMWare Workstation, which is provided to me for free through my University and our MSDNAA agreement. For those who do not have access to such great tools, you can use the free version VMWare Player, but be forewarned that certain options may be different. I apologize if there are any problems when following my guides using Player instead of Workstation, but I will do my best to remedy these.

Getting Started

If you already have a VM loader or specifically a VMWare application installed, ignore the following instruction as they are for people who do not have a VM loader.

From the links below, download your flavor of VMWare you can use (if you are a student who has MSDNAA access, I highly suggest getting Workstation). If you do not like VMWare, there are also alternatives, but I suggest using VMWare as all my instructions will be using that.

VM Applications:
Once you have installed the VM application, we can start by collecting vulnerable VMs and the sort.

Collecting Vulnerable VMs

This may require a decent amount of hard disk space, so I would suggest making sure you have enough to download and keep the drives on your disk. I have a few separate, cheap 7200rpm WD's from 250-500gigs specifically for downloading and running VMs off of.

Below is a list of exploitable and vulnerable VMs/ISOs(updated 10/29/12):

Metasploitable 2 - Probably the best VM to use. Complete vulnerable VM with services set up for everything. Most of my tutorials will start with exploiting this.
Damn Vulnerable Linux 1.5 - Discontinued, but I have the ISO. I will upload it *somewhere* when I'm home. Either directly through this site or on a sharing site (you could torrent, but I want all the download to be able to be directly downloaded).
LAMP Security Training - LAMP stands for Linux Apache MySQL PHP, and this version is for the security testing of those.
Open Web Application Security Project (OWASP) Broken Web Applications Project - Self Explanatory; OWASP's Broken Web App Project!

Below is a list of VMs and ISOs that you can configure yourself:

UltimateLAMP - Scroll down for the download link; a complete LAMP (Linux, Apache, MySQL, PHP) distro.

Below is a list of VMs and ISOs to hack from:

BackTrack5R3 - I use the Gnome 32bit VM one and just load it into my VMWare; all of my tutorials will be from Ubuntu 12.04 LTS, or BT5R3 (which is Ubuntu, as well). BackTrack has been replaced by the following: Kali Linux
BackBox - Another Ubuntu based Pentesting distro
BlackBuntu - Yet another Ubuntu based Pentesting distro

Creating Your Pentesting Network

Now that we have a host machine with a virtual machine application (I suggest VMWare), it's time to set up your network so you can see all your exploitable (and maybe non exploitable) VMs!

For the machines that are already built for VM usage (aka they're VMDK and not ISO), just double click the .VMX file which is the configuration file for the virtual machine, and it will automatically open with the configured VM software.

For the machines that you downloaded in ISO format, we have to add them into our VM software. Below I will show you how to do so in VMWare Workstation (though I believe the free version of VMWare is the same).

Creating a Virtual Machine from an ISO

Now we'll be loading Ubuntu Server 12.04.1 LTS (Long Time Support) since it is a good operating system to mess around with and learn Linux on. Most if not all other ISO installations will be just as easy as this one.

To start, open VMware Workstation. Mine looks like the following, but yours will have no VMs added/opened.

When I load up my VMware Workstation; basic view
To add a new virtual machine, from the upper left "File" drop down, select "New Virtual Machine".

We are going to select "Typical" which is the recommended setting. For most if not all VMs you will be using in your lab you can just select the typical settings. Hit next to continue to the next part which we will be...

Selecting the installer disk image, or the ISO file that you have previously downloaded at the above or an alternative link.

Click on browse and locate the ISO you wish to install. We are using our Ubuntu 12.04.1, but we have many others to choose from as you can see.

Once you select the correct ISO and hit next, it will prompt for some "Easy Install Information" since it recognizes that we are installing Ubuntu 64-bit.
For these settings, just enter what you want, but keep in mind the username cannot have capitals, and a password is required (I usually just do my first name with "test" or something lame).

After you have done this, hit next as normal.
This part is where you will be selecting what you wish to name your VM, and where you want to store your disk files.

This part is important because you cannot have two of the same name (duh), and because if you store all your VMs together, as they become larger there needs to be sufficient disk space on the drive you are saving them to.
Name each of your Virtual Machines so you can tell them apart. Some of mine have specific names (like Metasploitable2) and some have just the distro name if its generic (like Ubuntu 12.04 LTS).

The next step is the size of the virtual disk you will be creating for this VM. It is very important to make it large enough so that if you use it often (installing applications/writing programs/etc) it will not fill up, but not too large that you're wasting space. Note that the files become larger as you use the space, so you can overshoot a bit for this.

For our Ubuntu I'm just going to put it to 8gigs since I'll probably be deleting it (I already have a few Ubuntus spun up).

After clicking next, this screen shows the brief overview of what we have selected. There is also a "customize hardware" button which we will be utilizing so we do not have to change it after the creation.
Note: We will be changing the virtual adapter (NIC - Network Interface Card) from NAT to Bridged, so if you want NAT, ignore this section.
A bridged connection means that the VM will connect directly to your network like another computer through your NIC (aka it will have its own IP through DHCP/etc). 
The default is NAT which means that the computer is essentially the router to your VM.
It all depends on what you want, but I like bridged.

Go ahead and click the Customize Hardware... button so we can change a few options.
You will be presented with the following screen:

The memory is of course the RAM for our virtual machine. I will be leaving this at 1gig, but you can jack it up depending on what you want.
Note that for VMs, it is up to you to choose how much RAM to give it. Certain pre-built VMs like Metasploitable only require a small amount, but others like Windows require more.

Like I said before, we are only changing the Network Adapter settings from NAT to bridged. Click on the "Network Adapter" selection under the Devices or click "Add..." if one is not there.

After this is finished, just click "Close" and "Finished" on the following screen, and your VM should start to boot.
Ubuntu will go through some checks, copy some files, and install on the virtual disk.
Finally it will present you with the login screen (I hope you remembered your credentials).

This method can be used on almost any .iso to install it (any that I've seen); however like I said before, some hacking/vulnerable distros come in a pre-packaged VM like Kali or previously BackTrack.


  1. Nice tutorial. There's only one problem, even with having the network settings with 'Bridged'. When using nmap/armitage/msfconsole etc it doesn't show up on the scan list as if it didn't exit. Am i Missing something?

    1. What do you mean "it doesn't show up on the scan list"? What doesn't?

  2. I have window 8 as host machine and vmware 6.5.2 , kali linux and windows 7 as guest machine, I can't figure out how to configure guest machine so that they can be connected and use internet. basicaly I want to know how to setup. :)... is there anything i have to do with virtual network???

    1. I don't use Windows 8, so I'm not sure how it does the networking aspect, but everything followed in this guide should allow your VMs for internet access.

  3. We should implement that in practically then only we can understand that exact thing clearly, but it’s no need to do it, because you have explained the concepts very well. massivetranscript.com/audio-transcription.php

  4. Nice tutorial. this helps me a lot and please keep posting more Online Voice Over Agent

  5. Nice informative and the step-by-step tutorial was great and fine thanks for the info High Quality Online Cheap Essay Writers

  6. thank you for the information here. It was much useful and please keep update like this.
    High Quality Video Captioning Services

  7. With this job, a lot more than your appearance, your voice will certainly subject. Therefore, you should create a great simulated with various ELearning Voice Overs types of Voice Over. Include your best work at first.

  8. This was really an interesting topic and I kinda agree with what you have mentioned here! learn more

  9. Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! TutuApp iOS 11

  10. Impressive web site, Distinguished feedback that I can tackle. Im moving forward and may apply to my current job as a pet sitter, which is very enjoyable, but I need to additional expand. Regards. AppEven

  11. Female Escorts Dressed and back in my right mind, and sitting once once more at his desk like a naughty schoolboy, the urologist said I had some enlargement of the prostate but that it was traditional as men got older.. He asked me whether or not I had problem passing urine or any associated issues to which I hadn't, and that it was a surprise to me to even be in his consulting rooms. He then told me it had been a silent killer, among men that helped incredibly with my increasingly anxious thoughts.
    Female Escorts


  12. Female Escorts:As they drove the miles away, Julianne watched and listened to the girls' chatter of how much in love they were with this boy or that, how they just knew they would never be happy is something tore them apart, she gave a silent prayer of thanks for keeping an open mind about her future. As she looked back on her relationship with John, she felt a softness for their time along, however solely a softness, not a loss. She knew they had created the right call.
    Female Escorts,High Class Call Girls,Escorts Girls,Escorts ,Escorts near me
    Female Escorts

  13. very informative post, thanks for sharing :) Free Tutuapp Download



    Tutuapp Android

  15. Wonderful blog! I found it while surfing around on Yahoo News. Do you have any suggestions on how to get listed in Yahoo News? I’ve been trying for a while but I never seem to get there! Appreciate it. appvn

  16. nic post
    WEBTRACKKER TECHNOLOGY provide it at a cheap amount with 100% job gurantee and have instructor who have knowledge of 10+ years in their field . It uses bite size lessons, and in a little under 60 days will have you writing real programs in Python, and will give you a solid foundation for more advanced Python training. Click here to check out Python Training Institute In Noida.

  17. Hire Manish Packers and Movers Pvt Ltd in India for hassle-free Household Shifting, Office Relocation, Car Transporation, Loading Unloading, packing Unpacking at affordable Price Quotation. Top Rated Safe and Secure Service Providers who can help you with 24x7 and make sure a Untroubled Relocation Services at Cheapest/Lowest Rate. Visit More :-
    Manish Packers and Movers Pvt Ltd
    Packers and Movers Bangalore
    Packers and Movers Gurgaon
    Packers and Movers Indore
    Packers and Movers Kolkata
    Packers and Movers Mumbai
    Packers and Movers Nagpur
    Packers and Movers Ahmedabad
    Manish Packers in Indore
    Manish Packers and Movers Pvt Ltd Sitemap

  18. Manish Packers and Movers Pvt Ltd as a Services providing company can make all the difference to your Home Relocation experience. Indore based Company which offers versatile solutions, Right team that easily reduce the stress associated with a Household Shifting, Vehicle Transportation. we help things run smoothly and reduce breakages and offer you seamless, Affordable, Reliable Shifting Services, Compare Shifting Charges, Visit :

  19. Here we provide you the some useful information about gift card so read this information

  20. Those guidelines additionally worked to become a good way to recognize that other people online have the identical fervor like mine to grasp great deal more around this condition.
    fire and safety courses in chennai

  21. This is an awesome post. Really very informative and creative contents. These concept is a good way to enhance the knowledge. I like it and help me to development very well.
    nebosh course in chennai


  22. Very Awesome write up !!! You have provided best efforts Here Thank You for This
    Great Blog Post. I am going to Bookmark your Blog for Further Visit.

    Walmartone Login
    Starbucks gift card balance
    Freedom APK
    Walmart Credit Card Login
    Tell Subway

  23. Can you recommend any other blogs/websites/forums that deal with the same subjects? Thanks.
    nebosh course in chennai

  24. Want to make a big and interesting profit? best casino cities then come quickly to us.

  25. Hi there I am so thrilled I found your website, I really found you by mistake, while I was browsing on Yahoo for something else
    nebosh course in chennai

  26. Современная диодная лента по всем стандартам отличного качества я обычно беру у компании Ekodio

  27. In the evening it happens that sidish is boring in the evening and you don’t know what to do with your desire to chevoto gamble, cool. Found this site swell real casino games online now sitting here all day. Money withdraw easily, cool design. I like everything

  28. awesome really impressive post, I am inspired with your post, do post more blogs like this, I am waiting for your blogs. know more

  29. I am not aware of the common mistakes that drive online shoppers away from the E-commerce website. The checklist you have shared in the site is very much informative and helps to avoid the mistakes in E-commerce development.
    Hire Dedicated Magento Developer
    Hire Dedicated Web Developers
    Dedicated Wordpress Developer
    Hire Dedicated Php Developer
    Hire Dedicated Wordpress Developer

  30. The effectiveness of IEEE Project Domains depends very much on the situation in which they are applied. In order to further improve IEEE Final Year Project Domains practices we need to explicitly describe and utilise our knowledge about software domains of software engineering Final Year Project Domains for CSE technologies. This paper suggests a modelling formalism for supporting systematic reuse of software engineering technologies during planning of software projects and improvement programmes in Project Centers in Chennai for CSE.

    Spring Framework has already made serious inroads as an integrated technology stack for building user-facing applications. Spring Framework Corporate TRaining the authors explore the idea of using Java in Big Data platforms.
    Specifically, Spring Framework provides various tasks are geared around preparing data for further analysis and visualization. Spring Training in Chennai


  31. Tutu Helper is the one of the best ios,android App store to get the tons of free app

    and game. Here the latest version of TutuApp of free.
    Tutu Helper Apk
    TutuApp free
    tutuapp pokemon go

  32. Tweakbox App is the one of the best ios,android App store to get the tons of free app and game. Here the latest version of tweak box of free.
    Tweak box
    Tweakbox ios
    Tweakbox android


  33. Whatsapp plus is one of the best mod app for official whatsapp for free, get unlimited features of

    whatsapp plus for free. Here Click to download the latest version whatsapp plus apk.
    WhatsApp Plus APK
    WhatsApp Plus Download

  34. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledge. Amazon web services Training in Bangalore

  35. Thanks for one marvelous posting! I enjoyed reading it; you are a great author. I will make sure to bookmark your blog and may come back someday. I want to encourage that you continue your great posts.devops training

  36. Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site. sap s4 hana training in bangalore

  37. Awesome,Thank you so much for sharing such an awesome blog. sap fico training in bangalore

  38. Thanks for sharing this blog. This very important and informative blog. Python Training in Bangalore

  39. thank you so much for this nice information Article, Digitahanks for sharing your post with us.sap scm training in bangalore

  40. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful.sap crm training in bangalore

  41. I have read your blog its very attractive and impressive. I like it your blog.sap ewm training in bangalore

  42. Great post!I am actually getting ready to across this information,i am very happy to this commands.Also great blog here with all of the valuable information you have.Well done,its a great knowledgez.

  43. Post is very useful. Thank you, this useful information.

    eTechno Soft Solutions offers the industry recognized Job Oriented Training in Bangalore that combines corporate training, online training, and classroom training effectively to fulfill the educational demands of the students worldwide.

  44. Il y a deux boutiques Watches of Switzerland à New York - le magasin SoHo sur Greene Street 60 dans un cadre un peu plus historique,replique montre et le nouveau magasin Hudson Yards brillant dans l'impressionnant complexe Hudson Yards city-within-a-city. Aujourd'hui, nous visitons SoHo et reviendrons bientôt à Hudson Yards. À l'approche de New York, Watches of Switzerland a établi et adhéré à une stratégie de création de deux magasins distinctement différents, avec une disposition,rolex pas cher un design, une expérience et une sélection de marques modernes et de montres vintage adaptées à leurs emplacements respectifs et à leur clientèle.