How To Setup Virtual Lab For Penetration Testing
1. Why are virtual labs useful for learning penetration testing?
Let’s assume you are a beginner in penetration testing. Now, directly performing penetration testing on a system or network can cause vulnerabilities. Creating a virtual lab provides a safe environment for penetration-testing learners. This will help penetration testers see the attacks and learn the techniques.
2. How to install a virtual lab
To create a virtual lab, there are many virtualization softwares like VirtualBox and VMware, but I use VirtualBox because it supports a variety of virtual disc types and is open source.
I mentioned how to install VirtualBox and how to install Kali Linux in VirtualBox in my YouTube video.
Kali Linux is a Debian-based Linux operating system. It is generally designed for security professionals. It comes pre-installed with essential tools needed by security professionals. And in addition to this blog, we will also see a few tools I can use.
After installation, we can use the ping command to know if network access is working properly in our Kali Linux
3. How to install vulnerable apps on VirtualBox
There are many vulnerable applications, of which only a few can be seen.
There are many vulnerable machines like this.
Now I can see how to install Metasploitable 2 in a YouTube video.
You can see in my subsequent writeups how to install other vulnerable machines and perform vulnerability assessments.
And the vulnhub.com website has many vulnerable machines, which is a very important website for those who want to learn penetration practical. Through this, we can create our labs for free. It has a vulnerable machine called “Mr. Robot,” which is one of my favorites. I will write it up as a write-up on my website.
4. How to find the IP address of a vulnerable machine
After installing this Metasploitable 2 tool, if we install the Metasploitable machine, it will be connected to our network. Two methods can be used to find the IP address of the connected vulnerable machine.
a. If you know the username and password, you can use this method
username: msfadmin
password: msfadmin
After login, use the $ifconfig command.
b. If you don’t know the username and password, you can use this method
If we turn on Kali Linux, it will be on the same network, so we can find the ip address of Metasploitable_2 by sending arp packets. For this, you need to install the tool called arp-scan.
$ apt install arp-scan
After installing arp-scan use below command to find ip address
$ arp-scan -l
5. How to install a note-taking tool and text editor
Although Kali Linux defaults to text editors like Nano and Vim, I usually use LeafPad. Let’s see how to install LeafPad.
$ sudo apt install leafpad
6. Install the GoBuster tool
Although tools like dirb are in Kali Linux, I use the gobuster tool, which can do DNS enumeration, directory enumeration, etc. Let’s see how to install the GoBuster tool.
$ sudo apt install gobuster
Now, if we take directory enumeration, we need a wordlist in Kali_linux, so although there is a wordlist by default, the tryhackme website recommended a wordlist called Seclist. Let’s see how to download it using git clone.
$ git clone https://github.com/danielmiessler/SecLists.gitI am not going to tell you how to do directory enumeration here. The purpose of this writeup is to create the environment necessary for a beginner penetration tester to install the most important tools that I can use for penetration testing.
Although there are many tools that can be used for penetration testing, I have mentioned only a few here. I think I can say more when I use it in my next writeups.
As an elementary education student studying penetration testing, I am currently reading some books. If you are a beginner in penetration testing, then these books will be very useful for you.
