How to Setup (Vulnerable) Windows 10 VM Lab for Hacking

7 min readAug 10, 2023

I always love the saying:

“Hack to learn, not learn to hack”

To my interpretation, that means if you want to be a great hacker, you have to actually hack into systems, not just learn about the theories. By “hacking a system”, I don’t mean it in an illegal way, thus there’s the term “ethical hacking”.

How could one learn to hack into a system while not breaking any law? Short answer: Virtual Labs.

What is a Virtual Machine (Virtual Lab)?

Virtual Lab (Virtual Machine), as its name suggests, is basically a hacking playground to simulate attacks from the attacker machine to the victim machine. Think of it as machines that can be installed in your real machine (thus the name virtual). An example of this is as follows: I can install a Kali Linux virtual machine and a Windows virtual machine on my MAC OS laptop. The things you do inside of the Virtual Machine will stay inside, so you don’t need to worry about infecting your real host machine, in case you’re downloading something malicious in one of your virtual machines.

Why Windows 10 Machine?

This post is a part of my “Nessus Vulnerability Scanner Deployment” tutorial, where we use a Windows 10 machine as the victim machine. I’m going to post more stories that cover how to install other virtual machine types, like Kali Linux, Parrot, and others.

Windows 10 Virtual Lab Installation process

Head to https://www.microsoft.com/en-us/software-download/windows10
Click on “Download Now” under the “Create Windows 10 Installation Media” option

3. A file named MediaCreationTool22H2.exe will get downloaded

4. Open the file, and choose as follows (some less-important settings/ steps will get skipped over):

Choose “Create installation media (USB flash drive, DVD, or ISO file) for another PC.

Leave the recommended language, edition, and architecture options, unless you want to change it

ISO file is the commonly-used file extension for virtual machine disk images, so we’re going to choose the second option, just as shown in the image below:

It will begin the process of downloading the Windows 10 Disk Image. This process takes a while, depending on a couple of factors, such as OS, RAM, and connectivity speed.

After it is finished downloading, click “finish”. The file will get saved in the folder you wanted to save it in.

Importing the ISO File into Virtual Box

You have successfully installed the windows.iso file into your computer, what next?

So, the .iso file is like the Operating System file (in this case, the Windows 10 OS file). VirtualBox is an application that runs virtual machines, think of it like your laptop that runs a Windows operating system.

Installation Steps

Download VirtualBox here: https://www.virtualbox.org/wiki/Downloads

2. Open the App. I already have 2 virtual machines installed, as can be seen on the left side of the screen (just ignore them, we will import our Windows 10 virtual machine)

3. Click on the blue ‘New’ button in the upper-right corner, then it will open a pop-up window, as shown below:

Fill in the required details (Feel free to change the values as you wish):

Name: nessus
Folder: [Leave it as default]
ISO Image: [This is the location of the windows.iso file you’ve just downloaded in the previous step]
Type: Microsoft Windows
Version: Windows 10 (64-bit)
Click “Next”

4. The “Unattended Gues OS Install Setup” page will open, fill in the username, password, and hostname (up to you). Check the “Guest Additions” option as well, this will give you a better performance and usability. Lastly, fill in the “Guest Addition ISO” field if it’s empty, it’d be the folder that contains the .iso file. Then, click “next”.

5. Now, you’ll be required to fill in the ‘hardware’ requirements for the virtual machine. I’d suggest you leave it as the default option. Of course, the more memory and processors you give it, the more performant it will become. On the other hand, if you don’t have too much RAM and processors to spare, you can reduce the size as well.

6. Now, you have to specify the storage space you want to give to your virtual machine. In my case, the default is 44.36GB (It means that the maximum space it will take in from your real machine is 44.36GB, it will not take more than that). Don’t check the “Pre-allocated Full-Size”, as it will take the size you specified right away from your real machine.

6. Now, you have to make sure all the options are correct before creating the virtual machine. Once you’re sure, click “Finish”.

5. A new virtual machine is then created in your VirtualBox. It will boot-up the Windows machine right away. Just wait until it’s finished.

6. Ta~Daaa.. Congrats!

You now have your own machine to do your own experiments in.

[Optional] Make Your Windows 10 Machine Vulnerable

If you’re following my “Nessus Vulnerability Scanner Deployment” tutorial, then this step is a must. Otherwise, you don’t need to follow through.

Why would we make our machine vulnerable?

The reason why we’d make the Windows 10 VM vulnerable is, as we need it to have some vulnerabilities to be able to get detected by vulnerability scanners. In fact, in the real world, many machines used in productions are not always up-to-date, and often are vulnerable to cyber attacks.

We’re going to disable and uninstall updates on our Windows VM. Additionally, we also want to disable our windows defender (a built-in software firewall on Windows computers)