How to make a virtual homelab in 5 minutes
Home labs are an important step when learning IT and Cybersecurity skills, and you can make one at home for free in a matter of minutes!
(Thumbnail made in Bazaart)
The cybersecurity industry is booming, and it is projected to continue to grow as the need expands. As such, more and more companies will be looking to hire professionals that are knowledgeable and ready to tackle the challenges ahead.
One of the first things that I learned when beginning my journey into cybersecurity, was to make a home lab. My dad, a professor who heads the cybersecurity department at a private college in my hometown, helped me to get two virtual machines installed onto my Mac. One was a virtual machine deliberately made vulnerable by running an old version of Iceweasel, and the other was Kali Linux.
He then showed me how to use Kali, and more specifically Metasploit, to target a known vulnerability in Iceweasel, gaining access to the target’s browser, where we were then able to gain access to root. This was the very first time I had ever hacked a computer, and it was done in my own personal home lab.
How to make your own virtual home lab
If you’re more inclined to watching videos than reading like I am, and want to dig into why exactly you need a home lab, check out this video.
As I said in the title, this will be a virtual home lab, meaning you only need a computer to make this work. No need to go out and buy a second computer (unless, of course, your current computer is a potato), or a raspberry pi. We can do this on the very computer you may be reading this article on.
First, we need to decide what application we will be using to run our virtual environment. For Windows and Intel Mac users, you can use either VirtualBox or VMWare, although Mac users also have Parallels available to them. For M1 Mac users, it seems at this point in time your only option is Parallels, although VMWare has announced they’re working on support for the Apple Silicon chip. No word from VirtualBox on if they will do the same.
For this demonstration, we will be using VirtualBox. Why? It’s free, and I’m cheap — so sue me (don’t sue me).
For this, we need to browse to VirtualBox’s website and find the version that we can use.
Once you find the version you need, click the link and the download should begin immediately.
Once downloaded, run through the installer, and then you should be greeted by the super sweet virtualbox menu.
Obviously, you won’t have these virtual machines in the menu. I’ve done some virtual goofin’, hence the presence of virtual boxes.
Now that we have virtualbox installed, it’s time to get some virtual boxes- err, machines. Let’s build a similar virtual environment, comprising of a Metasploitable machine, and a Kali Linux machine.
For Kali, start at offensivesecurity.com. We’re using the bit-64 version because we got it like that.
Once it’s downloaded, go ahead and double click the ova. It should automatically create itself in virtualbox, if it doesn’t, comment down below and I can help out as needed.
For Metasploitable, go to Rapid7. The process should be the same as with Kali. Click the ova, and it will install itself onto virtualbox. Please note that the OVA format is much friendlier to the installation process.
Sick, now we have these two installed. Our final step before we lose our minds in Hackerville, is to make these two boxes privately networked and not connected to the internet. You can occasionally let Kali pull updates and upgrades from the internet if need be, but I advise you to keep your home lab nice and safe in its own isolated network. If left connected to the internet, bad guys can get a hold of it or your lab can accidentally mess with things out in the real world.
Next, right-click the machine you’re wanting to manage, go to network, and then switch the interface to host-only mode. You can also create your own host-only virtual network in virtualbox by hitting file, and then hitting host network manager.
Just like that, we have ourselves a virtual home lab. How sweet is that? You can use this to become a better and more successful professional in the IT or cybersecurity world than myself. I look forward to being fired by you in the future. Have fun!