One of main problems I found when starting to hack was finding vulnerable targets to attack and hone your skills, these targets can be anything from virtual machines to repurposed hardware.
You can then take these skills you have learnt and use them in the wild with a better understanding of what your actually doing and if you break any thing its no bother, you can just quickly restore from a snapshot or just re-format the box.
So go dig out your old equipment and lets start making our lab.
If you have a powerful PC (a computer with minimum of 4GB RAM) you should be able to run a few virtual machines in your test lab at the same time.
The amount of virtual machines you can run simultaneously comes down to how much memory you have installed in the host machine and how much you have assigned for each virtual machine, as this is only a lab each virtual machine really only needs the bare minimum to run, but if you find the virtual machine is slow and totally unusable the virtualization software makes it so easy to tweak the settings.
The three most common free virtualization software:
- Oracle VirtualBox
(Open source and can be used on all platforms windows, Linux or mac and is what I will be using in all my tutorials)
- VMware Player
(also works on all platforms but you need to register or create a free account with VMware before you can download it)
(Free with most versions of windows 8, 8.1 and 10)
You need to make sure you supply enough memory to your host and guest operating systems otherwise you will get all sorts of crashes and system failures. Use the guide below to aid you in deciding the amount of RAM needed for each Virtual Machine.
Linux – 512 MB of RAM ( 1GB is recommended)
Kali 2.0 – 1GB of RAM (2GB recommended)
Metasploitable 256MB of RAM (512 MB recommended)
Windows – 1GB of RAM (2GB recommended)
Got a 10 year old pc that has been sitting in a cupboard for the past 4 years, moved from ADSL to Fiber and you still got the old router, you can use it all.
Same as with the virtual machines its only a test environment so they don’t need to be the fastest machines, they just need to still work and be able to run an operating system, even if say “the hard disk is dead” in a old laptop you can run a windows or Linux live boot CD/USB which will just run from memory with no need of a hard disk giving you a perfectly working machine.
Old routers you can make them into WIFI access points, which you can try different techniques to attack without the worry of getting caught, or even attack the access point and check to see what sort of logs are generated during the attack, so you would then know if it was happening to you.
If your not like me and have bits of old tech all over the place, you can quite cheaply pick up old technology on ebay that people just want to get rid of.
Installing Virtual Box
sudo apt-get install virtualbox-dkms
sudo apt-get install Linux-headers-generic
sudo apt-get install virtualbox-qt
Download the latest version of Virtualbox from oracles download page https://www.virtualbox.org/wiki/Downloads.
Run the .exe next, next, next and you have a shiny new Virtualbox installed.
Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.
Download play with all the preinstalled tools, but remember its just a Linux distro and you can just as easily install the tools into another distro of Linux. If you have never used Linux before I would suggest getting to grips with Mint or Ubuntu first. what a lot of people starting out do is try and run kali as a host OS and its not really designed for that.
The latest Kali 2.0 ISO can be downloaded from https://www.kali.org/downloads/
Check out my Guide to Installing Kali Linux
Metasploitable is a vulnerable virtual machine based on Ubuntu that is released by the Metasploit team in a order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to hack.
You can download Metasploitable 2 from sourceforge
Once you have downloaded the VM, extract the zip file. open vmdk using virtualbox and power it on. after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin
Never expose this Virtual Machine to an untrusted network, use Nat or Host-only mode!
Making a Vulnerable Windows Environment
Once you fire up a few Windows Virtual machines, you may want to install older versions of software so that you can test exploits of known vulnerabilities. Most software providers don’t include older versions of their software on their sites, luckily you can download these at www.oldapps.com
After you have installed your software, make sure you open the relevant ports or disable the windows firewall and UAC (User Account Control).
——-Edit 20/7/2016 —————
The mighty Iron Geek (Adrian Crenshaw) posted two great talks from confrenceses regarding setting up a home lab check them out below