{"id":178,"date":"2016-04-21T07:50:18","date_gmt":"2016-04-21T14:50:18","guid":{"rendered":"http:\/\/konukoii.com\/blog\/?p=178"},"modified":"2016-10-10T10:53:23","modified_gmt":"2016-10-10T17:53:23","slug":"pentesting-101-setting-up-your-lab","status":"publish","type":"post","link":"https:\/\/konukoii.com\/blog\/2016\/04\/21\/pentesting-101-setting-up-your-lab\/","title":{"rendered":"PenTesting 101: Setting up your lab"},"content":{"rendered":"<span class=\"span-reading-time rt-reading-time\" style=\"display: block;\"><span class=\"rt-label rt-prefix\">Reading Time: <\/span> <span class=\"rt-time\"> 4<\/span> <span class=\"rt-label rt-postfix\">minutes<\/span><\/span><p>So lately I've been diving in deep on the security world. I just started working an R&amp;D\/pen-testing job and started research at a Crypto lab. I've learned all sorts of fun and interesting things that I'd love to share with all of you. Before I go into detail about some of those things, I think it would be best if I help you set-up your own '<em>hacking<\/em>' lab. \u00a0This tutorial shouldn't take you more than 10 minutes <em>(excluding program download times).\u00a0<\/em>So let's jump right into it!<\/p>\n<p><strong><em><span style=\"text-decoration: underline;\">Step 1 : Download and Install Virtualbox<\/span><\/em><\/strong><\/p>\n<ul>\n<li>Virtualbox is a software that allows you to emulate a computer. Think of it as a computer inside a computer. Neat, huh? This is going to help us install two computer inside your machine (A victim computer, and an attacker computer). We do this because we can better control the environment and give you space to learn without messing up your computer.<\/li>\n<li>Head on over to <a href=\"http:\/\/www.virtualbox.org\" target=\"_blank\">www.virtualbox.org<\/a>\u00a0and get the version that works for your system. As a side note, you can also use VMWare, but this tutorial follows the assumption that you are using VirtualBox.<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><strong><em>Step 2 : Download and create a Kali VM<\/em><\/strong><\/span><\/p>\n<ul>\n<li>In case you haven't heard of it before, Kali is an amazing Linux <abbr title=\"distribution\">distro<\/abbr>\u00a0that comes with a bunch of pen-testing and hacking tools. This is the beast\u00a0that we will be using to break into other computers!<\/li>\n<li>Visit our awesome friends at\u00a0<a href=\"https:\/\/www.kali.org\/\" target=\"_blank\">www.kali.org<\/a>\u00a0and get the Kali that works for you (32bit\/64bit).<\/li>\n<li>Open Virtualbox and hit the <strong>New<\/strong> button<\/li>\n<li>In options choose <strong>Type: Linux<\/strong>, <strong>Version: Debian<\/strong> (32 or 64 depending on what you are installing), <strong>Memory Size: 1024<\/strong><\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-185\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali1.png\" alt=\"kali1\" width=\"419\" height=\"379\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali1.png 898w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali1-300x271.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali1-768x694.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali1-387x350.png 387w\" sizes=\"auto, (max-width: 419px) 100vw, 419px\" \/><\/p>\n<ul>\n<li>Hit create and on the next screen, give Kali at the very least <strong>9.00 GB<\/strong>. You can leave everything else as is.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-188\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali2.png\" alt=\"kali2\" width=\"419\" height=\"380\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali2.png 882w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali2-300x272.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali2-768x697.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali2-386x350.png 386w\" sizes=\"auto, (max-width: 419px) 100vw, 419px\" \/><\/p>\n<ul>\n<li>Then fire up the program by clicking\u00a0<strong>Start<\/strong> and when it asks to insert a CD select your downloaded Kali.iso (sometimes what you downloaded is a .tar or some other compressed file. You can use <a href=\"http:\/\/www.7-zip.org\/\" target=\"_blank\">7zip<\/a> to decompress.)<\/li>\n<\/ul>\n<p><em><span style=\"text-decoration: underline;\"><strong>Step 3: Download and create a Kioptix<\/strong><\/span><\/em><\/p>\n<ul>\n<li>As you might imagine, if Kali is your attack machine, Kioptix is going to be your vulnerable machine.<\/li>\n<li>Follow the same steps you did for Kali, except this time \u00a0choose\u00a0<strong>Type: Other<\/strong>, <strong>Version: Other<\/strong>, <strong>Memory Size: 512\u00a0<\/strong>(honestly Kioptix barely takes any toll on your system so you can probably get away with less),\u00a0<strong>HDD: 3.00 GB\u00a0<\/strong>(potentially even less)<\/li>\n<\/ul>\n<p><span style=\"text-decoration: underline;\"><em><strong>Step 4: Setting up an Virtualbox internal network<\/strong><\/em><\/span><\/p>\n<ul>\n<li>Now that you have your two machines you must setup the internal network that will connect both of them. Thankfully, VirtualBox has an integrated DHCP client that will emulate a network amongst your Virtual Machines.<\/li>\n<li>Find the directory where VirtualBox is installed <em>(Default:\u00a0C:\\Program Files\\Oracle\\VirtualBox)<\/em> and open a commandline here <em>(you can just shift right-click and select \"Open command window here\")<\/em><\/li>\n<li>Run the following command:\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">VBoxManage dhcpserver add -netname Testnet -ip\u00a0192.168.75.100 -netmask 255.255.255.0 -lowerip\u00a0192.168.75.101 -upperip 192.168.75.150 -enable<\/pre>\n<ul>\n<li>For the pros:\n<ul>\n<li>-netname [name] : sets the name of the network<\/li>\n<li>-ip [ip] : sets the base ip for your network<\/li>\n<li>-netmask [netmask]: you guessed it, this is the netmask<\/li>\n<li>-lowerip: lowest ip assigned to any VM<\/li>\n<li>-upperip: highest ip assigned to any VM<\/li>\n<li>-enable: turns on this dhcp server<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n<li>Now on both the Kali and Kioptix machine select Settings &gt; Network and set Adapter 1 to <strong>\"Internal Network\"\u00a0<\/strong>and Name: <strong>Testnet<\/strong><strong>\u00a0<\/strong><em>(or whatever name you gave your network).<\/em>\n<ul>\n<li><em>Optional:<\/em> If you want Kali to have access to internet too. You can setup another adapter to NAT. You might need to do more tweaking tho, cause now you have two different networks and you don't want to be accidentally pen-testing on the wrong one.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-191\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3.png\" alt=\"kali3\" width=\"419\" height=\"307\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3.png 1059w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3-300x220.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3-768x563.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3-1024x750.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali3-478x350.png 478w\" sizes=\"auto, (max-width: 419px) 100vw, 419px\" \/><\/p>\n<p><span style=\"text-decoration: underline;\"><em><strong>Step 5: Testing that everything worked out fine<\/strong><\/em><\/span><\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li>Now you can run both your VMs.<\/li>\n<li>Kioptix will automatically grab an IP.<\/li>\n<li>Kali on the other hand is flaky so to force it to grab an IP, you open the commandline and use\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">dhclient eth0<\/pre>\n<p>\u00a0<em>(Note: you might have something different than eth0, so you can check running ifconfig)<\/em><\/li>\n<li>Last but not least, just to check that everything is correct, let's try running a quick portscan:\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">nmap -f -n -P0 -v -p- -T4 192.168.75.0\/24<\/pre>\n<p>. You should see a machine with some open ports (22,80,111,139,443).<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-192\" src=\"http:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4.png\" alt=\"kali4\" width=\"419\" height=\"208\" srcset=\"https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4.png 1311w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4-300x149.png 300w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4-768x382.png 768w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4-1024x509.png 1024w, https:\/\/konukoii.com\/blog\/wp-content\/uploads\/2016\/04\/kali4-700x348.png 700w\" sizes=\"auto, (max-width: 419px) 100vw, 419px\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Congratulations! You are now done, and you have just set up a perfect\u00a0environment\u00a0to learn some\u00a0pen-testing. \u00a0\ud83d\ude42\u00a0<\/strong><\/p>\n<p>Stay tuned because, later I will show you some basic pen-testing techniques, and we will actually break into that Kioptix machine!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So lately I've been diving in deep on the security world. I just started working&#8230;<\/p>\n<div class=\"more-link-wrapper\"><a class=\"more-link\" href=\"https:\/\/konukoii.com\/blog\/2016\/04\/21\/pentesting-101-setting-up-your-lab\/\">Read the post<span class=\"screen-reader-text\">PenTesting 101: Setting up your lab<\/span><\/a><\/div>\n","protected":false},"author":1,"featured_media":193,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,32],"tags":[47,48,46,45,26],"class_list":["post-178","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-compsec","category-tutorials","tag-kali","tag-kioptix","tag-netsec","tag-pentesting","tag-tutorial","excerpt","zoom","full-without-featured","even","excerpt-0"],"_links":{"self":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/comments?post=178"}],"version-history":[{"count":7,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/178\/revisions"}],"predecessor-version":[{"id":195,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/posts\/178\/revisions\/195"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media\/193"}],"wp:attachment":[{"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/media?parent=178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/categories?post=178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/konukoii.com\/blog\/wp-json\/wp\/v2\/tags?post=178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}