How to Build Your Own Virtual Lab to Practice Penetration Testing

Introduction

This tutorial will guide you through the process of setting up your own virtual lab for penetration testing using VirtualBox. By following these steps, you'll create a safe environment to practice your cybersecurity skills without any legal risks. We will install Kali Linux, Metasploitable 2, and Metasploitable 3, and configure them to work within a virtual network.

Chapter 1: Software Download

To begin, you will need to download the necessary software and virtual machines.

1. Download VirtualBox

   • Visit the VirtualBox downloads page.
   • Select the version for your operating system (Windows, Mac, or Linux) and download it.

2. Download Kali Linux

   • Go to the Kali Linux website.
   • Choose the option for pre-built virtual machines (not the installer ISO) to save time.
   • Download the latest stable version.

3. Download Metasploitable 2 and 3

   • For Metasploitable 2, download it from this link.
   • For Metasploitable 3, use this link.

4. Download 7-Zip

   • Go to the 7-Zip website and download the installer to extract the downloaded files.

Chapter 2: Installing Software

Now, let’s install the software we've just downloaded.

1. Install 7-Zip

   • Navigate to your downloads folder.
   • Double-click the 7-Zip installer and follow the prompts to install it.

2. Install VirtualBox

   • Locate the VirtualBox installer and double-click it.
   • Follow the installation prompts, leaving the default settings unless you need to change the installation path.
   • Confirm any warnings about network adapters during installation.

Chapter 3: Setting Up VirtualBox

After installing VirtualBox, you need to configure network settings and import the downloaded virtual machines.

1. Configure VirtualBox Network

   • Open VirtualBox.
   • Go to File > Host Network Manager.
   • Enable and configure a NAT network (e.g., 10.0.0.0).
   • Ensure DHCP is enabled.

2. Extract Virtual Machine Files

   • Use 7-Zip to extract the downloaded Kali Linux and Metasploitable files.
   • Move the extracted files to a dedicated folder (e.g., C:\Users\YourUsername\VirtualBox VMs).

3. Import Metasploitable Machines

   • In VirtualBox, click Import Appliance for both Metasploitable machines.
   • For Metasploitable 2 and 3, import their respective OVA files by browsing to the location where you extracted them.
   • Adjust memory settings to ensure total RAM usage is within limits (e.g., assign 512 MB to Metasploitable 2 and 3, and 3 GB to Kali).

Chapter 4: Starting the Virtual Machines

With everything set up, you can now start your virtual machines.

1. Start Each Machine

   • Select Metasploitable 2, and click Start. Repeat for Metasploitable 3 and Kali Linux.
   • As each machine boots, you may see prompts about capturing your mouse and keyboard; follow these instructions to control the machines.

2. Monitor System Resources

   • Open Task Manager to check memory usage while running the virtual machines. Aim to keep it below your system's total RAM.

Chapter 5: Configuring Kali Linux

Once you have Kali Linux running, it’s essential to configure it for optimal use.

1. Log into Kali Linux

   • Use the default login kali with the password kali.
   • Change your password for security using the command:

     passwd
     

2. Update Kali Linux

   • Run the following commands to update the operating system:

     sudo apt update
     sudo apt full-upgrade -y
     sudo apt autoremove
     

3. Install Tilix Terminal

   • For a better terminal experience, install Tilix using:

     sudo git clone https://github.com/centralinfosec/Tilix-Kali-Setup /opt/Central-InfoSec/Tilix-Kali-Setup
     sudo chmod +x /opt/Central-InfoSec/Tilix-Kali-Setup/tilix-kali-setup.sh
     sudo -E bash /opt/Central-InfoSec/Tilix-Kali-Setup/tilix-kali-setup.sh kali
     

Chapter 6: Testing Your Lab

Now that the environment is set up, you can start testing.

1. Verify Connectivity

   • Use the command:

     ping google.com
     

   • Ensure you have a working internet connection.

2. Run Nmap Scans

   • Discover the machines in your virtual network with:

     nmap -sn 10.0.0.0/24
     

   • Conduct a more comprehensive scan:

     sudo nmap -A 10.0.0.5  # Replace with the IPs of your Metasploitable machines
     

Conclusion

Congratulations! You have successfully set up a virtual lab for penetration testing using VirtualBox. You can now practice your ethical hacking skills in a safe environment. In future tutorials, you may want to expand your lab by adding more machines or exploring specific vulnerabilities. Happy testing!