CSbyGB - Pentips
Buy me a tea
  • CS By GB - PenTips
    • Welcome to CSbyGB's Pentips
  • Networking, Protocols and Network pentest
    • Basics
    • DNS
    • FTP
    • HTTP & HTTPS
    • IMAP
    • IPMI
    • MSSQL
    • MYSQL
    • NFS
    • Oracle TNS
    • POP3
    • RDP
    • RPC
    • Rservices
    • Rsync
    • SMB
    • SMTP
    • SNMP
    • SSH
    • VOIP and related protocols
    • Winrm
    • WMI
    • Useful tips when you find unknown ports
  • Ethical Hacking - General Methodology
    • Introduction
    • Information Gathering
    • Scanning & Enumeration
    • Exploitation (basics)
    • Password Attacks
    • Post Exploitation
    • Lateral Movement
    • Proof-of-Concept
    • Post-Engagement
    • MITRE ATT&CK
  • External Pentest
    • External Pentest
  • Web Pentesting
    • Introduction to HTTP and web
    • Enumeration
    • OWASP Top 10
    • General Methodo & Misc Tips
    • Web Services and API
    • Vunerabilities and attacks
      • Clickjacking
      • CORS (Misconfigurations)
      • CSRF
      • SSRF
      • Bypass captcha
      • Template Injection (client and server side)
      • MFA bypass
      • XXE
    • Exposed git folder
    • Docker exploitation and Docker vulnerabilities
    • Websockets
  • Mobile App Pentest
    • Android
    • IOS
  • Wireless Pentest
    • Wireless pentest
  • Cloud Pentest
    • Cloud Pentest
    • Google Cloud Platform
    • AWS
  • Thick Client Pentest
    • Thick Client
  • Hardware Pentest
    • ATM
    • IoT
  • Secure Code Review
    • Secure code review
    • Java notes for Secure Code Review
  • AI & AI Pentest
    • MITRE ATLAS
    • OWASP ML and LLM
    • Hugging face
    • AI Python
    • Gemini
    • Ollama
  • Checklist
    • Web Application and API Pentest Checklist
    • Linux Privesc Checklist
    • Mobile App Pentest Checklist
  • Tools
    • Burpsuite
    • Android Studio
    • Frida
    • CrackMapExec
    • Netcat and alternatives
    • Nmap
    • Nuclei
    • Evil Winrm
    • Metasploit
    • Covenant
    • Mimikatz
    • Passwords, Hashes and wordlist tools
    • WFuzz
    • WPScan
    • Powershell Empire
    • Curl
    • Vulnerability Scanning tools
    • Payload Tools
    • Out of band Servers
    • STEWS
    • Webcrawlers
    • Websocat
  • VM and Labs
    • General tips
    • Setup your pentest lab
  • Linux
    • Initial Foothold
    • Useful commands and tools for pentest on Linux
    • Privilege Escalation
      • Kernel Exploits
      • Password and file permission
      • Sudo
      • SUID
      • Capabilities
      • Scheduled tasks
      • NFS Root Squashing
      • Services
      • PATH Abuse
      • Wildcard Abuse
      • Privileged groups
      • Exploit codes Cheat Sheet
  • Windows
    • Offensive windows
    • Enumeration and general Win tips
    • Privilege Escalation
    • Active Directory
    • Attacking Active Directory
      • LLMNR Poisoning
      • SMB Relay Attacks
      • Shell Access
      • IPv6 Attacks
      • Passback Attacks
      • Abusing ZeroLogon
    • Post-Compromise Enumeration
      • Powerview or SharpView (.NET equivalent)
      • AD Manual Enumeration
      • Bloodhound
      • Post Compromise Enumeration - Resources
    • Post Compromise Attacks
      • Pass the Password / Hash
      • Token Impersonation - Potato attacks
      • Kerberos
      • GPP/cPassword Attacks
      • URL File Attack
      • PrintNightmare
      • Printer Bug
      • AutoLogon exploitation
      • Always Installed Elevated exploitation
      • UAC Bypass
      • Abusing ACL
      • Unconstrained Delegation
    • Persistence
    • AV Evasion
    • Weaponization
    • Useful commands in Powershell, CMD and Sysinternals
    • Windows Internals
  • Programming
    • Python programming
    • My scripts
    • Kotlin
  • Binary Exploitation
    • Assembly
    • Buffer Overflow - Stack based - Winx86
    • Buffer Overflow - Stack based - Linux x86
  • OSINT
    • OSINT
    • Create an OSINT lab
    • Sock Puppets
    • Search engines
    • OSINT Images
    • OSINT Email
    • OSINT Password
    • OSINT Usernames
    • OSINT People
    • OSINT Social Media
    • OSINT Websites
    • OSINT Business
    • OSINT Wireless
    • OSINT Tools
    • Write an OSINT report
  • Pentester hardware toolbox
    • Flipper Zero
    • OMG cables
    • Rubber ducky
  • Post Exploitation
    • File transfers between target and attacking machine
    • Maintaining Access
    • Pivoting
    • Cleaning up
  • Reporting
    • How to report your findings
  • Red Team
    • Red Team
    • Defenses Enumeration
    • AV Evasion
  • Writeups
    • Hackthebox Tracks
      • Hackthebox - Introduction to Android Exploitation - Track
    • Hackthebox Writeups
      • Hackthebox - Academy
      • Hackthebox - Access
      • Hackthebox - Active
      • Hackthebox - Ambassador
      • Hackthebox - Arctic
      • Hackthebox - Awkward
      • Hackthebox - Backend
      • Hackthebox - BackendTwo
      • Hackthebox - Bastard
      • Hackthebox - Bastion
      • Hackthebox - Chatterbox
      • Hackthebox - Devel
      • Hackthebox - Driver
      • Hackthebox - Explore
      • Hackthebox - Forest
      • Hackthebox - Good games
      • Hackthebox - Grandpa
      • Hackthebox - Granny
      • Hackthebox - Inject
      • Hackthebox - Jeeves
      • Hackthebox - Jerry
      • Hackthebox - Lame
      • Hackthebox - Late
      • Hackthebox - Love
      • Hackthebox - Mentor
      • Hackthebox - MetaTwo
      • Hackthebox - Monteverde
      • Hackthebox - Nibbles
      • Hackthebox - Optimum
      • Hackthebox - Paper
      • Hackthebox - Photobomb
      • Hackthebox - Poison
      • Hackthebox - Precious
      • Hackthebox - Querier
      • Hackthebox - Resolute
      • Hackthebox - RouterSpace
      • Hackthebox - Sauna
      • Hackthebox - SecNotes
      • Hackthebox - Shoppy
      • Hackthebox - Soccer
      • Hackthebox - Steamcloud
      • Hackthebox - Toolbox
      • Hackthebox - Vault
      • Hackthebox - Updown
    • TryHackme Writeups
      • TryHackMe - Anonymous
      • TryHackMe - Blaster
      • TryHackMe - CMesS
      • TryHackMe - ConvertMyVideo
      • TryHackMe - Corridor
      • TryHackMe - LazyAdmin
      • TryHackMe - Looking Glass
      • TryHackMe - Nahamstore
      • TryHackMe - Overpass3
      • TryHackMe - OWASP Top 10 2021
      • TryHackMe - SimpleCTF
      • TryHackMe - SQL Injection Lab
      • TryHackMe - Sudo Security Bypass
      • TryHackMe - Tomghost
      • TryHackMe - Ultratech
      • TryHackMe - Vulnversity
      • TryHackMe - Wonderland
    • Vulnmachines Writeups
      • Web Labs Basic
      • Web Labs Intermediate
      • Cloud Labs
    • Mobile Hacking Lab
      • Mobile Hacking Lab - Lab - Config Editor
      • Mobile Hacking Lab - Lab - Strings
    • Portswigger Web Security Academy Writeups
      • PS - DomXSS
      • PS - Exploiting vulnerabilities in LLM APIs
    • OWASP projects and challenges writeups
      • OWASP MAS Crackmes
    • Vulnerable APIs
      • Vampi
      • Damn Vulnerable Web Service
      • Damn Vulnerable RESTaurant
    • Various Platforms
      • flAWS 1&2
  • Digital skills
    • How to make a gitbook
    • Marp
    • Linux Tips
    • Docker
    • VSCodium
    • Git Tips
    • Obsidian
  • Durable skills
    • Durable skills wheel/Roue des compétences durables
  • Projects
    • Projects
      • Technical Projects
      • General Projects
  • Talks
    • My Talks about Web Pentest
    • My talks about Android Application hacking
    • Other of my talks and Podcast
  • Resources
    • A list of random resources
Powered by GitBook
On this page
  • Virtualbox
  • Create your virtual attacking machine with Kali Linux
  • How to use vulnerable VM to practice
  • How to connect your kali with another machine
  • Connect Kali and Metasploitable 2 together
  • Check if our machines can communicate
  • Docker
  • Useful commands
  • AWS
  • Digital Ocean
  • COMING SOON
  • Resources
  • Alternative labs for general pentests
  • Labs for specific pentests
  1. VM and Labs

Setup your pentest lab

PreviousGeneral tipsNextInitial Foothold

Last updated 10 months ago

Virtualbox

Create your virtual attacking machine with Kali Linux

  1. Download Virtualbox and install it: https://www.virtualbox.org/

  2. Download Virtualbox and install it from here

  3. Download the lastest kali linux virtualbox image (it is going to be our attacker machine) Make sure to take the virtualbox image and not the vmware one:

Kali
  1. Install Kali:

  • Go to virtualbox and click on « File » > « Import Appliance… »

  • Click on the yellow folder and navigate to the image of kali you downloaded, select it and click on open

  • Click on next and then click on import. It will take a little while… And then launch it for the first time. Username should be kali and password kali but you can find this info on their website or on the description of your machine in virtualbox

How to use vulnerable VM to practice

  • Once your have your kali installed, you can also take vulnerable machines to practice on them.

  • The idea here is to connect your kali with this machine so that you can hack it from your kali.

Where to find vulnerable machines

IMPORTANT NOTICE: These are vulnerable machines so use with caution. Also always check and research about a machine before installing it

How to connect your kali with another machine

  • Once you have chosen the machine you wish to try, and deployed it, you will need to connect it.

Install Metasploitable 2

  • Unzip the downloaded file in a folder you will easily find later

  • Go to virtualbox click on new machine

  • Give a name to your new machine I will call it Metasploitable

    • Click on the yellow folder

    • Click on add

    • Navigate to the metasploitable folder you have just dowloaded and select the .vdmk file

    • Select it and then click on choose

    • Finally click on create

  • You can now start the machine for the first time (it should take a few minutes to start login is msfadmin and password is msfadmin)

  • Shut down the machine

Connect Kali and Metasploitable 2 together

  • Both machine should be shut down for this process

  • Go to virtualbox

  • Click on file > preferences > network

  • Click on the plus

  • Rename the network as you like or leave it like this

  • And click on ok

  • Click on Metasploitable

  • Settings

  • Network

  • And select Nat Network from the dropdown menu

  • And then ok

  • Ensure that Allows VM is selected in promiscuous mode

  • Do the Same for the kali machine

Check if our machines can communicate

  • In your Metasploitable type ip a and check your ip address

  • In you kali open the terminal and type ping

    • In my case: ping 10.0.2.4

  • Now type ip a in your kali and ping it from your Metasploitable.

  • They can connect to each other both ways.

Docker

  • sudo apt install docker.io install docker

  • sudo systemctl status docker check docker status

  • sudo systemctl start docker start docker (if not started)

  • sudo docker run hello-world check the install

  • sudo docker pull parrotsec/security:latest pull a parrot img

  • sudo docker run -it --name parrotos parrotsec/security

  • sudo docker exec -it parrotos bash start parrot OS when we need it

  • If you are using a vpn or need to use your host network you can also create a container that will do this with the option --net sudo docker run -it --name parrotos-route-host parrotsec/security --net=host

  • If you want to use files from your host (say you want to use openvpn from docker and you need to use your ovpn file) you can use the -v option docker run -it --name parrotos-shared-files -v /path/on/host:/path/inside/container parrotsec/security

Useful commands

  • sudo docker start parrotos start the container parrotos

  • sudo docker stop parrotos stop a container parrotos

  • sudo docker ps see containers

  • sudo docker stats see the status of our containers

  • ctrl + d exit from an existing container

  • To remove an a container sudo docker rm container-name

AWS

Digital Ocean

COMING SOON

Resources

Alternative labs for general pentests

Labs for specific pentests

Thick Client

API

Android

Firewalls

Jenkins

SNMP

IDS IPS

Cloud

Tomcat

Memcached

Microsocks

Proxies

VOIP

SMTP

Routers

Active Directory

Import

In this example I am going to show you how to proceed with Metasploitable 2. You can find it .

Choose the type Linux and Version Ubuntu

Choose how much ram you need (1go should be enough) Be careful here to also leave resources to your host and calculate this also with your kali. You will need: enough resources for your host, your kali and your vulnerable machine.

On the next window click on "use an existing virtualdisk file"

-014

Launch both the machine For more information on connection of VM together you can refer to

My kali can access metasploitable

Vulnhub
OWASP Vulnerable Web Applications Directory
here
Digital Ocean
this link
FREE Kali Linux in the Cloud (AWS) - NetworkChuck
https://raw.githubusercontent.com/CSbyGB/csbygb.github.io/main/_posts/2022-10-02-how-to-get-started.md
How to get started with pentesting - csbygb blog
Metasploitable 2 | Metasploit Documentation
Official guide - Metasploitatble 2 installation and details
Logo
Metasploitable 2 Exploitability Guide | Metasploit Documentation
Official guide - Metasploitable 2 Exploitability Guide
Logo
What is Docker?Medium
Building a Pentest lab with Docker - Ian Muchina
Running Parrot OS on Docker inside Windows!Medium
Running Parrot OS on Docker inside Windows! - Sepehr
docker runDocker Documentation
Docker documentation
Logo
How to Run GUI Applications in a Docker ContainerHow-To Geek
How to Run GUI Applications in a Docker Container - James Walker
Docker for Pentester: Pentesting Framework - Hacking ArticlesHacking Articles
Docker for Pentester: Pentesting Framework - Raj Chandel
Thick Client Pentest Lab Setup: DVTA - Hacking ArticlesHacking Articles
Thick Client Pentest Lab Setup: DVTA - Raj Chandel
Logo
Logo
Thick Client Pentest Lab Setup: DVTA (Part 2) - Hacking ArticlesHacking Articles
Thick Client Pentest Lab Setup: DVTA (Part 2) - Raj Chandel
Logo
Coming soon
APICSbyGB - Pentips
API pentest - CSbyGB Pentips
AndroidCSbyGB - Pentips
Android Pentest - CSbyGB Pentips
Android Pentest Lab Setup & ADB Command Cheatsheet - Hacking ArticlesHacking Articles
Android Pentest Lab Setup & ADB Command Cheatsheet - Raj Chandel
Logo
Firewall Lab Setup : FortiGate - Hacking ArticlesHacking Articles
Firewall Lab Setup : FortiGate - Raj Chandel
Logo
Firewall Lab Setup: Untangle - Hacking ArticlesHacking Articles
Firewall Lab Setup: Untangle - Raj Chandel
Logo
Firewall Pentest Lab Setup with pfsense in VMware - Hacking ArticlesHacking Articles
Firewall Pentest Lab Setup with pfsense in VMware - Raj Chandel
Logo
Setup Firewall Pentest Lab using Clear OS - Hacking ArticlesHacking Articles
Setup Firewall Pentest Lab using Clear OS - Raj Chandel
Logo
Labwwwolf_sec
Lab setup - White Winter Wolf
Penetration Testing Lab Setup: Jenkins - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup: Jenkins - Raj Chandel
Logo
SNMP Lab Setup and Penetration Testing - Hacking ArticlesHacking Articles
SNMP Lab Setup and Penetration Testing - Raj Chandel
Logo
IDS, IPS Penetration Testing Lab Setup with Snort (Manually) - Hacking ArticlesHacking Articles
IDS, IPS Penetration Testing Lab Setup with Snort (Manually) - Raj Chandel
Logo
Penetration Testing Lab Setup:Cloud Computing - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup:Cloud Computing - Raj Chandel
Logo
Penetration Testing Lab Setup:Tomcat - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup:Tomcat - Raj Chandel
Logo
Penetration Testing Lab Setup: Memcached - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup: Memcached - Raj Chandel
Logo
Penetration Testing Lab Setup: Microsocks - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup: Microsocks - Raj Chandel
Logo
Penetration Testing Lab Setup: Squid Proxy - Hacking ArticlesHacking Articles
Penetration Testing Lab Setup: Squid Proxy - Raj Chandel
Penetration Testing Lab Setup: VOIP - Raj Chandel
Logo
Penetration Testing Lab Setup: VOIP - Hacking ArticlesHacking Articles
Logo
SMTP Pentest Lab Setup in Ubuntu (Port 25) - Hacking ArticlesHacking Articles
SMTP Pentest Lab Setup in Ubuntu (Port 25) - Raj Chandel
Logo
How to Setup VyOS (Virtual Router Pentest Lab) - Hacking ArticlesHacking Articles
How to Setup VyOS (Virtual Router Pentest Lab) - Raj Chandel
Logo
How to Build a Cheap Active Directory Pen Test Lab in AWS Without Any EffortFocalPointDR
How to Build a Cheap Active Directory Pen Test Lab in AWS Without Any Effort - Chris Thompson
Logo
Logo
Logo
Logo
Logo
Logo
Logo