# Setup your pentest lab
## Virtualbox
### Create your virtual attacking machine with Kali Linux
1. Download Virtualbox and install it:
2. Download Virtualbox and install it from here
3. Download the lastest kali linux virtualbox image (it is going to be our attacker machine) Make sure to take the virtualbox image and not the vmware one:
4. Install Kali:
* Go to virtualbox and click on « File » > « Import Appliance… »
* Click on the yellow folder and navigate to the image of kali you downloaded, select it and click on open
* Click on next and then click on import. It will take a little while… And then launch it for the first time. Username should be kali and password kali but you can find this info on their website or on the description of your machine in virtualbox
### How to use vulnerable VM to practice
* Once your have your kali installed, you can also take vulnerable machines to practice on them.
* The idea here is to connect your kali with this machine so that you can hack it from your kali.
#### Where to find vulnerable machines
* [Vulnhub](https://www.vulnhub.com/)
* [OWASP Vulnerable Web Applications Directory](https://owasp.org/www-project-vulnerable-web-applications-directory/)
**IMPORTANT NOTICE: These are vulnerable machines so use with caution. Also always check and research about a machine before installing it**
### How to connect your kali with another machine
* Once you have chosen the machine you wish to try, and deployed it, you will need to connect it.
* In this example I am going to show you how to proceed with Metasploitable 2. You can find it [here](https://www.vulnhub.com/entry/metasploitable-2,29/).
#### Install Metasploitable 2
* Unzip the downloaded file in a folder you will easily find later
* Go to virtualbox click on new machine
* Give a name to your new machine I will call it Metasploitable
* Choose the type Linux and Version Ubuntu\
* Choose how much ram you need (1go should be enough)\
**Be careful here to also leave resources to your host and calculate this also with your kali. You will need: enough resources for your host, your kali and your vulnerable machine.**\
* On the next window click on "use an existing virtualdisk file"\
* Click on the yellow folder
* Click on add
* Navigate to the metasploitable folder you have just dowloaded and select the .vdmk file
* Select it and then click on choose
* Finally click on create
* You can now start the machine for the first time (it should take a few minutes to start login is `msfadmin` and password is `msfadmin`)
* Shut down the machine
### Connect Kali and Metasploitable 2 together
* Both machine should be shut down for this process
* Go to virtualbox
* Click on file > preferences > network
* Click on the plus
* Rename the network as you like or leave it like this
* And click on ok
* Click on Metasploitable
* Settings
* Network
* And select Nat Network from the dropdown menu
* And then ok
* Ensure that Allows VM is selected in promiscuous mode
* Do the Same for the kali machine
* Launch both the machine\
\&#xNAN;*For more information on connection of VM together you can refer to* [*this link*](https://www.virtualbox.org/manual/ch06.html)\
### Check if our machines can communicate
* In your Metasploitable type `ip a` and check your ip address
* In you kali open the terminal and type ping
* In my case: ping 10.0.2.4
* My kali can access metasploitable\
* Now type `ip a` in your kali and ping it from your Metasploitable.
* They can connect to each other both ways.
## Docker
* `sudo apt install docker.io` install docker
* `sudo systemctl status docker` check docker status
* `sudo systemctl start docker` start docker (if not started)
* `sudo docker run hello-world` check the install
* `sudo docker pull parrotsec/security:latest` pull a parrot img
* `sudo docker run -it --name parrotos parrotsec/security`
* `sudo docker exec -it parrotos bash` start parrot OS when we need it
* If you are using a vpn or need to use your host network you can also create a container that will do this with the option --net `sudo docker run -it --name parrotos-route-host parrotsec/security --net=host`
* If you want to use files from your host (say you want to use openvpn from docker and you need to use your ovpn file) you can use the `-v` option `docker run -it --name parrotos-shared-files -v /path/on/host:/path/inside/container parrotsec/security`
### Useful commands
* `sudo docker start parrotos` start the container parrotos
* `sudo docker stop parrotos` stop a container parrotos
* `sudo docker ps` see containers
* `sudo docker stats` see the status of our containers
* `ctrl + d` exit from an existing container
* To remove an a container `sudo docker rm container-name`
## AWS
{% embed url="" %}
FREE Kali Linux in the Cloud (AWS) - NetworkChuck
{% endembed %}
## Digital Ocean
### COMING SOON
* [Digital Ocean](https://www.digitalocean.com/pricing)
## Resources
### Alternative labs for general pentests
{% embed url="" %}
How to get started with pentesting - csbygb blog
{% endembed %}
{% embed url="" %}
Official guide - Metasploitatble 2 installation and details
{% endembed %}
{% embed url="" %}
Official guide - Metasploitable 2 Exploitability Guide
{% endembed %}
{% embed url="" %}
Building a Pentest lab with Docker - Ian Muchina
{% endembed %}
{% embed url="" %}
Running Parrot OS on Docker inside Windows! - Sepehr
{% endembed %}
{% embed url="" %}
Docker documentation
{% endembed %}
{% embed url="" %}
How to Run GUI Applications in a Docker Container - James Walker
{% endembed %}
{% embed url="" %}
Docker for Pentester: Pentesting Framework - Raj Chandel
{% endembed %}
### Labs for specific pentests
#### Thick Client
{% embed url="" %}
Thick Client Pentest Lab Setup: DVTA - Raj Chandel
{% endembed %}
{% embed url="" %}
Thick Client Pentest Lab Setup: DVTA (Part 2) - Raj Chandel
{% endembed %}
#### API
{% embed url="" %}
API pentest - CSbyGB Pentips
{% endembed %}
#### Android
{% embed url="" %}
Android Pentest - CSbyGB Pentips
{% endembed %}
{% embed url="" %}
Android Pentest Lab Setup & ADB Command Cheatsheet - Raj Chandel
{% endembed %}
#### Firewalls
{% embed url="" %}
Firewall Lab Setup : FortiGate - Raj Chandel
{% endembed %}
{% embed url="" %}
Firewall Lab Setup: Untangle - Raj Chandel
{% endembed %}
{% embed url="" %}
Firewall Pentest Lab Setup with pfsense in VMware - Raj Chandel
{% endembed %}
{% embed url="" %}
Setup Firewall Pentest Lab using Clear OS - Raj Chandel
{% endembed %}
{% embed url="" %}
Lab setup - White Winter Wolf
{% endembed %}
#### Jenkins
{% embed url="" %}
Penetration Testing Lab Setup: Jenkins - Raj Chandel
{% endembed %}
#### SNMP
{% embed url="" %}
SNMP Lab Setup and Penetration Testing - Raj Chandel
{% endembed %}
#### IDS IPS
{% embed url="" %}
IDS, IPS Penetration Testing Lab Setup with Snort (Manually) - Raj Chandel
{% endembed %}
#### Cloud
{% embed url="" %}
Penetration Testing Lab Setup:Cloud Computing - Raj Chandel
{% endembed %}
#### Tomcat
{% embed url="" %}
Penetration Testing Lab Setup:Tomcat - Raj Chandel
{% endembed %}
#### Memcached
{% embed url="" %}
Penetration Testing Lab Setup: Memcached - Raj Chandel
{% endembed %}
#### Microsocks
{% embed url="" %}
Penetration Testing Lab Setup: Microsocks - Raj Chandel
{% endembed %}
#### Proxies
{% embed url="" %}
Penetration Testing Lab Setup: Squid Proxy - Raj Chandel
{% endembed %}
#### VOIP
{% embed url="" %}
Penetration Testing Lab Setup: VOIP - Raj Chandel
{% endembed %}
#### SMTP
{% embed url="" %}
SMTP Pentest Lab Setup in Ubuntu (Port 25) - Raj Chandel
{% endembed %}
#### Routers
{% embed url="" %}
How to Setup VyOS (Virtual Router Pentest Lab) - Raj Chandel
{% endembed %}
#### Active Directory
{% embed url="" %}
How to Build a Cheap Active Directory Pen Test Lab in AWS Without Any Effort - Chris Thompson
{% endembed %}