Setup your pentest lab
Last updated
Last updated
Download Virtualbox and install it: https://www.virtualbox.org/
Download Virtualbox and install it from here
Download the lastest kali linux virtualbox image (it is going to be our attacker machine) Make sure to take the virtualbox image and not the vmware one:
Install Kali:
Go to virtualbox and click on « File » > « Import Appliance… »
Click on the yellow folder and navigate to the image of kali you downloaded, select it and click on open
Click on next and then click on import. It will take a little while… And then launch it for the first time. Username should be kali and password kali but you can find this info on their website or on the description of your machine in virtualbox
Once your have your kali installed, you can also take vulnerable machines to practice on them.
The idea here is to connect your kali with this machine so that you can hack it from your kali.
IMPORTANT NOTICE: These are vulnerable machines so use with caution. Also always check and research about a machine before installing it
Once you have chosen the machine you wish to try, and deployed it, you will need to connect it.
Unzip the downloaded file in a folder you will easily find later
Go to virtualbox click on new machine
Give a name to your new machine I will call it Metasploitable
Click on the yellow folder
Click on add
Navigate to the metasploitable folder you have just dowloaded and select the .vdmk file
Select it and then click on choose
Finally click on create
You can now start the machine for the first time (it should take a few minutes to start login is msfadmin and password is msfadmin)
Shut down the machine
Both machine should be shut down for this process
Go to virtualbox
Click on file > preferences > network
Click on the plus
Rename the network as you like or leave it like this
And click on ok
Click on Metasploitable
Settings
Network
And select Nat Network from the dropdown menu
And then ok
Ensure that Allows VM is selected in promiscuous mode
Do the Same for the kali machine
In your Metasploitable type ip a and check your ip address
In you kali open the terminal and type ping
In my case: ping 10.0.2.4
Now type ip a in your kali and ping it from your Metasploitable.
They can connect to each other both ways.
sudo apt install docker.io install docker
sudo systemctl status docker check docker status
sudo systemctl start docker start docker (if not started)
sudo docker run hello-world check the install
sudo docker pull parrotsec/security:latest pull a parrot img
sudo docker run -it --name parrotos parrotsec/security
sudo docker exec -it parrotos bash start parrot OS when we need it
If you are using a vpn or need to use your host network you can also create a container that will do this with the option --net sudo docker run -it --name parrotos-route-host parrotsec/security --net=host
If you want to use files from your host (say you want to use openvpn from docker and you need to use your ovpn file) you can use the -v option docker run -it --name parrotos-shared-files -v /path/on/host:/path/inside/container parrotsec/security
sudo docker start parrotos start the container parrotos
sudo docker stop parrotos stop a container parrotos
sudo docker ps see containers
sudo docker stats see the status of our containers
ctrl + d exit from an existing container
To remove an a container sudo docker rm container-name
In this example I am going to show you how to proceed with Metasploitable 2. You can find it .
Choose the type Linux and Version Ubuntu
Choose how much ram you need (1go should be enough) Be careful here to also leave resources to your host and calculate this also with your kali. You will need: enough resources for your host, your kali and your vulnerable machine.
On the next window click on "use an existing virtualdisk file"
Launch both the machine For more information on connection of VM together you can refer to
My kali can access metasploitable
