[Tutorial] How To Set-up Pentesting Lab - Part 1

So, if you are new to Hacking and Pentesting and you want to practice your skills, you might have one or most of these issues : 1. Finding a target that is live and safe to penetrate. 2. Even when found, testing these targets is unethical and could put them in jail. 3. Thinking setting up a vulnerable lab is costly and maintenance is very time consuming. 4. Havent tried setting up vulnerable web applications like Mutillidae, DVWA (Damn Vulnerable Web Application), WebGoat, ExploitKB, etc. So no worries, as i'll be demonstrating and helping you guys set up your own Pentesting Lab. **Step 1 : Things we will need !** So, before we proceed, we will have to make sure we have all the materials and tools we need to set up a lab. 1. A Virtualization Software So, we need a Virtualization Software to set up our lab. You have the choice of selecting a Free Open source software such as [Virtual Box](https://www.virtualbox.org/wiki/Downloads) or a paid one such as [VMWare Workstation](https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_workstation/11_0). 2. A Vulnerable Distrubution After downloading the virtualization software of your choice, the next thing that you should do is download vulnerable distributions for you to hack and penetrate. Here are some of the vulnerable distributions you can try : 2.1 ***[Metasploitable](https://www.offensive-security.com/metasploit-unleashed/requirements/)***Its a vulnerable VMware virtual machine based on Ubuntu that is released by the Metasploit team in order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to penetrate. 2.2 [Hackxor](https://sourceforge.net/projects/hackxor/files/hackxor1.7z/download)a web application hacking game built by albino. Players must locate and exploit vulnerabilities to progress through the story wherein you play as a blackhat hacker hired to track down another hacker by any means possible. It contains scripts that are vulnerable to Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Structured Query Language Injection (SQLi), Remote Command Injection (RCE), and many more. This VMware machine runs on Fedora 14. SIZE : around 600 MB 2.3 [Kioptrix](http://www.kioptrix.com/blog/test-page/)Kioptrix have three VMware images and challenges which require the attacker to have a root access using any technique in order to pawn the image. 2.4 [NETinVM](http://informatica.uv.es/~carlos/docencia/netinvm/#id7)A Virtualbox or VMware image that runs a series of a series of User-mode Linux (UML) virtual machines which can be used for learning about systems, networks and security and is developed by Carlos Perez and David Perez. 2.5 [Lamp Security](http://sourceforge.net/projects/lampsecurity/)A series of vulnerable virtual machine images that are used for teaching and training an individual about the security configurations of a LAMP server. It is also a hacking dojo where you can play CTF’s and contains pages that are vulnerable to SQL Injection and other known web vulnerabilities. **Step 2 : Installation**To install or run one of the vulnerable distributions in your virtualization software like VMWare, you need to create a new virtual machine (if it is a live CD) or open a virtual machine (if it is a virtual image). In this scenario, I will focus on booting up BT5 R2 Pentesting Lab Edition with my VMware player. ***Note : This tutorial is an old tutorial posted by my friend, so we are explaining you with BT5 R2 , the procedure is same for Kali*** BT5 R2 Pentesting Lab Edition is a virtual image so I should choose the option “Open Virtual Image” then browse through the directories or the path where the virtual image is located and then click “Open”. **Step 3 : Starting the Lab**The last thing you need to do is to click the option “Play Virtual Machine” and wait for the virtual machine image to boot up or start. And because the virtual machine is already running, you can now start playing with it. You can refer to the official websites of the vulnerable distributions for their specific setups and cheat sheets so that you will be familiarized of the services that are running. In order to beef up your pentesting lab, make sure you have a LAMP (Linux / Apache /MySQL, PHP / Perl / Python) server installed on your vulnerable system. Here are vulnerable web applications you can add to your system so that you have more challenges to your web application pawning experience 3.1 [Multilidae](http://sourceforge.net/projects/mutillidae/)A free and open source web application for website penetration testing and hacking which was developed by Adrian “Irongeek” Crenshaw and Jeremy “webpwnized” Druin. It is designed to be exploitable and vulnerable and ideal for practicing your Web Fu skills like SQL injection, cross site scripting, HTML injection, Javascript injection, clickjacking, local file inclusion, authentication bypass methods, remote code execution and many more based on OWASP (Open Web Application Security) Top 10 Web Vulnerabilties. 3.2 [Webgoat](https://code.google.com/p/webgoat/)An OWASP project and a deliberately insecure J2EE web application designed to teach web application security lessons and concepts. What’s cool about this web application is that it lets users demonstrate their understanding of a security issue by exploiting a real vulnerability in the application in each lesson. 3.3 [DVWA](http://www.dvwa.co.uk/)(Dam Vulnerable Web Application) – This vulnerable PHP/MySQL web application is one of the famous web applications used for testing your skills in web penetration testing and your knowledge in manual SQL Injection, XSS, Blind SQL Injection, etc. DVWA is developed by Ryan Dewhurst a.k.a ethicalhack3r and is part of RandomStorm OpenSource project 3.4 [SQLol](https://github.com/SpiderLabs/SQLol)Is a configurable SQL injection testbed which allows you to exploit SQLI (Structured Query Language Injection) flaws, but furthermore allows a large amount of control over the manifestation of the flaw. This application was released at Austin Hackers Association meeting 0x3f by Daniel “unicornFurnace” Crowley of Trustwave Holdings, Inc. – Spider Labs. 3.5 [Bodgeit](https://code.google.com/p/bodgeit/) Is an open source and vulnerable web application which is currently aimed at people who are new to web penetration testing. It is easy to install and requires java and a servlet engine, e.g. Tomcat. It includes vulnerabilities like Cross Site Scripting, SQL injection, Hidden (but unprotected) content, Debug Code, Cross Site Request Forgery, Insecure Object References, and Application logic vulnerabilities. 3.6 [Exploit KB](http://exploit.co.il/projects/vuln-web-app/)Vulnerable Web App – is one of the most famous vulnerable web app designed as a learning platform to test various SQL injection Techniques and it is a functional web site with a content management system based on fckeditor. This web application is also included in the BackTrack Linux 5r2-PenTesting Edition lab. 3.7 [Wacko Picko](https://github.com/adamdoupe/WackoPicko)Is a vulnerable web application written by Adam Doupé. It contains known and common vulnerabilities for you to harness your web penetration skills and knowledge like XSS vulnerabilities, SQL injections, command-line injections, sessionID vulnerabilities, file inclusions, parameters manipulation, Reflected XSS Behind JavaScript, Logic Flaw, Reflected XSS Behind a Flash Form, and Weak usernames or passwords. **Conclusion :** You don’t need to pay a single penny in setting up a pentesting lab because there are a lot of vulnerable distros and web applications that are open source, free and easy to customize. All you need is virtualization software and virtual images in order to run a vulnerable lab This is one of many methods to set up a lab. If you find any of the above vulnerable distribution complex for you, then you can follow my easy setup guide which i will post it in Part 2 using 2 Virtual PC. -- xMidnightSnowx Excellent tutorial. Well done! --Stark Thank you. And i'm working on Part 2 of this tutorial ;) and few other cheat sheets ... -- xMidnightSnowx Thanks. I was looking for instructions for a lab My pleasure ;) -- xMidnightSnowx Truly a superb guide, thank you very much :) Thanks MidnightSnow. I was waiting for this kind of saving, reach-out post! Excellent guide, thanks for sharing. Only thing I would possibly add is emphasis on testing on an isolated network. It's easy to accidentally mistype an IP address and start attacking something. .... not that I ever made that mistake..... really.... You made a point xD -- xMidnightSnowx vulnhub.com is another great site if you are looking for boot-2-root style practice VMs. There are plenty there to keep you busy for awhile. There are web applications to exploit, over the network vulnerabilities, reverse engineering tasks, etc. Lots of stuff. Does anyone know sites for Dos tools ? just finding out about them as still learning ? Also what equipment would I need for setting up and off grid pentesting lab as when I get more experienced would like to explore this route Good resources. Thanks. I was using some of them already but can now add other virtual machines to my existing lab. Awesome write up. Thanks for the great info. Lots of people will benefit from this. Very clean guide - good work @xmidnightsnowx! :D https://www.vulnhub.com is also a good source for some intentionally venerable systems. they also have a lot of good step by step right ups if you get stuck. This is a really great tutorial! Thank you for putting this together. Looks good. The way I learned to "Hack" or pen-test was buy a cheap computer (this is back in the 90's when visualization software didn't work or did but cost too much) Then I would have a family member or friend put a password on it. I would then attempt to break into it. Once I did that I then got a friend that was into IT Security to password it and do basic security on it.. Again I would attempt to break into it however that time I would break into it then find the fixes to what I did. Then my friend would put medium protection..etc etc to the point that he would then remotely setup security protocols and tools in place to detect any intrusion, patch the kernel, re-configure the policies and permissions then have me attempt to break in. Doing it that way you have a better chance of learning then using games that are built with security flaws as its not real world security its fake kinda. You do learn from those ways in the pentesting lab setup but you will never be as they say 1 step ahead of a hacker. You will always be 2-5 steps behind a hacker. You need to do real world testing and the only way to do that is Setup a lab like I said. It's like defcon that do games like this called red vs blue - red or blue will defend a server and switches then red or blue will attack it..etc Doing this they have the people setup the security as tight as they can then have other people try hack it. This is real world hacking due to the fact they have real hackers or top security engineers to secure the network and have other hackers try break it compared to using the tools and software above you only learn what is told. And backtrack yes is good but its script kiddie. I know no Security consultant that used backtrack or any security loaded distro while I worked in the field. They made their own tools or used certain tools like nmap, tcpdump, snort..etc But they configured them and installed them thereselves. If you were to use backtrack in field they will think you know nothing... Great tutorial! [Proxmox](https://www.proxmox.com/en/) is another good virtualization tool that I would personally recommend. It's just Debian with a custom kernel to allow for both KVM and VM support, so you get the best of both worlds. Plus, it had a real nice interface. Would highly recommend if you've got an entire spare machine lying around or if you're comfortable with partitioning the disk on your main computer. VMWare and ESXi are great as well, I've just developed a love for Proxmox. Thank you all for your suggestions ;) Ill make the changes soon ;) -- xMidnightSnowx Thanks for the post, very helpfull for the courses Thanks so much to learn! This was a helpful tutorial. excellent write up >> recommend Thanks Thank you for posting. Great tutorials for noobs Thanks so much for the valuable information. Cheers! This is a great guide! Great work! Great guide!, I myself have and use most of what you've recommended, as well as a seperate physical lab complete with routers and switches, you have to get down and dirty with this stuff, again great write up...practice, practice,practice...oh and one last thing, you guys should get yourselves a "throwing star" LAN tap (Great Scott Gadgets)and connect it to a seperate system runing wireshark(or tshark)to monitor all the traffic while you do you lab work, get use to what stuff looks like as you do it...have fun. Excellent post, and many thanks for sharing!! :) \\m/ That's gr8 info \\m/ got my lab up and running, thanks man Awesome! Thank you for taking the time to make such a detailed post. hi Where I can download a vulnerable windows VM? Great guide, but the images aren't working for me. Awesome post, thanx :) **THANKS**! What happened to the content? Where are the images of vms? They have been disabled. Backtrack5R2 Pentesting Special edition is prohibited right?Uh ok.It wasn't free. Thanks mate, I was kind of lost till I found this. Let's say you have an older box (I do - old Dell XPS 600 ). AND because I am currently a web developer (interested in learning security) I want my old box to serve two functions. 1. Be a remote testing server for my web development and 2. Be a security lab playground. How would you set it up? What OS would you use for the base? I'm pretty sold on VMWare Workstation, but am interested in vSphere as well. (not really sure what the difference is between VMWare Workstation and vSphere).. also interested in Cpanel (as most hosts use this)... My first thought (remember I am very new to security , even really to networking, as in my current position I only have to know how to connect to certain rpc or db's.) was to have CentOs7 as my base and then vSphere or VMWare Workstation as my virtual machine maker. Any thoughts (with explanations) would be super helpful. Nice guide thanks for the post. IS THERE A PART 2? Thank you!