Part 12 - Environment Setup

Video Activity

In this final video in the module we go over setting up your pentesting environment. The key steps include: - Install Kali 2.0 on test box. - Download virtual images and configure your virtualized environment. - Download pentester.com exercises. - Download and install Arachni scanner - Create multiple VMs and establish networking between them. This...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5
Video Description

In this final video in the module we go over setting up your pentesting environment. The key steps include: - Install Kali 2.0 on test box. - Download virtual images and configure your virtualized environment. - Download pentester.com exercises. - Download and install Arachni scanner - Create multiple VMs and establish networking between them. This is required for injection attacks.

Video Transcription
00:03
>> Welcome to Cybrary.
00:03
I'm Raymond Evans, and I will
00:03
be your subject matter expert
00:03
for Cybrary's Web App Penetration Testing course.
00:03
In this video, we will be discussing environment setup.
00:03
What will we covered?
00:03
We're going to be talking about what to download,
00:03
how to install, and set up
00:03
your Kali 2 box, and the PentesterLabs,
00:03
and how to set them up.
00:03
What to download? Well,
00:03
first you're going to want to go to the
00:03
offensive-security.com website, and download
00:03
the newest image of Kali.
00:03
You could also go to the Kali website
00:03
and download from there.
00:03
However, it's best to download
00:03
the pre-made VMware image
00:03
that they have rather than an ISO because
00:03
sometimes the ISOs act
00:03
funny when you try to install them.
00:03
Let's go, and look at what I'm talking about.
00:03
[NOISE] Here I am,
00:03
on the Kali page, and you'll
00:03
see these different ISO images here.
00:03
Now you're not going to want to download them.
00:03
What I want to do is go down to
00:03
the Kali Virtual Images, and go to that page.
00:03
We already have it up here,
00:03
and you're going to want to download one
00:03
of these VM images.
00:03
They have a pre-built Kali VMware image,
00:03
and then a VirtualBox image.
00:03
Whichever software you might
00:03
be using to run your virtualized environment,
00:03
if you have a preference,
00:03
go with that virtualized environments software.
00:03
Next, we're going to download VMware player,
00:03
so just go to the VMware website,
00:03
go to the downloads,
00:03
>> and you'll be able to find it there.
00:03
>> You can also just type this link
00:03
in here and go directly to it.
00:03
When you're downloading your Kali 2 virtual image
00:03
if you decide to use VMware player,
00:03
download the VMware player version
00:03
of the Kali virtual machine image.
00:03
If you go to that link,
00:03
this is the page that you will see.
00:03
If you have Windows, or Linux, you're choosing,
00:03
download the appropriate software
00:03
and finally, PentesterLabs environments.
00:03
You'll want to go to the pentesterlab.com/exercises,
00:03
and any environment we may
00:03
be coming across in this course,
00:03
that's where they will be located at.
00:03
Next, we're going to go on to how to setup
00:03
Kali 2 and it's also suggested at
00:03
this step that you download the Arachni tool
00:03
from this link here.
00:03
Now, do this download from your virtual machine.
00:03
Do not do it from your Windows, or Linux desktop,
00:03
do it from your virtual machine,
00:03
so the tool is on your Kali box.
00:03
Here we are, and we've downloaded
00:03
the Kali 2 virtual machine image.
00:03
What we're going to do is simply unzip it or unrar it,
00:03
whatever software you're using to decompress it,
00:03
drag, and drop it to decompress it.
00:03
We have the files fully extracted now.
00:03
We're going to go in, and you
00:03
simply going to click on the VMX file,
00:03
click "I Copied It", [NOISE]
00:03
and now you have a fully
00:03
>> functioning copy of Kali Linux.
00:03
>> Username; root,
00:03
password: toor,
00:03
those are default credentials for any Kali image.
00:03
If you downloaded a different KALI image,
00:03
the credentials will be root, and toor.
00:03
Then once you come into this environment,
00:03
go and download that Arachni tool
00:03
>> that I told you about.
00:03
>> You will need it for further lessons in this course.
00:03
[NOISE]
00:03
Next you're going to need to set up a PentesterLab.
00:03
PentesterLabs are really simple because
00:03
the PentesterLabs will actually
00:03
unpackage everything for you.
00:03
There's only a minor things
00:03
that you're going to have to change,
00:03
such as your IP address inside the lab.
00:03
Let's go check that out real quick.
00:03
[NOISE]
00:03
Here we are in the VMware Workstation
00:03
and you're going to want to create
00:03
>> a new virtual machine.
00:03
>> You're going to create
00:03
a virtual machine from a disk image file.
00:03
Let's select SQL life to Shell 2,
00:03
[NOISE] you got to
00:03
want to name it something that
00:03
>> you're going to remember.
00:03
>> Select how much disk space you want to
00:03
allocate to it, and click "Finish".
00:03
Like I said before,
00:03
these environments are awesome because
00:03
they run through and set
00:03
everything up for you and all you have to
00:03
do is change the IP configuration.
00:03
[NOISE] We're going to do a simple ifconfig here,
00:03
and the IP address is 192.168.101.130.
00:03
You're going to do an ifconfig
00:03
192.168.1.11 or whatever network
00:03
you're running on myself,
00:03
I'm running this virtual environment on a
00:03
192.168.1.0 with a side notation of 24,
00:03
so I will add a side notation of 24 here
00:03
and says error fetching interface, device not found.
00:03
[NOISE] That's because we need to do ifconfig if 0,
00:03
because we are saying which interface we want,
00:03
and it says permission
00:03
denied because we're not route, you can't do that.
00:03
What we're going to do is type sudo bang bang.
00:03
What that's doing is tying, hey,
00:03
run that last command that I asked,
00:03
but do it with sudo permissions, and it changed.
00:03
Now let's go over to our Linux environment.
00:03
Here I am in my Linux environment,
00:03
and what we're going to make sure first on
00:03
our VMware here environment is we want to go
00:03
to the Player tab up
00:03
here where you manage virtual machine settings,
00:03
and you're going to want to go to your network
00:03
adapter and you're going to need to
00:03
change this to VMnet1 host-only.
00:03
It's very important to do that because if you're
00:03
running this vulnerable environment and
00:03
there's somebody on a network
00:03
outside and they're scanning your network and they
00:03
see that they can potentially use that
00:03
as a way of trying to get into your network,
00:03
and also you want to be on
00:03
a VMnet1 localhost for all of the stuff because if you
00:03
are doing something in Kali Linux and you
00:03
are sending a SQL injection or
00:03
cross-site scripting are running SQL map
00:03
against IP address,
00:03
you want to make sure that that is on
00:03
a network where nothing else is
00:03
going to get touched to by doing VMnet1,
00:03
nothing else will get touched.
00:03
You are safe, you're good to
00:03
fire away all the crazy packets that you want.
00:03
Now we have that on that environment, on that network.
00:03
We're going to open up the terminal here real quick,
00:03
and we're going to do a quick ping check,
00:03
[NOISE] and hurray, it can see it.
00:03
Now let's open up IceWeasel,
00:03
>> and simply type 192.168.1.11.
00:03
>> Let me check my IP configuration here, there we go.
00:03
It came up. Here we are.
00:03
We are now on that vulnerable web page.
00:03
That's how you set up those virtual machines,
00:03
and that's how you network between them
00:03
and ensure that you're able to communicate.
00:03
Set up your SQL injection to
00:03
shell environment as I showed you
00:03
and also set up web for
00:03
pentesters as well. What was covered?
00:03
Talked about what to download,
00:03
how to install Kali 2,
00:03
how to run the PentesterLabs in dual,
00:03
and networking between the both of them.
00:03
Happy hacking, everyone.
Up Next