Testing and Network Security Lab
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
Windows users also can download VMware Player and install it.
You will learn how to install VMware Player in Windows later in this chapter. The difference between VirtualBox and VMware Player is subtle. Both are virtual machines and run on the top of your existing operating system. For VirtualBox, you need to have an ISO image to install any operating system. For VMware Player, you need to have a specially designed VMware version of the operating system.
In this section, I’ll show you how to install and set up VirtualBox on an Ubuntu Linux distribution. Go to the Oracle VirtualBox web site’s download section and see what is available for you. Before downloading starts, it’ll ask for the default operating system you’re running currently.
Mine is Ubuntu 14.04 (Trusty), and the architecture is AMD64.
To find out what Linux distribution you’re running currently, just open the terminal and type uname -a. The terminal will spit out some vital information that includes all the data regarding your current default system. Mine is the 4.4.0-119-generic Linux version of Ubuntu, and the superuser’s name is displayed along with it; it also indicates what type of system architecture it is.
The output in my machine looks like this:
4.4.0-119-generic #143~14.04.1-Ubuntu SMP Mon Apr 2 18:04:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
x86_64 stands for 64-bit. On the VirtualBox official download page for all Linux distributions, you first download the required packages and then install them depending on your OS. For Red Hat, Fedora, or any Linux distribution belonging to that category, you will notice that the extension is .rpm. In that case, you can move to the VirtualBox folder and issue commands like rpm -i or yum install if you run Red Hat or Fedora.
You can try the following commands on your Ubuntu terminal:
sudo apt-get install virtualbox sudo apt install virtualbox-ext-pack
sudo apt install virtualbox virtualbox-ext-pack sudo apt-get update
sudo add-apt-repository "deb http://download.virtualbox.org/
virtualbox/debian <ubuntu-release> contrib"
sudo apt-get install virtual-box-5.0 sudo apt-get install dkms
sudo apt install dkms build-essential module-assistant
The third line will check for the latest version and other functionalities required for the future.
If you don’t want to go through all that typing, there are other methods to install VirtualBox, including a graphical user interface. Absolute
beginners should run the Ubuntu Linux distribution as your default OS.
You can install VirtualBox from the software center directly without opening the terminal or issuing any command.
The Ubuntu software center has many categories. One of them shows the installed software.
If it is not there by default, you can just type VirtualBox in the search box, and it will pop up. Click the Install button. This will start the installation procedure.
Now you are ready to install appliances such as Kali Linux, Windows, and Metasploitable 2 that you will need to test your hacking-related skills.
Installing Appliances on VirtualBox
Now you must install all the appliances and configure them accordingly so that you can run the penetration tools you’ll need to do some testing.
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
Once VirtualBox has been installed on your machine, you do not need to worry about installing operating systems in it. All you need is some disk space to allocate to it and to size the base memory accordingly.
To install Kali Linux in VirtualBox, go to the official Kali Linux web site and download the ISO image of the latest stable version. Kali Linux is a much bigger Linux distribution than other Linux distributions. It is about 4GB as of 2018. The popular Linux distribution called Ubuntu is much less.
This is because Kali is by default not for general users. It contains a lot of hacking tools meant for various purposes, and because of that, it is much bigger.
Obviously, it is the most popular among the ethical hackers.
Before Kali came into the picture, Backtrack was the most popular, but it has merged with Kali.
Other, more secured Linux distributions are available. I cover a few of them in the following list:
• BlackArch Linux has a huge range of pen testing and hacking tools and is probably the largest file. It is more than 7GB in size, which is because it has more than 1,900 hacking-related tools in it. You can run BlackArch live from a USB stick or DVD, or it can be installed on a computer or virtual machine.
• he Qubes OS is another secure operating system, but it is for advanced users only. In this operating system, suspect applications are forced to be quarantined.
It also uses sandboxes to protect the main system. It actually runs a number of virtual machines inside it, keeping the main system secure. It compartmentalizes the whole system into many categories, such as
personal, work, Internet, and so on. If someone accidentally downloads malware, the main system won’t be afected.
• ImprediaOS is another good example. It uses the anonymous I2P network so that you can keep your anonymity. It is believed to be faster than Tor, but you cannot access regular web sites easily. It is based on Fedora Linux and can run in live mode, or it can be installed onto the hard drive. It routes all your network traic through the I2P networking system. his is known as garlic routing, whereas the Tor uses onion routing. Garlic routing is believed to be safer than onion routing. Although Tor lets you visit regular web sites, the I2P network does not. So, you can visit only a special type of web site called an eepsite that ends with an .i2p extension. It also has anonymous e-mail, and it has BitTorrent client services also. Visiting eepsites is always safer, and it usually evades the surveillance radar that can track Tor.
• Tails is another good example of a secure Linux distribution. It keeps your anonymity intact through the Tor network, although it is debatable whether Tor can keep you absolute anonymous. he main feature of Tails is that you can run it from a DVD in live mode so that it loads entirely on your system and leaves no trace of its activities.
• Another good example of a secure Linux distribution is Whonix. You can use the power of virtual machines to stay safe online, and this is achievable because the entire connection routes via the anonymous Tor networking system. In Whonix, several privacy-related applications are installed by default. It is advisable to use it in VirtualBox to get the best results.
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
You can download any of these and try to run them in VirtualBox.
However, currently, your main goal is simple enough: you’ll install Kali first. Then, you will install Metasploitable 2 and some Windows operating systems to test your skills.
I assume you have downloaded the latest ISO of Kali. Once the
installation process is done, you can either store it on your local hard drive or burn it on a DVD. Now open VirtualBox and click New. This will open a new window that will ask you what type of operating system you are going to install.
Looking at the top-left panel of Figure 2-2, you will see in VirtualBox I have already installed Kali Linux, Metasploitable 2, and MSEdge Windows 10. This Windows version can be downloaded for free for testing purposes, and it remains available for 30 days. I’ll show you how to download it.
In this case, you are going to install Kali Linux first, so the left panel of your virtual box should be empty.
Figure 2-2. VirtualBox new window
The process is simple. First enter in the open window or UI of
VirtualBox the name of the operating system you are about to install. Next, select the type and the version. In the long list of versions, you won’t find the name Kali; instead, it is DEBIAN. So, go ahead and select the 32-bit or 64-bit Debian option according to your system architecture. Click Next, and you’ll be asked for the memory usage.
You can allocate the memory size as per your machine’s capacity. A minimum of 2GB is good, but it is better if you can allocate more. In the next step, it will ask for your storage capacity and a few other important details.
I can assure you, even if you are a complete beginner, you won’t face any difficulty installing Kali Linux in VirtualBox. The most important part of this installation process is that you need to keep your Internet connection running so that Kali Linux can adjust its prerequisites accordingly online.
Before the installation process begins, you’ll notice there are many choices given. Seasoned ethical hackers will opt for the top, nongraphical one (Figure 2-3).
Figure 2-3. Kali installation, the nongraphical one
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
For newcomers, it is advisable to take the graphical route (Figure 2-4).
The graphical interface will help you choose the right options.
Usually, when an operating system is installed on a virtual machine, it is displayed in a small window. This is because the VirtualBox architecture is not hardware based like the original operating system. It is a software- based virtualization. However, you can alter the window size to make it look like the original operating system with VirtualBox Guest Addition.
However, before using VirtualBox Guest Addition, you should update and upgrade your newly installed Kali Linux. That is a good practice that helps you to be updated all the time. After you have logged in by typing the username and password, you will find the terminal on the left panel.
Open it and type the following:
sudo apt-get clean && apt-get update && apt-get upgrade -y Figure 2-4. Kali installation, the graphical one
You can type this command separately like this:
apt-get update
Normally upgrading takes more time than updating. If you are a root user, then there shouldn’t be any problem. But if you have created another user and log in as that user, then you must type the su command first.
The word su stands for superuser (which means the root user) and is the administrator. Once you provide the correct password, it will work fine.
Installing VirtualBox Guest Addition
Let’s get back to the problem of the newly installed Kali Linux appearing in a small window. How do you get the full-screen view?
You need to install one more package and upgrade your virtual machine again so that you can view it full-screen.
Open the terminal and type the following:
apt-get update && apt-get install -y dkms linux-headers -
$(uname -r)]
This will install the necessary package that will run VirtualBox Guest Addition, which controls the screen size of your host OS.
How do you run it once the package is installed? Take your mouse pointer to the upper-middle part where you see the Devices menu. The last item reads like this: Insert guest edition CD image. Click it, and the software will automatically take care of everything.
If something goes wrong, you can open the VirtualBox Guest Addition software downloaded to the Kali desktop, as shown in Figure 2-5.
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
From this folder, copy the VboxLinuxAdditions.run file and paste it on your Kali desktop.
Now change the file mode to executable by issuing this command:
chmod 775 VboxLinuxAdditions.run
After that, you should restart the system with this command:
sudo shutdown -r now
Now the time has come to open the terminal and type a simple command, shown here:
sh ./VboxLinuxAdditions.run
This command will help you get the full-size window, as shown in Figure 2-6.
Figure 2-5. VirtualBox Guest Addition folder
If this doesn’t work, you can always get the full-size window by scaling the size using your keyboard. Use Right Control and C together; when you want to make it smaller, just follow the same path of using the Right Control and C.
Now you are going to install Metasploitable, Windows XP, and the Windows 10 virtual machine.
Installing Metasploitable
Metasploitable is an intentionally vulnerable Linux machine (see Figure 2-7).
It can be downloaded from SourceForge. The current version is Metasploitable 2.
Figure 2-6. VirtualBox with Kali Linux
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
After you have downloaded Metasploitable to your host machine, unzip the folder with the following command, which may take some time:
unzip metasploitable-linux-2.0.0.zip
This will unzip the folder, and in the newly created folder you will see a file called Metasploitable.vmdk.
Then follow these steps:
1. Open VirtualBox and click New.
2. Give it the name Metasploitable, choose the type Linux, and choose the version Ubuntu-64-bit.
3. Click the storage section of VirtualBox and point the controller IDE to the Metasploitable.vmdk file.
Metasploitable will install, which usually doesn’t take much time (see Figure 2-8). Now you’re ready to use Metasploitable.
Figure 2-7. Metasploitable downloading from SourceForge
The Metasploitable framework will ask for your username and password. Both are msfadmin. So, log in, and you are ready to use Metasploitable.
Installing Windows
Installing Windows 10 is a little bit different. You can always install any Windows version you want to install, if you have any. However, here you will learn to install a special version of Windows for a virtual machine. You can download it for free and test it locally. Just Google download virtual machines windows, and the search engine will take you to the desired page.
1. Download MSEdge Win 10 (see Figure 2-9). This is actually a version of Windows 10 that you use for your personal use. The zipped folder is about 5GB.
Figure 2-8. Metasploitable has been installed
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
2. After the download is complete, unzip the ile with the same command you used for Metasploitable.
You will get a ile called MSEdge – Win10.ova. his ile is important for installation.
3. After allocating the memory size to 4GB, the installation process will ask for your hard drive choice. his is the most important step because you need to choose the option “Use an existing hard drive ile.”
4. Choose the MSEdge – Win10.ova ile and follow the steps (see Figure 2- 10) on the screen.
Figure 2-9. Windows virtual machines
Windows 10 is full-screen from the beginning, so you don’t have to worry about the size here (see Figure 2-11).
Figure 2-10. MsEdge Windows 10 installation
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
The only problem with these free virtual machines are that they expire after 30 days, but you can install fresh copies after that.
Now you can install Windows XP; the steps are the same as you followed to install Kali Linux. The only difference is this time you should try a DVD instead of an ISO image. If you fail, no problem; you can remove it any time from VirtualBox and re-install it.
So, you have successfully installed VirtualBox and in it Kali Linux, Metasploitable 2, MSEdge Win 10, and Windows XP. Now it’s time to learn how to run your virtual machine on Windows.
Installing Kali in VMware
The process of installing Kali in VMware is simple. First search for my.
vmware player download in Google. Figure 2-12 shows you what the download web page looks like. On that page you need to search for vmware player.
Figure 2-11. MsEdge Windows 10 running in VirtualBox
Open the .exe file and follow the screen prompts. After the installation is complete, the new virtual machine looks like Figure 2-13.
Figure 2-12. Downloading VMware Player for Windows
Figure 2-13. Virtual machine on Windows
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
You can download the zipped folder and extract it. You need to
remember one thing: the CECK256SUM number should be the same as the one provided on the website. You will find the number inside the zipped folder; just match it with the web site number.
Now you are ready to install Kali Linux on your newly installed virtual machine on Windows (see Figure 2-15).
Next you need to download the Kali Linux VMware images, which are specially designed for VMware. They are available from Offensive Security’s official website. Figure 2-14 shows the web page.
Figure 2-14. Kali Linux for downloading
Figure 2-15. Installing Kali Linux in VMware on Windows
In VMware, you need to click the “Open a virtual machine” link, which will take you to the newly downloaded Kali Linux VM build. Then you can click “Edit virtual machine settings” and make changes according to your machine’s capacity. About 2GB of memory and two processors are enough to run Kali Linux in VMware.
Now you are ready to use Kali Linux in your virtual machine. The username is root, and the password is toor.
Figure 2-16 shows you that you have successfully installed Kali Linux in VMware. Now you can install other operating systems as described in the previous section.
CHAPTER 2 SETTING UP A PENETRATION TESTING AND NETWORK SECURITY LAB
Your virtual lab is ready.
Figure 2-16. Kali Linux running in virtual machine
© Sanjib Sinha 2018 41