Setup a Hacking lab

hacker lab

One of main problems I found when starting to hack was finding vulnerable targets to attack and hone your skills, these targets can be anything from virtual machines to repurposed hardware.

You can then take these skills you have learnt and use them in the wild with a better understanding of what your actually doing and if you break any thing its no bother, you can just quickly restore from a snapshot or just re-format the box.

So go dig out your old equipment and lets start making our lab.

Virtual Machines

If you have a powerful PC (a computer with minimum of 4GB RAM) you should be able to run a few virtual machines in your test lab at the same time.

The amount of virtual machines you can run simultaneously comes down to how much memory you have installed in the host machine and how much you have assigned for each virtual machine, as this is only a lab each virtual machine really only needs the bare minimum to run, but if you find the virtual machine is slow and totally unusable the virtualization software makes it so easy to tweak the settings.

The three most common free virtualization software:

  1. Oracle VirtualBox
    (Open source and can be used on all platforms windows, Linux or mac and is what I will be using in all my tutorials)
  2. VMware Player
    (also works on all platforms but you need to register or create a free account  with VMware before you can download it)
  3. Hyper-V
    (Free with most versions of windows 8, 8.1 and 10)

You need to make sure you supply enough memory to your host and guest operating systems otherwise you will get all sorts of crashes and system failures. Use the guide below to aid  you in deciding the amount of RAM needed for each Virtual Machine.

Linux – 512 MB of RAM ( 1GB is recommended)
Kali 2.0 – 1GB of RAM (2GB recommended)
Metasploitable 256MB of RAM (512 MB recommended)
Windows – 1GB of RAM (2GB recommended)

Repurposed Hardware

Got a 10 year old pc that has been sitting in a cupboard for the past 4 years, moved from ADSL to Fiber and you still got the old router, you can use it all.

Same as with the virtual machines its only a test environment so they don’t need to be the fastest machines, they just need to still work and be able to run an operating system, even if say “the hard disk is dead” in a old laptop you can run a windows or Linux live boot CD/USB which will just run from memory with no need of a hard disk giving you a perfectly working machine.

Old routers you can make them into WIFI access points, which you can try different techniques to attack without the worry of getting caught, or even attack the access point and check to see what sort of logs are generated during the attack, so you would then know if it was happening to you.

If your not like me and have bits of old tech all over the place, you can quite cheaply pick up old technology on ebay that people just want to get rid of.

Installing Virtual Box

Linux
sudo apt-get install virtualbox-dkms
sudo apt-get install Linux-headers-generic
sudo apt-get install virtualbox-qt

Windows
Download the latest version of Virtualbox from oracles download page https://www.virtualbox.org/wiki/Downloads.
Run the .exe  next, next, next and you have a shiny new Virtualbox installed.

Kali 2.0

Kali Linux is a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as  Penetration Testing, Forensics and Reverse Engineering. Kali Linux is developed, funded and maintained by Offensive Security, a leading information security training company.

Download play with all the preinstalled tools, but remember its just a Linux distro and you can just as easily install the tools into another distro of Linux. If you have never used Linux before I would suggest getting to grips with Mint or Ubuntu first. what a lot of people starting out do is try and run kali as a host OS and its not really designed for that.

They also do a pre built VirtualMachine which you can install directly into Virtualbox or VMware.

The latest Kali 2.0 ISO can be downloaded from https://www.kali.org/downloads/

Check out my Guide to Installing Kali Linux

Metasploitable

Metasploitable is a vulnerable virtual machine based on Ubuntu that is released by the Metasploit team in a order to solve your problem in learning the Metasploit framework. It focuses on network-layer vulnerabilities because it contains vulnerable services for you to hack.

You can download Metasploitable 2 from sourceforge

Once you have downloaded the VM, extract the zip file. open vmdk using virtualbox and power it on. after a brief time, the system will be booted and ready for action. The default login and password is msfadmin:msfadmin

Never expose this Virtual Machine to an untrusted network, use Nat or Host-only mode!

Metasploitable2

Making a Vulnerable Windows Environment

Once you fire up a few Windows Virtual machines, you may want to install older versions of software so that you can test exploits of known  vulnerabilities. Most software providers don’t include older versions of their software on their sites, luckily you can download these at www.oldapps.com

After you have installed your software, make sure you open the relevant ports or disable the windows firewall and UAC (User Account Control).

——-Edit 20/7/2016 —————

The mighty Iron Geek (Adrian Crenshaw) posted two great talks from confrenceses regarding setting up a home lab check them out below

Hemp

IT and security Expert with 20+ Years of Experience. _______________________________________________________ With over two decades of experience in the dynamic field of Information Technology and security, I have honed my skills to become a leading expert in safeguarding digital landscapes. My passion for technology and an unquenchable thirst for knowledge have driven me to stay at the forefront of the ever-evolving IT industry.

9 thoughts on “Setup a Hacking lab

  1. Exposing ports on your maker can result in a system compromise causing lost data, and perhaps identity theft. A port scan of your very own system can reveal you precisely what an enemy sees and what sort of action you need to take to avoid an attack on your system.

    1. Ross Great comment, I would suggest that you scan your network periodically to keep check on every thing that is connected to your network, also took a look at your site which is actually pretty well laid out maybe we can collaborate at some point.

      1. HI Kamal

        Not knowing your network it’s hard to tell you exactly what you need to do to secure your clients however I have 3 tips for you

        > make sure you have a working Backup of the customer’s data if the shit does hit the fan then this may be your only lifeline.
        > EDR make sure your users are using EDR as their Antivirus as this gives you the tools to investigate if your customer is compromised.
        > use Patch Management to manage updates this allows you to keep all your user’s devices up to date.

        Hope this helps mate

        Hemp

    1. Hi Sundas

      Thanks for your comment,You can use a mobile hotspot for your lab just the same as a router just make sure your default gateway points to the hotspot.

      Also WATCH THIS SPACE, Lab setup tutorial coming very soon.

      Hemp

    1. Hi Ndalla

      Best place to start is to find a type of Ethical hacking you are interested in and role with that.

      for example you can choose

    2. Network Hacking – This tutorial on Creating an Active Directory Home Lab is a good place to start.
    3. Web Apps – Look at Setup a Vulnerable LAMP Server this will give you a site to practice against
    4. buteforcing passwords -I’ve got you here Brute Forcing Passwords with THC-Hydra
    5. Wifi Hacking – noting like learning the basics with How to Capture & Crack WPA/WPA2 Wireless Passwords
    6. Once you learn one concept inside out pivoting to the next becomes much easier.

      let me know how you get on in your journey and your always welcome to ask for pointers here.

      Hemp

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top