in ,

Setting up a PenTest Lab (Windows & Kali VMs)

Purpose

The purpose of this task is to set up a home network that allows the testing of software security within a confined space, not accessible from the outside world.  You can install your applications that you test in a secured lab.

For a home based lab, you can set up several VM’s to suit your needs.  Typically you’ll want some Windows varieties in the lab and your attack vector machine.  In this example I’m using Kali Linux VM as the attack machine, and a Windows 7 VM the target.

Software Utilized

  • VirtualBox
  • Windows 7 VM
  • Kali Linux VM

VirtualBox can be downloaded from: Downloads – Oracle VM VirtualBox

Windows VM’s can be downloaded from: https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/#downloads

Kali Linux can be downloaded from: Official Kali Linux Downloads | Kali Linux

Networks

Once you have setup the VM’s with VirtualBox (which I won’t go into detail here – but should be covered in each respective OS VM distribution source), you’ll want to configure the network they belong to.  Before you get too far, you may need internet access to download various applications.

If you modify the settings on your VM’s to use a “Bridged Adapter” and you’re primary machine has internet access – it should pass the access through to the VM.

However, once you start testing, you probably want to disable this.  The following Kali Linux guide will walk you through with setting up a Linux machine with a static and internal IP:

http://www.thegeeky.space/2015/06/how-to-set-static-ip-address-and-networking-details-in-kali-linux.html

On the Windows side you’ll want to:

  1. go to the control panel
  2. click Network and Internet
  3. click Network Sharing
  4. click Local Area Connection…
  5. click Properties
  6. select ipv4 and click properties
  7. you can fill it out like the screen provided – which will match with the Linux Guide above, getting you on the same network:

Screen Shot 2016-08-18 at 9.29.54 AM

Restart Windows and see if your windows machine can ping the Kali box.

Windows Snapshot

You’ll also want to take a snapshot of your Windows install once you have it set up (with your software, any languages, etc.)  The reason for the Windows snapshot, is that the provided VM’s by Microsoft are good for 90 days and they they need to be reverted – as pointed out in their documentation.  They recommend snapshotting so you have a good and clean install to revert to each time.

To take a snapshot in VirtualBox, click Machine > Take Snapshot while the Windows VM in question is in focus.

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Written by Admin

I work for a Telecom company writing and testing software. My passion for writing code is expressed through this blog. It's my hope that it gives hope to any and all who are self-taught.

Comments

Leave a Reply

Loading…

Form Fuzzing with Python and Mechanize

Typescript REPL