1
Setting Up Your Virtual Lab
As you work through this book, you’ll get hands-on
experience using different tools and techniques for
penetration testing by working in a virtual lab running
in the VMware virtualization software. I’ll walk
you through setting up your lab to run multiple operating systems inside
your base operating system in order to simulate an entire network using
just one physical machine. We’ll use our lab to attack target systems
throughout this book.
Installing VMware
As the first step in setting up your virtual lab, download and install a desktopVMware product. VMware Player is available free for personal use for
Microsoft Windows and Linux operating systems (http://www.vmware.com/
products/player/). VMware also offers VMware Workstation (http://www
.vmware.com/products/workstation/) for Windows and Linux, which includes
additional features such as the ability to take snapshots of the virtual
machine that you can revert to in case you break something. VMware
Workstation is available for free for 30 days, but after that, you will need
to buy it or switch back to using VMware Player.
Mac users can run a trial version of VMware Fusion (http://www.vmware
.com/products/fusion/) free for 30 days, and it costs only about $50 after that.
As a Mac user, I’ll use VMware Fusion throughout the book, but setup
instructions are also included for VMware Player.
Download the version of VMware that matches your operating system
and architecture (32- or 64-bit). If you encounter any problems installing
VMware, you’ll find plenty of support at the VMware website.
Setting Up Kali Linux
Kali Linux is a Debian-based Linux distribution that comes with a widevariety of preinstalled security tools that we’ll use throughout this book.
This book is written for Kali 1.0.6, the current version as of this writing.
You’ll find a link to a torrent containing a copy of Kali 1.0.6 at this book’s
website (http://nostarch.com/pentesting/). As time passes, newer versions of
Kali will be released. If you would like, feel free to download the latest version
of Kali Linux from http://www.kali.org/. Keep in mind, though, that
many of the tools we’ll use in this book are in active development, so if you
use a newer version of Kali, some of the exercises may differ from the walkthroughs
in this book. If you prefer everything to work as written, I recommend
using the version of Kali 1.0.6 provided in the torrent (a file called
kali-linux-1.0.6-vm-i486.7z), which is a prebuilt VMware image compressed
with 7-Zip.
Not e You can find 7-Zip programs for Windows and Linux platforms at http://www
.7-zip.org/download.html. For Mac users, I recommend Ez7z from http://ez7z
.en.softonic.com/mac/.
1. Once the 7-Zip archive is decompressed, in VMware go to File4Open
and direct it to the file Kali Linux 1.0.6 32 bit.vmx in the decompressed
Kali Linux 1.0.6 32 bit folder.
2. Once the virtual machine opens, click the Play button and, when
prompted as shown in Figure 1-1, choose I copied it.
3. As Kali Linux boots up, you will be prompted as shown in Figure 1-2.
Choose the top (default) highlighted option.
Figure 1-1: Opening the Kali Linux virtual machine
4. Once Kali Linux boots, you will be presented with a login screen like
the one shown in Figure 1-3.
5. Click Other and enter the default credentials for Kali Linux, root:toor, as
shown in Figure 1-4. Then click the Log In button.
6. You will be presented with a screen like the one shown in Figure 1-5.
Configuring the Network for Your Virtual Machine
Because we’ll be using Kali Linux to attack our target systems over a network,we need to place all our virtual machines on the same virtual network
(we will see an example of moving between networks in Chapter 13, which
covers post exploitation). VMware offers three options for virtual network
connections: bridged, NAT, and host only. You should choose the bridged
option, but here’s a bit of information about each:
• The bridged network connects the virtual machine directly to the local
network using the same connection as the host system. As far as the
local network is concerned, our virtual machine is just another node
on the network with its own IP address.
• NAT, short for network address translation, sets up a private network on the
host machine. The private network translates outgoing traffic from the
virtual machine to the local network. On the local network, traffic from
the virtual machine will appear to come from the host machine’s IP
address.
• The host-only network limits the virtual machine to a local private network
on the host. The virtual machine will be able to communicate
with other virtual machines in the host-only network as well as the host
machine itself, but it will not be able to send or receive any traffic with
the local network or the Internet.
Note-Because our target virtual machines will have multiple known security vulnerabilities,
use caution when attaching them to your local network because anyone else on
that network can also attack these machines. For this reason, I do not recommend working
through this book on a public network where you do not trust the other users.
This professional hacker is absolutely reliable and I strongly recommend him for any type of hack you require. I know this because I have hired him severally for various hacks and he has never disappointed me nor any of my friends who have hired him too, he can help you with any of the following hacks:
ReplyDelete-Phone hacks (remotely)
-Credit repair
-Bitcoin recovery (any cryptocurrency)
-Make money from home (USA only)
-Social media hacks
-Website hacks
-Erase criminal records (USA & Canada only)
-Grade change
Email: cybergoldenhacker at gmail dot com