Professional Documents
Culture Documents
2024 Lab Setup
2024 Lab Setup
BRIEF
The purpose of this document is to set up the environment you will need on your
laptop/pc for the try-it-yourself slides (i.e. labs) and assignments for this
module. You will create a sandboxed/isolated environment which will enable you
to practice and experiment with the tools/attacks described in the lectures
without damaging your host machine. To do this, you need to install
virtualisation software. Virtualisation software allows you to install multiple
operating systems (as virtual machines - VMs) inside your current OS, one of
the most common hosted hypervisors for x86 computers (a.k.a virtualisation
software) is Virtualbox. VirtualBox is free, recommended and supported in this
module. It has the advantage of being able to take snapshots.
Each VM operates like a real machine and has its own resources. As a result,
you need to ensure sufficient hard-drive capacity is available on your host
machine (or external hard-drive). It is recommended you have 150GB minimum (80GB
for your pen testing machine and 70GB for target machines) is recommended for
this module.
Kali
Metasploitable Metasploitable
2 3
Host Machine
The components you will need to download and install are as follows:
● VirtualBox - the hypervisor for your VMs to sandbox your testing
environment from your host machine.
● Kali Linux - a Linux distribution designed for digital forensics and
offensive security (this module!). Within Kali, we will do some
configuration and also install Terminator (a nifty terminal console ideal
for displaying multiple terminals) & atom (a simple code editor). Kali
can be installed as a host OS or as a VM. In this module, it will be
installed within VirtualBox as a VM. Kali is the machine that will launch
attacks on the other VMs.
● Metasploitable 2 - an intentionally vulnerable Linux VM.
TASK(S)
https://www.virtualbox.org/wiki/Downloads
Choose the platform package that corresponds to your host machine (i.e. Windows,
OSx, Linux etc). If your host machine is Linux, you need to choose the
distribution that your Linux OS is based on (e.g. if your OS is Linux Mint
Sylvia 18.3, you would choose Ubuntu 16.04, etc).
https://www.virtualbox.org/download/hashes/7.0.12/SHA256SUMS
This can be downloaded using the following link (using Chrome and Firefox: you
click to download or using Edge: you need to right-click to “save target as”).
Ensure you select the correct VirtualBox image that is compatible with your
computer (64-bit is recommended if compatible with your host machine) and not
the VMware image:
https://www.kali.org/get-kali/#kali-virtual-machines
3. Download Metasploitable 2
https://sourceforge.net/projects/metasploitable/
● Double-click on the .ova file you have downloaded to launch the following
window:
● Click Processor tab. Default number of CPUs is 2. If you have less than
8 CPUs, you can reduce this to 1 CPU.
● Select Network tab and ensure NAT Network is selected.
passwd root
● Add a new lower privileged user account (replace useracc with your name)
so that if anything goes wrong with some of the tools you are using you
do not allow full control of your machine. This will be your day-to-day
account. Give this account sudo permissions also. Run the following
commands (skip the additional info requested):
adduser useracc
● Logout as root and log back in as the new user useracc (the one you
created).
● Click the top icon on the sidebar (Firefox ESR) and search for CIT website
(www.cs.cit.ie). If everything is correctly configured this should
resolve. Close Firefox ESR.
● Within the Kali VM, open up the terminal window to update the repo list
and upgrade the installed repos as follows (note: always run these
commands before installing a package into Kali):
● Install git (we will need this later) with the following command:
● Install terminator by running the following command (icon second from top
icon below):
https://linux.die.net/man/1/terminator
https://atom.io/download/deb
● In Virtual Box, click New, enter details as follows and click Next:
● Leave memory size as the default recommendation (1GB) and click Next
● Select “Use an existing hard disk file” and navigate to the .vmdk file in
the Metasploitable download folder. Click Create.
msfadmin
6. Check network connection between Kali and Metasploitable
ifconfig
In Metasploitable if the window is too small you can press CTRL (on right hand
side of keyboard) & c to change this.
RESOURCES
1. Further reading on Metasploitable 2:
https://medium.com/@chandrapal/history-of-metasploitables-af318e0954b1
https://metasploit.help.rapid7.com/docs/metasploitable-2
https://docs.kali.org/