pentesting lab

Set up a small pentesting lab

Create a testlab with:

• A Kali machine: The Kali machine serves as attack machine, as development machine for hacking-related scripts, and for using its apache2 webserver to serve hooks and files.
• One or two Windows machines, both 10 or a 10 and an 11 machine: One of the two serves as development machine for scripts that are best developed on the target (with defenses turned off) they are meant for. This machine will need Python installed on it. The second one, if created, can be used to test binaries, and does not need Python installed.
• A Metaspoit machine: The metasploit provides targets for the most simple attacks.

If you do not have virtualization, you can set up a lab with a few old buckets. If the machine you are on supports virtualization, you can use VMWare and ready-made guests, or use KVM and make the virtual machines yourself. Do not run both virtualization solutions, or turn off one in systemctl when using the other. Switching is a hassle though.

In all cases you can use testing versions from Microsoft (for 90 days) for the Windows 10 VM. In virtualized machines make a snapshot immediately after install, to return to when time runs out.

Using VMWare

• Microsoft test VM's - 90 days
• Official Kali VM's
• ZSecurity kali linux VM - set it to 4G RAM
• Metasploitable

Using KVM

• Windows 10 enterprise edition iso - 90 days
• Windows 10 Home or Pro iso - You can download and install the image for free, but to keep it running you will have to use a license key or make a snapshot and reset it regularly.
• Kali iso
• Metasploitable - Import the .kvmd

How to

• How To Install Windows 10 on Ubuntu KVM?
• Hosting a Kali Linux virtual machine using KVM on an Ubuntu 20.10 box