HW01: Creating a Virtual Lab Environment due Tue 24 Jan 13:20

In this assignment you will set up your own personal lab environ...
... we
will be performing a variety of tasks throughout the semester.


All the software installations we do for this assignment will need to be done on your personal laptop because we will be using this during class sometimes. Also, even if you have Kali Linux installed as the OS on your laptop you'll want to install the virtual environment because you will need the testing computer and the target computer to be on the same (virtual) network.

To complete this assignment you will do the following steps. NOTE: This is just an overview. More detailed instructions are provided below.

Install VirtualBox
VirtualBox is free software written by Oracle that allows virtual computers to run inside of it. This is helpful to us because a typical pentesting environment involves one or more hosts to be tested (targets) along with the test computer from which you launch those tests. Some of the pentesting software requires the testing machine to have some vulnerabilities of its own and so a virtual environment will allow you to play around with things without putting your host machine at risk and without you getting arrested as you attempt exploits on the target.
Install Kali (in VirtualBox)
Kali Linux comes setup for the purpose of performing pentests and has a lot of software ready-to-go for that purpose. We'll call this virtual machine “the host”.
Install Metasploitable2 (in VirtualBox)
Metasploitable2 is a Linux host that is intentionally configured to have a variety of vulnerabilities for the purpose of practicing pentesting. We'll call this virtual machine “the target”.
Establish a Virtual Network (in VirtualBox)
The host and the target will need to talk to one another so we'll put them in the same virtual network.
Post-Install Tasks
There are a variety of post-install tasks for you to do that will hopefully make things go more smoothly though the semester.

Install VirtualBox

For those of you who took the Cybersecurity course last semester this step may already be complete. It is likely that the version has changed since your install. If you want, you can do like I did and uninstall the old version and resinstall from scratch.

  1. You may need to install Python first, depending on your OS (https://python.org/downloads). (In Windows I first installed Python and then installed the win32api bindings with this command from the command prompt: pip3 install pywin32).

  2. Install VirtualBox by visiting https://www.virtualbox.org/wiki/Downloads and selecting the link for your OS. Then run the downloaded install program.

  3. At the same site find, download, and install the VirtualBox Extension Pack.

Install Kali (in VirtualBox)

Even if you have Kali installed from last semester let me encourage you to put that one on mothballs and install a fresh, clean instance of Kali. NOTE: The steps to install and organization of the site changes periodically. These are the steps that worked for me.

  1. Visit https://www.kali.org/downloads/ and go to the section called “ Virtual Machines”. From there download the compressed image for VirtualBox (64-bit). NOTE: When I did the download, the file was compressed in 7zip format. You will need to uncompressed the file. If your computer does not have a decompression program that will properly handle 7z files you'll need to download an uncompressor.

    NOTE: When I decompressed the file, I put the decompressed folder in my own file space rather than keeping it in Downloads because it appears VirtualBox will remember the location.

  2. After you have successfully downloaded and decompressed the Kali image, you need to create a virtual machine within VirtualBox. In VirtualBox, click the Add icon (plus symbol) on the opening screen and navigate to your decompressed folder. Select the vbox file and click OK. For me this loaded and created a new virtual machine called Kali within VirtualBox.

  3. After it installs select Kali Linux from the list of virtual machines and then click the Start icon. NOTE: I switched the view to scaled mode.

  4. Log in to Kali with username kali and password kali.

  5. Open a terminal window and change password with this command: passwd IMPORTANT: Don't forget this password!

  6. Update the newly installed OS by issuing these commands in the terminal:
    sudo apt update
    sudo apt upgrade

    NOTE: The second command will likely take a while to complete, so you can move on the other parts of this assignment while that is running.

Install Install Metasploitable3 (in VirtualBox)

  1. I followed the Quick-Start instructions at Rapid7's github page: https://github.com/rapid7/metasploitable3. I did not already have Vagrant installed, so I also had to install it first: https://developer.hashicorp.com/vagrant/downloads

  2. Following the Quick-Start instructions should result in there being two new VMs available in VirtualBox: Metasploitable3-ub1404 (a vulnerable Ubuntu machine) and Metasploitable3-workspace_win2k8 (a vulnerable Windows machine).

  3. Start (if needed) and connect to the Ubuntu MS3 box and verify you can log in using the default credentials: vagrant / vagrant

    NOTE: If you are capturing mouse clicks, you may find sometimes that the mouse pointer will disappear. If that happens you can restore it by pressing the right CTRL key.

  4. Start (if needed) and connect to the Windows 2008 box and verify you can log in as both Administrator and Vagrant users using the password: vagrant

    NOTE: To enter CTRL+ALT+DEL in the virtual machine, do RIGHT CTRL+DEL.

  5. After you have verified the machines will start and allow you to log in, we need to make some modifications to get them all on the same virtual network so they will be able to communicate with each other:
    1. Shut down each machine by right clicking on the running machine in the VirtualBox window and then choosing Stop->Power Off.
    2. Create a new “NAT Network” called “NatNetwork” by clicking on the menu icon in the Tools tab.
    3. For each virtual machine in VirtualBox modify the Adapter 1 network card to utilize the newly-created NatNetwork. This can be done by right-clicking on each machine and choosing Settings... followed by clicking on the Network tab. Then under the Adapter 1 tab specify “Attached to” to be NAT Network (instead of simply NAT) and then choose NatNetwork from the “Name” dropdown list.
    4. Restart each virtual machine (Kali, Ubuntu, Windows 2008) and verify that they each have a unique IP number and that all the IP numbers are in the same subnet.

On the due date bring your laptop to class and be prepared to show your successful completion of these steps to the instructor.