Some of the readers have have reached out to me to ask how I have set up my lab-environment and how I carried out my initial attack on Kioptrix #1.
Since I haven’t finished writing the blog-post regarding Kioptrix I thought I’d give you all a quick spin-through on how to set up your own environment.
Before we start it’s important that you understand that many of the target-machines that we are talking about in this section and in later sections are vulnerable, this means that they under NO circumstance should have access to the internet as that might widen the attack-surface for anyone who might be attacking YOU.
The first thing you will have to do is download your favored virtualizer.
A virtualizer is basically a software that allows you to create a virtual instance (machine) on your primary OS.
For instance I’m running Windows 10, but I use an instance of Kali to pentest my targets, both of which are hosted on VMWare workstation. It’s basically a fully functioning OS inside of your OS.
The two main virtualizers out there are VMWare and VirtualBox. I’ve used both and decided on using VMWare because my university gave a free version of it. However, it does usually cost money to get a license, so it might be more relevant for you to get VirtualBox (which is free).
When you have downloaded your virtualizer you will have to install it, it’s simple process.
After that you will have to download an instance of Kali linux. Kali is a flavor of Linux that comes bundled with all the goodies you might need to pentest your targets; anything from scanning to exploiting. Chose the image that is associated with your system (primary OS).
If you have used a virtualizer previously this will be super-simple, if not – don’t worry! It’s a really straight forward process that might look slightly intimidating initially.
Before I send you off to install Kali I want to make one thing very clear; regardless of what virtualizer you might be using you need to make sure that your ‘Network Adapter’ on Kali is on either NAT / Bridged Adapter for the installation. This is because it will update your Package manager so that it’s easier to get going on it once it’s been installed.
If you aren’t familiar with Linux you can think of the Package manager as the Windows updater or iTunes. It basically keeps all your applications up to date for you, and if that’s not updated with the latest sources you might be running out-of-date sources without knowing it.
The Package Manager won’t tell you when to update applications, but it’s a set of mirrors (sources) from which you update your applications.
Once you have installed Kali you should be able to log in to your OS using ‘root’ as user and ‘toor’ as password (If you didn’t specify anything earlier on in the installation!).
Once inside you should open a terminal and run this:
sudo apt-get update && sudo apt-get upgrade
That will use the sources that were downloaded and updated in your Package Manager during your installation and update all your applications.
When that’s done you have an installtion of Kali on your laptop and can start testing stuff out.
Next part is obviously a target; I’d suggest kioptrix #1. I’ve already rooted that, so I’ll give you a run down later on!
It’s painfully simple to install a target. Just download it from Vulnhub, extract it and start the .vdmk-file in your virtualizer.
Then make sure that both Kali and the target are on the same virtual network. This is done differently depending on your virtualizing software..
In VMWare you go to your attacker’s and target’s setting’s and put them on the same ‘Custom network’ under ‘Network Adapter‘. Again make sure you don’t have your target on any internet-facing network!
Important note(s) – might add more later:
Some things I’d like to mention are that your Kali-distro (referred to as ‘Kali’) will be using your primary OS’s hardware. This means different things depending on what hardware we are talking about, but the most important one to mention is that it will be using your network card as a ‘wired connection’. This means that even if you have a integrated wifi-card, Kali will recognize this as a wired connection and you won’t be able to do wifi-specific things with it (like monitoring packets, listening to WPA-handshakes etc). For this you will need a wireless USB-adapter. A quick Google-search gave me this.