HOW TO SET UP A VIRTUAL HACKING LAB IN VIRTUALBOX [2021]

This tutorial will teach you how to set up your private virtual hacking lab on your own computer. The entire process will take up to 4 hours, depending on your experience and Internet speed. This is a monster setup guide – nothing like it on the Internet.

Whether you want to become a security professional, ethical hacker, or want to learn some hacking tricks, setting up your virtual hacking lab is the first thing you should do to stay out of trouble.

All the software and virtual machines used in this tutorial are completely free – including the Windows 10 virtual machine!

The virtual hacking lab consists of the following virtual machines, and components:

Kali Linux
Windows 10
Ubuntu File Server
Mr-Robot
Metasploitable 2
VirtualBox DHCP Server
VirtualBox Network isolation

We will be using VirtualBox as a virtualization solution for the lab and network isolate all the virtual machines from the physical network and the Internet. This way, every hack we practice stays within the virtual hacking lab.

Here is a snapshot of how your desktop will look like once you complet setting up your virtual hacking lab.

VirtualBox setup: Kali Linux, Windows 10, Ubuntu File Server, Mr-Robot, Metasploitable 2.

Without further ado, let’s get to work.

Requirements

You don’t need any extra hardware or software to purchase. Everything presented in this guide is completely free. However, you need to make sure you have the following:

A decent laptop or desktop with preferably 16 GB RAM or more.
Min 40 GB of free disk space [SSD preferably].
A decent Internet connection.
A few cups of coffee and some snacks.

What is a Virtual Machine [VM]?

There are many definitions of a VM on the Internet, some more complicated than the others. However, here is my take on it:

A VM is a file [or set of files] stored on your physical machine that behaves like a computer. You can choose how much CPU, RAM, video memory, and disk space to allocate and which resources [USB devices, network adaptors, etc.] on the physical machine to share with it.

Simply said, a VM is a piece of software on your laptop or desktop behaving like a physical computer.

You can create and host more than one VM on your computer, depending on how powerful your hardware is. The VMs can access your local network, Internet, or be completely isolated from the rest.

You can install virtually any operating system available on a VM, ranging from Windows, macOS to Linux or UNIX. You can create your own virtual computer network with different operating systems on your laptop or desktop without buying any additional hardware.

There is plenty of Virtual Machine software available out there, each tailored for all or specific operating systems, some more future-rich than the other. A comprehensive list of VMs was compiled by Guru99 here.

In this tutorial, we will use Oracle’s VM VirtualBox to set up our virtual hacking lab. Another great alternative is VMWare which I will cover in a future post.

Why Use A Virtual Hacking Lab?

The answer is simple: to stay out of trouble!

You see, companies invest huge amounts of money to secure their computer networks using state-of-the-art firewalls and similar systems specifically designed to detect and prevent malicious intent on the Internet.

Your ISP is one of such companies. Whenever you access a website on the Internet, your request passes countless network devices that process your request in seconds. Another function these devices perform is to detect any unusual activities on the Internet [port scanning, DDoS attacks, etc.] and ban the source [your IP] or, even worse, report them to authorities.

Furthermore, some countries have strict laws to prevent illicit activities on the Internet [even if they were not ill-intended] and end up in civil lawsuits or, worse.

You can see why choosing to practice your hacking skills online can be a dangerous game.

Thankfully, virtualization technology comes to the rescue. We can learn and practice our hacking skills in a safe way by simply setting up a virtual hacking lab on our computer in minutes.

1. Download And Install VirtualBox

Open a browser and navigate to the official VirtualBox download page. Click to download the VirtualBox installation package according to your operating system [for Windows: Windows hosts; for macOS: OS X hosts, etc.].

In this tutorial, I will set up the virtual hacking lab on a Windows 10 computer. So I will proceed with downloading the VirtualBox Windows installer [Figure 1.1].

Figure 1.1: Download VirtualBox for Windows.

Once the download is completed, double-click on the installation file to launch the VirtualBox installer. This is usually located in your Download folder [Figure 1.2].

Figure 1.2: Launch the VirtualBox installer on Windows.

The VirtualBox installation is similar to any other installer on Windows. However, I will guide you through the entire process. If you are familiar with this process, scroll down to the end of this action to continue with the virtual hacking lab setup.

On the VirtualBox Welcome window, click the Next button [Figure 1.3].

Figure 1.3: VirtualBox installation – Welcome.

On the VirtualBox Customer Setup window, click the Next button [Figure 1.4].

Alternatively, you can browse for a new location on your machine to install the VirtualBox or customize your installation further. I recommend leaving the defaults here to avoid any complications later unless you know what you’re doing.

Figure 1.4: VirtualBox installation – Custom Setup.

Check/uncheck the shortcut options or leave the default selection then click the Next button [Figure 1.5].

Figure 1.5: VirtualBox installation – Custom Setup.

Next, the VirtualBox will prompt you with a Warning message [Figure 1.6].

The VirtualBox installer will proceed to configure the virtual network interface on your VM therefore the network connection will reset shortly. Click Yes to continue the installation.

Figure 1.6: VirtualBox installation – Warning.

On the Ready to Install window click Install to start the VirtualBox installation [Figure 1.7].

Figure 1.7: VirtualBox installation – Ready to Install.

On the User Account Control window, click Yes [Figure 1.8].

Figure 1.8: VirtualBox installation – User Account Control.

When prompted to allow the Oracle Corporation Universal Serial Bus controller, click the Install button [Figure 1.9].

Figure 1.9: VirtualBox installation – Oracle virtual USB controller.

The VirtualBox installation is now completed. Click the Finish button to exit the installer [Figure 1.10].

Figure 1.10: VirtualBox installation – Finish.

VirtualBox is now installed on your computer. You should see a window similar to the one in Figure 1.11 below.

Figure 1.11: Launch VirtualBox.

Minimize this window for now. Next, we will proceed with Kali Linux installation in our virtual hacking lab.

2. Install Kali Linux in VirtualBox

There are two ways to install Kali Linux in Oracle VirtualBox:

Download the Kali Linux installation image and do a manual install in VirtualBox like you would do on a physical machine.
Download Kali Linux pre-made VM and import it into VirtualBox.

Time is a valuable asset so let’s choose the fastest way.

Step 1: Download And Import Kali Linux VM In VirtualBox.

Kali Linux is a Debian-based Linux distribution funded by Offensive Security and consisting of a large collection of tools used for penetration testing [pentesting] and security audit purposes.

Kali Linux is widely acknowledged and used by security professionals, ethical hackers, and pentesters worldwide.

Kali can be installed and run on a USB stick, VM or directly on your physical hardware.

Kali provides a large variety of installation images for various architectures and pre-made images for VirtualBox and VMware virtualization software.

In this guide we will use the latest Kali Linux release VM image for VirtualBox.

To download Kali Linux VM for VirtualBox, head over to the official Offensive Security download page, click on the KALI LINUX VIRTUALBOX IMAGES “+” sign, and download the Kali Linux VirtualBox 64-Bit (OVA) to start the direct download [Figure 2.1]

Figure 2.1: Virtual Hacking Lab – Download Kali Linux VirtualBox Image.

Once the Kali Linux VirtualBox image download is completed, locate the file in your Download folder and double click on it to import it in VirtualBox [Figure 2.2].

Figure 2.2: Open Kali Linux VirtualBox image.

On the Appliance settings window, leave the defaults and click the Import button [Figure 2.3].

Figure 2.3: VirtualBox Appliance settings.

Click Agree to accept the VirtualBox Software License Agreement [Figure 2.4].

Figure 2.4: VirtualBox Software License Agreement.

Just in time for a quick break. Grab a cup of coffee and wait for the VM import process to compete [Figure 2.5].

Figure 2.5: Import Kali Linux VirtualBox VM.

Once the import process completed, you should see the Kali Linux VM in VirtualBox [Figure 2.6].

Figure 2.6: Kali Linux VirtualBox Import.

Step 2: Network Isolate Kali Linux VM

We want Kali Linux VM to be isolated within our virtual network in VirtualBox. That means Kali won’t be able to talk with our physical machine or access the Internet.

Remember, we might purposely create vulnerabilities to exploit the systems in our virtual hacking lab and we don’t want these vulnerabilities to be exposed to the Internet.

In case you want to use Kali Linux outside the lab, skip this step.

On the Oracle VirtualBox Manager, select Kali Linux VM and click Settings [Figure 2.7].

Figure 2.7: Kali Linux Virtual Box Settings

On the VirtualBox Settings page, select Network on the left side of the Window. On the Network page, next to Attached to select Internal Network in the drop-down menu.

Take note of the Name of the network “intnet” [Figure 2.8]. We will need to use that name every time we network isolate a VM in our virtual hacking lab. Click OK to submit your settings.

NOTE: You can choose any name for your Internal Network. Just make sure you set the same network Name on every VM you want to be part of the lab.

Figure 2.8: Kali Linux Virtual Box Network Isolation

That’s it. Your Kali Linux is now installed in VirtualBox. Next, we will proceed with installing Windows 10 in our virtual hacking lab.

3. Install Windows 10 on VirtualBox

If you own a legit copy of Windows 10, you can install it on VirtualBox very much the same way you would install it on your physical machine.

However, in this guide we will use only VMs that are free to download and use.

Fortunately for us, Microsoft provides a Windows 10 VM for development purposes.

This Windows 10 version will expire after 90 days, but we can easily avoid the 90 days expiration if we take a snapshot in VirtualBox once the Windows 10 installation is completed.

Oh, wait! This is not me trying to cheat on Microsoft. They actually recommend you do so to avoid the 90-day expiration limitation on their website.

Step 1: Download Windows 10 VirtualBox VM

Head over to the Microsoft Edge Developer website. Under the Select a download section, for Virtual Machines select the MSEdge on Win10 (x64) Stable option.

Under the Choose a VM platform, select the VirtualBox option and click the Download .zip button [Figure 3.1].

Figure 3.1: Download Microsoft Windows 10 VM for VirtualBox.

Step 2: Import Windows 10 VM in VirtualBox

Once the download is completed, extract the Windows 10 VM from the .zip file and double click on it. VirtualBox Import window will automatically open.

Leave the default settings and click the Import button [Figure 3.2].

Figure 3.2: Import Windows 10 VM in VirtualBox.

VirtualBox will now proceed importing the Windows 10 VM [Figure 3.3].

Figure 3.3: Importing Windows 10 VM in VirtualBox.

Step 3: Boot into Windows 10 VM

Alright. Let’s turn on the Windows 10 virtual machine by clicking the Start button in the Oracle Virtual Box Manager [Figure 3.4].

Figure 3.4: Start Windows 10 VM.

Use the Passw0rd! password to login into the Windows 10 VM [Figure 3.5].

Figure 3.5: Log in Windows 10 VM.

Here you go. A fully functional Windows 10 VirtualBox VM [Figure 3.6]. But we are not done yet.

Figure 3.6: Windows 10 VM.

Step 4: Update Windows 10 VM

To update your Windows 10 virtual machine, click on the Windows Search box and type “window update.” Select Check for updates [Figure 3.7].

Figure 3.7: Windows 10 VM – Updates.

On the Settings window, select Windows Update, then click on the Check for updates button [Figure 3.8]. This process will take a while, and of course, it will require that your computer has access to the Internet.

Figure 3.8: Update Windows 10.

During the Windows update process, you will require to reboot your Windows VM. Do so when prompted. Repeat the update process until Windows 10 is showing your computer is up to date.

Step 4: Enable Network Discovery in Windows 10

Open File Explorer in Windows and click on the Network [Figure 3.9].

Figure 3.9: Windows 10 File Explorer network.

Window 10 will be prompted that your Network discovery is turned off [Figure 3.10].

Figure 3.10: Windows 10 network warning.

Click to change on the dialogue banner [Figure 3.11].

Figure 3.11: Windows 10 Network discovery banner.

Click on the Turn on network discovery and file sharing option [Figure 3.12].

Figure 3.12: Turn on network discovery and file sharing.

On the Network discovery and file sharing dialogue, select Yes, turn on network… [Figure 3.13].

NOTE: We will network isolate this Windows 10 VM in a moment. Therefore, the file-sharing will only be visible within VirtualBox internal network.

Figure 3.13: Turn on network discovery and file sharing for all public networks.

Step 5: Enable Samba Windows 10

To discover Samba shares within our internal network, we will need to enable Samba support on Windows 10.

To do so, type Control Panel in the Windows Search box and select Control Panel, as seen in Figure 3.14 below.

Figure 3.14: Access Windows 10 Control Panel.

In Control Panel, select Programs [Figure 3.15].

Figure 3.15: Windows 10 Control Panel – Programs.

In the Programs window, click on the Turn Windows features on or off option [Figure 3.16].

Figure 3.16: Windows 10 – Turn Windows features on or off option.

On the Windows Features window, scroll down until you see the SMB 1.0/CIFS File Sharing Support option. Expand it and make sure the following two options are selected [Figure 3.17]:

SMB 1.0/CIFS Automatic Removal
SMB 1.0/CIFS Client

Figure 3.17: Windows 10 – Enable Samba support on Windows 10.

When prompted, reboot/shutdown the system.

Step 3: Network Isolate Windows 10 VM

Once the VM import is completed, select the MSEdge – Win10 VM on the Oracle VirtualBox Manager and click the Settings icon [Figure 3.18].

Figure 3.18: Windows 10 VM – Network Isolation.

Click the Network tab and select Attached to Internal Network. Select the same network Name you used for Kali Linux VM in the previous section [Figure 3.19].

Figure 3.19: Network isolate Windows 10 VM in VirtualBox.

Step 4: Take Windows 10 Snapshot

This version of Windows 10 will expire in 90 days.

To avoid reinstallation, take a VirtualBox snapshot of your newly installed Windows 10 VM by selecting MSEdge – Win10.

On the Oracle VirtualBox Manager window, click on the options button and select Snapshots, as seen in Figure 3.20 below.

Figure 3.20: Windows 10 snapshot in VirtualBox.

On the Snapshots window, click on the Take button [Figure 3.21]

Figure 3.21: Take a new Windows 10 snapshot.

Type a snapshot name for the new Windows 10 snapshot and click the OK button [Figure 3.22].

Figure 3.22: Name the Windows 10 snapshot.

Once the snapshot is completed, you will see it in the Snapshots section for MSEdge – Win 10 in VirtualBox [Figure 3.23].

Figure 3.23: Windows 10 snapshot.

NOTE: Once you approach the 90 days expiration for your Windows 10 VM, restore the snapshot above by selecting the snapshot and clicking the Restore button [Figure 3.24].

Figure 3.24: Windows 10 snapshot.

That’s it. Your Windows 10 VM setup is completed. Next, we will proceed to install a File Server with Ubuntu Server for our virtual hacking lab.

4. File Server Installation With Samba and Ubuntu Server

Some of the hacking tutorials on this website, such as the MIIT ARP Poisoning Attack with Ettercap, will require a File Server VM for practicing.

In this section we will install a basic File Server using Ubuntu Server with Samba in VirtualBox.

Step 1: Download Ubuntu Server

Head over to the Ubuntu Server download page.

Select Option 2 – Manual Server Installation button, then Download Ubuntu Server 20.x.x LTS [Figure 4.1].

You can locate the downloaded Ubuntu Server image in the Downloads folder on your computer.

Figure 4.1: Download Ubuntu Server image.

Step 2: Ubuntu Server VM Configuration

Open VirtualBox and click on the New icon or press Ctrl+N keys on your keyboard [Figure 4.2].

Virtual Hacking Lab – Create New VM in VirtualBox. Source: nudesystems.com

On the Create Virtual Machine window, click on the Expert Mode button [Figure 4.3].

Figure 4.3: VirtualBox Create Virtual Machine.

Give a Name to your VM [e.g., Ubuntu Server]. For Type select Linux, and Version select Ubuntu (64-bit). Increase Memory size to 4GB and click Create [Figure 4.4].

Figure 4.4: VirtualBox – Create Virtual Machine.

On the Create Virtual Hard Drive window, leave the default settings and click Create [Figure 4.5].

Figure 4.5: VirtualBox – Create Virtual Hard Disk.

Select the newly created VM in the left side and click on Settings [Figure 4.6].

Figure 4.6: VirtualBox – Virtual Machine Settings.

On the Settings window, click on Storage. In the Storage Devices select the CD-ROM-like icon in the Optical Drive field [Figure 4.7].

From the drop-down menu, select Choose a disk file… option. Browse to your Downloads folder and click on the Ubuntu Server image you downloaded earlier. Click OK to close the Settings window.

Figure 4.7: VirtualBox – Load Ubuntu Server image.

Click on the Start icon to launch the Ubuntu Server installation [Figure 4.8].

Figure 4.8: VirtualBox – Ubuntu Server launch.

When prompted to Select start-up disk, make sure the Ubuntu image is selected [Figure 4.9].

Figure 4.9: Virtual hacking lab – Ubuntu Server select start-up disk.

Step 3: Install Ubuntu Server in Virtual Box

On the Ubuntu Server Welcome screen, select your language and hit the Enter key to continue [Figure 4.10].

NOTE: To navigate around Ubuntu Server installer, use the TAB and arrow keys on your keyboard.

Figure 4.10: Virtual hacking lab – Ubuntu Server installation [Select Language].

On the Keyboard configuration leave the defaults, select Done and hit the Enter key [Figure 4.11].

Figure 4.11: Virtual hacking lab – Ubuntu Server installation [Keyboard configuration].

On the Network connections window leave the defaults, select Done and hit the Enter key [Figure 4.12].

Figure 4.12: VirtualBox – Ubuntu Server installation [Network connections].

We are not using any proxy in our setup, so select Done and hit the Enter key [Figure 4.13].

Figure 4.13: VirtualBox – Ubuntu Server installation [Configure proxy].

On the Configure Ubuntu archive mirror window, leave the default setting, select Done, and hit the Enter key [Figure 4.14].

Figure 4.14: VirtualBox – Ubuntu Server installation [Configure Ubuntu archive mirror].

On the Guided Storage configuration window, make sure the Use an entire disk option is checked, select Done, and hit the Enter key [Figure 4.15].

Figure 4.15: VirtualBox – Ubuntu Server installation [Guided storage configuration].

The installer will automatically configure the necessary partitions on the virtual disk. Select Done and hit Enter on the Storage configuration window [Figure 4.16].

Figure 4.16: VirtualBox – Ubuntu Server installation [Storage configuration].

On the Confirm destruction action warning, select Continue and hit Enter [Figure 4.17].

Figure 4.17: VirtualBox – Ubuntu Server installation [Confirm destruction action].

In the Profile setup window, you will need to fill in your name, server’s name, username, and password.

Make sure you type a password you remember. Once finished, select Done and hit the Enter key [Figure 4.18].

Figure 4.18: VirtualBox – Ubuntu Server installation [Profile setup].

Select the Install OpenSSH server checkbox on the SSH Setup window, select Done, and hit the Enter key [Figure 4.19].

Figure 4.19: VirtualBox – Ubuntu Server installation [Install OpenSSH].

On the Featured Server Snaps window, leave everything unchecked, select Done, and hit the Enter key [Figure 4.20].

Figure 4.20: VirtualBox – Ubuntu Server installation [Featured Server Snaps].

The installer will now proceed with the Ubuntu server installation. Once completed, you will see the Reboot Now option on the bottom of the installation window. Select the Reboot Now option and hit Enter [Figure 4.21].

Figure 4.21: VirtualBox – Ubuntu Server installation [Reboot Now].

Once the server reboots, type your username and password you configured earlier to log in [Figure 4.22].

Figure 4.22: VirtualBox – Ubuntu Server installation [Login].

Step 4: Ubuntu Server Snapshot

Now that Ubuntu Server is installed and up to date, I would recommend creating a VirtualBox snapshot before proceeding further with any configuration.

This way, if anything goes wrong, you can quickly revert to a previous working state. This step is optional.

On the Oracle Virtual Box Manager window, select the Ubuntu Server and click on the icon on the right side. Select Snapshot from the menu, then clicks on the Take icon as seen in Figure 4.23 below.

Figure 4.23: Virtual hacking lab – Ubuntu Server Snapshot.

Give a name to your snapshot, and hit the OK button [Figure 4.24].

Figure 4.24: Ubuntu Server VM Snapshot.

Once you created the snapshot, you will see it in the snapshots section in VirtualBox [Figure 4.25]. You can take as many snapshots you want at any moment in time.

Figure 4.25: Virtual hacking lab -VirtualBox Snapshot.

Step 5: Set Up The Root Password

The first thing we need to do is to set up the root password for our Ubuntu Server. To do that, type the following command in the terminal.

NOTE: you will need to input your username password first before setting up the root password, as seen in Figure 4.26 below.

sudo passwd root

Figure 4.26: Ubuntu File Server – Setting up the root password.

Step 6: Update Ubuntu Server

Next, we will need to make sure our server is up to date by typing the following command in the terminal:

sudo apt-get update && sudo apt-get upgrade

When prompted to confirm the packages to upgrade, hit the Y key.

Step 7: Install Samba On Ubuntu Server

To install Samba on Ubuntu Server, type the following command in the terminal:

sudo apt install samba

When prompted, type your root password and hit the Y key to confirm the installation when asked [Figure 4.27].

Figure 4.27: Virtual hacking lab – Ubuntu File Server install Samba.

That’s it. Samba is now installed on our Ubuntu Server. However, we will need to perform some additional configurations for Samba first.

Step 8: Configure Samba On Ubuntu Server

Samba configuration file smb.conf is located in the /etc/samba folder on Ubuntu Server.

Edit the smb.conf file by typing the following commands in the terminal.

cd /

sudo nano /etc/samba/smb.conf

The smb.conf file contains quite a comprehensive list of options that can be enabled or disabled, along with comprehensive explanations for each.

Scroll down to the bottom of the page using the down arrow or page down key on your keyboard.

Add the following section at the end of the smb.conf file.

[share]
comment = Ubuntu File Server Share
path = /srv/samba/share
browsable = yes
guest ok = yes
read only = no
create mask = 0755

Table 4.1 explains the parameters used in the above section to create the Samba share.

comment	A short description of the share.
path	This is the path to the directory you want to share in the network. You can change this path accordingly to your needs as long as you apply the right permission.
browsable	Enables Windows users to access the share via File Explorer.
guest ok	Allows users to access the share without having to provide a password. Set to no if you want users to be authenticated when accessing the share.
read only	Determines if the share access is read-only [users can only access the files stored in this directory] or if write privileges are granted. If *yes* the share is read only. If no users are granted write access.
create mask	Determines the permission the new files will get when created. The 0755 [or 755] is a Linux permission that enables folders to be readable and executed by others, but writable by the file owner only.

Table 4.1: Ubuntu File Server -Samba share parameters.

Your smb.conf file should look like this:

Figure 4.28: Ubuntu File Server – Samba configuration.

Once you have finished configuring the Samba share, exit the smb.conf file by typing Ctrl+X and type Y when prompted to save the modified buffer [Figure 4.29].

Figure 4.29: Ubuntu File Server: Save smb.conf file.

Step 9: Create Samba Share Folder

Now that our samba share is configured on our Ubuntu File Server, it is time to create the /srv/samba/share and apply for the appropriate permissions on the folder.

To do that, type the following commands in the terminal:

sudo mkdir -p /srv/samba/share

Step 10: Apply Permissions

Next, we will need to make the shared folder accessible by applying the appropriate permissions:

sudo chown nobody:nogroup /srv/samba/share/

Step 11: Restart Samba Service

Now that our Ubuntu File Server configuration is completed, it is time to restart the Samba service by using the following command:

sudo systemctl restart smbd.service nmbd.service

Step 12: Network Izolate Ubuntu File Server

If you plan to access the Ubuntu File Server from outside your virtual hacking lab in VirtualBox, skip this step.

To isolate the Ubuntu File Server within our virtual hacking lab network, open the Oracle VirtualBox Manager, select the Ubuntu File Server in the left panel and click Settings [Figure 4.30].

Figure 4.30: Network isolate Ubuntu File Server.

Click the Network tab and select Attached to Internal Network, and make sure the name of your internal network is selected in the Name field [Figure 4.31].

Figure 4.31: Network isolates Ubuntu File Server.

NOTE: At this point, the share on the Ubuntu File Server won’t be visible/accessible within the internal network as no DHCP server is installed and configured on VirtualBox yet.

5. Download And Import Mr-Robot VM in VirtualBox

If you’re into hacking, you must have seen the USA Network’s show – Mr. Robot. If not, go check it out.

The Mr-Robot VM is a Linux distribution maintained by VulnHub and is specially designed to help you learn hacking by looking for vulnerabilities.

This VM has three keys hidden in different places. Your task is to learn how to find them all.

The level of task complexity is beginner-intermediate. And as the name implies, this VM was inspired by the Mr. Robot show.

Step 1: Download Mr-Robot VM

To download the Mr-Robot VirtualBox image, head over to the VulnHub download page and click on Download (Mirror) link shown in Figure 5.1 below.

Figure 5.1: Download Mr-Robot VM image.

Step 2: Import Mr-Robot VM in VirtualBox

Once the download is completed, locate the image file in your Download folder and double-click on it to start the VirtualBox import process.

On the Virtual Import Appliance window, click the Import button [Figure 5.2].

Figure 5.2: Import Mr-Robot VM image.

By now, you should have four virtual machines installed on your VirtualBox [Figure 5.3]. Well done!

Figure 5.3: Virtual Hacking Lab VMs.

Network isolation is essential to keep our virtual hacking lab safe and private. Once you finished installing all the virtual machines in this tutorial, proceed with the section 7 to network isolate Mr-Robot virtual machine.

6. Download And Import Metasploitable 2 VM in VirtualBox

Metasploitable 2 is an Ubuntu-based virtual machine specially designed to contain vulnerabilities to help ethical hackers and penetration testers safely perform vulnerability tests for learning and research purposes.

Metasploitable 2 is developed and maintained by the Rapid 7 Metasploit team.

In this section, we are going to download and install Metasploitable 2 VM in VirtualBox.

Step 1: Download Metasploitable 2

Head over to Rapid 7 Metasploitable 2 download website. On the Metasploitable 2 download page, click on the sourceforge.net link provided [Figure 6.1].

Figure 6.1: Download Metasploitable 2

On the Sourceforge download page click on the download button and save the file in your Downloads folder on your machine [Figure 6.2]

Figure 6.2: Download Metasploitable 2 from Sourceforge

Step 2: Import Metasploitable 2 in VirtualBox

Once the download is completed, locate the archive in your download folder, double-click on it and extract the Metasploitable2-Linux folder anywhere on your computer.

By default, the Metasploitable 2 VM is designed for VMware. However, VirtualBox supports VMware virtual machines [.vmdk format] too.

Open Oracle VirtualBox Manager and click on the New icon to create a new virtual machine [Figure 6.3].

Figure 6.3: Create new VirtualBox virtual machine.

On the Create Virtual Machine window, switch to the Expert Mode [Figure 6.4]

Figure 6.4: VirtualBox Expert Mode.

Type/select the following fields in the Create Virtual Machine window:

Name: Metasploitable 2
Machine Folder: <Leave default or select your custom VirtualBox folder>
Type & Version: Linux \ Linux (64-bit).
Memory size: 2048 MB.
Select “Use an existing virtual hard disk file” and click on the browse icon [Figure 6.5].

Figure 6.5: Metasploitable 2 virtual machine settings.

On the Metasploitable 2 – Hard Disk Selector window, click on the Add icon on top [Figure 6.6].

Figure 6.6: Add Metasploitable.vmdk file to VirtualBox.

Locate and click on the Metasploitable 2 folder you downloaded and extracted earlier. Select the Metasploitable.vmdk file and click Open [Figure 6.7]

Figure 6.7: Metasploitable 2 locate the vmdk file.

On the Metasploitable 2 Hard Disk Selector window, select Metasploitable.vmdk and click the Choose button [Figure 6.8].

Figure 6.8: Select Metasploitable.vmdk.

Your Metasploitable 2 – Create Virtual Machine settings should look like in Figure 6.9 below. Click the Create button.

Figure 6.9: Select Metasploitable.vmdk.

Metasploitable 2 is now imported in VirtualBox [Figure 6.10]

Figure 6.10: Metasploitable 2 imported in VirtualBox.

Proceed with the section 7 below to network isolate the Metasploitable 2 virtual machine.

7. Network Isolate The Virtual Hacking Lab

In case you haven’t network isolated your VMs in VirtualBox yet, do it now.

In the Oracle VirtualBox Manager, select the Kali-Linux VM and click on the Settings icon [Figure 7.1].

Figure 7.1: Kali Linux VM network settings.

On the VirtualBox Settings page, select Network on the left side of the Window. On the Network page, next to Attached to select Internal Network in the drop-down menu. Take note of the Name of the network – in my case intnet [Figure 7.2]. We will need to use the network name shortly.

NOTE: You can choose any name for your Internal Network. Just make sure you set the network Name on every VM you want to be part of that network.

Figure 7.2: Kali Linux VM set internal network.

Click OK and close the Settings window. Repeat the above steps for all VMs installed in this virtual hacking lab tutorial.

NOTE: If for any reason [updates, software installation. etc.] you need access to the Internet; change the network settings from Internal Network to NAT. Once done, revert to Internal Network.

Don’t start the virtual machines yet. There is one additional step to complete to guarantee our VMs can talk with each other in the VirtualBox environment. For that, we need to set up a DHCP server for the VirtualBox internal network.

8. Set Up VirtualBox DHCP Server

We can configure the VMs with a static IP to have them communicate with each other in the Internal Network.

But what if we add a third or fourth VM to our virtual hacking lab later? We will have to do the same for each.

The solution is to set up a Dynamic Host Configuration Protocol (DHCP) server in VirtualBox that will dynamically allocate IP addresses to the VMs in the Internal Network without us having to do anything in the future.

Open a Command Prompt window by clicking on the Windows Search Box on your taskbar and typing “cmd.” Click on the Command Prompt icon under the Best match, as seen in Figure 8.1 below.

Figure 8.1: Launch Command Prompt in Windows 10.

In the Command Prompt window, copy/paste the following commands [one at the time] to navigate the VirtualBox folder on your computer [C:\Program Files\Oracle\VirtualBox].

cd /
cd C:\Program Files\Oracle\VirtualBox

Let’s setup a VirtualBox DHCP server with the following settings:

Network ID: intnet
DHCP Server IP: 192.168.10.1
Lower IP: 192.168.10.10
Upper IP: 192.168.10.20
Subnet mask: 255.255.255.0

Where:

The Network ID is the network Name “intnet” we set up for both VMs in the above steps.
The DHCP Server IP is a static IP allocated to the DHCP server.
The Lower IP and Upper IPs are the range of IPs available for dynamic allocation to the existing or future hosts we add to the “intnet” network. In this case, we can dynamically allocate 11 IPs/hosts [192.168.10.10 to 192.168.10.20].
The Subnet mask is a subdivision of a network, in our case 192.168.10.x, which is a class C subnet [255.255.255.0].

If you don’t understand what’s all these, don’t worry. Just copy and paste the following command in your Command Prompt and you should be good to go [Figure 8.2].

NOTE: Remember, you must navigate first to the C:\Program Files\Oracle\VirtualBox folder as explained above.

vboxmanage dhcpserver add --network=intnet --server-ip=192.168.10.1 --lower-ip=192.168.10.10 --upper-ip=192.168.10.20 --netmask=255.255.255.0 --enable

Figure 8.2: Setting Up DHCP server for VirtualBox Internal Network.

TIP: You should execute the above command line successfully on your machine. However, if you chose to configure the DHCP settings with your own settings and encounter issues, use the following command to remove the DHCP settings, fix the command, and rerun it.

VBoxManage dhcpserver remove --netname intnet

As you can see, VirtualBox is a competent virtualization solution in the right hands. And with that, the installation and configuration of the virtual hacking lab are done.

9. Firing Up The Virtual Machines

Finally, it is time to start the virtual machines in our virtual hacking lab. We will proceed by firing up one VM at a time.

Launch Kali Linux VM

Alright, it’s time to power on the VMs in our virtual hacking lab. Let’s begin by starting Kali Linux VM first.

Open the Oracle VirtualBox Manager, select Kali Linux VM in the left menu and click the Start icon as shown in Figure 9.1.

Figure 9.1: Start Kali Linux VM.

Once Kali Linux boots up, use the following credentials for kali user is kali and for root is toor

Figure 9.2: Login into Kali Linux VM.

You should be welcomed by Kali’s beautiful and feature-rich desktop interface [Figure 9.3].

Figure 9.3: Kali Linux Desktop interface.

The very first thing you should do is change the default Kali Linux user and root passwords.

To test if our Kali Linux VM is configured properly and perfectly isolated from the rest of the world, click on the Terminal icon on the top bar [Figure 9.4]

Figure 9.4: Open Terminal in Kali Linux.

Let’s start by finding if our previously configured DHCP server works properly. Execute the following command in the terminal:

ip address

As you can see, The DHCP server allocated the IP address of 192.168.10.10 [Lower IP in our DHCP configuration] to Kali Linux VM. We are now confident that the VirtualBox DHCP server works [Figure 9.5].

Figure 9.5: Check Kali Linux IP address.

Next, let’s see if Kali Linux can communicate on the Internet. Let’s try to ping the Google DNS server with the IP address = 8.8.8.8. Execute the following command in the Terminal:

ping 8.8.8.8

As you can see in Figure 8.6 below, we receive the Network is unreachable ping output when pinging the Google DNS server.

This is great! It means our intnet internal network is completely isolated from the rest of the world [Figure 9.6].

Figure 9.6: Ping Google DNS server from Kali Linux VM.

Launch Windows 10 VM

On the Oracle VirtualBox Manager, Select the Windows 10 VM and click the Start icon.

Passw0rd!

Figure 9.7: Login Windows 10 VM

To test if Windows 10 is network isolated, open a Command Prompt window and ping the Google DNS server with the IP address = 8.8.8.8 [Figure 9.8].

Figure 9.8: Ping Google DNS server from Windows 10 VM.

As you see, the Windows 10 VM is unable to ping the Google DNS server. The VM is network isolated within VirtualBox internal network.

Launch Ubuntu File Server VM

On the Oracle VirtualBox Manager, select the Ubuntu Server VM and click the Start icon.

Figure 9.9: Login Ubuntu File Server.

To test if the Ubuntu File Server is network isolated, open a Command Prompt window and ping the Google DNS server with the IP address = 8.8.8.8 [Figure 9.10].

Figure 9.10: Ping Google DNS server from Ubuntu File Server VM.

As you can see, the Ubuntu File Server is unable to ping the Google DNS server. Therefore, this VM is network isolated within VirtualBox internal network.

Launch Mr-Robot VM

And finally, let’s fire-up Mr-Robot VM.

On the Oracle VirtualBox Manager, select the Mr-Robot VM and click the Start button on top [Figure 9.11].

NOTE: Booting Mr-Robot VM will take a short while due to the background configuration scripts executed at the startup. Be patient.

Once the Mr-Robot boot sequence is completed, you should be prompted with a simple but cool login prompt that awaits to be hacked [Figure 9.11].

Figure 9.11: Mr-Robot VM login prompt.

That’s right! I won’t tell you what Mr-Robot’s username and password are. You will have to find them yourself. All the tools needed for hacking the keys are available on Kali Linux.

Launch Metasploitable 2 VM

On the Oracle VirtualBox Manager, select the Metasploitable 2 VM and click the Start button on top [Figure 9.13].

msfadmin

Figure 9.12: Login Metasploitable 2 VM.

NOTE: Use the same password for root login when needed.

Conclusion

Voila. You have a perfectly isolated virtual hacking lab now in VirtualBox.

You can ping between your virtual machines using their assigned IP addresses. If you don’t know how to do that, here’s a guide on finding the IP address on various operating systems.

From here on, sky’s the limit. Oh wait! RAM’s the limit. And CPU, and disk space… 🙂

I usually keep all my virtual machines on a separate SSD. This way, the performance of my computer is not too impacted.

I also take VM snapshots every time I play with a VM configuration. In case I mess-up something, I can quickly revert my VM to a working state.

Oh, and one more thing.

You don’t have to power on all the VMs every time you want to perform a hack. In a usual hacking scenario, all you need is a client [Windows 10], server [File Server, Mr-Robot, or Metasploitable 2], and of course Kali Linux – the place where all the happiness takes place.

Before You Leave

If you managed to follow this virtual hacking lab tutorial till the end, you just made your first serious step in becoming a cybersecurity expert. I’m proud of you!

If you want to learn more, why not speed up your ethical hacking and pentest journey by learning how to scan a network for vulnerabilities with NMAP in Kali Linux? Here are the tutorials I recommend you next:

If you found this guide useful, do me a favor and share it with your friends and colleagues.

You can also supporting my work on Patreon or simply send me some crypto at the addresses below.

Stay safe!

[crypto-donation-box]

Leonard Cucos

Leonard Cucos is an engineer with over 20 years of IT/Telco experience managing large UNIX/Linux-based server infrastructures, IP and Optics core networks, Information Security [red/blue], Data Science, and FinTech.