This tutorial will teach you how to set up your private virtual hacking lab on your own computer. The entire process will take up to 4 hours, depending on your experience and Internet speed. This is a monster setup guide – nothing like it on the Internet.
Whether you want to become a security professional, ethical hacker, or want to learn some hacking tricks, setting up your virtual hacking lab is the first thing you should do to stay out of trouble.
All the software and virtual machines used in this tutorial are completely free – including the Windows 10 virtual machine!
The virtual hacking lab consists of the following virtual machines, and components:
- Kali Linux
- Windows 10
- Ubuntu File Server
- Metasploitable 2
- VirtualBox DHCP Server
- VirtualBox Network isolation
We will be using VirtualBox as a virtualization solution for the lab and network isolate all the virtual machines from the physical network and the Internet. This way, every hack we practice stays within the virtual hacking lab.
Here is a snapshot of how your desktop will look like once you complet setting up your virtual hacking lab.
Without further ado, let’s get to work.
You don’t need any extra hardware or software to purchase. Everything presented in this guide is completely free. However, you need to make sure you have the following:
- A decent laptop or desktop with preferably 16 GB RAM or more.
- Min 40 GB of free disk space [SSD preferably].
- A decent Internet connection.
- A few cups of coffee and some snacks.
What is a Virtual Machine [VM]?
There are many definitions of a VM on the Internet, some more complicated than the others. However, here is my take on it:
A VM is a file [or set of files] stored on your physical machine that behaves like a computer. You can choose how much CPU, RAM, video memory, and disk space to allocate and which resources [USB devices, network adaptors, etc.] on the physical machine to share with it.
Simply said, a VM is a piece of software on your laptop or desktop behaving like a physical computer.
You can create and host more than one VM on your computer, depending on how powerful your hardware is. The VMs can access your local network, Internet, or be completely isolated from the rest.
You can install virtually any operating system available on a VM, ranging from Windows, macOS to Linux or UNIX. You can create your own virtual computer network with different operating systems on your laptop or desktop without buying any additional hardware.
There is plenty of Virtual Machine software available out there, each tailored for all or specific operating systems, some more future-rich than the other. A comprehensive list of VMs was compiled by Guru99 here.
In this tutorial, we will use Oracle’s VM VirtualBox to set up our virtual hacking lab. Another great alternative is VMWare which I will cover in a future post.
Why Use A Virtual Hacking Lab?
The answer is simple: to stay out of trouble!
You see, companies invest huge amounts of money to secure their computer networks using state-of-the-art firewalls and similar systems specifically designed to detect and prevent malicious intent on the Internet.
Your ISP is one of such companies. Whenever you access a website on the Internet, your request passes countless network devices that process your request in seconds. Another function these devices perform is to detect any unusual activities on the Internet [port scanning, DDoS attacks, etc.] and ban the source [your IP] or, even worse, report them to authorities.
Furthermore, some countries have strict laws to prevent illicit activities on the Internet [even if they were not ill-intended] and end up in civil lawsuits or, worse.
You can see why choosing to practice your hacking skills online can be a dangerous game.
Thankfully, virtualization technology comes to the rescue. We can learn and practice our hacking skills in a safe way by simply setting up a virtual hacking lab on our computer in minutes.
1. Download And Install VirtualBox
Open a browser and navigate to the official VirtualBox download page. Click to download the VirtualBox installation package according to your operating system [for Windows: Windows hosts; for macOS: OS X hosts, etc.].
In this tutorial, I will set up the virtual hacking lab on a Windows 10 computer. So I will proceed with downloading the VirtualBox Windows installer [Figure 1.1].
Once the download is completed, double-click on the installation file to launch the VirtualBox installer. This is usually located in your Download folder [Figure 1.2].
The VirtualBox installation is similar to any other installer on Windows. However, I will guide you through the entire process. If you are familiar with this process, scroll down to the end of this action to continue with the virtual hacking lab setup.
On the VirtualBox Welcome window, click the Next button [Figure 1.3].
On the VirtualBox Customer Setup window, click the Next button [Figure 1.4].
Alternatively, you can browse for a new location on your machine to install the VirtualBox or customize your installation further. I recommend leaving the defaults here to avoid any complications later unless you know what you’re doing.
Check/uncheck the shortcut options or leave the default selection then click the Next button [Figure 1.5].
Next, the VirtualBox will prompt you with a Warning message [Figure 1.6].
The VirtualBox installer will proceed to configure the virtual network interface on your VM therefore the network connection will reset shortly. Click Yes to continue the installation.
On the Ready to Install window click Install to start the VirtualBox installation [Figure 1.7].
On the User Account Control window, click Yes [Figure 1.8].
When prompted to allow the Oracle Corporation Universal Serial Bus controller, click the Install button [Figure 1.9].
The VirtualBox installation is now completed. Click the Finish button to exit the installer [Figure 1.10].
VirtualBox is now installed on your computer. You should see a window similar to the one in Figure 1.11 below.
Minimize this window for now. Next, we will proceed with Kali Linux installation in our virtual hacking lab.
2. Install Kali Linux in VirtualBox
There are two ways to install Kali Linux in Oracle VirtualBox:
- Download the Kali Linux installation image and do a manual install in VirtualBox like you would do on a physical machine.
- Download Kali Linux pre-made VM and import it into VirtualBox.
Time is a valuable asset so let’s choose the fastest way.
Step 1: Download And Import Kali Linux VM In VirtualBox.
Kali Linux is a Debian-based Linux distribution funded by Offensive Security and consisting of a large collection of tools used for penetration testing [pentesting] and security audit purposes.
Kali Linux is widely acknowledged and used by security professionals, ethical hackers, and pentesters worldwide.
Kali can be installed and run on a USB stick, VM or directly on your physical hardware.
Kali provides a large variety of installation images for various architectures and pre-made images for VirtualBox and VMware virtualization software.
In this guide we will use the latest Kali Linux release VM image for VirtualBox.
To download Kali Linux VM for VirtualBox, head over to the official Offensive Security download page, click on the KALI LINUX VIRTUALBOX IMAGES “+” sign, and download the Kali Linux VirtualBox 64-Bit (OVA) to start the direct download [Figure 2.1]
Once the Kali Linux VirtualBox image download is completed, locate the file in your Download folder and double click on it to import it in VirtualBox [Figure 2.2].
On the Appliance settings window, leave the defaults and click the Import button [Figure 2.3].
Click Agree to accept the VirtualBox Software License Agreement [Figure 2.4].
Just in time for a quick break. Grab a cup of coffee and wait for the VM import process to compete [Figure 2.5].
Once the import process completed, you should see the Kali Linux VM in VirtualBox [Figure 2.6].
Step 2: Network Isolate Kali Linux VM
We want Kali Linux VM to be isolated within our virtual network in VirtualBox. That means Kali won’t be able to talk with our physical machine or access the Internet.
Remember, we might purposely create vulnerabilities to exploit the systems in our virtual hacking lab and we don’t want these vulnerabilities to be exposed to the Internet.
In case you want to use Kali Linux outside the lab, skip this step.
On the Oracle VirtualBox Manager, select Kali Linux VM and click Settings [Figure 2.7].
On the VirtualBox Settings page, select Network on the left side of the Window. On the Network page, next to Attached to select Internal Network in the drop-down menu.
Take note of the Name of the network “intnet” [Figure 2.8]. We will need to use that name every time we network isolate a VM in our virtual hacking lab. Click OK to submit your settings.
NOTE: You can choose any name for your Internal Network. Just make sure you set the same network Name on every VM you want to be part of the lab.
That’s it. Your Kali Linux is now installed in VirtualBox. Next, we will proceed with installing Windows 10 in our virtual hacking lab.
3. Install Windows 10 on VirtualBox
If you own a legit copy of Windows 10, you can install it on VirtualBox very much the same way you would install it on your physical machine.
However, in this guide we will use only VMs that are free to download and use.
Fortunately for us, Microsoft provides a Windows 10 VM for development purposes.
This Windows 10 version will expire after 90 days, but we can easily avoid the 90 days expiration if we take a snapshot in VirtualBox once the Windows 10 installation is completed.
Oh, wait! This is not me trying to cheat on Microsoft. They actually recommend you do so to avoid the 90-day expiration limitation on their website.
Step 1: Download Windows 10 VirtualBox VM
Head over to the Microsoft Edge Developer website. Under the Select a download section, for Virtual Machines select the MSEdge on Win10 (x64) Stable option.
Under the Choose a VM platform, select the VirtualBox option and click the Download .zip button [Figure 3.1].
Step 2: Import Windows 10 VM in VirtualBox
Once the download is completed, extract the Windows 10 VM from the .zip file and double click on it. VirtualBox Import window will automatically open.
Leave the default settings and click the Import button [Figure 3.2].
VirtualBox will now proceed importing the Windows 10 VM [Figure 3.3].
Step 3: Boot into Windows 10 VM
Alright. Let’s turn on the Windows 10 virtual machine by clicking the Start button in the Oracle Virtual Box Manager [Figure 3.4].
Use the Passw0rd! password to login into the Windows 10 VM [Figure 3.5].
Here you go. A fully functional Windows 10 VirtualBox VM [Figure 3.6]. But we are not done yet.
Step 4: Update Windows 10 VM
To update your Windows 10 virtual machine, click on the Windows Search box and type “window update.” Select Check for updates [Figure 3.7].
On the Settings window, select Windows Update, then click on the Check for updates button [Figure 3.8]. This process will take a while, and of course, it will require that your computer has access to the Internet.
During the Windows update process, you will require to reboot your Windows VM. Do so when prompted. Repeat the update process until Windows 10 is showing your computer is up to date.
Step 4: Enable Network Discovery in Windows 10
Open File Explorer in Windows and click on the Network [Figure 3.9].
Window 10 will be prompted that your Network discovery is turned off [Figure 3.10].
Click to change on the dialogue banner [Figure 3.11].
Click on the Turn on network discovery and file sharing option [Figure 3.12].
On the Network discovery and file sharing dialogue, select Yes, turn on network… [Figure 3.13].
NOTE: We will network isolate this Windows 10 VM in a moment. Therefore, the file-sharing will only be visible within VirtualBox internal network.
Step 5: Enable Samba Windows 10
To discover Samba shares within our internal network, we will need to enable Samba support on Windows 10.
To do so, type Control Panel in the Windows Search box and select Control Panel, as seen in Figure 3.14 below.
In Control Panel, select Programs [Figure 3.15].
In the Programs window, click on the Turn Windows features on or off option [Figure 3.16].
On the Windows Features window, scroll down until you see the SMB 1.0/CIFS File Sharing Support option. Expand it and make sure the following two options are selected [Figure 3.17]:
SMB 1.0/CIFS Automatic Removal
SMB 1.0/CIFS Client
When prompted, reboot/shutdown the system.
Step 3: Network Isolate Windows 10 VM
Once the VM import is completed, select the MSEdge – Win10 VM on the Oracle VirtualBox Manager and click the Settings icon [Figure 3.18].
Click the Network tab and select Attached to Internal Network. Select the same network Name you used for Kali Linux VM in the previous section [Figure 3.19].
Step 4: Take Windows 10 Snapshot
This version of Windows 10 will expire in 90 days.
To avoid reinstallation, take a VirtualBox snapshot of your newly installed Windows 10 VM by selecting MSEdge – Win10.
On the Oracle VirtualBox Manager window, click on the options button and select Snapshots, as seen in Figure 3.20 below.
On the Snapshots window, click on the Take button [Figure 3.21]
Type a snapshot name for the new Windows 10 snapshot and click the OK button [Figure 3.22].
Once the snapshot is completed, you will see it in the Snapshots section for MSEdge – Win 10 in VirtualBox [Figure 3.23].
NOTE: Once you approach the 90 days expiration for your Windows 10 VM, restore the snapshot above by selecting the snapshot and clicking the Restore button [Figure 3.24].
That’s it. Your Windows 10 VM setup is completed. Next, we will proceed to install a File Server with Ubuntu Server for our virtual hacking lab.
4. File Server Installation With Samba and Ubuntu Server
Some of the hacking tutorials on this website, such as the MIIT ARP Poisoning Attack with Ettercap, will require a File Server VM for practicing.
In this section we will install a basic File Server using Ubuntu Server with Samba in VirtualBox.
Step 1: Download Ubuntu Server
Head over to the Ubuntu Server download page.
Select Option 2 – Manual Server Installation button, then Download Ubuntu Server 20.x.x LTS [Figure 4.1].
You can locate the downloaded Ubuntu Server image in the Downloads folder on your computer.
Step 2: Ubuntu Server VM Configuration
Open VirtualBox and click on the New icon or press Ctrl+N keys on your keyboard [Figure 4.2].
On the Create Virtual Machine window, click on the Expert Mode button [Figure 4.3].
Give a Name to your VM [e.g., Ubuntu Server]. For Type select Linux, and Version select Ubuntu (64-bit). Increase Memory size to 4GB and click Create [Figure 4.4].
On the Create Virtual Hard Drive window, leave the default settings and click Create [Figure 4.5].
Select the newly created VM in the left side and click on Settings [Figure 4.6].
On the Settings window, click on Storage. In the Storage Devices select the CD-ROM-like icon in the Optical Drive field [Figure 4.7].
From the drop-down menu, select Choose a disk file… option. Browse to your Downloads folder and click on the Ubuntu Server image you downloaded earlier. Click OK to close the Settings window.
Click on the Start icon to launch the Ubuntu Server installation [Figure 4.8].
When prompted to Select start-up disk, make sure the Ubuntu image is selected [Figure 4.9].
Step 3: Install Ubuntu Server in Virtual Box
On the Ubuntu Server Welcome screen, select your language and hit the Enter key to continue [Figure 4.10].
NOTE: To navigate around Ubuntu Server installer, use the TAB and arrow keys on your keyboard.
On the Keyboard configuration leave the defaults, select Done and hit the Enter key [Figure 4.11].
On the Network connections window leave the defaults, select Done and hit the Enter key [Figure 4.12].
We are not using any proxy in our setup, so select Done and hit the Enter key [Figure 4.13].
On the Configure Ubuntu archive mirror window, leave the default setting, select Done, and hit the Enter key [Figure 4.14].
On the Guided Storage configuration window, make sure the Use an entire disk option is checked, select Done, and hit the Enter key [Figure 4.15].
The installer will automatically configure the necessary partitions on the virtual disk. Select Done and hit Enter on the Storage configuration window [Figure 4.16].
On the Confirm destruction action warning, select Continue and hit Enter [Figure 4.17].
In the Profile setup window, you will need to fill in your name, server’s name, username, and password.
Make sure you type a password you remember. Once finished, select Done and hit the Enter key [Figure 4.18].
Select the Install OpenSSH server checkbox on the SSH Setup window, select Done, and hit the Enter key [Figure 4.19].
On the Featured Server Snaps window, leave everything unchecked, select Done, and hit the Enter key [Figure 4.20].
The installer will now proceed with the Ubuntu server installation. Once completed, you will see the Reboot Now option on the bottom of the installation window. Select the Reboot Now option and hit Enter [Figure 4.21].
Once the server reboots, type your username and password you configured earlier to log in [Figure 4.22].
Step 4: Ubuntu Server Snapshot
Now that Ubuntu Server is installed and up to date, I would recommend creating a VirtualBox snapshot before proceeding further with any configuration.
This way, if anything goes wrong, you can quickly revert to a previous working state. This step is optional.
On the Oracle Virtual Box Manager window, select the Ubuntu Server and click on the icon on the right side. Select Snapshot from the menu, then clicks on the Take icon as seen in Figure 4.23 below.
Give a name to your snapshot, and hit the OK button [Figure 4.24].
Once you created the snapshot, you will see it in the snapshots section in VirtualBox [Figure 4.25]. You can take as many snapshots you want at any moment in time.
Step 5: Set Up The Root Password
The first thing we need to do is to set up the root password for our Ubuntu Server. To do that, type the following command in the terminal.
NOTE: you will need to input your username password first before setting up the root password, as seen in Figure 4.26 below.
sudo passwd root
Step 6: Update Ubuntu Server
Next, we will need to make sure our server is up to date by typing the following command in the terminal:
sudo apt-get update && sudo apt-get upgrade
When prompted to confirm the packages to upgrade, hit the Y key.
Step 7: Install Samba On Ubuntu Server
To install Samba on Ubuntu Server, type the following command in the terminal:
sudo apt install samba
When prompted, type your root password and hit the Y key to confirm the installation when asked [Figure 4.27].
That’s it. Samba is now installed on our Ubuntu Server. However, we will need to perform some additional configurations for Samba first.
Step 8: Configure Samba On Ubuntu Server
Samba configuration file smb.conf is located in the /etc/samba folder on Ubuntu Server.
Edit the smb.conf file by typing the following commands in the terminal.
sudo nano /etc/samba/smb.conf
The smb.conf file contains quite a comprehensive list of options that can be enabled or disabled, along with comprehensive explanations for each.
Scroll down to the bottom of the page using the down arrow or page down key on your keyboard.
Add the following section at the end of the smb.conf file.
[share] comment = Ubuntu File Server Share path = /srv/samba/share browsable = yes guest ok = yes read only = no create mask = 0755
Table 4.1 explains the parameters used in the above section to create the Samba share.
|comment||A short description of the share.|
|path||This is the path to the directory you want to share in the network. You can change this path accordingly to your needs as long as you apply the right permission.|
|browsable||Enables Windows users to access the share via File Explorer.|
|guest ok||Allows users to access the share without having to provide a password. Set to no if you want users to be authenticated when accessing the share.|
|read only||Determines if the share access is read-only [users can only access the files stored in this directory] or if write privileges are granted. If yes the share is read only. If no users are granted write access.|
|create mask||Determines the permission the new files will get when created. The 0755 [or 755] is a Linux permission that enables folders to be readable and executed by others, but writable by the file owner only.|
Your smb.conf file should look like this:
Once you have finished configuring the Samba share, exit the smb.conf file by typing Ctrl+X and type Y when prompted to save the modified buffer [Figure 4.29].
Step 9: Create Samba Share Folder
Now that our samba share is configured on our Ubuntu File Server, it is time to create the /srv/samba/share and apply for the appropriate permissions on the folder.
To do that, type the following commands in the terminal:
sudo mkdir -p /srv/samba/share
Step 10: Apply Permissions
Next, we will need to make the shared folder accessible by applying the appropriate permissions:
sudo chown nobody:nogroup /srv/samba/share/
Step 11: Restart Samba Service
Now that our Ubuntu File Server configuration is completed, it is time to restart the Samba service by using the following command:
sudo systemctl restart smbd.service nmbd.service
Step 12: Network Izolate Ubuntu File Server
If you plan to access the Ubuntu File Server from outside your virtual hacking lab in VirtualBox, skip this step.
To isolate the Ubuntu File Server within our virtual hacking lab network, open the Oracle VirtualBox Manager, select the Ubuntu File Server in the left panel and click Settings [Figure 4.30].
Click the Network tab and select Attached to Internal Network, and make sure the name of your internal network is selected in the Name field [Figure 4.31].
NOTE: At this point, the share on the Ubuntu File Server won’t be visible/accessible within the internal network as no DHCP server is installed and configured on VirtualBox yet.
5. Download And Import Mr-Robot VM in VirtualBox
If you’re into hacking, you must have seen the USA Network’s show – Mr. Robot. If not, go check it out.
The Mr-Robot VM is a Linux distribution maintained by VulnHub and is specially designed to help you learn hacking by looking for vulnerabilities.
This VM has three keys hidden in different places. Your task is to learn how to find them all.
The level of task complexity is beginner-intermediate. And as the name implies, this VM was inspired by the Mr. Robot show.
Step 1: Download Mr-Robot VM
To download the Mr-Robot VirtualBox image, head over to the VulnHub download page and click on Download (Mirror) link shown in Figure 5.1 below.
Step 2: Import Mr-Robot VM in VirtualBox
Once the download is completed, locate the image file in your Download folder and double-click on it to start the VirtualBox import process.
On the Virtual Import Appliance window, click the Import button [Figure 5.2].
By now, you should have four virtual machines installed on your VirtualBox [Figure 5.3]. Well done!
Network isolation is essential to keep our virtual hacking lab safe and private. Once you finished installing all the virtual machines in this tutorial, proceed with the section 7 to network isolate Mr-Robot virtual machine.
6. Download And Import Metasploitable 2 VM in VirtualBox
Metasploitable 2 is an Ubuntu-based virtual machine specially designed to contain vulnerabilities to help ethical hackers and penetration testers safely perform vulnerability tests for learning and research purposes.
Metasploitable 2 is developed and maintained by the Rapid 7 Metasploit team.
In this section, we are going to download and install Metasploitable 2 VM in VirtualBox.
Step 1: Download Metasploitable 2
Head over to Rapid 7 Metasploitable 2 download website. On the Metasploitable 2 download page, click on the sourceforge.net link provided [Figure 6.1].
On the Sourceforge download page click on the download button and save the file in your Downloads folder on your machine [Figure 6.2]
Step 2: Import Metasploitable 2 in VirtualBox
Once the download is completed, locate the archive in your download folder, double-click on it and extract the Metasploitable2-Linux folder anywhere on your computer.
By default, the Metasploitable 2 VM is designed for VMware. However, VirtualBox supports VMware virtual machines [.vmdk format] too.
Open Oracle VirtualBox Manager and click on the New icon to create a new virtual machine [Figure 6.3].
On the Create Virtual Machine window, switch to the Expert Mode [Figure 6.4]
Type/select the following fields in the Create Virtual Machine window:
- Name: Metasploitable 2
- Machine Folder: <Leave default or select your custom VirtualBox folder>
- Type & Version: Linux \ Linux (64-bit).
- Memory size: 2048 MB.
- Select “Use an existing virtual hard disk file” and click on the browse icon [Figure 6.5].
On the Metasploitable 2 – Hard Disk Selector window, click on the Add icon on top [Figure 6.6].
Locate and click on the Metasploitable 2 folder you downloaded and extracted earlier. Select the Metasploitable.vmdk file and click Open [Figure 6.7]
On the Metasploitable 2 Hard Disk Selector window, select Metasploitable.vmdk and click the Choose button [Figure 6.8].
Your Metasploitable 2 – Create Virtual Machine settings should look like in Figure 6.9 below. Click the Create button.
Metasploitable 2 is now imported in VirtualBox [Figure 6.10]
Proceed with the section 7 below to network isolate the Metasploitable 2 virtual machine.
7. Network Isolate The Virtual Hacking Lab
In case you haven’t network isolated your VMs in VirtualBox yet, do it now.
In the Oracle VirtualBox Manager, select the Kali-Linux VM and click on the Settings icon [Figure 7.1].
On the VirtualBox Settings page, select Network on the left side of the Window. On the Network page, next to Attached to select Internal Network in the drop-down menu. Take note of the Name of the network – in my case intnet [Figure 7.2]. We will need to use the network name shortly.
NOTE: You can choose any name for your Internal Network. Just make sure you set the network Name on every VM you want to be part of that network.
Click OK and close the Settings window. Repeat the above steps for all VMs installed in this virtual hacking lab tutorial.
NOTE: If for any reason [updates, software installation. etc.] you need access to the Internet; change the network settings from Internal Network to NAT. Once done, revert to Internal Network.
Don’t start the virtual machines yet. There is one additional step to complete to guarantee our VMs can talk with each other in the VirtualBox environment. For that, we need to set up a DHCP server for the VirtualBox internal network.
8. Set Up VirtualBox DHCP Server
We can configure the VMs with a static IP to have them communicate with each other in the Internal Network.
But what if we add a third or fourth VM to our virtual hacking lab later? We will have to do the same for each.
The solution is to set up a Dynamic Host Configuration Protocol (DHCP) server in VirtualBox that will dynamically allocate IP addresses to the VMs in the Internal Network without us having to do anything in the future.
Open a Command Prompt window by clicking on the Windows Search Box on your taskbar and typing “cmd.” Click on the Command Prompt icon under the Best match, as seen in Figure 8.1 below.
In the Command Prompt window, copy/paste the following commands [one at the time] to navigate the VirtualBox folder on your computer [C:\Program Files\Oracle\VirtualBox].
cd / cd C:\Program Files\Oracle\VirtualBox
Let’s setup a VirtualBox DHCP server with the following settings:
Network ID: intnet
DHCP Server IP: 192.168.10.1
Lower IP: 192.168.10.10
Upper IP: 192.168.10.20
Subnet mask: 255.255.255.0
- The Network ID is the network Name “intnet” we set up for both VMs in the above steps.
- The DHCP Server IP is a static IP allocated to the DHCP server.
- The Lower IP and Upper IPs are the range of IPs available for dynamic allocation to the existing or future hosts we add to the “intnet” network. In this case, we can dynamically allocate 11 IPs/hosts [192.168.10.10 to 192.168.10.20].
- The Subnet mask is a subdivision of a network, in our case 192.168.10.x, which is a class C subnet [255.255.255.0].
If you don’t understand what’s all these, don’t worry. Just copy and paste the following command in your Command Prompt and you should be good to go [Figure 8.2].
NOTE: Remember, you must navigate first to the C:\Program Files\Oracle\VirtualBox folder as explained above.
vboxmanage dhcpserver add --network=intnet --server-ip=192.168.10.1 --lower-ip=192.168.10.10 --upper-ip=192.168.10.20 --netmask=255.255.255.0 --enable
TIP: You should execute the above command line successfully on your machine. However, if you chose to configure the DHCP settings with your own settings and encounter issues, use the following command to remove the DHCP settings, fix the command, and rerun it.
VBoxManage dhcpserver remove --netname intnet
As you can see, VirtualBox is a competent virtualization solution in the right hands. And with that, the installation and configuration of the virtual hacking lab are done.
9. Firing Up The Virtual Machines
Finally, it is time to start the virtual machines in our virtual hacking lab. We will proceed by firing up one VM at a time.
Launch Kali Linux VM
Alright, it’s time to power on the VMs in our virtual hacking lab. Let’s begin by starting Kali Linux VM first.
Open the Oracle VirtualBox Manager, select Kali Linux VM in the left menu and click the Start icon as shown in Figure 9.1.
Once Kali Linux boots up, use the following credentials for kali user is kali and for root is toor
You should be welcomed by Kali’s beautiful and feature-rich desktop interface [Figure 9.3].
The very first thing you should do is change the default Kali Linux user and root passwords.
To test if our Kali Linux VM is configured properly and perfectly isolated from the rest of the world, click on the Terminal icon on the top bar [Figure 9.4]
Let’s start by finding if our previously configured DHCP server works properly. Execute the following command in the terminal:
As you can see, The DHCP server allocated the IP address of 192.168.10.10 [Lower IP in our DHCP configuration] to Kali Linux VM. We are now confident that the VirtualBox DHCP server works [Figure 9.5].
Next, let’s see if Kali Linux can communicate on the Internet. Let’s try to ping the Google DNS server with the IP address = 126.96.36.199. Execute the following command in the Terminal:
As you can see in Figure 8.6 below, we receive the Network is unreachable ping output when pinging the Google DNS server.
This is great! It means our intnet internal network is completely isolated from the rest of the world [Figure 9.6].
Launch Windows 10 VM
On the Oracle VirtualBox Manager, Select the Windows 10 VM and click the Start icon.
Login Windows 10 VM using the following password:
To test if Windows 10 is network isolated, open a Command Prompt window and ping the Google DNS server with the IP address = 188.8.131.52 [Figure 9.8].
As you see, the Windows 10 VM is unable to ping the Google DNS server. The VM is network isolated within VirtualBox internal network.
Launch Ubuntu File Server VM
On the Oracle VirtualBox Manager, select the Ubuntu Server VM and click the Start icon.
Login using your username and password when prompted [Figure 9.9].
To test if the Ubuntu File Server is network isolated, open a Command Prompt window and ping the Google DNS server with the IP address = 184.108.40.206 [Figure 9.10].
As you can see, the Ubuntu File Server is unable to ping the Google DNS server. Therefore, this VM is network isolated within VirtualBox internal network.
Launch Mr-Robot VM
And finally, let’s fire-up Mr-Robot VM.
On the Oracle VirtualBox Manager, select the Mr-Robot VM and click the Start button on top [Figure 9.11].
NOTE: Booting Mr-Robot VM will take a short while due to the background configuration scripts executed at the startup. Be patient.
Once the Mr-Robot boot sequence is completed, you should be prompted with a simple but cool login prompt that awaits to be hacked [Figure 9.11].
That’s right! I won’t tell you what Mr-Robot’s username and password are. You will have to find them yourself. All the tools needed for hacking the keys are available on Kali Linux.
Launch Metasploitable 2 VM
On the Oracle VirtualBox Manager, select the Metasploitable 2 VM and click the Start button on top [Figure 9.13].
Login on Metasploitable 2 VM using the following credentials for both username and password:
NOTE: Use the same password for root login when needed.
Voila. You have a perfectly isolated virtual hacking lab now in VirtualBox.
You can ping between your virtual machines using their assigned IP addresses. If you don’t know how to do that, here’s a guide on finding the IP address on various operating systems.
From here on, sky’s the limit. Oh wait! RAM’s the limit. And CPU, and disk space… 🙂
I usually keep all my virtual machines on a separate SSD. This way, the performance of my computer is not too impacted.
I also take VM snapshots every time I play with a VM configuration. In case I mess-up something, I can quickly revert my VM to a working state.
Oh, and one more thing.
You don’t have to power on all the VMs every time you want to perform a hack. In a usual hacking scenario, all you need is a client [Windows 10], server [File Server, Mr-Robot, or Metasploitable 2], and of course Kali Linux – the place where all the happiness takes place.
Before You Leave
If you managed to follow this virtual hacking lab tutorial till the end, you just made your first serious step in becoming a cybersecurity expert. I’m proud of you!
If you want to learn more, why not speed up your ethical hacking and pentest journey by learning how to scan a network for vulnerabilities with NMAP in Kali Linux? Here are the tutorials I recommend you next:
- 10 Basic NMAP Commands And How To Use Them
- 11 Most Used NMAP Commands For Advanced Scanning
- NMAP Host Discovery Flags And How To Use Them
If you found this guide useful, do me a favor and share it with your friends and colleagues.
You can also supporting my work on Patreon or simply send me some crypto at the addresses below.