Recently I bought a gaming computer with some of the best specs out there (i7, gtx670, 16gig ram, ssd, etc) and decided to finally set up my own Pentesting lab so I can practice breaking and securing 'real' boxes of my own. My current setup consists of my router connected to my apartment's WAN using DHCP, which issues private DHCP leases to the connected boxes on my network. I have a Windows 7 laptop of my own, a Windows 7 desktop host machine running VMs, and a Ubuntu 12.10 server for all my main Linux needs (I have SSH set up so I can access this box from work and other places).
My friends also connect to this network via Wifi, so there are random Win7 and OSx computers connected to it. As for my virtualized boxes, I have Windows XP (different SPs), Windows Server 2003, 2008, and 2012, Metasploitable 2, DVL (Damn Vulnerable Linux), BackTrack5R3 (I hack from this box), and a few other exploitable machines.
Damn Vulnerable Windows - Damn Vulnerable Windows (DVW) is a training and educational tool for IT. The program can be installed on 32-bit MS Windows (NT/2000/XP). Available in either virtual images or live iso or standalone.
I will be setting up a Windows Vista and a couple other *nix distros to exploit, as well. I am using, which is provided to me for free through my University and our agreement.
For those who do not have access to such great tools, you can use the free version, but be forewarned that certain options may be different. I apologize if there are any problems when following my guides using Player instead of Workstation, but I will do my best to remedy these. Getting Started. Below is a list of exploitable and vulnerable VMs/ISOs(updated 10/29/12): - Probably the best VM to use.
Complete vulnerable VM with services set up for everything. Most of my tutorials will start with exploiting this. Damn Vulnerable Linux 1.5 - Discontinued, but I have the ISO. I will upload it *somewhere* when I'm home. Either directly through this site or on a sharing site (you could torrent, but I want all the download to be able to be directly downloaded). - LAMP stands for Linux Apache MySQL PHP, and this version is for the security testing of those.
- Self Explanatory; OWASP's Broken Web App Project! Below is a list of VMs and ISOs that you can configure yourself: - Scroll down for the download link; a complete LAMP (Linux, Apache, MySQL, PHP) distro. Below is a list of VMs and ISOs to hack from: - I use the Gnome 32bit VM one and just load it into my VMWare; all of my tutorials will be from Ubuntu 12.04 LTS, or BT5R3 (which is Ubuntu, as well). BackTrack has been replaced by the following: - Another Ubuntu based Pentesting distro - Yet another Ubuntu based Pentesting distro Creating Your Pentesting Network. Now that we have a host machine with a virtual machine application (I suggest VMWare), it's time to set up your network so you can see all your exploitable (and maybe non exploitable) VMs!
For the machines that are already built for VM usage (aka they're VMDK and not ISO), just double click the.VMX file which is the configuration file for the virtual machine, and it will automatically open with the configured VM software. For the machines that you downloaded in ISO format, we have to add them into our VM software.
Below I will show you how to do so in VMWare Workstation (though I believe the free version of VMWare is the same). Creating a Virtual Machine from an ISO. This part is important because you cannot have two of the same name (duh), and because if you store all your VMs together, as they become larger there needs to be sufficient disk space on the drive you are saving them to.
Ashlar hatch pattern autocad blocks cars. Free CAD dwg of a large ashlar stone CAD hatch to be used in your landscape design CAD drawings. The CAD block has been drawn in plan view. Car park layout.
Name each of your Virtual Machines so you can tell them apart. Some of mine have specific names (like Metasploitable2) and some have just the distro name if its generic (like Ubuntu 12.04 LTS). The next step is the size of the virtual disk you will be creating for this VM. It is very important to make it large enough so that if you use it often (installing applications/writing programs/etc) it will not fill up, but not too large that you're wasting space. Note that the files become larger as you use the space, so you can overshoot a bit for this. For our Ubuntu I'm just going to put it to 8gigs since I'll probably be deleting it (I already have a few Ubuntus spun up).
After clicking next, this screen shows the brief overview of what we have selected. There is also a 'customize hardware' button which we will be utilizing so we do not have to change it after the creation. Note: We will be changing the virtual adapter (NIC - Network Interface Card) from NAT to Bridged, so if you want NAT, ignore this section. A bridged connection means that the VM will connect directly to your network like another computer through your NIC (aka it will have its own IP through DHCP/etc). The default is NAT which means that the computer is essentially the router to your VM. It all depends on what you want, but I like bridged. The memory is of course the RAM for our virtual machine.