Author: kanishka10

Hello, aspiring ethical hackers. In this blogpost, you will learn how to create virtual hacking labs for practicing hacking. No matter how many articles or blogposts you read or how many hacking courses you take, you cannot truly understand the concept of hacking until you perform those hacking tutorials practically. To practice hacking effectively, you need a secure environment without the risk of compromising the security of a safe network or systems and attract legal consequences due to your actions.

What is a Hacking lab?

A hacking lab is a lab that provides a safe environment to practice hacking without the above-mentioned risks. The most basic hacking lab consists of two machines: attacker system (the system from which you hack) and target system (the system which you hack).

What is a virtual hacking lab?

Just now, you have learnt that a basic hacking lab needs to have one attacker system and target system. They can be installed on separate hardware but this may prove expensive especially as you upgrade your hacking lab in future. Luckily, hacking labs can be created on a single system itself using virtualization solutions. Virtualization allows you to install multiple operating systems on a single machine.  Some of the popular virtualization solution are Oracle VirtualBox, Parallels Desktop, VMware vSphere, Hyper-V, QEMU etc.

The hacking labs created using this method is called virtual hacking labs. They are inexpensive compared to the cybersecurity lab and easily adaptable. Of all the solutions mentioned above, I will be using VMware Workstation as its rich in features. VMware Workstation can be downloaded from here and installed on Windows, Linux, macOS, Solaris etc. Here, I have installed it on a Windows machine.

We will be creating various types of hacking labs. They are,

1. Basic hacking lab
2. Firewall hacking lab
3. Vulhub lab

1. Basic hacking lab

Let’s first see how to create a simple or basic hacking lab in VMware. A basic hacking lab just has an attacker system and target system on the same network. The operating system on which VMware workstation (or any another virtualization software) is installed is known as the Host machine. The operating systems that are installed in VMware are called as GUEST machines.

So here, in VMware, we will be installing two guest machines: one is Kali Linux (attacker system) and Metasploitable 2 (target system).

What do we need?

1. Kali Linux. (Download)

2. Metasploitable 2. (Download)

Install Kali Linux and Metasploitable 2 in VMware.

See how to install Kali Linux in VMware.

See how to install Metasploitable 2 in VMware.

Once both the virtual machines are installed successfully, turn ON both the machines. Login into the Metasploitable 2 VM. Default username and password are “msfadmin / msfadmin”.

Type the command “ifconfig” to find out the IP address of your target system.

Similarly login into the Kali Linux machine and in the terminal, type command “ip a” to find out its IP address.

Test whether the attacker system can communicate with the target system by pinging the target system from the attacker system as shown below.

The connection is successful. Our virtual hacking lab is ready. Happy practicing hacking.

2. Firewall hacking lab

The above lab is a simple and easiest lab to practice ethical hacking. But if you notice one thing in the above lab, both attacker and target system are on the same network. But this is rarely the case in real-world. In real-world, target systems are in most cases behind a firewall.

So, the second lab we create is a Firewall Lab. In this lab 2, we will create a real-world ethical hacking lab where not only the attacker system and target system are on different networks but also the target system is behind a firewall. We will create this lab in VMware and we will be needing three operating systems for this hacking lab. They are,

Attacker system: Any pen testing distro like Kali Linux, Parrot security OS, Black Arch Linux etc. (We will be using Kali Linux).
Target system:  The system we want to target. It is your choice. We will be using Windows XP SP2 here.
Network Firewall: This is a firewall that protects the target system. You can choose from various choices like PFSense, OPNsense, Untangle, IPfire, etc. We will be using PFSense.

Install all these machines in VMware. We already have installed Kali Linux on VMware.
See how to install Windows XP SP2 in VMware.
See how to install PFSense in VMware.

After all the three distros are installed successfully, open VMware Workstation. Go to Edit->Virtual Network Editor. The below window should open. Click on “Add network” to add a new network adapter.

Here we created a new network named ‘vmnet4’. Select the network we just crated to make the required changes. First and foremost, make it a Host-only network. Unselect the option “Use local DHCP service to distribute IP address to VMs”. That’s because we don’t want VMware to allocate IP addresses for this network. We want that job be performed by our network firewall “PFSense”. Choose subnet IP of 10.10.10.0 and subnet mask of 255.255.255.0. Click on “OK”.

Then, go to virtual machine settings of “PFSense firewall”. The below window will open.

By default, any new virtual machine created in VMware will be assigned to NAT network which you can see in the above image. But note that our Firewall needs two network adapters as it will be connected to two networks. Click on “Add” and add a new network adapter.

Then assign this adapter a network we just now created “VMnet4”.

Click on “advanced” and note the MAC addresses of both the adapters. This is useful while assigning the network adapter as external and internal networks.

Why do we need two network adapters?

Any firewall or Router act as a wall between two networks. They are,

1. Public network (External or WAN network).
2. Private network (Internal or LAN network).

Now turn ON the “PFSense” machine. After it boots, you will see the menu shown below.

Let’s first classify the WAN and LAN interfaces. Select option ‘1’. Do you remember I told you to note the MAC addresses of the network adapters? Assign the NAT interface to WAN and “VMnet4” interface to LAN.

After the network adapters are assigned, we need to assign IP addresses to these interfaces. Select ‘2’ from the menu.

Then, select the number of the interface you want to configure. Make sure that WAN interface takes IP address via DHCP server of VMware (Since it is a NAT adapter).

While configuring the LAN interface, select “NO” while it asks you to configure the interface via DHCP, Then, enter the IP address (intranet) for the LAN network as “10.10.10.1”. We selected a subnet bit count of 24. Press “ENTER” while you are asked to enter the new LAN IPV4 upstream gateway address.

While you are asked to configure IPV6 address, select ‘NO’.

When the system asks you if you want to enable DHCP server on this Firewall select “yes” and give the IPV4 addresses range it can assign to its clients. Here, we have chosen 10.10.10.10 to 10.10.10.100.

You can access this Firewall’s web interface from any machine connected to the local network using the IP address 10.10.10.1. This is how you configure the firewall. Firewall is all set and ready now.

The external IP address of our PFSense firewall is 192.168.249.160 whereas internal IP address of the Firewall is 10.10.10.1. Connect the target system ,Windows XP SP2 to VMnet4 (the network adapter of LAN networks).

Turn ON the target system. After turning ON, check its IP address from command line.

Since we selected the client IP address range from 10.10.10.10 to 10.10.10.100 and this is the first machine connected to the LAN it has been assigned IP address of 10.10.10.10. Let’s see if we can access the web interface of the Pfsense firewall from Windows XP. Open a browser and type 10.10.10.1.

As you can see, you can access web interface of firewall successfully. The default username and password of PFSense are “admin” and “Pfsense” respectively. Firewall and target systems are ready. Let’s ready the attacker system. Make sure the attacker system is connected to NAT network. Turn it ON.

From the attacker system, perform a nmap scan of the firewall.

Your firewall lab is ready.

3. Vulhub lab

The next lab we will set up is “Vulhub lab”. To understand what is a vulhub lab, you need to first understand what vulhub is. Vulhub is a open-source GitHub repository that provides a collection of pre-built, ready-to-use vulnerable Docker environments. With just one command you can launch a vulnerable environment for security research, learning or demonstration. The best thing about Vulhub is that readers don’t need any pre-existing knowledge of dockers and their operation. The only requirement is Docker should already be installed on the system to be able to use Vulhub.

Let’s see how to setup Vulhub Lab for practising ethical hacking. We will do this in Kali Linux on which we already installed Docker earlier. In Kali Linux, open a terminal and use wget or Git to download the zip archive of Vulhub as shown below.

wget https://github.com/vulhub/vulhub/archive/master.zip -O vulhub-master.zip

Once the download is finished, extract the contents of the archive “vulhub-master.zip” using unzip command.

This will create a new directory named vulhub-master.

Start the Docker service as shown below.

sudo systemctl start docker

Once the Docker service is started, navigate into the “vulhub-master” directory and you should see many docker images. All of these are vulnerable.

Let’s start the WordPress docker container for testing. Although this container is vulnerable with a particular vulnerability, we will use it for showing exploitation of a different vulnerability. Navigate into the WordPress directory and start the docker container as shown below.

docker-compose up -d

Once the container is started, use command “docker ps” to see all the docker  processes running.

docker ps

Every docker container has a container ID. The one with container ID 2522cc4********* is our WordPress docker container. We can use command shown below to get more information about the particular Docker container.

docker inspect <container id>

The IP address of our WordPress docker container is 172.22.0.3. The gateway address is that of the Kali host machine (172.22.0.1). Enter the IP address of the docker container in the browser and you will be prompted to set the password for the WordPress instance.  

Here is the WordPress website we just created (we wanted to set the site title as docker test but misspelled it to docket test).

Go to Exploit Database and download the vulnerable wp-responsive-thumbnail-slider plugin. The plan is to install this vulnerable plugin in WordPress.

Login into the WordPress dashboard with the credentials you set up.

Upload the plugin and activate it.

Now, start Metasploit and load the wp_responsive_thumbnail_slider_upload module.

Set the docker container IP address (172.22.0.3) and check if the target is vulnerable.

The “check” command confirms that the target is indeed vulnerable. It’s time to exploit it. Set the LHOST option to the IP address of the gateway (172.22.0.1). Set the WPusername and WPpassword options to the credentials you have set in the beginning and then execute the module.

The target we set on docker is exploited successfully. The Vulhub Lab we set up is working successfully. Similarly you can start and test and vulnerable dicker container you want.