THIS LAB’S OBJECTIVES
• Setting up your Penetration testing environment.
• Exploring Kali Linux Virtual Machine.
• Exploring Metasploitable 2.
SETTING UP THE ENVIRONMENT
In this lab you will be setting up Kali Linux, a specialist Debian-derived Linux designed for digital forensics and penetration testing. Kali is pre-packaged with security-related tools and targeted toward network and computer security experts, with over 600 preinstalled penetration-testing programs.
Another Linux distro (distribution) that you will be experimenting with is Metasploitable. This publicly available virtual machine is designed for testing security tools and demonstrating common vulnerabilities.
Resources needed.
Pen-testing VM
Vulnerable VM
Oracle Virtual Box
Kali Linux 2020.3 VM
Metasploitable 2
You should have set this up.
https://www.kali.org/downloads/
Select the version for the virtual box, which is the last in the list
https://docs.rapid7.com/metasploit/metasploitable-2/
You can also follow these online video tutorials to set up Kali and Metasploitable. Versions are slightly old, but the process is the same.
1) https://www.youtube.com/watch?v=klNl67MT1Eo&t=203s
2) https://www.youtube.com/watch?v=qSPT-YlIZAc
• VirtualBox: In the VirtualBox Manager
• Select Machine => Import.
• Find the directory where you extracted the virtual machines (Kali Linux & Metasploitable 2).
• Select and open the VBOX file. This will automatically import the virtual machine into VirtualBox. Manager.
• For penetration purposes, we should avoid using NAT as the network type. The recommended network type is Bridged Adapter. Go to Network Settings and change from NAT to Bridged Adapter.
• Select the vm’s button in the list (to the left of the window).
• Select Start.
Caution:
You must NOT apply techniques learned in ethical hacking on targets that are not for practice and learning purpose.
Getting Started:
Now that you’ve got Kali Linux and Metasploitable opened, the next step is to login with the default credentials and start exploring these machines.
• Kali Linux:
Username: kali
Password: kali
Username: kali
Password: kali
Brief tutorial on Kali GUI
• Metsploitable 2:
Username: msfadmin
Password: msfadmin
Username: msfadmin
Password: msfadmin
Now that we have access to our virtual machines, we can fiddle around to get a feel of the interface.
In Kali Linux we can see some of the tools available to use and their categorisation. If we click the Kali icon at the top left corner of our interface, we can see this.
Are you familiar with any of these tools? If not, you can explore it yourself. Though you will get some experience in these few tutorials.
As for Metasploitable, it is a Linux server created for pen-testing training. The main goal with this machine is to obtain root level by exploiting several vulnerabilities. Practice and test different tools on this vulnerable machine. Make a note of the outcome of these commands!
msfadmin@metasploitable: ~$ ifconfig
msfadmin@metasploitable: ~$ ifconfig
Write down the ip address of the target machine, you will need it later for testing purposes.
msfadmin@metasploitable: ~$ hostname
msfadmin@metasploitable: ~$ hostname
msfadmin@metasploitable: ~$ ping google.com
msfadmin@metasploitable: ~$ ping google.com
msfadmin@metasploitable: ~$ arp -e
msfadmin@metasploitable: ~$ arp -e
Tutorial on Metasploitable 2 [you can try this in your own time, slightly long tutorial but worth exploring it.]