In this tutorial, I will explain how I was able to set up my “home lab” or cluster of virtual machines for ethical hacking purposes. For this tutorial I will be using Oracle Virtual Box to set up my “home lab”, I will be attacking from a Kali Linux vm, and my target vm will be Toppo from Vulnhub.
Creating Kali Linux Virtual Machine
The Kali Linux virtual image is actually a VirtualBox appliance and can be found here.
Note: to determine if you are running a 32 bit or 64 bit OS you can try these:
Windows 10 and Windows 8.1: Select the Start button, then select Settings > System > About . At the right, under Device specifications, see System type.
Windows 7: Select the Start button The Start button, right-click Computer, and then select Properties. Under System, see the system type.
When the OVA file has finished downloading we must import the appliance file into VirtualBox. To do so, start VirtualBox then select
This will open a dialog box that will allow you to navigate to your Kali Linux OVA, select the Kali Linux OVA and select
Next. The next menu will show you some information about the appliance and should look similar to this:
In this menu you can select the values and change them if you wish (Note: You should only change the value of the “Name” field). Once you have verified/changed the information on the appliance, select
Import. When you select import, it will begin importing the appliance into virtual box, and will look something like this:
When the appliance is finished importing, the VitrualBox home screen will appear. You can tinker with the memory settings for this machine, but I have found it works just fine with the default of 2gb of RAM.
Note: the default username for this appliance is “root” and the password for this username is “toor”.
Creating Target Virtual Machine
Depending on which target virtual machine you choose to attack, the process may be importing or creating from a virtual disk image. However, since the Kali virtual machine was an imported appliance. I chose to use Toppo a beginner level machine on vulnhub that comes as a zipped up virtual disk image. First, you have to download the zip file, then once the file has completed downloading you must unzip the file – the only contents in this zip is the toppo.vmdk.
Now, we are ready to create a VirtualBox virtual machine from this disk image. The first step in doing so is to select
New from the VirtualBox home screen. A dialog will then pop up asking for information about the virtual machine you are spinning up. You can name the virtual machine whatever you would like, the machine type is “Linux” and the version is “Ubuntu 64 bit”. The next thing is memory size, or how much RAM the virtual machine will be allocated, I have found that this machine works just fine with 2gb (2048 MB) of memory. In the final checkbox, you want to select,
Use an existing hard disk file the click the folder button next to this option and navigate to your toppo.vmdk file that was in the zip file you downloaded. The final setup for this machine should look something like this:
Setting Up Virtual Machine Networking
Now that we have our virtual machines downloaded and are imported/created in virtual box we need to make sure that they can talk to each other and reach out to the internet- this process should be the same for both virtual machines. Highlight one of your virtual machines and click
Settings and navigate to
Network which should look like this:
In order to get these two machines to talk to each other, we need to put them on the
Host-only Adapter, and the advanced properties can stay the same, yielding:
The next step is to set up a way for these machines to reach out to the internet, which we will do with a NAT adapter. So select
Adapter 2 and in the dropdown, select
NAT like so:
Repeat this step for both machines, Kali and the target machine.
Verifying Machines Are Created Correctly
Now it is time for us to verify that our network is set up correctly and the machines can see each other as well as reach out to the internet. Go ahead and start both machines by clicking on the machine and clicking the
Start button. Now we will log into our Kali machine with username
root and password
toor. Once we are in the Kali machine, select the
Firefox ESR browser and make sure it is connected to the internet.
The trickier verification is making sure that the machines can talk to each other. For the toppo box it is pretty simple, as the toppo login screen displays the ip address like so:
So for this exact scenario, we just have to make sure our Kali box is able to ping that IP address:
A much more likely scenario is that our target machine will not display the IP address on the home page, so we will have to scan our subnet with nmap. So from your Kali box you will have to open a terminal and type:
ifconfig to get the IP address. So my output looks like this:
In my output, I only see one real IP address so I am going to scan the subnet 192.168.99.100/24 using nmap:
Note: The command used here is:
nmap -sn 192.168.99.100/24 the
-sn flag tells nmap to do a ping scan instead of a full port scan. To find all of the capabilities of nmap (or any other command line utility) simply type
man nmap into your terminal.
On my network I see two other hosts and my Kali box, one is our host. We can simply find our host by ping both IP addresses and seeing which responds, or scanning each of the hosts with nmap again.