How to build Network Hacking or Penetration Testing Lab at a minimum cost . (Software Requirement)

(Image Source : Contegix )

  In this post I'm going to share on the Software requirement to run a successful Network Hacking or Penetration Testing Lab with minimum cost . If you miss my first part where I explain about the hardware requirement, check it here .

  This post does not intend to be a "Gospel" for setting up a hacking lab but merely a suggestion base on my experience of learning and understanding how the network works. I hope this post gives direction for anyone who wants to learn at the bare minimum cost .

What will be covered in this tutorial ?
  1. Choosing your Host Operating System .
  2. Virtualization software ( Virtualbox /VMware Workstation) .
  3. Running penetration testing distro .
  4. Linux targeted machine . 
  5. Windows targeted machine .
  6. Broken Web Application targeted machine. 
1) Choosing your Host Operating System .

   On an entry level , choosing the right Host Operating System (OS) is paramount important for your future Network Hacking and Penetration Testing knowledge development . There are few platforms that you can choose from for your Host OS such as Microsoft Windows,Mac OS X and GNU+Linux. The bottom line for this is that the Operating System must support  Virtualization program such as Virtualbox or VMware program. Please refer here  for complete list and requirement for running Virtualbox .

   However , I personally suggest that you run GNU+Linux platform on your host . GNU+Linux platform gives you more freedom,reliability, security and flexibility . Most of the program are open sources which make it easy for you to change the source code and execute on your system . On top of that .... it's free!! .

2) Virtualization software ( Virtualbox /VMware Workstation) .

  Virtualization software plays a pivotal role in setting up our hacking lab. Virtualization software allows you to run multiple Operating System in the Host system and you can run your own Virtual Network for free .

   There are two most famous Virtualization program currently (2016) namely Virtualbox own by Oracle and VMware Workstation own by VMware .VMware has built their name and reputation as the leading company in enterprise industry .

  Both products  have their own Pro's and Con's but I personally suggest to run Virtualbox on your personal host system . Some of the Pro's of using Virtualbox over VMware for your use are :
  • It is Open Source
  • You get FULL version of Virtualbox for free .
  • Easy to setup and lightweight .
  • Easy to learn and low learning curve .
  • It has and active open development community .
Please refer my previous  tutorial on How to install Virtualbox in Ubuntu .

   We will utilize Virtual Network function in Virtualbox to run our hacking or penetration testing lab .I have written few practical tutorial on how to setup and run Virtualbox in NAT,Bridge and Internal Network mode. Please click below links for more info  .

3) Running Penetration testing distro .
   We will use penetration testing distro to hack the targeted system in the Virtual Network .Back in the old days, there is no one distro that have all the needed tools to help with hacking or penetration testing. Tester or researcher need to write their own tools for anything that they want to do with the network . This require a researcher to have a full understanding on how the network works and skills in multiple field of information technology .

   With the advancement of technologies , many companies start to realize the importance of network security field and thus network  researcher and tester start to see the importance of having a dedicated distro that have all or  most of the common tools that were normally use when dealing with network security. One of the most comprehensive  Linux Distro for hacking and penetration testing which I suggest is  Kali Linux  . 

   Kali Linux is a Debian base distro. It has a large and comprehensive set of tools that can be used for penetration testing and digital forensic . For complete list, please refer here . We will be using Kali Linux as a default distro to do penetration testing in our Virtual Lab .You need to run Kali Linux as one of your Virtual Machine in Virtualbox. Please refer my other tutorial on How to install Kali Linux in Ubuntu Virtualbox .

  On a side note , other than Kali Linux, there are other Linux Distro that can be used for network penetration testing such as  Parrot Security OS , Pentoo , BlackArch Linux and Bugtraq . Each of these Distro  has their own advantages and disadvantages which I will not cover in this tutorial .

4) Linux targeted machine . 

  In order to start with penetration testing, you must have targeted Virtual Machine . For Linux platform targeted machine, you can use Metasploitable . Metasploitable is a Linux Distro that is intentionally made vulnerable for security testing purposes. It supports both Virtualbox and VMware platform . Metasploitable will help you understand more about Linux infrastructure and it's security system. Please refer to my previous tutorial on How to install Metasploitable 2 in Ubuntu Virtualbox 

5) Windows targeted machine  .

    Next ,you need to run Microsoft Windows as one of your targeted Virtual Machine . We will be using Windows XP as one of our targeted machine in the lab . Currently, Microsoft Windows still leads the world as the most popular operating system for desktop and laptop .It is incumbent for any researcher to understand the safety feature for Microsoft Windows OS.We will use Windows XP as our target machine in our hacking lab .

    I would suggest you to start with Microsoft Windows XP. Microsoft has terminated support period  for Windows XP in April 2014 with no additional support and security patches . This makes the system vulnerable and free for us to hack and test our skills.

    Although you can find many free file installer on the net, I would suggest you to get a decent Windows XP installer from a valid source. Look on ebay for a cheaper bargain . For additional information please check my previous tutorial on  How to install Windows XP in Ubuntu Virtualbox

6) Broken Web Application targeted machine. 

  On top of both Linux and Windows platform , you can also  run Open Web Application system -Broken Web Application (OWASP-BWA) as a testing platform for website vulnerabilities. 
OWASP-BWA has a collection of well known vulnerable web application services that is distributed in a Virtual Machine . 

    OWASP-BWA is another great Virtual Machine that  can used as a targeted machine . OWASP-BWA will allow you to :

  • test web application scanners .
  • do manual attack techniques on web application
  • test source code analysis tools .
  • learn the code that implements the vulnerabilities .
  • modify code to fix vulnerabilities .
  • test web application firewalls .
  • learn and understand the evidence left after attacks .
  Please visit my previous tutorial to learn on How to install OWASP-BWA in Ubuntu Virtualbox .

   Once you have the minimum requirement listed in this tutorial, you can proceed with network hacking and penetration testing . Please subscribe us for more tips and tricks . 

Read Previous : How to build Network Hacking Or Penetration Testing Lab(Hardware Requirement)
Next Post »