n00bpentesting.com
n00bpentesting.com
Lab Setup
Prerequisites Hardware Software
3 3 3
Installing VirtualBox
4
Installing BackTrack
8
Installing Metasploitable On Windows On Linux/MacOSX
15 22 22
Booting BackTrack and Metasploitable
23
What’s Next?
25
Twitter @shai_saint
2
n00bpentesting.com
n00bpentesting.com
Lab Setup
Prerequisites Thank you for downloading the n00bpentesting.com Lab Setup Guide. This guide is designed to help the n00b penetration tester build a basic lab to use while following along with lab guides.
Hardware • • •
Computer with Linux, Windows, or Mac OSX 4GB RAM Hard-‐drive with at least 50GB
Software VirtualBox Virtualization Software http://www.virtualbox.org/wiki/Downloads BackTrack 5 R1 Virtual Machine http://www.backtrack-‐linux.org/downloads Windows XP SP2 Virtual Machine Supply your own copy or use a NIST Image NIST -‐ http://nvd.nist.gov/fdcc/download_fdcc.cfm Metasploitable Virtual Machine http://updates.metaspoit.com/data/Metasploitable.zip.torrent
Twitter @shai_saint
3
n00bpentesting.com
n00bpentesting.com
Lab Setup
Installing VirtualBox 1. Download VirtualBox from the link provided on page 3. 2. Double-‐click the installer file 3. Click Next
Twitter @shai_saint
4
n00bpentesting.com
n00bpentesting.com
Lab Setup
4. Click Next
5. Click Next
Twitter @shai_saint
5
n00bpentesting.com
n00bpentesting.com
Lab Setup
6. Click Yes
Twitter @shai_saint
6
n00bpentesting.com
n00bpentesting.com
Lab Setup
7. Click Install
8. Click Finish
Twitter @shai_saint
7
n00bpentesting.com
n00bpentesting.com
Lab Setup
Installing BackTrack This section covers installing BackTrack in VirtualBox. There are two options with installing BackTrack as a virtual machine. A prebuilt VM can be downloaded and opened in VirtualBox or the BackTrack ISO can be downloaded and installed in the same manner of a complete hard disk install. There are several instances of documentation on-‐line for installing BackTrack. We will cover opening the pre-‐built BackTrack VM for simplicity.
1. Go to the provided download link for BackTrack and select BackTrack 5 R1 2. Select Image type of “VMWare”, download The file is compressed and will need unzipped. I suggest 7-‐Zip.
3. Launch VirtualBox 4. Click “New” from the VirtualBox Manager Window 5. The “New Virtual Machine Wizard” will launch, click Continue
Twitter @shai_saint
8
n00bpentesting.com
n00bpentesting.com
Lab Setup
6. Name the Virtual Machine “BackTrack5R1” 7. Select Operating System: Linux 8. Select Version: Ubuntu
Twitter @shai_saint
9
n00bpentesting.com
n00bpentesting.com
Lab Setup
9. Click Continue 10. Set the memory at 512MB
11. Click Continue 12. Check the Start-‐up Disk box 13. Select “Use existing hard disk” 14. Click on the folder to the right of the dropdown and browse to the location where BackTrack is unzipped.
Twitter @shai_saint
10
n00bpentesting.com
n00bpentesting.com
Lab Setup
15. Select “BT5R1-‐GNOME-‐VM-‐32.vmdk”, click Open 16. Click Continue
Twitter @shai_saint
11
n00bpentesting.com
n00bpentesting.com
Lab Setup
17. You will get a summary screen showing the configuration of the VM, click Create.
Twitter @shai_saint
12
n00bpentesting.com
n00bpentesting.com
Lab Setup
18. Highlight the VM and click Settings. 19. Click on Network 20. Adapter 1 should be set to NAT 21. Adapter 2 should be set to Internal Network, give it the name VMlab_1
Twitter @shai_saint
13
n00bpentesting.com
n00bpentesting.com
Lab Setup
22. Click OK
Do not start the VM until metasploitable is installed and the VirtualBox DHCP is configured.
Twitter @shai_saint
14
n00bpentesting.com
n00bpentesting.com
Lab Setup
Installing Metasploitable This section covers opening and configuring the Metasploitable VM in VirtualBox for use with the n00bpentesting.com lab guides. 1. Download the metasploitable torrent from URL on page 3. 2. Use a torrent client such as uTorrent to download the metasploitable VM 3. Unzip the metasploitable VM 4. Launch VirtualBox 5. Click “New” from the VirtualBox Manager Window 6. The “New Virtual Machine Wizard” will launch, click Continue
Twitter @shai_saint
15
n00bpentesting.com
n00bpentesting.com
Lab Setup
7. Name the VM: metasploitable 8. Operating System: Linux 9. Version: Linux 2.6
10. Click Continue
Twitter @shai_saint
16
n00bpentesting.com
n00bpentesting.com
Lab Setup
11. Set the memory to 256MB
12. Click Continue
Twitter @shai_saint
17
n00bpentesting.com
n00bpentesting.com
Lab Setup
13. Check the Start-‐up Disk box 14. Browse to location of the unzipped metasploitable VM 15. Select “metasploitable.VMDK”, click Open
16. Click Continue
Twitter @shai_saint
18
n00bpentesting.com
n00bpentesting.com
Lab Setup
Summary will be displayed, verify information is correct.
17. Click Create
Twitter @shai_saint
19
n00bpentesting.com
n00bpentesting.com
Lab Setup
18. Highlight the VM and click Settings > Network 19. Enable Adapter 1 20. Set attached to “Internal Network” 21. Name the internal network “VMlab_1” 22. Click OK
Twitter @shai_saint
20
n00bpentesting.com
n00bpentesting.com
Lab Setup
23. Click on System > Processor On Windows hosts the Enable PAE/NX must be checked for metasploitable to boot.
24. Click OK
Do not power on virtual machines until the following step is completed.
Twitter @shai_saint
21
n00bpentesting.com
n00bpentesting.com
Lab Setup
VirtualBox DHCP Configuration In order for the BackTrack and Metasploitable VMs to communicate over the internal network, we must configure VirtualBox as a DHCP server.
On Windows 1. Open CMD and change directory to installation directory then run: VBoxManage dhcpserver add -‐-‐netname VMlab_1 -‐-‐ip 192.168.99.100 -‐-‐netmask 255.255.255.0 -‐-‐lowerip 192.168.99.101 -‐-‐ upperip 192.168.99.150 -‐-‐enable
On Linux/MacOSX
1. Open Terminal and run: VBoxManage dhcpserver add -‐-‐netname VMlab_1 -‐-‐ip 192.168.99.100 -‐ -‐netmask 255.255.255.0 -‐-‐lowerip 192.168.99.101 -‐-‐upperip 192.168.99.150 -‐-‐enable
Twitter @shai_saint
22
n00bpentesting.com
n00bpentesting.com
Lab Setup
Booting BackTrack and Metasploitable 1. First, boot BackTrack 2. Once logged in, at the command prompt type: ifconfig, press ENTER This will show you the interfaces on the BackTrack VM 3. At the prompt type: dhclient “intf” for the interface on the internal network, see example
Twitter @shai_saint
23
n00bpentesting.com
n00bpentesting.com
Lab Setup
4. Now boot metasploitable and it should get an IP address automatically. Try to ping the next IP address up.
You are now ready to start the Lab Guides!
Twitter @shai_saint
24
n00bpentesting.com
n00bpentesting.com
Lab Setup
What’s Next? The next step is Introduction To Penetration Testing – Lab Guide 0ne.
Twitter @shai_saint
25
n00bpentesting.com