If you don’t have access to a live test environment or cannot find systems to run penetration tests against, you will to need to learn how to set up your own penetration testing lab. Since resources will vary from user to user, we’ve provided instructions for setting up a test lab on a single box and on multiple boxes.
How To Set Up A Test Lab
Before you get started, let’s take a look at what you will actually need to create your own lab environment.
Stuff You Need
- A box that meets the target box specifications
- A second box with two NICs to dedicate to Metasploit Framework (optional)
- Multiple processors/cores
- Plenty of RAM (at least 4GB)
- Plenty of hard drive space
- Virtualization software (e.g., VMware, VirtualBox, Hypervisor)
- Pre-built virtual machines or installer ISOs
Target Box Specifications
- Intel Core 2 Quad @2.66 GHz
- 8 GB Crucial DDR3 RAM
- 500 GB WD HD
- Ubuntu 10.04 LTS 64 bit
- VMware Workstation
Metasploit Framework Box Specifications
- AMD Quad Something, 1.8 GHz
- 8 GB DDR2 RAM
- 500 GB HD
- Ubuntu 9.10 64 bit
If you do not have the Metasploit, you can download it here.
Setting up a test lab on a single machine
If you have limited resources, the best way thing to do is use a single machine to set up your virtual machines and Metasploit Framework box.
These steps will vary depending on the operating system and the virtualization software you are using.
- Open the Network Editor.
- Add a network to your virtual network.
- Change the network configuration to Host Only.
- Choose the subnet for the network (e.g., 192.168.187.0). The subnet must be within a private range.
- Save the network.
- Assign this virtual network to machines as you create them.
Once you’ve set up your virtual network, you can set up the network individually for each virtual machine – just simply assign the network to the host-only network you’ve just created. Setting up a test lab on multiple machines
Setting up a test lab on multiple machines
In this type of test lab environment, you will want to keep your vulnerable machines unavailable to any machine except for your penetration testing box; therefore, it’s important to make the vulnerable machine dependent on the Metasploit Framework box for connectivity. In the section below, we’ll show you how to set up the access to go out on eth0 for the Metasploit Framework box and access to go to the target box on eth1.
These steps are based on a Linux system, so they will vary depending on the operating system you are using.
- Configure the DHCP server on the Metasploit Framework box (for eth1 only):
- Install the DHCP server using the following command:
root@pro_server: apt-get install dhcp3-server
- Open a text editor and edit the config so that the server only runs on eth1; use the following command:
root@pro_server: vim /etc/dhcp3/dhcpd.conf
- Search for the following line:
- Replace it with:
- Save the changes to the conf file and exit the editor.
- Make a copy of the conf file:
root@pro_server: cp /etc/dhcp3/dhcpd.conf /etc/dhcp3/dhcpd.conf.back
- Install the DHCP server using the following command:
- You will be making additional changes to the original conf file.
- Edit the subnet range using the command:
root@pro_server: vim /etc/dhcp3/dhcpd.conf file
- The subnet on eth1 must be different than eth0.
- Configure your interfaces using the following command:
root@pro_server: vim /etc/network/interfaces
- Set the IP address for the Metasploit Framework box and make it static.
- Restart the DHCP server:
root@pro_server: service dhcp3-server restart
- Connect the Metasploit Framework box to the target box with a network cable: eth 1 on the Metasploit Framework box goes to eth0 on the target box. This makes the target box dependent on the Metasploit Framework box for network connectivity.
Once you’ve done this, you will need to make sure that your virtual machines are assigned IP addresses that are on the same subnet as the Metasploit Framework box. To do this, you should bridge the connections to share the same connection as the target box but assign them IP addresses from the Metasploit Framework box. After you’ve set up the connections for the Metasploit Framework box and the target boxes, you’re ready to start your penetration testing with the Metasploit Framework.
Where to get vulnerable target machines
You will need to configure a target network before penetration testing can begin. Rapid7 provides vulnerable virtual machines you can install as a guest system on your local machine for testing purposes. The Metasploitable and UltimateLAMP vulnerable VMs are an Ubuntu machines running vulnerable services and containing weak accounts.
The Metasploitable VM focuses on network-layer vulnerabilities, while the UltimateLAMP VM is primarily focused on web vulnerabilities.
If you’re familiar with VMWare and have a workstation or, server already installed, that can be used as a VM host. Alternatively, you can get the free VMWare Player here
You can download the Metasploitable 2 virtual machine here.
The Metasploitable vulnerable VM runs the following services:
The Metasploitable VM also contains a weak system account with the username user and the password user. The default login is msfadmin:msfadmin. Several vulnerable applications have been installed on the VM.
You can download UltimateLAMP here. The UltimateLAMP VM runs the following services:
Additionally UltimateLAMP runs older and vulnerable versions of the following applications:
The UltimateLAMP VM's default credentials are: root:vmware. Each application is available by browsing to :80 on the VM's assigned IP address.
By the way, this test lab setup works just as well for Metasploit Pro. Download the Metasploit Pro trial and test it in your new lab today!