(2) Beginning your Hacking Learning Experience after Virtualbox install

Print
Details
Category: Hacking Lab(s)

So now you have Virtualbox on your system and installed Kali Linux.

The next thing you want to do is begin to think about what you want to learn to do.  There is Application Penetration Testing, API Testing, System Penetration Testing and a slew of others all aimed at leaning Hacking Skills.

Before you start downloading VMs to test and all, please heed this warning:

  1. ** Never ** install any of these learning VMs into a Live Network.  Virtualbox allows for a NAT (Network Address Translation) on the system you installed it on. Technically this is a Sandbox environment for testing and learning. Keep the VMs in that "sandbox".
  2. ** Never ** change the Virtualbox Network Interface to a Bridged Adapter.  From the Virtualbox Manual:  With bridged networking, VirtualBox uses a device driver on your host system that filters data from your physical network adapter. This driver is therefore called a "net filter" driver. This allows VirtualBox to intercept data from the physical network and inject data into it, effectively creating a new network interface in software.
    You are Bridging between your sandbox and a live network.
  3. ** Never ** Change the Virtualbox Network Interface to a Host-Only Adapter.  From the Manual: The VirtualBox host-only adapter allows you to access a VM over the network. This makes your VM available from anywhere else on your network.  This is not good. 

     

 

You may start to notice that some of the VMs available to pentest freely have a file extension of  .ova   This file can be imported into Virtualbox.

 

As a start your journey, you might want to download MetaSploitable-2 from the following Link:  https://sourceforge.net/projects/metasploitable/files/Metasploitable2/  and install the VM into VirtualBox.   
There is a Walkthrough on this located at: https://docs.rapid7.com/metasploit/metasploitable-2-exploitability-guide/

 

Another is from Vulnhub called FunBox  It is located here:  https://www.vulnhub.com/entry/funbox-1,518/
Walkthrough:  https://assume-breach.medium.com/vulnhub-funbox-vulnerable-vm-walkthrough-9108873a72d1

 

Word of caution.  On Vulnhub, there are literally thousands of downloadable VMs.  Be forewarned, many are not what they say they are.  You might stumble over something that has a very malicious intent.  I would hope not, but it does happen.

 

More articles to come....