Beginner's Guide: teach you how to build your own penetration test environment

Introduced

A white hat is an individual hacker attack that finds potential vulnerabilities or vulnerabilities that might be exploited by malicious hackers. It is illegal to launch a hacker attack without the target's knowledge or authorization. So it is usually to build a lab of your own and practise hacking techniques.

In this lab, you can see how to create your own hacker environment and practise a variety of hacking techniques. We will explore different types of virtual systems, build a virtual network, run a trial version of the operating system in a virtual environment, build a vulnerable Web application, install Kali LInux, and perform penetration testing.

Required Conditions:

VMware Workstation

Windows XP System Image

Kali Linux Virtual image

Further details are described in the following steps.

Virtual Environments

When we talk about ethical hacking, the best and safest way is to practice in a virtual environment. You can use virtual machines to create virtual environments. A virtual machine is a bogus machine that runs on a physical machine. In the virtual world, the real operating system running on a physical machine is called "host", and the operating system running on the virtual machine is called "Guest". If guest is compromised, the host is still secure, so the virtual machine is safe.

Common virtual systems include VMware Workstation, VMware Workstation Player, Oracle VirtualBox, and more. In this lab, we will use VMware workstations. The difference between VMware Workstation and VMware Workstation Player is that Workstation can create and run virtual machines, and the player can only be used to run virtual machines.

The other differences are:

Snapshot: A snapshot is a copy of a virtual machine's hard disk file at a point in time. It retains the state of the virtual machine, so we can return or revert to the previous state. If something happens to the VM, we can revert to the snapshot at any moment. The state of the snapshot save includes:

Contents of virtual machine memory

Settings for virtual machines

Status of the virtual machine hard disk

These features are available in VM workstation.

Clone: A clone is a copy of the current virtual machine. A virtual machine that currently exists is known as a parent virtual machine, and when the cloning operation is complete, the clone machine is a standalone virtual machine, which, of course, shares the virtual hard disk with the parent virtual opportunity.

These features are available in VM workstation.

Don't confuse clones with snapshots. The snapshot holds the current state of the virtual machine and can revert to that state when you encounter some errors. However, cloning is a copy of the virtual machine and can be used alone.

Free vs Commercial: VMware Workstation player is free for personal use, and VMware Workstation Pro is a fee-for-business-use software.

You can download these two products here.

Step 1: Run the Windows trial operating system on the VMware Workstation

Once we have downloaded and installed VMware Workstation, the next step is to download and install Windows XP, Vista, Server 2003 because these systems have many well-known security issues. This can be downloaded to the image here or here.

After downloading the ". iso" file, open the VMware Workstation, select "File", click "New Virtual Machine" and select the downloaded ". iso" file.

Follow the on-screen instructions to install Windwos XP on the workstation.

Click on the "Customize Hardware" button to configure other settings options such as memory, USB settings, etc. RAM size can be increased or decreased as needed.

As shown, select the "Power on this virtual machine after creation" option and click the "Next" button.

Step 2: Find and configure a vulnerable Web application

There are many vulnerable applications that we can use to practice penetration testing for learning purposes. Here are some applications:

Damn Vulnerable Web Applications (DVWA): PHP-based, Apache, and MySQL need to be installed locally.

OWASP WEBGOAT:J2EE Web application, you need to run it locally.

Hack This site: Online learning Penetration Testing website.

Testfire: Online learning Penetration testing site.

Below, we will learn how to install a vulnerable running program in a virtual machine. Because we already have a running Windwos XP virtual machine. We'll see how to run the vulnerable application on the system. In this exercise, we will configure damn vulnerable Web application (DVWA). The application has several web-based vulnerabilities, such as cross-site scripting (XSS), SQL injection, CSRF, command injection, and so on.

The following steps will help you install a Web server and run the application.

1, now and install xampphttps://www.apachefriends.org/download.html, for Windows XP, you can https://sourceforge.net/projects/here Xampp/files/xampp%20windows/1.8.2/xampp-win32-1.8.2-6-vc9-installer.exe/download download XAMPP.

2. Once the XAMPP is installed, go to the Control Panel and click on the "Start" button to open the Apache and MySQL services.

3, here http://www.dvwa.co.uk/download DVWA application, unzip the file into a new folder, named "Dvwa".

4. Open the "C:\xampp\htdocs" folder and move the contents of the folder to another place.

5. Copy the "Dvwa" folder to the "C:\xampp\htdocs" directory.

6. Enter the following in the address bar of the browser and visit: http://127.0.0.1/dvwa/login.php

A Database Settings page is displayed.

7. To the "C:\xampp\htdocs\dvwa\config" folder, open the "config.inc" file with Notepad.

8. Remove the value of "Db_password" as shown in.

9, back to the browser, and then refresh the page, will display a login page.

10. Enter the default login credentials, such as "Admin/password", to log in to the application.

We successfully configured a Web server and installed an application on it, and now we access the application via Kali Linux or backtrack to access the http://ip-address-of-windows-xp-machine/dvwa/ login.php, you can start the attack exercise.

When you access Dvwa by Kali Linux or backtrack, you may encounter an "Access forbidden" error, as follows:

Go to the "C:\XAMPP\HTDOCS\DVWA" folder, open "HTACCESS File", navigate to the "Allow from" line, enter the IP address of Kali Linux as shown in:

Visit the URL again and you can see the login page for DVWA.

Step 3: Download and install Kali Linux

Kali Linux is a powerful, Debian-based penetration testing platform that is used by penetration testing experts around the world. Kali contains a number of tools related to information security. A virtual image of Kali Linux can be downloaded here.

After downloading, follow the steps below to run Kali:

First step: Start the VMware Workstation.

Second step: Select "File" and click "Open".

The third step: Find the download directory, select the "kali_linux-2016.1-vm-i686.vmx" file, click on the "Open" button.

Fourth step: You can see the detailed configuration of the virtual machine.

Fifth step: Click the "Edit Virtual machine Settings" button to configure additional information.

1. Memory: You can allocate memory to the virtual machine. RAM size can be increased or decreased as needed, Kali the most appropriate RAM is 2GB.

2. Processor: You can configure the number of processors for VM VMS, and each processor can select the number of CPU cores.

3. Hard disk: You can assign the virtual machine the size of the hard disk that holds the operating system, programs, and data.

4, network adapter: We can add virtual Ethernet card to the virtual machine, change the current adapter configuration, the following is the optional configuration of the network adapter:

Bridging mode: In a bridged network, the guest operating system shares the host operating system's network adapter and connects to the physical network. This means that the virtual machine will be a standalone machine in the network. The virtual machine can share resources on the network through this connection. The guest operating system shares the same DHCP server and DNS server as the host operating system.

Nat Mode: NAT represents network Address translation (Translator). In this network, virtual machines are accessed via a default connection to host after host. In this network, communication is as if it originated from host. This means that the virtual machine can access the network or the Internet, but it cannot share resources on the network. The IP connected to this network is assigned by the DHCP server.

This is the most common configuration and is the default configuration for newly created virtual machines.

Host-only mode: The host-only virtual network is the most private and most restrictive network configuration. It is not a public network, can not access the external network or the Internet, there is no default gateway, the IP access to this network is assigned by the DHCP server.

Configuring a penetration test environment for individual use, it is recommended to use "host-only" mode as the network adapter setting, which allows us to access the VM network.

Sixth step: Select the "OK" button and click the "Play" button to launch the VM.

Seventh step: Now that the virtual machine is booted, you can see the boot interface as shown in. Click the mouse anywhere on the virtual machine and press ENTER.

Eighth step: If you want to enter the login username and password, you can use "root" and "Toor" as the user name and password respectively.

Now we can use the Kali Linux virtual machine, which will be used for hacker attacks. We can open the browser and access the DVWA application created in step two.

Tools under Windows:

In penetration testing, there are a number of common and important Windows-based tools:

1, Nmap-nmap is a free network discovery and security Audit tool. It can be used for host discovery, port scanning, identification service, OS identification, etc. Nmap sends specially crafted packets and parses the response results. Nmap can be downloaded here.

2, Wireshark-wireshark is a free open Source network protocol and Packet parser. It can set the network interface to promiscuous mode and monitor the traffic of the whole network. You can download it here to Wireshark.

3. Putty-putty is a free and open source SSH and Telnet client. Can be used to remotely access other machines, which can be downloaded to putty here.

4. Sqlmap-sqlmap is a free and open source tool used primarily to detect and execute SQL injection in the application. It also has the option to attack the database, Sqlmap can be downloaded here.

5. Metasploit Framework-metasploit is a popular hack tool and penetration testing framework. It was developed by Rapid7, and is used by every penetration tester and ethical hacker. Can be used to execute exploit code against a vulnerable target machine. You can download it here to Metasploit.

6. Burp Suite-burp Suite is an integrated platform for performing security testing on Web applications. It integrates a number of tools. There are two main free tools spiders and intruder. Spiders are used to crawl the pages of an application. Intruder is used to automate the attack on the page. Burp Pro has an additional tool called Burp Scanner, which scans the app's vulnerabilities and Burp Suite can be downloaded here.

7. OWASP Zed Attack proxy-owasp Zap is part of the OWASP project. It is a tool for penetration testing of Web applications, with features similar to Burp suite, with an automated scanner that can uncover application vulnerabilities. Additional features are available for the application-based crawler of Ajax. OWASP Zap can also be used as a proxy. You can download it here to owasp Zap.

8. Nessus-nessus is a vulnerability, configuration, and rule auditing tool. It has free and paid editions. Free version for personal use. It uses plug-ins for scanning. Simply give the IP address of a target machine and you can start scanning. There is also an option to download a detailed report. You can download it here to Nessus.

9, Nikto-nikto is an open source Web server Vulnerability scanner. It detects non-updated software and configurations, potentially dangerous files and CGI etc. He also has the ability to create reports. Nikto can be downloaded here.

10. John The ripper-It is a cryptographic blasting tool that is often used to perform dictionary-based blasting attacks. You can download it here to John the Ripper.

11. hydra-Another password-cracking tool similar to John the Ripper. Hydra is a fast network login cracker. It can attack over 50 protocol fast dictionaries, including Telnet, FTP, HTTP, HTTPS, SMB, several databases, and more. You can download it here to Hydra.

12. Getif-getif is a free Windows-based graphical interface tool used to collect information about SNMP devices. Getif can be downloaded here.

Tool Warehouse

There is a repository of penetration testing tools on the Internet, including penetration test learning, exploit development, social engineering, penetration testing tools, scanners, wireless networking tools, hex editors, Password crackers, reverse engineering tools and other important online resources related to penetration testing. You can access the warehouse here.

Conclusion

This lab can be customized as needed. We can build other types of operating systems on virtual machines and try to attack, and we can increase the difficulty of attacking by installing and turning on firewalls or intrusion detection systems.

Beginner's Guide: teach you how to build your own penetration test environment