How to build a hack lab using a spare machine and virtualization.
- Computer
- i5+
- 16GB RAM+
- 250+GB HDD
- Virtualization Software
- VMWare Fusion
- VMWare Player
- VMWare Workstation Player
- VirtualBox
- Pentest distro
- Kali
- Pentoo
- Backbox
- Samurai WTF (Web App)
- Samurai STFU (Utility Hacking)
- Deft Linux (Forensics)
- Vulnerable VM ( Guides are available for a lot of these distros )
- Metasploitable 2 (Metasploit)
- Morning Catch (Phishing)
- OWSASP BrokenWebApplications
- WebGoat (Web Apps)
- Websites
- vulnhub.com
- Kioptrix (Beginners)
- PwnOS
- (Not intentionally) Vulnerable VM’s
- Windows XP
- Windows Server (Technet has evaluations)
- MS Exchange
- Win 7
- Recommended Tools
- Nmap (Scanning)
- Nessus Home (Vuln Scanning)
- Cain (Arp Poisioning)
- Responder (MiTM)
- John/Hashcat (Crasking)
- Metasploit (Exploits)
- SET/GoPhish/SPF (Phishing)
- Discover Scripts (OSINT)
- PowerShellEmpire (PS Scripts)
- CrackMapExec(Post Exploitation)
- Optional – Build a domain
- Add users with various privileges
- Make sure all VMs are HOST ONLY
- Test
Sample Pentest
- Have list of IPs
- Log into Kali
- Launch Nmap
- nmap -O 192.168.0.2 – OS detection
- look at ports open / OS
- Metasploit
- can search for vulns using search ms08-067
- use explot/…/…
- set options
- exploit
Additional Training
- Metasploit Unleashed
- Hack This Site!
- YouTube Videos
- Conferences
- SansCyber Access / InfoSec Institute / Cybrary
Learn the jobs of the person above you and the person below you
Find a mentor/Be a mentor – It’s easier to learn when someone is mentoring you.
Recommended Reading
Killian Sherer 