Hack Lab Intro: How to Set up a Home Hacking and Security Testing Lab

Introduction

This series of articles comprises an introductory tutorial on how to set up a home lab to experiment with common hacking and information security testing tools. Our setup will  allow us to explore the sorts of computer and network vulnerabilities that can be encountered on the internet, and to test the security of our own home computer network and networked devices, all from within an isolated and secure working environment. The series is geared toward individuals who have little or no prior experience with virtualization software or common hacking and security testing tools, but are interested in exploring network and computer security.

Over the course of the tutorial series, we will create two separate network configurations. The first will be a completely virtual environment populated by two virtual guest systems running inside a single host computer. This requires nothing more than an internet connection for the necessary downloads, and a computer with relatively modest RAM and disk resources.

The second configuration will be an everyday local area network of the sort that can be found in many homes, but which is isolated from the internet and where we can strictly control and monitor all network traffic. This setup is slightly more involved in terms of hardware than the first, requiring also a spare router.

Our monitoring and attack system in both configurations will be an instance of a Kali Linux virtual machine running inside an installation of the VirtualBox software package on our primary computer. Kali is a Linux operating system distribution intended for security testing and digital forensics.

In the first completely virtual network environment, our victim will be an instance of  Metasploitable2, a virtual machine that exhibits vulnerabilities that can be found on  everyday computer systems and software configurations. As noted at Offensive Security, "Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques."

In the second network configuration, we will use the Kali Linux virtual machine to compromise an everyday local area network router of the sort that can be found on many home networks, in order to demonstrate just how easy it can be to steal login credentials  passed from another computer on the network.

The tutorial is broken down into four parts:
  • Part 1 covers the installation of VirtualBox and provides a walk through of a full installation of a Kali virtual machine on your primary lab computer. Along the way, we'll take a short detour on how to quickly run live Kali sessions without a full installation of the machine.
  • Part 4 provides details on setting up our second network configuration, which models an everyday home local area network. With the attack machine, we'll conduct a simple man-in-the-middle attack against the network's router, and demonstrate a serious security vulnerability by stealing login credentials sent to it from the victim machine, in this case, the host computer. 

90 comments:

  1. Thanks for your informative article on UFT automation testing tool. Your post helped me to understand the features and functionality of QTP automation testing tool. QTP Training in Chennai | QTP training Chennai

    ReplyDelete
  2. Good post. I learned new informations. Thanks !

    PPC training in chennai

    ReplyDelete
  3. Great post....Thank you for posting the great content……I found it quiet interesting, hopefully you will keep posting such blogs…
    If you Want more seo course chennai

    ReplyDelete
  4. Nice post. Happy to visit your blog. Thanks for sharing such a useful post.

    php training in kodambakkam

    ReplyDelete
  5. Thanks for Sharing the valuable information and thanks for sharing the wonderful article..We are glad to see such a wonderful article..
    QTP Training in Chennai | QTP Training Institute in Chennai | QTP Training

    ReplyDelete
  6. Updating with the latest technology and implementing it is the only way to survive in our niche. Thanks for making me this article. You have done a great job by sharing this content in here. Keep writing article like this.
    Angularjs training in chennai | Angularjs course in Chennai

    ReplyDelete
  7. Thanks for posting this useful content, Good to know about new things here, Let me share this,
    AngularJS Training in Chennai | AngularJS Training | Best AngularJS Training Institute in Chennai

    ReplyDelete
  8. Very Nice Blog I like the way you explained these things. I’ve been looking for ways to improve my website and overall rankings.I hope your future article will help me further.Take Digital Marketing Training to mould yourself.

    ReplyDelete
  9. This is really very nice post you shared, i like the post, thanks for sharing..
    James

    ReplyDelete
  10. I just couldn't leave your site before letting you know that I genuinely delighted in the top quality data you present to your guests? Will be back again often to determine the status of new posts. HOA Management Services

    ReplyDelete
  11. This is excellent information. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Ios training in chennai

    ReplyDelete
  12. I strongly recommend you to read this article about the truth spy tracking application.

    ReplyDelete
  13. On the off chance that you have been wrongly blamed for hacking it's vital that you get some legitimate exhortation and get your legal advisor to locate a specialist witness with the fundamental aptitudes to help your case.how to hack a phone to read texts

    ReplyDelete
  14. Testing makes your customer to get full satisfaction on your service since it found out all the bugs and errors and rectify it. Selenium is the best tool ever to test web based applications. Thank you for your information.

    Regards:

    Selenium Training in chennai |
    Selenium Training

    ReplyDelete
  15. Your details are very informative. I am interested to learn AngularJS Training in Chennai or AngularJS course in Chennai Do you have this kind of post means kindly share with me.

    ReplyDelete
  16. I want to say thanks to you. I have bookmark your site for future updates. security alarms rockport

    ReplyDelete
  17. ou can even subscribe to magazines that provide the cheats for the most recent games and some of the classics roblox jailbreak hack

    ReplyDelete
  18. I am impressed by the quality of information on this website. There are a lot of good resources here. I am sure I will visit this place again soon. http://www.camarillocagaragedoorrepair.com

    ReplyDelete
  19. All you have to do now is to wait. Waiting time depends on password complexity but it will maximum takes 5 minutes to retrieve and decrypt the password from Facebook's database Blue Portal

    ReplyDelete
  20. The bar is set high for every one of the bloggers out there.
    paypal money hack

    ReplyDelete
  21. The moral hacking experts run several programs to secure the network systems of companies.
    YeahHub Hacking Tutorials

    ReplyDelete
  22. A moral hacker has legal permission to breach the software system or the database of a company. FB hack

    ReplyDelete
  23. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.


    Hadoop Training in chennai

    ReplyDelete
  24. Nice post.Thank you so much for sharing.Yiioverflow is a web development company.We have well expert team in Angular JS, Ionic, Yii Framework, Node JS, Laravel, PHP, MySQL, and WordPress.If you want a developer visit.. https://yiioverflow.com/

    ReplyDelete
  25. Nice Post! It is really interesting to read from the beginning & I would like to share your blog to my circles, keep your blog as updated.
    Regards,
    Big Data Training in Chennai|Big Data Training|Big Data Course in Chennai

    ReplyDelete
  26. I feel really happy to have seen your webpage and look forward to so many more entertaining times reading here. Thanks once more for all the details.
    datascience training in chennai

    ReplyDelete
  27. Existing without the answers to the difficulties you’ve sorted out through this guide is a critical case, as well as the kind which could have badly affected my entire career if I had not discovered your website.

    Digital Marketing Training in chennai

    ReplyDelete
  28. I enjoy what you guys are usually up too. This sort of clever work and coverage! Keep up the wonderful works guys I’ve added you guys to my blog roll.AWS Training in chennai

    ReplyDelete
  29. Your post about technology was very helpful to me. Very clear step-by-step instructions. I appreciate your hard work and thanks for sharing.
    AngularJS Training in Chennai
    AngularJS Course in Chennai
    AngularJS Training

    ReplyDelete
  30. Much obliged for sharing the data, keep doing awesome...
    house alarms

    ReplyDelete
  31. The author has composed this blog in the most aesthetic way. Awe inspiring!
    Chris

    ReplyDelete

  32. Hats off to your presence of mind..I really enjoyed reading your blog. I really appreciate your information which you shared with us.
    ionic training in chennai

    ReplyDelete
  33. Employment searchers should be fit as a fiddle and have a better than average character referral. Directly after they are at work, almost all organizations will continue to give approaching security guards particular security protect preparing.timedoctor

    ReplyDelete
  34. Eventually you will see that all sites would claim that they can have the best games however it will boil down to the satisfaction that you simply as consumers experience in the sites.Slope unblocked Game

    ReplyDelete
  35. Blood is gathered, for the most part from the fingertip. This might be done at home or at a specialist's office. It is then broke down at a lab for responses with specific foods.www.intolerancelab.co.uk

    ReplyDelete
  36. And indeed, I’m just always astounded concerning the remarkable things served by you. Some four facts on this page are undeniably the most effective I’ve had.
    occupational health and safety course in chennai

    ReplyDelete
  37. Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site.
    Web Design Training

    ReplyDelete
  38. The pragmatic approach of the writer in this blog is praiseworthy.
    Instaport password hacker

    ReplyDelete
  39. Such an informative blog that i have red yet.I hope the data you gave is helpful for the students.i have read it very interesting information's.
    Android Training in chennai
    Android Training Institutes in Vadapalani
    Android Training in Anna Nagar
    android development institute in bangalore

    ReplyDelete
  40. I accept there are numerous more pleasurable open doors ahead for people that took a gander at your site.we are providing ReactJs training in Chennai.
    For more details: ReactJs training in Velachery | ReactJs training in chennai

    ReplyDelete
  41. You have provided a nice article, Thank you very much for this one. And I hope this will be useful for many people. And I am waiting for your next post keep on updating these kinds of knowledgeable things.
    Loadrunner Training in Chennai
    JAVA Training in Chennai
    Hadoop Training in Chennai
    Selenium Training in Chennai
    German Classes in chennai
    PHP Training in Chennai
    php course

    ReplyDelete
  42. All easy passwords are not safe. The most important thing is to avoid using the same password for different computers or services. If you follow Secure Secure Random Password Generator, if one of your passwords is cracked or otherwise compromised, the other passwords will be safe.

    ReplyDelete
  43. There can be no denial that we live in an era of cyber warfare. You can have little doubt that our era is truly digital. However not everyone is connected to the https://clashforacure.org or using smart phones yet. Not many are aware of the term hacking or how hacking is affecting us and how ethical hacking can make our lives better.

    ReplyDelete
  44. Thanks for sharing this information admin, it helps me to learn new things. Continue sharing more like this.
    Regards,
    Tableau training in Chennai | Tableau Courses Training in Chennai | Tableau training Institute in Chennai

    ReplyDelete
  45. Interior cameras are sensitive. These prefer a dry environment, but can adjust to temperatures inside the home. BestSecurityPlace

    ReplyDelete
  46. "Insightful" is the perfect word to describe this wonderful writing of yours. The artistic blend of this subject with your tone of writing made this a great read. Much love 😘.
    How to bottom

    ReplyDelete
  47. We Offer all types of Finance Business Personal Cash
    Quick Cash Advance. Fast Credit Check. Cash Today.
    Fast Cash Online
    low interest rate as low as 2%
    Financial Cash Available Here
    Business Personal Cash
    I'll advise All Cash seeker should contact us
    Contact Us At : abdullahibrahimlender@gmail.com
    whatspp Number +918929490461
    Mr Abdullah Ibrahim

    ReplyDelete
  48. i dont ussually do this ,but it feels so real.there is a qualified and ethical hacker who can hack any firewall,facebook hacks,viber,text messages,whatsap,icloud,bank hacks.he can also help you check and catch your cheating husband or your cheating wife.just contact him on cyberghost475 AT gmail DOT com or +1 929 359 3547 he iswith 100%

    ReplyDelete
  49. Beware of scammers i have been scammed 3 times because i was trying to know if my husband was cheating until i met this hacker named; cyberghost475 AT gmail DOT com who helped me hack into my spouse phone for real this great hacker hacked into my spouse whats-app messages,Facebook messages.text messages,call logs,deleted text messages,bitcoin account and many more i was impressed with his job and he brought me results under 24 hours believe me he is real and his services are cheap and affordable.: +1 929 359 3547

    ReplyDelete
  50. outsourcingall.com Most Poplar Free Porn Training Center largest The coolest Free Porn Videos & Sex Movies Updated Daily. Update is a tube porn site with millions Online and offline real life porn cam

    ReplyDelete
  51. Nice Post! Thank you for sharing very good post, it was so Nice to read and useful to improve my knowledge as updated one, keep blogging.
    Hadoop training in Electronic City

    ReplyDelete
  52. This comment has been removed by the author.

    ReplyDelete
  53. This is actually a very informative article – not like most of what I see online. Thanks for the free share and looking forward to reading your updates! simply wow
    Webroot Support | Canon Printer Support | Brother Printer Support | HP Printer Support

    ReplyDelete
  54. If your brother printer is not working, or you are facing issues in the brother printer setup or installation, then contact us at brother support phone number.

    Brother Printer support number
    Brother printer support
    Brother printer toll free number

    ReplyDelete
  55. mcafee activate: First download McAfee program, then install it. For activation go to the link. Find the 25 characters alphanumeric activation key on the retail card. mcafee.com/activate | norton.com/nu16

    ReplyDelete
  56. Login or sign up at office setup and download Microsoft Office. Install and activate the setup on your device. Verify the Office product key | office.com/setup |office.com/setup

    ReplyDelete
  57. Norton setup - Get started with Norton by downloading the setup and installing it on the device. Enter the unique 25-character alphanumeric product key for activation. Check your subscription norton.com/setup | norton.com/setup | norton.com/setup.

    ReplyDelete
  58. Are you in need of Custom Term Paper Writing Services for your various Custom Term Paper Assignment Services? Do not fret; Legitimate Custom Term Paper Writing Services is here to provide the necessary assistance you require to attain your academic aspirations.

    ReplyDelete
  59. Great Article. Thank you for sharing! Really an awesome post for every one.

    IEEE Final Year projects Project Centers in Chennai are consistently sought after. Final Year Students Projects take a shot at them to improve their aptitudes, while specialists like the enjoyment in interfering with innovation. For experts, it's an alternate ball game through and through. Smaller than expected IEEE Final Year project centers ground for all fragments of CSE & IT engineers hoping to assemble. Final Year Project Domains for IT It gives you tips and rules that is progressively critical to consider while choosing any final year project point.

    JavaScript Training in Chennai

    JavaScript Training in Chennai


    ReplyDelete