Hack Lab Intro: How to Set up a Home Hacking and Security Testing Lab

Introduction

This series of articles comprises an introductory tutorial on how to set up a home lab to experiment with common hacking and information security testing tools. Our setup will  allow us to explore the sorts of computer and network vulnerabilities that can be encountered on the internet, and to test the security of our own home computer network and networked devices, all from within an isolated and secure working environment. The series is geared toward individuals who have little or no prior experience with virtualization software or common hacking and security testing tools, but are interested in exploring network and computer security.

Over the course of the tutorial series, we will create two separate network configurations. The first will be a completely virtual environment populated by two virtual guest systems running inside a single host computer. This requires nothing more than an internet connection for the necessary downloads, and a computer with relatively modest RAM and disk resources.

The second configuration will be an everyday local area network of the sort that can be found in many homes, but which is isolated from the internet and where we can strictly control and monitor all network traffic. This setup is slightly more involved in terms of hardware than the first, requiring also a spare router.

Our monitoring and attack system in both configurations will be an instance of a Kali Linux virtual machine running inside an installation of the VirtualBox software package on our primary computer. Kali is a Linux operating system distribution intended for security testing and digital forensics.

In the first completely virtual network environment, our victim will be an instance of  Metasploitable2, a virtual machine that exhibits vulnerabilities that can be found on  everyday computer systems and software configurations. As noted at Offensive Security, "Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques."

In the second network configuration, we will use the Kali Linux virtual machine to compromise an everyday local area network router of the sort that can be found on many home networks, in order to demonstrate just how easy it can be to steal login credentials  passed from another computer on the network.

The tutorial is broken down into four parts:
  • Part 1 covers the installation of VirtualBox and provides a walk through of a full installation of a Kali virtual machine on your primary lab computer. Along the way, we'll take a short detour on how to quickly run live Kali sessions without a full installation of the machine.
  • Part 4 provides details on setting up our second network configuration, which models an everyday home local area network. With the attack machine, we'll conduct a simple man-in-the-middle attack against the network's router, and demonstrate a serious security vulnerability by stealing login credentials sent to it from the victim machine, in this case, the host computer. 

45 comments:

  1. Thanks for your informative article on UFT automation testing tool. Your post helped me to understand the features and functionality of QTP automation testing tool. QTP Training in Chennai | QTP training Chennai

    ReplyDelete
  2. Good post. I learned new informations. Thanks !

    PPC training in chennai

    ReplyDelete
  3. Great post....Thank you for posting the great content……I found it quiet interesting, hopefully you will keep posting such blogs…
    If you Want more seo course chennai

    ReplyDelete
  4. Nice post. Happy to visit your blog. Thanks for sharing such a useful post.

    php training in kodambakkam

    ReplyDelete
  5. Thanks for Sharing the valuable information and thanks for sharing the wonderful article..We are glad to see such a wonderful article..
    QTP Training in Chennai | QTP Training Institute in Chennai | QTP Training

    ReplyDelete
  6. Updating with the latest technology and implementing it is the only way to survive in our niche. Thanks for making me this article. You have done a great job by sharing this content in here. Keep writing article like this.
    Angularjs training in chennai | Angularjs course in Chennai

    ReplyDelete
  7. Thanks for posting this useful content, Good to know about new things here, Let me share this,
    AngularJS Training in Chennai | AngularJS Training | Best AngularJS Training Institute in Chennai

    ReplyDelete
  8. Very Nice Blog I like the way you explained these things. I’ve been looking for ways to improve my website and overall rankings.I hope your future article will help me further.Take Digital Marketing Training to mould yourself.

    ReplyDelete
  9. This is really very nice post you shared, i like the post, thanks for sharing..
    James

    ReplyDelete
  10. I just couldn't leave your site before letting you know that I genuinely delighted in the top quality data you present to your guests? Will be back again often to determine the status of new posts. HOA Management Services

    ReplyDelete
  11. This is excellent information. It is amazing and wonderful to visit your site.Thanks for sharing this information,this is useful to me...
    Ios training in chennai

    ReplyDelete
  12. I strongly recommend you to read this article about the truth spy tracking application.

    ReplyDelete
  13. On the off chance that you have been wrongly blamed for hacking it's vital that you get some legitimate exhortation and get your legal advisor to locate a specialist witness with the fundamental aptitudes to help your case.how to hack a phone to read texts

    ReplyDelete
  14. Testing makes your customer to get full satisfaction on your service since it found out all the bugs and errors and rectify it. Selenium is the best tool ever to test web based applications. Thank you for your information.

    Regards:

    Selenium Training in chennai |
    Selenium Training

    ReplyDelete
  15. Your details are very informative. I am interested to learn AngularJS Training in Chennai or AngularJS course in Chennai Do you have this kind of post means kindly share with me.

    ReplyDelete
  16. I want to say thanks to you. I have bookmark your site for future updates. security alarms rockport

    ReplyDelete
  17. ou can even subscribe to magazines that provide the cheats for the most recent games and some of the classics roblox jailbreak hack

    ReplyDelete
  18. I am impressed by the quality of information on this website. There are a lot of good resources here. I am sure I will visit this place again soon. http://www.camarillocagaragedoorrepair.com

    ReplyDelete
  19. All you have to do now is to wait. Waiting time depends on password complexity but it will maximum takes 5 minutes to retrieve and decrypt the password from Facebook's database Blue Portal

    ReplyDelete
  20. The bar is set high for every one of the bloggers out there.
    paypal money hack

    ReplyDelete
  21. The moral hacking experts run several programs to secure the network systems of companies.
    YeahHub Hacking Tutorials

    ReplyDelete
  22. A moral hacker has legal permission to breach the software system or the database of a company. FB hack

    ReplyDelete
  23. I believe there are many more pleasurable opportunities ahead for individuals that looked at your site.


    Hadoop Training in chennai

    ReplyDelete
  24. Nice post.Thank you so much for sharing.Yiioverflow is a web development company.We have well expert team in Angular JS, Ionic, Yii Framework, Node JS, Laravel, PHP, MySQL, and WordPress.If you want a developer visit.. https://yiioverflow.com/

    ReplyDelete
  25. Nice Post! It is really interesting to read from the beginning & I would like to share your blog to my circles, keep your blog as updated.
    Regards,
    Big Data Training in Chennai|Big Data Training|Big Data Course in Chennai

    ReplyDelete
  26. I feel really happy to have seen your webpage and look forward to so many more entertaining times reading here. Thanks once more for all the details.
    datascience training in chennai

    ReplyDelete
  27. Existing without the answers to the difficulties you’ve sorted out through this guide is a critical case, as well as the kind which could have badly affected my entire career if I had not discovered your website.

    Digital Marketing Training in chennai

    ReplyDelete
  28. I enjoy what you guys are usually up too. This sort of clever work and coverage! Keep up the wonderful works guys I’ve added you guys to my blog roll.AWS Training in chennai

    ReplyDelete
  29. Your post about technology was very helpful to me. Very clear step-by-step instructions. I appreciate your hard work and thanks for sharing.
    AngularJS Training in Chennai
    AngularJS Course in Chennai
    AngularJS Training

    ReplyDelete
  30. Much obliged for sharing the data, keep doing awesome...
    house alarms

    ReplyDelete
  31. The author has composed this blog in the most aesthetic way. Awe inspiring!
    Chris

    ReplyDelete

  32. Hats off to your presence of mind..I really enjoyed reading your blog. I really appreciate your information which you shared with us.
    ionic training in chennai

    ReplyDelete
  33. Employment searchers should be fit as a fiddle and have a better than average character referral. Directly after they are at work, almost all organizations will continue to give approaching security guards particular security protect preparing.timedoctor

    ReplyDelete
  34. Eventually you will see that all sites would claim that they can have the best games however it will boil down to the satisfaction that you simply as consumers experience in the sites.Slope unblocked Game

    ReplyDelete
  35. Blood is gathered, for the most part from the fingertip. This might be done at home or at a specialist's office. It is then broke down at a lab for responses with specific foods.www.intolerancelab.co.uk

    ReplyDelete
  36. And indeed, I’m just always astounded concerning the remarkable things served by you. Some four facts on this page are undeniably the most effective I’ve had.
    occupational health and safety course in chennai

    ReplyDelete
  37. Thank you for your post. This is excellent information. It is amazing and wonderful to visit your site.
    Web Design Training

    ReplyDelete