Many of you here are new to hacking. If so, I strongly recommend that each of you set up a “laboratory” to practice your hacks. Just like any discipline, you need to practice, practice, and practice some more before you take it out to the real world.
In many disciplines, if you don’t practice, you fall victim to failure. In our discipline, if you don’t practice and fail, you may be serving years behind bars. This makes practice and a dedicated practice lab an even more compelling argument than with other disciplines.
Many of you have been having difficulty setting up your hacking environment to practice your hacks. In this tutorial, I will show you the simplest and fastest way to set up a lab to practice your hacks before taking them out into the real world where any slip-ups could be devastating!
The best way to practice hacking is within a virtual environment. Essentially, you set up a hacking system, such as Kali Linux, and some victims to exploit. Ideally, you would want multiple operating systems (Windows XP, Vista, 7, and 8, as well as a Linux flavor) and applications so that you can try out a variety of hacks.
Virtual machines and a virtual network are the best and safest way to set up a hacking lab. There are several virtualization systems out there, including Citrix, Oracle’s VirtualBox, KVM, Microsoft’s Virtual PC and Hyper-V, and VMware’s Workstation, VMware Player and ESXi. For a laboratory environment, I strongly recommend VMware’s Workstation or Player. Workstation is commercial product that costs under $200, while Player is free. You can also get a free 30-day trial of Workstation.
Player is limited to just playing VMs, while Workstation can both create and play VMs. Let’s download VMware’s Workstation or Player here.
Once you have downloaded and installed your virtualization system, our next step is to download the VMware images of Kali provided by Offensive Security. With these images, you won’t have to create the virtual machine, but simply run it from Workstation or Player—Offensive Security has already created this image for you. This means that once you have downloaded the VM of Kali, you can then use it in either Workstation or Player.
Once you have completed the download, you will need to unzip the files. There are numerous zip utilities available for free including 7-Zip, WinZip, WinArchiver, etc. Download and install one and unzip the files. In the screenshot below, I have downloaded the free trial of WinZip and have used it to unzip the Kali files.
Once all the files have been unzipped, our next step is to open this new virtual machine. Make note of the location where you have unzipped the virtual machine image. Then, go to either VMware Workstation or Player and go to File -> Open like in the screenshot below.
This will open a window like that in the screenshot below. You can see that my Kali image was stored under documents, so I browse there and double-click on the folder.
When I do so, it reveals the VMware virtual machine file that I will load into VMware. Note that I am using the “amd64” version, which is simply the 64-bit version, but the 32-bit version will work, as well, albeit a bit slower.
When you do so, VMware will start your virtual machine and greet you with a screen like below.
Click on the green button in the upper left below “Kali-Linux-1.0.9-vm-amd64” that says “Power on this virtual machine.” You should be greeted by the now familiar Kali screen like below.
Simply use the user “root” and password “toor” to get started hacking!
For the next step, you need to download and install a target system. Of course, you could use your own host Windows 7 or 8 system, but since this is practice, you might want to use an older, easier to hack system. In addition, hacking your own system can leave it unstable and damaged.
I recommend installing a Windows XP, Vista, Server 2003, or an older version of Linux. These systems have many known security flaws that you can practice on and, then when you become more proficient at hacking, you can then upgrade to Windows 7 and 8 and newer versions of Linux.
If you or your friends don’t have a copy of these older operating systems, you can purchase them very inexpensively many places on the Internet. For instance, at last check there are numerous copies available on eBay for as low as $9.95.
Of course, you can also obtain these operating systems for free on many of the torrent sites, but BEWARE… you will likely be downloading more than just the operating systems. VERY often, these free downloads include rootkits that will embed in your system when you open the file.
In addition, older versions of Linux are available from the distributor or via torrent sites, as well.
Once you have your operating system in place, very often you will need applications to run on these older versions of the Windows and Linux operating systems. You will likely need a browser, Office, Adobe products, etc. These older products have well-known security flaws that you can hone your skills on.
I like the site Old Apps to download many of these. Of course, once again, you can obtain these from many of the torrent sites with the same caveat as above of you might get more than you bargained for.
I’m hoping that this brief tutorial is helpful to some of you who have had difficulty setting up Kali and a lab, and now we can get back to our work of hacking, my amateur hackers!