There are types and types of Pentest labs, The one we are going to cover is a very basic Pentest lab, based on virtual machines. No additional hardware is necessary to make this lab.
Once we have downloaded our Virtual framework, we have to download our PenTest OS.
This is a list of the most important, and professional PentTest OS, you can also make your own linux distro, and include the pentest tools that you would like into it, but that is another tutorial.
This list is:
1. Kali Linux
4 BackBox Linux
9. Samurai Web Testing Framework
11. CAINE (Computer Aided Investigative Environment)
There is two ways of running these distros on virtual machines:
You can use the virtual machine image:(vmi,ova) by selecting the export a new virtual machine option.
Also you can create a new virtual machine by using iso files. ISO files are files that contain the complete image of a disc. This option is advisable, because some formats of virtual machines images( such as vmi) do not work properly on some other virtual machines. In other words, rarely virtual machine images from vmware work in virtual box, and the other way around.
Once you have your OS settled in your virtual machine, you are going to change the network settings, and connect this PenTest OS(as well as any other installed OS in your virtual machine framework) to your Network Address Translator(NAT). This is done in order to share the same network with all the machines, so the interaction of this machines with each other would be easier to achieve.
Furthermore, you can install some of this virtual machines for building a foundation of PenTest, at
– VulnHub: https://www.vulnhub.com/
Training with these virtual machines to attempt to get root access to them, would be a really good training before you attempt to apply to your first FTP challenges.
VulnHub is a great site to find virtual machine images that simulate different scenarios where you need to break into. There are many different types and levels of difficulty. I would personally advice to start with a very basic linux distro called “metasploitable”
metasploitable 1 and 2: https://www.vulnhub.com/?q=metasploitable&sort=date-asc&type=vm
and then attempt to hack into kioptrix:
kioptrix levels: https://www.vulnhub.com/series/kioptrix,8/
We would have introductory tutorials guiding you on the steps and theory to break into these systems, as well to some “not that easy” ones in the future. I hope that you can manage now to make your own PenTest lab, and start training with it.
If you have any problems I would be very happy to help you with them, just leave a comment below and I would reply the soonest I can.