• Minimal hardware requirements: 6 GB RAM, quad-core 2.4 GHz processor, 500 GB HDD
• VirtualBox: https://www.virtualbox.org/wiki/Downloads
• Metasploitable 2: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
• Packer: https://www.packer.io/downloads.html
• Vagrant: https://www.vagrantup.com/downloads.html
• Metasploitble 3 (300 MB file)
• Metasploitable 3 (6 GB .ova file for VirtualBox): https://mega.nz/#!XQxEAABQ!frdh5DgZE-tSb_1ajPwLZrV4EZuj1lsS3WlWoLPvBjI
• The BadStore vulnerable web server: https://d396qusza40orc.cloudfront.net/softwaresec/virtual_machine/BadStore_212.iso

Deciding whether to set up a physical or virtual lab (or a combination thereof) depends on your budget and available resources. Penetration testing can get quite expensive depending on the tools used, especially if opting for commercial tools, but it doesn't have to be, considering the many available open source tools in Kali Linux as well as those available on GitHub and GitLab.

As a professional penetration tester, I use two physical machines. One is a laptop outfitted with a 1 TB hard drive, 16 GB of DDR4 RAM, an i7 processor, and an NVIDIA GeForce GTX 1050 graphics card, outfitted with three virtual machines including the main OS (Kali Linux 2018.2). The second machine is an older Tower workstation with 2 TB drives, 24 GB of DDR3 RAM, and an Intel Xeon 3500 processor with onboard graphics card with several VMs, including those used as part of my...

For the Windows environment test lab, I've chosen to install Microsoft Windows 10 as it is currently the latest release by Microsoft. Many users with newer PCs and laptops may already be running Windows 10 but Windows 10, should also be installed as a virtual machine for testing purposes, thereby leaving the host OS untouched. This is also recommended for readers with older versions of Windows as well as Mac and Linux users, so they are able to work with the latest version of Windows as part of their penetration tests in the lab environment. In the real world, we will be seeing fewer Windows 7 machines as support for it has ended (making these systems highly vulnerable), although there will also be faithful users who are not open to upgrading just yet.

For this installation, we will be using an evaluation copy of Windows 10 Enterprise...

In this section, we will install a vulnerable virtual machine as a target virtual machine. This target will be used in several chapters of the book, when we explain particular topics. The reason we chose to set up a vulnerable server in our machine instead of using vulnerable servers available on the internet is because we don't want you to break any laws. We should emphasize that you should never pentest other servers without written permission. Another purpose of installing another virtual machine would be to improve your skills in a controlled manner. This way, it is easy to fix issues and understand what is going on in the target machine when attacks do not work.

In several countries, even port scanning a machine that you don't own can be considered a criminal act. Also, if something happens to the operating system using a virtual machine...

Prior to or during a penetration test, it may be necessary to include other tools that are not commonly available with Kali Linux. The art of penetration testing has a great many individuals constantly creating tools that you can include. As a result, it may be necessary to install these tools in your Kali Linux setup. In other circumstances, it is generally a good idea to ensure that your tools are up to date prior to starting any penetration test.

When including additional penetration testing tools, it is advised to look within the Kali Linux repository first. If the package is available there, you can use the package and install it using the commands detailed next. Another option, if the tool is not available from the repository, is that the creator will often have a download option either on their website or through the software sharing...

There are several network services available in Kali Linux; in this section, we will describe only some of them: the HTTP, MySQL, and SSH services. You can find the other services by navigating to Kali Linux | System Services.

If your penetration testing works, you may want to have a web server for various reasons, such as to serve malicious web application scripts. In Kali Linux, there is already an Apache web server installed; you just need to start the service.

The following are the steps that are required to activate your HTTP server in Kali Linux:

1. To start the Apache HTTP service, open a command line Terminal and type the following command to start the Apache server:

   service apache2...

While our main focus has been on Windows 10, Metasploitable 2, and Metasploitable 3, there are several other similar projects for exploring vulnerabilities and testing your skills. Seasoned security experts and penetration testers may remember a tiny vulnerable web server called BadStore. This vulnerable server was no larger than 15 MB (yes, megabytes) and contained several vulnerabilities from cross-site scripting to SQL injection. Although no longer available as a direct download on the official site, it can still be found around the web.

https://www.vulnhub.com/ is exactly what its domain indicates: a hub for vulnerability projects. Several vulnerable VMs are listed on the site for download, which can be used for practice and Capture the Flag (CTF) scenarios and tournaments, including Damn Vulnerable Linux, Kioptrix, and others.

Several websites...

In this chapter, we looked at creating a lab environment for penetration testing. As explained, your lab setup will depend solely on the resources available to you, such as CPU, RAM, and HDD space. It's a good idea to experiment with as many different OSes as you can, including Windows, Linux, Mac, Android, and even ARM OSes (available at https://www.vulnhub.com/) to be able to get yourself some experience in a controlled environment where you may legally carry out tests.

If using the Metasploitable server, we recommend that beginners, including professionals with limited time, use the Metasploitable 2 OS as the Metasploitable 3 OS setup is highly complicated—the builds can be built for specific host operating systems.

Users with limited resources can also use smaller vulnerable OSes such as BadStore and DVL which, like Metasploitable 2, come as pre-built...

Lets try to answer some questions based on the knowledge you grabbed from the chapter:

1. What are two virtualization platforms that can be used to create and host virtual machines?
2. What does .vmdk stand for?
3. What are the default login credentials for Metasploitable 2?
4. If building the Metasploitable 3 server from scratch, what other additional pieces of software are required?
5. What is the command used to install a new package or to update an existing package in Kali Linux?
6. What command is used to start the MySQL service?
7. What command is used to start the SSH service?

• Installing Metasploitable 2: https://metasploit.help.rapid7.com/docs/metasploitable-2
  
• Building Metasploitable 3: https://github.com/rapid7/metasploitable3
• Full Metasploitable 3 download (6 GB file): https://mega.nz/#!XQxEAABQ!frdh5DgZE-tSb_1ajPwLZrV4EZuj1lsS3WlWoLPvBjI