To install VMware Player on your Mac, you will first need to download the software. To download the free trial or purchase the software, go to the following URL: https://www.vmware.com/products/fusion/.

Once the software package has been downloaded, you should find it in your default download directory. Run the .dmg installation file and then follow the onscreen instructions to install it. Once the installation is complete, you can launch VMware Fusion either from the dock or within the Applications directory in Finder. Once loaded, you will see the virtual machine library. This library will not yet contain any virtual machines, but they will be populated as you create them on the left-hand side of the screen. The following screenshot shows the Virtual Machine Library:

To get started, click on the Add button in the top-left corner of the screen and then click on New. This will start the virtual machine installation wizard. The installation wizard is a very simple guided process to set up your virtual machine, as shown in the following screenshot:

The first step requests that you select your installation method. VMware Fusion gives you options to install from a disc or image (ISO file), or offers several techniques to migrate existing systems to a new virtual machine. For all of the virtual machines discussed in this section, you will select the first option.

After selecting the first option, Install from disc or image, you will be prompted to select the installation disc or image to be used. If nothing is populated automatically, or if the automatically populated option is not the image you want to install, click on the Use another disc or disc image button. This should open up Finder, and it will allow you to browse to the image you would like to use. The place where you can get specific system image files will be discussed in later recipes in this section. Finally, we are directed to the Finish window:

After you have selected the image file that you wish to use, click on the Continue button and you will be brought to the summary screen. This will provide an overview of the configurations you selected. If you wish to make changes to these settings, click on the Customize Settings button. Otherwise, click on the Finish button to create the virtual machine. When you click on it, you will be requested to save the file(s) associated with the virtual machine. The name you use to save it will be the name of the virtual machine and will be displayed in you virtual machine library, as shown in the following screenshot:

As you add more virtual machines, you will see them included in the virtual machine library on the left-hand side of the screen. By selecting any particular virtual machine, you can launch it by clicking on the Start Up button at the top. Additionally, you can use the Settings button to modify configurations or use the Snapshots button to save the virtual machine at various moments in time. You can run multiple virtual machines simultaneously by starting each one independently from the library.

By using VMware Fusion within the Mac OS X operating system, you can create a virtualized lab environment to create an entire network environment on an Apple host machine. Virtualization software such as VMware has made it significantly easier and cheaper to build a security lab for personal, independent study.

Prior to installing Ubuntu Server in VMware, you will need to download the image disk (ISO file). This file can be downloaded from Ubuntu's website at the following URL: http://www.ubuntu.com/server.

After the image file has been loaded and the virtual machine has been booted from it, you will see the default Ubuntu menu that is shown in the following screenshot. This includes multiple installation and diagnostic options. The menu can be navigated to with the keyboard. For a standard installation, ensure that the Install Ubuntu Server option is highlighted and press Enter.

When the installation process begins, you will be asked a series of questions to define the configurations of the system. The first two options request that you specify your language and country of residence. After answering these questions, you will be required to define your keyboard layout configuration as shown in the following screenshot:

There are multiple options available to define the keyboard layout. One option is detection, in which you will be prompted to press a series of keys that will allow Ubuntu to detect the keyboard layout you are using. You can use keyboard detection by clicking on Yes. Alternatively, you can select your keyboard layout manually by clicking on No. This process is streamlined by defaulting to the most likely choice based on your country and language. After you have defined your keyboard layout, you are requested to enter a hostname for the system. If you will be joining the system to a domain, ensure that the hostname is unique. Next, you will be asked for the full name of the new user and username. Unlike the full name of the user, the username should consist of a single string of lowercase letters. Numbers can also be included in the username, but they cannot be the first character. Have a look at the following screenshot:

After you have provided the username of the new account, you will be requested to provide a password. Ensure that the password is something you can remember as you may later need to access this system to modify configurations. Have a look at the following screenshot:

After supplying a password, you will be asked to decide whether the home directories for each user should be encrypted. While this offers an additional layer of security, it is not essential in a lab environment as the systems will not be holding any real sensitive data. You will next be asked to configure the clock on the system as shown in the following screenshot:

Even though your system is on an internal IP address, it will attempt to determine the public IP address through which it is routing out and will use this information to guess your appropriate time zone. If the guess provided by Ubuntu is correct, select Yes; if not, select No to manually choose the time zone. After the time zone is selected, you will be asked to define the disk partition configurations as shown in the following screenshot:

If you have no reason to select differently, it is recommended that you choose the default selection. It is unlikely that you will need to perform any manual partitioning in a security lab as each virtual machine will usually be using a single dedicated partition. After selecting the partitioning method, you will be asked to select the disk. Unless you have added additional disks to the virtual machine, you should only see the following option here:

After selecting the disk, you will be asked to review the configurations. Verify that everything is correct and then confirm the installation. Prior to the installation process, you will be asked to configure your HTTP proxy. For the purposes of this book, a separate proxy is unnecessary, and you can leave this field blank. Finally, you will be asked whether you want to install any software on the operating system as shown in the following screenshot:

To select any given software, use the Space bar. To increase the attack surface, I have included multiple services, only excluding virtual hosting and additional manual package selection. Once you have selected your desired software packages, press Enter to complete the process.

Ubuntu Server has no GUI and is exclusively command line driven. To use it effectively, you are recommended to use SSH. To configure and use SSH, see the Configuring and using SSH recipe later in this section.

Prior to installing Metasploitable2 in your virtual security lab, you will first need to download it from the Web. There are many mirrors and torrents available for this. One relatively easy method to acquire Metasploitable is to download it from SourceForge at the following URL: http://sourceforge.net/projects/metasploitable/files/Metasploitable2/.

Installing Metasploitable2 is likely to be one of the easiest installations that you will perform in your security lab. This is because it is already prepared as a VMware virtual machine when it is downloaded from SourceForge. Once the ZIP file has been downloaded, you can easily extract the contents of this file in Windows or Mac OS X by double-clicking on it in Explorer or Finder respectively. Have a look at the following screenshot:

Once extracted, the ZIP file will return a directory with five additional files inside. Included among these files is the VMware VMX file. To use Metasploitable in VMware, just click on the File drop-down menu and click on Open. Then, browse to the directory created from the ZIP extraction process and open Metasploitable.vmx as shown in the following screenshot:

Once the VMX file has been opened, it should be included in your virtual machine library. Select it from the library and click on Run to start the VM and get the following screen:

After the VM loads, the splash screen will appear and request login credentials. The default credential to log in is msfadmin for both the username and password. This machine can also be accessed via SSH, as addressed in the Configuring and using SSH recipe later in this section.

Metasploitable was built with the idea of security testing education in mind. This is a highly effective tool, but it must be handled with care. The Metasploitable system should never be exposed to any untrusted networks. It should never be assigned a publicly routable IP address, and port forwarding should not be used to make services accessible over the Network Address Translation (NAT) interface.