There are lots of tutorials available on the internet related to
hacking but the big problem lies in testing your theoretical skills.
Unless you don't have practical exposure to hacking, you cannot
really understand the strength of it. The technique I will discuss
here will be advantageous for those who have only single
system and want to set up a testing network using it. In
case you have multiple systems then you can easily test for your
skills by making one system as target and other as attacker.
But what to do when we have only a single system at our disposal.
Need not to worry. Virtual machine is the ultimate solution. You can
set up your own hacking network and apply your
skills to gain practical exposure to hacking.
Installation & Configuration
The only thing to look for is your systems hardware configuration.
You should have minimum 2 GB RAM but it is highly recommended to use
3 GB RAM for a 32 bit operating system.
We will be using
Oracle VirtualBox in this tutorial. You can
download virtualbox from this link [Reference
1]. Once you
have installed Vbox, the next step is to download the
Extensions pack. You can get it from this link [Reference
2]
Once you have followed these initial steps, you are
half done. The next step is to setup a target operating system.
Suppose you want to set WINDOWS XP SP2 as the
target operating system. You will need a bootable Windows XP SP2 iso
for that. You can easily download it from Microsoft website or
torrent. You can refer to this quick video tutorial on how to
setup a virtual machine using VBox and WIN XP.
Installing Applications on Virtual Machine
So now you have a virtual machine where
you can test all your applications and hacks. Let us install a
WAMP server and run DVWA over it. For those who are not aware
of DVWA can check this link [Reference 3]
How to
install applications on a virtual machine? Well the process is simple.
When your Windows XP Virtual machine is running, then click on the
DEVICE tab, move to USB and select your pendrive from the list.
Now you can install anything from a USB
drive inside your virtual machine. There is also a facility to create
shared folder with your host operating system but I would prefer that
you use USB. Shared folder has some issues when your host operating
system is Windows 7. You can install different servers,
applications, RAT clients etc and play with it.
Advantages of Virtual Machine
Here are some of the major advantages of using virtual machine.
You can test all the viruses and RATs without any fear as your
base operating system will not be affected.
You can test different servers and applications easily
without affecting your base operating system.
In case the Virtual machine gets corrupt then you can
re-install it.
Take Backup & Save Trouble in Future
There are also some key factors that you should remember which will
help you during your pentesting:
Create a clone of the virtual machine
This step is very helpful in case your VM gets corrupt.
Creating a clone of it will prevent you from re-installing it again
and again.
You can create a clone by Right clicking on the Virtul
machine instance in VBox and click on "clone.."
You will notice that a cloned virtual WinXP will be
created for you.
Disable the Windows Firewall
The next important thing you can do is disable the windows
firewall and then perform your pentesting as the firewall may
block some of the suspicious activities. Using the default Windows
firewall of XP virtual machine you can also test whether your activity
is traceable or not. This will give you a clear understanding why RATs
are not considered as a suitable hack these days because they are easily
detectable. You can disable the firewall by going to control panel,
clicking on Firewall and then disable it.
In this way you can set
up a suitable environment for your home experiments.
Testing your Pen-Testing/Hack Network
Well a good question to ask if you have understood the above
concepts. So far we discussed how to test different tools and techniques
on a virtual operating system. The next step will be how to hack one
virtual machine using the other. The scenario will be similar to
hacking any system on internet so this technique will give you
a real time exposure.
Interesting... Lets proceed then. This
time we will set up another virtual machine using BackTrack [Reference
4] operating system which is one of the most widely used penetration
testing operating system by security professionals.
The reason
which makes Backtrack so popular is:
It has all the relevant tools pre-installed
It is linux based.
You can download the Backtrack 5 iso from its
official website. Its a must have operating system for all. You can
follow this simple video to install BT on virtualbox.
Once you are done with the installation part, the next step is to
make the two virtual machines (BT and WinXP) connect with each other.
There is a simple setting that you will have to make in both the virtual
machines. Let's check it out.
Select the Backtrack virtual
machine, then click on settings tab, then move to "network" settings.
You will find that "Adapter 1" is set to NAT adapter. Switch to the
"Adapter 2" tab.
In the Adapter2 tab, set the adapter as "Host-Only Adapter". Set the
name of adapter as "VirtualBox Host Only Ethernet Adapter" . See the
figure.
Make similar setting changes in your windows XP virtual machine as
well. Now your two virtual machines are ready to connect with each
other. You can check the IP address of Windows machine by using the
ipconfig command in the command prompt and similarly you can check the
IP address of the BT machine using the ifconfig command. Also you can
ping the two machines to check if both are detecting each other (don't
forget to disable the windows firewall else it will filter the ping data
packets).
The following image shows my two virtual machines. One
is WinXP and other is BT5 with there corresponding ip addresses. Both
are running ovr my host operating system Win7. So in all there are 3
operating systems running simultaneously.
Now you can use various options available in Backtrack OS to perform
tests on the WinXP box. Let us quickly perform an nmap scan to check the
open ports on WinXP machine.
As you can see that the target is up and has some open ports as
well. Similarly you can perform several attacks and use the tools
available in Backtrack to penetrate the target windows XP machine
without harming your own operating system.
You can use this
technique to perform several tests like,
You can try to hack different operating systems by installing
them as a virtual machine.
This will have a real time simulation of original
scenario.
You can increase the level of difficulty of your hacks by
installing firewalls, IDS/IPS etc.
This is a self customization scenario where you can do
what ever you want
This is just a quick example for you all to get started with using VM's
for pentesting and hacking. You can further take this tutorial to next
level by experimenting with various flavors of operating systems and try
your hands on them.
This can be like a practice battlefield for
you before you dive deep into the real fight.
