In this chapter, you will learn how to design and build a virtualized penetration testing lab environment on an Ubuntu Desktop computer and leverage virtualization technologies to reduce the cost and need to acquire multiple physical systems and devices.

In addition, you’ll learn how to set up virtually isolated networks to ensure you do not accidentally target systems you do not own. Furthermore, you will set up Kali Linux as the attacker machine and Metasploitable 3 as a vulnerable system for your targets. It’s important to always remember that when practicing offensive security skills such as ethical hacking and penetration testing, it should always be performed on systems and networks you own, as these security tests are usually intrusive and have the potential to cause damage to systems.

Keep in mind that you’ll need to review Chapter 2, Building a Penetration Testing Lab, and Chapter 3, Setting...

To follow along with the exercises in this chapter, please ensure that you have met the following hardware and software requirements:

• Oracle VM VirtualBox – https://www.virtualbox.org/wiki/Downloads
• Oracle VM VirtualBox Extension Pack – https://www.virtualbox.org/wiki/Downloads
• Kali Linux – https://www.kali.org/get-kali/
• Vagrant – https://www.vagrantup.com/
• Metasploitable 3 (Windows and Linux) – https://app.vagrantup.com/rapid7

The concept of creating your very own virtualized penetration testing lab allows you to maximize the computing resources on your existing computer, without the need to purchase online lab time from various service providers or even buy additional computers and devices. Overall, you’ll be saving a lot of money as opposed to buying physical computers and networking equipment such as routers and switches.

As a cybersecurity lecturer and professional, I have noticed that many people who are starting their journeys in the field of Information Technology (IT) usually think that a physical lab infrastructure is needed due to their field of study. To some extent, this is true, but as technology advances, building a physical lab to practice your skills has many downsides associated with it.

The following are some of the disadvantages of a physical lab:

• Physical space is required to store the servers and networking...

There are many hypervisors from various vendors in the information technology industry. However, Oracle VM VirtualBox is a free and simple-to-use hypervisor that has all the same essential features as commercial (paid) products. In this section, you will learn how to set up Oracle VM VirtualBox and create virtual networks on your computer.

Before getting started, the following are important factors and requirements:

• Ensure the computer’s processor supports virtualization features such as VT-x/AMD-V.
• Ensure the virtualization feature is enabled on your processor via the BIOS/UEFI.

To get started with this exercise, please use the following instructions:

1. Open Terminal within Ubuntu Desktop and use the following...

1. Open the web browser within Ubuntu, go to https://www.kali.org/get-kali/, and download the VirtualBox version of Kali Linux. Ensure the downloaded file is saved within your Downloads directory.
2. After the download is completed, use the following command to install 7-Zip, an application to unzip compressed files (Kali Linux):

   glen@ubuntu:~$ sudo apt install p7zip-full 
   

3. Next, use the following commands to change the work directory to the Downloads folder and unzip the file:

   glen@ubuntu:~$ cd Downloads/
   glen@ubuntu:~/Downloads$ 7z x kali-linux-2024.1-virtualbox-amd64.7z
   

   As shown in the following screenshot, 7-Zip is uncompressing the file and extracting its contents:

   

   Figure 19.4: Extracting file contents

4. Next, on Ubuntu Desktop, open the applications menu and click on VirtualBox.
5. When VirtualBox opens, click on Add, as shown below:

Figure 19.5: VirtualBox...

In this section, you will learn how to build and deploy Metasploitable 3 (both the Windows Server and Linux server versions) on Ubuntu Desktop. The Windows Server version will be using a dual-homed network connection to both the PentestNet network (172.30.1.0/24) and the HiddenNet network (10.11.12.0/24). This setup will enable us to perform pivoting and lateral movement between different networks. Finally, the Linux server version will be connected to the HiddenNet network (10.11.12.0/24) only.

The following diagram shows the logical connections between systems and networks:

Figure 19.11: Low-level diagram

As shown in the preceding diagram, this topology goes into more depth on how the virtual machines are interconnected within our virtual lab environment. For instance, to access the Metasploitable 3 – Linux version, we will need to first compromise the Metasploitable 3 – Windows version via the PentestNet network...

This chapter covered how to set up a hypervisor, create virtual networks, and deploy Kali Linux and Metasploitable 3 in the lab environment. It’s important to refer to Chapter 2, Building a Penetration Testing Lab, and Chapter 3, Setting Up for Advanced Penetration Testing Techniques, to continue building the lab.