Set up your Penetration Testing Lab

Hari Charan

To excel at penetration testing, you need to have your lab for practise/research. I would suggest one to use virtual machines which are free in the market. I would go with VMware Workstation rather than Virtual box, it’s just my personal option. You can choose any one.

Downloads

1. VMware Workstation
Click here to download VMware Workstation

2. Kali Linux iso
Click here to download Kali Linux Iso

3. Bee-box
Click here to download bee-box

Why we need Bee-Box

For web application penetration testing we often need a vulnerable application to exploit. We cannot exploit on our operating system instead we need a dummy server. So this bee-box comes in handy and it is a custom Linux VMware virtual machine pre-installed with bWAPP. Bee-box gives you several ways to hack and deface the bWAPP website. This helps security enthusiasts to discover and prevent the issues.There are quite many features in this virtual machine which you will see it once it’s been installed.

Installation

  1. First you need to install VMware in your system. It’s quite easy to install VMware by clicking on ‘Next‘ buttons with default selected options.

  2. Now it’s time to install Kali Linux OS in your workstation. Just follow the steps mentioned in the article ‘set up Kali Linux

  3. Extract bee-box now. You should see a file ‘bee-box’ with (.vmx extension) as shown below. Just double click on it.

    Beebox1
    You should see your Vmware setting up your server. Isn’t it simple?
    By the way Default user and password: ‘bee‘ and ‘bug‘. And now you should see a screen just like below

002

Okay now click on the terminal icon and type ‘ifconfig‘ command to get your server address.
0003

Now open your browser in your windows machine and type the http://server IP Address/bWAPP/login.php. (ex: http://192.168.0.4/bWAPP/login.php)

05

That’s it your lab with vulnerable application is now ready to hack. We will learn how to find vulnerabilities in the application in next few posts. Cheerzzz..!

DISCLAIMER : THE INFORMATION PUBLISHED IN THIS ARTICLE IS FOR EDUCATIONAL PURPOSE ONLY. ANY MISUSE OF THIS INFORMATION WILL NOT BE THE RESPONSIBILITY OF THE AUTHOR OF THE WEBSITE. THIS IS JUST MY LEARNING EXPERIENCE AND EDUCATIONAL BLOG FOR PEOPLE WHO WOULD LEARN FROM MY EXPERIENCE
Advertisements

2 thoughts on “Set up your Penetration Testing Lab

  1. Anonymous April 26, 2017 / 9:34 am

    im using qemu/kvm for virtual machines. will the procedure remain same

    Like

    Reply

Leave a Reply

Please log in using one of these methods to post your comment:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s