Building an ethichal hacking lab on your laptop with VirtualBox – Part 1 pfsense

I have not forgotten about the wireless assessment side of things, don’t worry it will continue and thanks for all the feedback so far everyone πŸ™‚

Creating your own ethical hacking lab is a great way to understand how exploits work and how the lack of configuration on systems can lead to compromise.

The following are currently in my lab (Feel free to add more to yours):

Windows Server 2008 R2
Windows Server 2012
Windows 7
Windows 8
Windows XP
Linux Mint
Kali Linux
Metasploitable 2
DVWA
pfsense

First download and install VirtualBox and the extension pack for whatever platform you are using, in my case today I am using Windows for this.

Excellent you followed the Next, Next, Next process and got everything installed!

Now download pfsense first to act as an internal router for all your devices to easily communicate, you can also do this with a windows server by using dhcp but pfsense is light and fast and fit for purpose.

Click on new up the top left to create a new virtual machine

1 - VirtualBox pfsense start

1 – VirtualBox pfsense start

Give it a name, select a type and a version, below should work for you

2 - VirtualBox pfsense name type version

2 – VirtualBox pfsense name type version

Allocate memory

3 - VirtualBox pfsense RAM

3 – VirtualBox pfsense RAM

Create the hard drive now

4 - VirtualBox pfsense create hard drive now

4 – VirtualBox pfsense create hard drive now

Leave it at VDI and click next

5 - VirtualBox pfsense VDI select

5 – VirtualBox pfsense VDI select

Leave the drive as dynamic as this will not use all the space you allocate until it is needed, it saves on space if you allocate too much.

6 - VirtualBox pfsense HDD dynamically allocated

6 – VirtualBox pfsense HDD dynamically allocated

8GB’s is fine for the size so click create

7 - VirtualBox pfsense HDD size

7 – VirtualBox pfsense HDD size

Now that is is created you will see the following in your VirtualBox Manager

8 - pfsense created icon

8 – pfsense created icon

Either right click it and settings or click the settings button up the top right

9 - VirtualBox settings button

9 – VirtualBox settings button

Under the System / Β Motherboard tab untick the floppy and move the disk and Hard disk up like I have below

10 - VirtualBox system settings

10 – VirtualBox system settings

Under the storage heading click on the Empty disc under and then select the disc on the right next to where it says IDE Secondary Master and select the location of your pfsense ISO to boot from

11 - VirtualBox Storage settings

11 – VirtualBox Storage settings

It should then look like this once selected

11 - VirtualBox Storage settings - selected

11 – VirtualBox Storage settings – selected

Move to Network next and select Internal Network from the drop down menu like below

12 - VirtualBox Network NICs selected 1

12 – VirtualBox Network NICs selected 1

Next Click on adapter two, tick the box to enable the Network adapter and repeat the same process

12 - VirtualBox Network NICs selected 2

12 – VirtualBox Network NICs selected 2

Repeat for adapter 3 also

12 - VirtualBox Network NICs selected 3

12 – VirtualBox Network NICs selected 3

You now have the option to turn on the WAN, LAN and a DMZ as you wish but for now we will leave them all as internal and start it up and install pfsense

Just let it boot up automatically

13 - pfsense auto boot

13 – pfsense auto boot

Next select ‘I’ for installer

14 - pfsense select i for install

14 – pfsense select i for install

Just accept the settings here

15 - pfsense accept settings

15 – pfsense accept settings

Just select the quick and easy install

16 - pfsense quick and easy install

16 – pfsense quick and easy install

Select OK

17 - pfsense quick and easy install select OK

17 – pfsense quick and easy install select OK

It installs in seconds

18 - pfsense installing

18 – pfsense installing

Select Standard Kernel

18 - pfsense standard kernel

18 – pfsense standard kernel

Reboot

19 - pfsense reboot

19 – pfsense reboot

At this point untick the pfsense ISO down the bottom right to stop it from booting up again

20 - Untick the pfsense ISO

20 – Untick the pfsense ISO

First boot should then look like below, if it doesn’t just shut it down make sure the disc is unticked and start it up again

21 - pfsense first boot

21 – pfsense first boot

Select no to VLANs, you can always do this later anyway if you want. Take note of your interfaces at this point too eg em0, em1 and em2 as these are your WAN, LAN and DMZ NIC’s

em0 = WAN
em1 = LAN
em2 = DMZ

22 - pfsense no to vlans and select WAN

22 – pfsense no to vlans and select WAN

Enter em1 for the LAN

23 - pfsense select LAN

23 – pfsense select LAN

Now enter em2 for what will become a DMZ at some point and then finally press Enter to end this process as you are finished setting the NIC’s

24 - pfsense select DMZ and nothing to finish

24 – pfsense select DMZ and nothing to finish

Enter ‘y’ to accept your settings and make the changes followed by Enter

25 - pfsense acknowledge the NIC settings

25 – pfsense acknowledge the NIC settings

Be patient for a minute or two while the changes are processed

25 - pfsense changes in progress

25 – pfsense changes in progress

When finished you will be passed to an option’s screen

26 - pfsense NIC setup complete

26 – pfsense NIC setup complete

Select option 2 to assign an interface IP address to the LAN that isn’t 192.168.1.1 as we are going to use 10.0.0.0/24 for the lab and configure it to provide DHCP so all of our lab machines automatically get assigned an IP address and can communicate with one another

27 - Configure LAN IP

27 – Configure LAN IP

Give a range of IP addresses you wish to allocate over DHCP and select no to reverting the http web interface

28 - pfsense LAN configured

28 – pfsense LAN configured

Once you press Enter you are then dropped back to the options screen

29 - pfsense back at the options screen

29 – pfsense back at the options screen

As I already have other systems configured in VirtualBox on the internal network NIC’s I can verify connectivity to pfsense by spinning one up and pinging it like below and see that all is ok with the DHCP, if you have nothing else setup yet you can just wait for the next lesson or build another system and see what happens.

30 - Ping to check connectivity

30 – Ping to check connectivity

You can also access pfsense webConfigurator from another machine in the same range via it’s IP address you already assigned, just navigate to the IP address in your browser

31- pfsense webConfigurator

31- pfsense webConfigurator

Select ‘I understand the Risks’ –> ‘Confirm Security Exception’ to gain access to the web interface as it is using a custom certificate and therefore unknown but it is safe to accept

32 - pfsense SSL accept security certificate

32 – pfsense SSL accept security certificate

Login to the webConfigurator with the username ‘admin’ and password ‘pfsense’ as these are the defaults set

33 - Login to the webConfigurator

33 – Login to the webConfigurator

That’s it, you are now logged into pfsense from another system in your internal LAN, I will leave you here to play around with settings and break things, even allow a real Internet connection into the other machines in your test lab through the WAN connection using the Bridging or NAT mode on NIC 1. Have Fun πŸ™‚

34 - First login to pfsense

34 – First login to pfsense

 

 

 

4 thoughts on “Building an ethichal hacking lab on your laptop with VirtualBox – Part 1 pfsense

Leave a Reply