Building an Ethical hacking lab on your laptop with VirtualBox – Part 16 – Kali Linux 2.0 Rolling

Kali Linux was updated a while back and since has had many nice features added to it. I’ve covered other methods of creating your own custom Kali ISO and installing Kali in VirtualBox before. Check out the previous VirtualBox guide for basic configuration and then follow along to complete the updated Kali 2.0 Rolling installation and get guest additions working as it’s changed a little since my last guide.

What you’ll need is the following:

1 – VirtualBox installed with guest additions downloaded
2 – Kali Linux 2.0 ISO downloaded

As mentioned already refer to the previous guide for basic VirtualBox configuration.

Let’s get to it!

Select Install on first boot to start of the installation

1_Kali_Linux_2.0_VirtualBox_Install_select_install

1_Kali_Linux_2.0_VirtualBox_Install_select_install

Select your desired language

2_Kali_Linux_2.0_VirtualBox_Install_select_language

2_Kali_Linux_2.0_VirtualBox_Install_select_language

Select your country

3_Kali_Linux_2.0_VirtualBox_Install_select_country

3_Kali_Linux_2.0_VirtualBox_Install_select_country

Select your desired keyboard configuration

4_Kali_Linux_2.0_VirtualBox_Install_select_keyboard_layout

4_Kali_Linux_2.0_VirtualBox_Install_select_keyboard_layout

Enter a hostname for your system

5_Kali_Linux_2.0_VirtualBox_Install_enter_a_hostname

5_Kali_Linux_2.0_VirtualBox_Install_enter_a_hostname

Enter a domain name if you want to use one otherwise just hit “Continue”

6_Kali_Linux_2.0_VirtualBox_configure_DNS_if_needed

6_Kali_Linux_2.0_VirtualBox_configure_DNS_if_needed

Enter your the password you want to use for the root account and hit “Continue”

7_Kali_Linux_2.0_VirtualBox_configure_enter_root_password

7_Kali_Linux_2.0_VirtualBox_configure_enter_root_password

Verify your root password and hit “Continue”

8_Kali_Linux_2.0_VirtualBox_configure_enter_root_password_confirmation

8_Kali_Linux_2.0_VirtualBox_configure_enter_root_password_confirmation

Hit “Enter” to continue the hard disk partitioning using the “Guided – use entire disk” method. Feel free to choose a different method if you wish.

9_Kali_Linux_2.0_VirtualBox_configure_select_disk_partitioning

9_Kali_Linux_2.0_VirtualBox_configure_select_disk_partitioning

Hit “Enter” to continue using the selected partition for the hard disk install

10_Kali_Linux_2.0_VirtualBox_configure_select_disk_to_partition

10_Kali_Linux_2.0_VirtualBox_configure_select_disk_to_partition

Hit “Enter” to continue installation using the “All files in one partition” partitioning scheme. Feel free to change it.

11_Kali_Linux_2.0_VirtualBox_configure_select_partitioning_scheme

11_Kali_Linux_2.0_VirtualBox_configure_select_partitioning_scheme

Select “Finish partitioning and write changes to disk” and hit “Enter”

12_Kali_Linux_2.0_VirtualBox_configure_write_changes_to_disk

12_Kali_Linux_2.0_VirtualBox_configure_write_changes_to_disk

Select “Yes” to confirm you want to write all your changes to disk and hit “Enter”

13_Kali_Linux_2.0_VirtualBox_configure_write_changes_to_disk_confirmation

13_Kali_Linux_2.0_VirtualBox_configure_write_changes_to_disk_confirmation

Select “No” to use a network mirror

14_Kali_Linux_2.0_VirtualBox_configure_select_no_for_a_mirror

14_Kali_Linux_2.0_VirtualBox_configure_select_no_for_a_mirror

Select “Yes” and hit enter to install the GRUB boot loader to the master boot record

15_Kali_Linux_2.0_VirtualBox_configure_select_yes_to_install_the_GRUB_bootloader

15_Kali_Linux_2.0_VirtualBox_configure_select_yes_to_install_the_GRUB_bootloader

Select your hard disk you want to install the GRUB boot loader on and hit “Enter”

16_Kali_Linux_2.0_VirtualBox_configure_select_disk_to_install_the_GRUB_bootloader

16_Kali_Linux_2.0_VirtualBox_configure_select_disk_to_install_the_GRUB_bootloader

Installation is now complete, select “Continue” and hit “Enter” to reboot into your new Kali install

17_Kali_Linux_2.0_VirtualBox_configured_ready_to_reboot

17_Kali_Linux_2.0_VirtualBox_configured_ready_to_reboot

At first login enter the username “root” followed by the password you entered at the start of the install

18_Kali_Linux_2.0_VirtualBox_configured_first_login

18_Kali_Linux_2.0_VirtualBox_configured_first_login

Excellent, first logon was a success. Well done so far only a few steps remain until you can start playing in your lab

19_Kali_Linux_2.0_VirtualBox_configured_first_logon

19_Kali_Linux_2.0_VirtualBox_configured_first_logon

During install we didn’t add repositories but in order to update and upgrade the system we’ll need to modify the /etc/apt/sources.lst. Use a text editor of choice of use nano like the example below.

20_Kali_Linux_2.0_VirtualBox_modify_apt_sources_list

20_Kali_Linux_2.0_VirtualBox_modify_apt_sources_list

Add the following repositories to the file then save it. If using nano like in the example do this pressing CTRL+O and pressing enter. Exit with CTRL + X

deb http://http.kali.org/kali kali-rolling main contrib non-free
deb-src http://http.kali.org/kali kali-rolling main contrib non-free

21_Kali_Linux_2.0_VirtualBox_modify_apt_sources_list_repositories

21_Kali_Linux_2.0_VirtualBox_modify_apt_sources_list_repositories

Now that you have some repositories enter the following command into the terminal and hit “Enter”. This will take some time to complete so go grab a beverage of choice and chill out for a bit.

sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get dist-upgrade -y

22_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade

22_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade

When prompted to restart services during package upgrades without asking select “Yes” and hit “Enter”

23_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade_select_yes_to_restart_during_package_upgrades

23_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade_select_yes_to_restart_during_package_upgrades

When prompted if non-superusers should be able to capture packets with Wireshark select “No” and hit “Enter”

24_Kali_Linux_2.0_VirtualBox_select_no_to_disallow_non_superusers_capture_packets_wireshark

24_Kali_Linux_2.0_VirtualBox_select_no_to_disallow_non_superusers_capture_packets_wireshark

Select “Ok” regarding the PostgreSQL version 9.5 obsolete warning and hit “Enter”

25_Kali_Linux_2.0_VirtualBox_select_OK_postgresql_common

25_Kali_Linux_2.0_VirtualBox_select_OK_postgresql_common

If prompted to keep any configurations enter “Y” and hit “Enter” to continue

26_Kali_Linux_2.0_VirtualBox_enter_Y_to_keep_defaults

26_Kali_Linux_2.0_VirtualBox_enter_Y_to_keep_defaults

It took sometime but if you’ve gotten this far your doing well. Enter “reboot” and hit “Enter”

27_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade_complete

27_Kali_Linux_2.0_VirtualBox_update_upgrade_dist_upgrade_complete

This is where things have changed, if you refer to the previous guides on my blog you’ll see installing Virtual Box Guest additions used to be different, now however all you have to do is enter the following

sudo apt-get install -y virtualbox-guest-x11

28_Kali_Linux_2.0_VirtualBox_Install_Guest_Additions

28_Kali_Linux_2.0_VirtualBox_Install_Guest_Additions

Once the installation is complete enter “reboot” and hit “Enter”

29_Kali_Linux_2.0_VirtualBox_Guest_Additions_installed_reboot

29_Kali_Linux_2.0_VirtualBox_Guest_Additions_installed_reboot

You will now have a big full screen and all the other features of Virtual Box Guest additions available

30_Kali_Linux_2.0_VirtualBox_Guest_Additions_installed_rebooted_and_full_screen_achieved

30_Kali_Linux_2.0_VirtualBox_Guest_Additions_installed_rebooted_and_full_screen_achieved

I figured a guide was necessary as I had some issues myself the first time I installed the latest version and imagine others have had the same problem.

That’s it for now, well done getting Kali installed and configured. Have fun playing in your lab!

 

Building an Ethical hacking lab on your laptop with VirtualBox – Part 15 – OWASP Broken Web Apps

Making a move to more web application testing recently I decided an update was required to the lab with the OWASP Broken Web Applications VM to get better at web application testing. I’ve played with it in the past and used it for one of my first blog posts regarding Shellshock aka CVE-2014-6271. I never however wrote about configuring this system or attacking it in the lab. When creating the Shellshock blog post I had to modify some of the OWASP BWA configuration to make it vulnerable to attack. In this post however we’ll just download it and configure it to boot which is all that’s needed to get started. A word of advice before we continue, don’t connect this to a local network outside of your lab as the system is highly vulnerable and easy to gain access for those who poke at it, this makes it great for learning by creating a system vulnerable to attack safely in your lab environment.

What you’ll need is the following:

1 – VirtualBox installed with guest additions downloaded
2 – Pfsense Configured
3 – OWASP Broken Web Applications VM downloaded
4 – 7zip to unzip the OWASP VM

Once you have obtained and configured all of the above you are ready to boot up the VM.

Let’s get to it!

To keep everything contained within the lab environment we’ll use an internal NIC setup in the lab as this keeps the traffic in isolation which means you won’t be scanning or attacking a real system that you didn’t mean to! It happens easily so be careful. Following along with the Pfsense guide you’ll see how this is done. NIC Configuration for the OWASP system is as simple as selecting the same option for one NIC as that’s all you need to get going and get a DHCP lease for it in your lab.

Click new then give your machine a name, select the type ‘Linux’ and the version ‘Linux 2.6 / 3.x / 4.x (64Bit)’ or the version of your own architecture if it is 32 Bit for example and then click ‘Next’

1_owasp_broken_web_applications_type_name

1_owasp_broken_web_applications_type_name

Next allocate a chunk of memory, 1GB should be fine but if you have more 4GB’s is a nice amount to make everything run smoothly.

2_owasp_broken_web_applications_allocate_memory

2_owasp_broken_web_applications_allocate_memory

For the hard disk option choose “Use an existing virtual hard disk file” and navigate to your unzipped OWASP BWA file you downloaded. Select “OWASP Broken Web Apps-cl1” and then click “Create”.

3_owasp_broken_web_applications_use_an_existing_virtual_hard_disk

3_owasp_broken_web_applications_use_an_existing_virtual_hard_disk

Once you have this done you’ll be back in the main Virtual Box system select interface, click on settings up the top left.

9 - VirtualBox settings button

9 – VirtualBox settings button

Remove the Floppy disk drive as it’s not needed and configure the system settings as I have mine below. You don’t need the Optical drive but I chose to keep it so I can boot off other disks for analysis when I want to.

4_owasp_broken_web_applications_modify_settings

4_owasp_broken_web_applications_modify_settings

Modify the NIC to the same as I have below so it says “Attached to: Internal Network” then click OK.

5_owasp_broken_web_applications_modify_nic

5_owasp_broken_web_applications_modify_nic

Boot the system!

6_owasp_broken_web_applications_booted

6_owasp_broken_web_applications_booted

That’s it for now as everything is configured and the OWASP system requires no configuration to get up and running. Providing you have Pfsense running with the internal NIC settings as specified in the previous guide you should be getting a DHCP lease from it that you can ping and scan etc. Log into the OWASP BWA VM to check your IP address and you’re good to start poking around the system using Kali and tools like OWASP Zed Attack Proxy (ZAP) or BURP suite you will get a wealth of information to gain access to the system from your remote attacking system. Have fun!