HOWTO : Setting up a Penetration environment with VirtualBox

*** CAUTION : This tutorial is written for Penetration Test only. Otherwise, you may be arrested if you attack/intrude any other network/computer without authorization. ***



Software :

Back|Track 4 R1

Ubuntu 10.10 Desktop

VirtualBox 3.2.10 r66523



Hardware :

Lenovo ThinkPad X200 with 4GB RAM and 80GB SSD



Lenovo ThinkPad X200 is installed Ubuntu 10.10 Desktop edition. On which, installs VirtualBox.



Go to the Oracle VM VirtualBox site to download the VirtualBox :

http://dlc.sun.com/virtualbox/vboxdownload.html#linux



(A) Create Back|Track virtual machine :



Select at least 8GB virtual hard drive place and 512MB RAM for the Back|Track. The first network adapter is set to "NAT" while the second is set to "Host-Only".



Boot up Back|Track from the VirtualBox and click on "install.sh" to install Back|Track.



Login for further setting. The username is "root" and the password is "toor".



Step 1 :



After the installation, you may execute the following command to fix the screen size to 800x600.



fix-splash800



Then, change the password of the root when necessary. Otherwise, the username is "root" while the password is "toor".



Execute the following command to make Back|Track to start network interface and X.org when bootup each time.



kate /root/.bash_profile



Append the following lines :



start-network

startx




Step 2 :



To install VirtualBox Additions when necessary via "Konqueror" -- "Storage Media" -- "media:/hdc".



bash VBoxLinuxAdditions-x86.run



Step 3 :



apt-get -y update

apt-get -y upgrade




Step 4 :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "Fast Track". Select "Fast-Track Interactive" and choose "1".



Step 4a :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "ExploitDB". Select "Update Exploitdb".



Step 4b :



Go to "Menu" -- "BackTrack" -- "Penetration" -- "Social Engineering Toolkit". Select "S.E.T-Update".



Step 5 :



At the terminal, execute the following command :



airodump-ng-oui-update



Step 6 :



Go to "Menu" -- "BackTrack" -- "Vulnerability Identification" -- "OpenVAS" -- "OpenVAS NVT Sync".



Step 7 :



Update the Add-ons of Firefox.



Step 8 :



apt-get -y install crark

apt-get -y install wbox

apt-get -y install vlc




Step 9 :



Update the Framework. However, it will take several hours.



cd /pentest/exploits/framework3/

svn up




Step 10 :



Reboot the system.



(B) Create Metasploitable virtual machine (Optional)



Go to the following link to download the "Metasploitable" which is an Ubuntu 8.04 server with some flaws.



http://blog.metasploit.com/2010/05/introducing-metasploitable.html



Set the downloaded Metasploitable as virtual hard drive at VirtualBox. The network adapter is set to "Host-Only". The virtual hard disk space is at least 8GB and 512MB RAM for the Metasploitable.



(C) The final



Now, the IP address of eth0 of Metasploitable is similar to 192.168.56.101. The IP address of eth0 and eth1 of Back|Track are similar to 10.0.2.15 and 192.168.56.102 respectively.



You may require to execute the following command at Back|Track in order to see the two network interfaces and their IPs.



/etc/init.d/networking restart



Back|Track can access (or ping) Metasploitable via IP address. Back|Track can surf the internet but Metasploitable cannot.



At last, your penetration environment is set up.



(D) Free Tutorials



(1) Metaploit Unleashed

(2) Fast-Track

(3) Social-Engineer Tootkit

(4) Got Milk?

(5) How to Metasploit Beginner to Advanced (Video)



(E) Non-free Training



Offensive Security



(F) Resources



(1) Exploits Database

(2) Metaploit Blog

(3) Offensive security Blog

(4) Yet another Back|Track in Gnome

(5) Metasploit



That's all! See you.