You will begin to create your own pentesting lab, preferably on your own laptop. You may need to get an external drive to accomodate the space that will be taken up by the large virtual machines that you will create.

You will be setting up 3 vms. Kali, Windows 8.1 and Metasploitable. Kali and Windows 8.1 will be used for attacking, and Metasploitable will be the target.

1 – Download and install vmware workstation (for pc) or fusion (for mac). Both are free from dreamspark. Instructions for connecting to your dreamspark account are in the information section.

2 – Download the latest version of Kali linux.

https://www.kali.org/downloads/

Because we are doing this for a lab environment I recommend downloading the 32bit version.

3 – Build your kali linux machine

By build I mean you will need to install, update and upgrade the machine. You should also install other various tools that may not already be on the ISO.

Some of the tools I would like you to have on the vm are – Discover Scripts, SMBexec, Veil, WCE, Mimikatz, Password lists, Burp, PeepingTom, gnmap.pl, powersploit, responder, beef, firefox with the webdeveloper addon and tamper data, foxy proxy and user agent switcher. Also install the latest version of Cobalt Strike and Nessus.

4 – Build your win 8.1 machine (If Windows 8 is not available, you may use Windows 10. Understand that with Windows 10 you will need to be creative in getting some of the tools to work. Your TA’s can assist in this.) – You will need to download windows 8.1 from IDS On The Hub. The attached file has information on building a Windows 8.1 VM for pentesting altough it may need to be updated.

5 – download metasploitable 2. Unzip and add to your set.

IMPORTANT!!

Once you have updated Kali and Windows 8.1, you should put both on the HOST ONLY network so that you do not inadvertantly scan or attack the network your computer is on. After you install metasploitable DO NOT update or upgrade it. Put it on the HOST ONLY network.

Put the machines on the 192.168.100 network

The host addresses should be Kali 201, Windows 8.1 101, Metasploitable 202.

Once all that is completed you will submit a screenshot of each machine pinging the other two machines.

EXTRA CREDIT – if one of you would like to create a How To Video with all of the steps listed above, please let me know

Take a screen shot of all your VM’s running on your desktop and submit that. File format should be in .jpeg, .bmp or pasted onto a word document