Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mbn-code/win7-kali-pentesting

Setting up Kali Linux and Windows 7 for Penetration Testing in VirtualBox
https://github.com/mbn-code/win7-kali-pentesting

cyber cybersecurity education exploiting guide guides hackingtools kali learning linux network nmap pentest troubleshooting virtual-machine virtualbox vulnerabilities win7 windows

Last synced: 17 days ago
JSON representation

Setting up Kali Linux and Windows 7 for Penetration Testing in VirtualBox

Host: GitHub
URL: https://github.com/mbn-code/win7-kali-pentesting
Owner: mbn-code
Created: 2023-07-10T20:21:33.000Z (over 1 year ago)
Default Branch: main
Last Pushed: 2024-11-01T20:25:57.000Z (3 months ago)
Last Synced: 2024-11-28T17:13:43.787Z (3 months ago)
Topics: cyber, cybersecurity, education, exploiting, guide, guides, hackingtools, kali, learning, linux, network, nmap, pentest, troubleshooting, virtual-machine, virtualbox, vulnerabilities, win7, windows
Homepage: https://mbn-code.dk
Size: 30.3 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# Setting Up a Penetration Testing Lab with Kali Linux and Windows 7 in VirtualBox

## Table of Contents

1. [Introduction](#introduction)
2. [Why Use Virtual Machines for Penetration Testing?](#why-use-virtual-machines-for-penetration-testing)
3. [Prerequisites](#prerequisites)
4. [Step 1: Download Required Software](#step-1-download-required-software)
- [1.1 Kali Linux](#11-kali-linux)
- [1.2 Windows 7](#12-windows-7)
- [1.3 VirtualBox](#13-virtualbox)
5. [Step 2: Install VirtualBox](#step-2-install-virtualbox)
6. [Step 3: Create Virtual Machines](#step-3-create-virtual-machines)
- [3.1 Creating a Kali Linux VM](#31-creating-a-kali-linux-vm)
- [3.2 Creating a Windows 7 VM](#32-creating-a-windows-7-vm)
7. [Step 4: Configuring Network Settings](#step-4-configuring-network-settings)
- [4.1 Configuring Kali Linux VM Network](#41-configuring-kali-linux-vm-network)
- [4.2 Configuring Windows 7 VM Network](#42-configuring-windows-7-vm-network)
8. [Step 5: Installing Operating Systems](#step-5-installing-operating-systems)
- [5.1 Installing Kali Linux](#51-installing-kali-linux)
- [5.2 Installing Windows 7](#52-installing-windows-7)
9. [Step 6: Configuring for Penetration Testing](#step-6-configuring-for-penetration-testing)
- [6.1 Identifying Target IP Address](#61-identifying-target-ip-address)
- [6.2 Scanning for Vulnerabilities with Kali Linux](#62-scanning-for-vulnerabilities-with-kali-linux)
- [6.3 Analyzing Scan Results](#63-analyzing-scan-results)
- [6.4 Exploiting Vulnerabilities](#64-exploiting-vulnerabilities)
10. [Troubleshooting and Best Practices](#troubleshooting-and-best-practices)

- [VM Not Starting](#vm-not-starting)
- [Network Connectivity Issues](#network-connectivity-issues)
- [Compatibility and Performance](#compatibility-and-performance)

11. [Conclusion](#conclusion)
12. [Further Learning](#further-learning)

## Introduction

Penetration testing, often referred to as **ethical hacking**, is a method used to evaluate the security of computer systems by simulating attacks to identify vulnerabilities. This guide provides a comprehensive walkthrough for setting up a penetration testing environment using **Kali Linux** and **Windows 7** virtual machines (VMs) within **VirtualBox**.

> **Warning:** Penetration testing should **only** be conducted on systems you have explicit permission to test. Unauthorized testing is illegal and unethical.

## Why Use Virtual Machines for Penetration Testing?

- **Isolated Environment:** Enables safe testing and experimentation without risking the host system.
- **Flexibility:** Multiple operating systems can coexist on a single physical machine.
- **Snapshots and Rollbacks:** Simplifies recovery by allowing you to revert to previous states if issues arise.
- **Resource Management:** Efficiently allocate system resources between different VMs as needed.

## Prerequisites

- **Hardware Requirements:**
- A host system capable of running VirtualBox.
- Minimum of 8 GB RAM (16 GB recommended for optimal performance).
- At least 40 GB of available disk space.
- **Software Requirements:**
- Basic knowledge of Linux commands and networking concepts.
- Administrative access to install software on the host system.
- **Optional Tools:**
- USB drives for transferring files if necessary.
- External storage for backups and snapshots.

---

## Step 1: Download Required Software

### 1.1 Kali Linux

- Navigate to the [Kali Linux Downloads Page](https://www.kali.org/downloads/).
- Choose between the pre-configured VirtualBox VM image (.ova format) for a quick setup or the ISO file for a manual installation.
- Select the appropriate version based on your requirements (e.g., standard, light, or headless editions).

### 1.2 Windows 7

- Visit the [Internet Archive Windows 7 ISO](https://archive.org/details/Windows7-iso).
- Download the Windows 7 ISO file, ensuring you select the 64-bit version compatible with your host system.
- **Note:** Ensure you have a valid Windows 7 license key for activation after installation.

### 1.3 VirtualBox

- Go to the [VirtualBox Downloads](https://www.virtualbox.org/wiki/Downloads) page.
- Download and install the latest version of VirtualBox for your operating system.
- Additionally, download the **Extension Pack** to enable advanced features such as USB 2.0/3.0 support, RDP, and more.

---

## Step 2: Install VirtualBox

1. **Launch the Installer:**
- Run the downloaded VirtualBox installer.
2. **Follow Installation Prompts:**
- Choose the installation directory.
- Select components to install (default selections are recommended).
- Configure network interfaces if prompted (VirtualBox may briefly disconnect your network during installation).
3. **Finalize Installation:**
- Complete the installation process and launch VirtualBox to ensure it's working correctly.
4. **Install Extension Pack:**
- Open VirtualBox.
- Go to **File > Preferences > Extensions**.
- Click the **Add** icon and select the downloaded Extension Pack to install it.

---

## Step 3: Create Virtual Machines

### 3.1 Creating a Kali Linux VM

1. **Initiate VM Creation:**
- Open VirtualBox and click **New**.
2. **Configure VM Settings:**
- **Name:** `Kali Linux`
- **Type:** `Linux`
- **Version:** `Debian (64-bit)`
- **Memory:** Allocate between `2048-4096 MB` (2-4 GB).
- **Hard Disk:**
- If using a pre-made image, select **Use an existing virtual hard disk file** and browse to the Kali Linux `.vmdk` file.
- For manual installation, choose **Create a new virtual hard disk** and allocate at least `20 GB`, selecting **Dynamically allocated**.
3. **Finalize VM Setup:**
- Review settings and click **Finish** to create the VM.

### 3.2 Creating a Windows 7 VM

1. **Initiate VM Creation:**
- Click **New** in VirtualBox.
2. **Configure VM Settings:**
- **Name:** `Windows 7`
- **Type:** `Microsoft Windows`
- **Version:** `Windows 7 (64-bit)`
- **Memory:** Allocate between `2048-4096 MB` (2-4 GB).
- **Hard Disk:**
- Select **Create a new virtual hard disk**.
- Allocate at least `30 GB`, choosing **Dynamically allocated**.
3. **Configure Storage:**
- After creation, select the Windows 7 VM and click **Settings**.
- Navigate to **Storage**.
- Under **Controller: IDE**, click the **Add Optical Drive** icon.
- Choose **Choose a disk file** and select the downloaded Windows 7 ISO.
4. **Finalize VM Setup:**
- Review settings and click **OK** to save.

---

## Step 4: Configuring Network Settings

### 4.1 Configuring Kali Linux VM Network

1. **Access VM Settings:**
- Select the Kali Linux VM and click **Settings**.
2. **Navigate to Network:**
- Go to the **Network** tab.
3. **Configure Adapters:**
- **Adapter 1:**
- **Enable Network Adapter:** Checked.
- **Attached to:** Choose from `NAT`, `Bridged Adapter`, or `Host-only Adapter` based on your testing needs.
- **Adapter 2 (Optional):**
- Add a second network interface for advanced network scenarios.
4. **Save Settings:**
- Click **OK** to apply changes.

### 4.2 Configuring Windows 7 VM Network

1. **Access VM Settings:**
- Select the Windows 7 VM and click **Settings**.
2. **Navigate to Network:**
- Go to the **Network** tab.
3. **Configure Adapter:**
- **Adapter 1:**
- **Enable Network Adapter:** Checked.
- **Attached to:** Select the same network mode as the Kali Linux VM.
4. **Save Settings:**
- Click **OK** to apply changes.

> **Tip:** Using the **Host-only Adapter** mode creates a private network between the host and VMs, facilitating isolated testing environments.

---

## Step 5: Installing Operating Systems

### 5.1 Installing Kali Linux

1. **Start the VM:**
- Select the Kali Linux VM and click **Start**.
2. **Boot Process:**
- If using a pre-configured `.ova` file, Kali Linux will boot directly.
- For ISO installations, follow on-screen prompts:
- Choose installation type (Graphical or Text-based).
- Configure user credentials and disk partitions.
- Complete the installation and reboot the VM.

### 5.2 Installing Windows 7

1. **Start the VM:**
- Select the Windows 7 VM and click **Start**.
2. **Boot Process:**
- The VM will boot from the Windows 7 ISO.
3. **Installation Wizard:**
- Select language, time, and keyboard settings.
- Enter the product key when prompted.
- Choose installation type (`Custom` for clean installation).
- Allocate disk space for Windows installation.
- Follow prompts to complete installation and reboot the VM.

> **Note:** After installation, activate Windows 7 using a valid product key to ensure all features are available.

---

## Step 6: Configuring for Penetration Testing

### 6.1 Identifying Target IP Address

1. **Access Windows 7 VM:**
- Open **Command Prompt** (`cmd.exe`).
2. **Retrieve IP Information:**
- Execute the command:
```cmd
ipconfig
```
- Note the **IPv4 Address** assigned to the VM. This IP serves as the `LHOST` for targeting during penetration tests.

### 6.2 Scanning for Vulnerabilities with Kali Linux

1. **Open Terminal:**
- Launch a terminal session in Kali Linux.
2. **Execute Nmap Commands:**

- **Port Scanning:**

```bash
nmap -p-
```

- Scans all 65,535 TCP ports on the target machine.

- **Service and Version Enumeration:**

```bash
nmap -sV
```

- Identifies running services and their versions.

- **Operating System Detection:**

```bash
nmap -O
```

- Determines the operating system based on network responses.

- **Vulnerability Scanning:**

```bash
nmap --script vuln
```

- Utilizes Nmap’s scripts to identify known vulnerabilities.

- **Comprehensive Scanning:**

```bash
nmap -p- -sV -O --script vuln
```

- Combines port scanning, service detection, OS identification, and vulnerability scanning.

### 6.3 Analyzing Scan Results

- **Review Open Ports:** Identify which ports are open and the services running on them.
- **Service Versions:** Determine if services are outdated or have known vulnerabilities.
- **Operating System Insights:** Use OS detection to tailor specific exploitation techniques.
- **Vulnerability Details:** Examine identified vulnerabilities for potential exploitation paths.

### 6.4 Exploiting Vulnerabilities

1. **Launch Metasploit:**
- Open Metasploit by typing:
```bash
msfconsole
```
2. **Search for Exploits:**
- Use the search functionality to find relevant exploits:
```
search
```
3. **Select and Configure Exploit:**
- Choose an appropriate exploit module and set required options:
```
use exploit/
set RHOST
set PAYLOAD
```
4. **Execute Exploit:**
- Run the exploit to attempt gaining access:
```
exploit
```
5. **Post-Exploitation:**
- Once access is achieved, perform actions such as privilege escalation or data exfiltration as part of the testing scope.

> **Important:** Always obtain explicit authorization before exploiting any vulnerabilities to ensure compliance with legal and ethical standards.

---

## Troubleshooting and Best Practices

### VM Not Starting

- **Hardware Verification:**
- Ensure the host system meets all hardware requirements.
- **Enable Virtualization:**
- Check BIOS/UEFI settings to confirm that virtualization technology (e.g., Intel VT-x, AMD-V) is enabled.
- **Resource Allocation:**
- Adjust memory or CPU settings if the VM fails to boot due to resource constraints.

### Network Connectivity Issues

- **Adapter Configuration:**
- Verify that network adapters are correctly set (NAT, Bridged, Host-only).
- **Firewall Settings:**
- Ensure that firewalls on both host and VM do not block necessary traffic.
- **Restart Services:**
- Restart VirtualBox or reinitialize network adapters to resolve connectivity problems.

### Compatibility and Performance

- **Version Matching:**
- Use compatible versions of VirtualBox and the Extension Pack to prevent conflicts.
- **Resource Allocation:**
- Allocate sufficient RAM and CPU cores to each VM for smooth operation.
- **Guest Additions:**
- Install or update VirtualBox Guest Additions within each VM to enhance performance and usability.

---

## Conclusion

By following this guide, you have successfully established a robust penetration testing lab using Kali Linux and Windows 7 within VirtualBox. This setup facilitates the practice of ethical hacking, network scanning, vulnerability assessment, and exploit development in a controlled and safe environment. Always conduct penetration testing responsibly, with proper authorization, and adhere to ethical standards to maintain the integrity and legality of your activities.

### Further Learning

- [Kali Linux Official Documentation](https://www.kali.org/docs/)
- [VirtualBox User Manual](https://www.virtualbox.org/manual/)
- [Nmap Network Scanning Guide](https://nmap.org/book/)
- [Metasploit Unleashed](https://www.offensive-security.com/metasploit-unleashed/)
- [OWASP Testing Guide](https://owasp.org/www-project-web-security-testing-guide/)