Scribd
Upload
2 views30 pages

Ethical Hacking Lecture2

The document provides an overview of setting up a penetration testing lab, including the use of virtualization platforms like VMware and VirtualBox, and the installation of Kali Linux and Metasploitable. It outlines essential tools and commands for ethical hacking, such as Nmap, Wireshark, and Burp Suite, as well as best practices for maintaining a secure testing environment. The conclusion emphasizes the importance of a pentesting lab for ethical hackers to practice safely and legally.

Uploaded by

umarfarouk259
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views30 pages

Ethical Hacking Lecture2

The document provides an overview of setting up a penetration testing lab, including the use of virtualization platforms like VMware and VirtualBox, and the installation of Kali Linux and Metasploitable. It outlines essential tools and commands for ethical hacking, such as Nmap, Wireshark, and Burp Suite, as well as best practices for maintaining a secure testing environment. The conclusion emphasizes the importance of a pentesting lab for ethical hackers to practice safely and legally.

Uploaded by

umarfarouk259
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Ethical Hacking and Reverse

Engineering
Lecture 2:
Dr. Adamu Hussaini
Introduction to Pentesting Labs
• A penetration testing lab is an isolated
environment where ethical hackers practice
exploiting vulnerabilities without harming
real-world systems.
Why Use a Virtual Lab?

• - Safe and legal testing environment


• - Isolated from host system
• - Allows testing of various attack scenarios
Choosing a Virtualization Platform

• - VMware Workstation: Paid but powerful


• - VirtualBox: Free and open-source
• - Hyper-V: Built into Windows
Installing VirtualBox and VMware

• - Download and install VirtualBox from


[Link]
• - Download VMware Workstation from
[Link]
Creating a Virtual Machine (VM)

• 1. Open VirtualBox or VMware


• 2. Click 'New' and configure VM settings
• 3. Allocate RAM and CPU
• 4. Attach Kali Linux ISO
Installing Kali Linux

• - Download ISO from [Link]


• - Follow on-screen installation steps
• - Set up a root user and password
Introduction to Kali Linux

• Kali Linux is a Debian-based OS preloaded


with cybersecurity tools for penetration
testing, forensics, and ethical hacking.
Essential Kali Linux Commands

• - `ls`: List files


• - `cd`: Change directory
• - `ifconfig`: Show network interfaces
• - `nmap`: Network scanning
Introduction to Parrot OS

• Parrot OS is an alternative to Kali Linux with a


focus on security, privacy, and digital forensics.
Parrot OS vs Kali Linux

• - Kali: Industry standard for pentesting


• - Parrot: Lightweight, privacy-focused
alternative
Setting Up Metasploitable

• - Metasploitable is a deliberately vulnerable


Linux VM used for practicing exploits.
Installing Metasploitable in
VirtualBox

• 1. Download Metasploitable from Rapid7


• 2. Import as a virtual machine
• 3. Start the VM and log in
Networking in a Pentesting Lab

• - Bridged Mode: VM gets an IP from the


network
• - NAT Mode: VM shares host IP
• - Host-Only Mode: Isolated network
Introduction to Metasploit
Framework

• Metasploit is an exploitation framework used


for testing security vulnerabilities and
launching payloads.
Basic Metasploit Commands

• - `msfconsole`: Launch Metasploit


• - `search exploit`: Find exploits
• - `use exploit/multi/handler`: Set up payload
Installing Essential Hacking Tools

• 1. Nmap: Network scanning


• 2. Wireshark: Packet analysis
• 3. Burp Suite: Web security testing
Installing Nmap

• - `apt install nmap`


• - Scan networks using `nmap -sS <target>`
Using Nmap for Network Scanning

• - Detect open ports with `nmap -p 1-65535


<target>`
• - Detect OS using `nmap -O <target>`
Installing Wireshark

• - `apt install wireshark`


• - Open Wireshark and start capturing packets
Analyzing Traffic with Wireshark

• - Use filters like `http` and `[Link]==80` to


analyze network traffic
Installing Burp Suite

• - Download from [Link]


• - Install using `dpkg -i [Link]`
Intercepting Traffic with Burp Suite

• - Configure browser proxy settings


• - Capture and modify HTTP requests
Creating a Secure Testing
Environment

• - Isolate lab environment using VirtualBox


snapshots
• - Use VPNs for anonymity
Common Pentesting Lab Mistakes

• - Running vulnerable machines on public


networks
• - Not taking VM snapshots before testing
Practical Lab Exercise

• - Scan a VM with Nmap


• - Capture network traffic with Wireshark
• - Intercept requests with Burp Suite
Advanced Lab Setup

• - Setting up OWASP Juice Shop for web


security testing
Best Practices for a Pentesting Lab

• - Keep tools updated


• - Use encrypted storage for sensitive data
Future of Pentesting Labs

• - Cloud-based labs and automated pentesting


platforms like Hack The Box and TryHackMe
Conclusion of Todays Class

• Setting up a pentesting lab is essential for


ethical hackers to practice techniques safely
and legally.

You might also like