Scribd
Upload
14 views31 pages

Ethical Hacking Lab Setup Guide

The document outlines the setup for a laboratory environment focused on ethical hacking, emphasizing the use of hypervisors like VirtualBox and Kali Linux for practice. It includes important legal disclaimers regarding hacking activities and details the requirements for setting up victim machines and network configurations. Additionally, it covers password cracking techniques and methods, including demonstrations using tools like John the Ripper and Hydra.

Uploaded by

student -1
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
14 views31 pages

Ethical Hacking Lab Setup Guide

The document outlines the setup for a laboratory environment focused on ethical hacking, emphasizing the use of hypervisors like VirtualBox and Kali Linux for practice. It includes important legal disclaimers regarding hacking activities and details the requirements for setting up victim machines and network configurations. Additionally, it covers password cracking techniques and methods, including demonstrations using tools like John the Ripper and Hydra.

Uploaded by

student -1
Copyright
© All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd

Laboratory Setup

Nov 28, 2025


 Set up laboratory environment for practice
 Hypervisor or Virtual Machine Monitor
 Kali Linux
 Victim Machines
 Network Setup in Virtual Box
Important Note

• It is illegal to perform any kind of hacking activity on


vulnerable machines on the Internet / Intranet that does
not belong to us.
• Learners of Ethical Hacking must not use any vulnerable
machines available on the internet.
• DISCLAIMER – Learners of this course must not use any
vulnerable machines available on the internet.
• If any LEGAL action is taken against them, then TCE will
not be responsible.
Nov 28, 2025
3
Requirements for Laboratory Setup

a) Hypervisor Software
• VMware, VirtualBox

b) Attacker System
• Kali Linux ISO, Parrot Security, Backbox, etc.

c) Victim System
• Windows XP, Windows 7
• Metasploitable machines (Metasploitable 2 and Metasploitable 3)

4
(a) Hypervisor or Virtual Machine Monitor

• Hypervisor is a software that creates and runs virtual machines (VMs).


• It allows one host computer to support multiple guest VMs (different
operating systems).
• By virtually sharing its resources, viz. memory, network interface, storage and
processing.

• Well-known hypervisor softwares: VMware, VirtualBox.


• In our demonstration shall use VirtualBox.

• We shall download and install the latest version of virtual


box from: [Link]

5
(b) Kali Linux

• Kali Linux is an open-source, Debian-based Linux distribution.


• It contains thousand of tools that can be used for practicing
penetration testing, security research, computer forensics and reverse
engineering.
• Some other OS, like Parrot Security, can also be used for same purpose.
However for the beginners we recommend to use Kali Linux.
• To install Kali Linux in Virtual box, the disk image file can be
downloaded from: [Link]

6
(c) Victim Machines

• Metasploitable Machines: These are intentionally vulnerable (i.e.


insecure and hackable) virtual machines designed for training, exploit
testing, and general target practice.
• Metasploitable 2: vulnerable Linux based virtual machine.
• Metasploitable 3: vulnerable Windows based virtual machine.

• We can also install some older machines such as Windows XP for


practice.

7
Network Setup in Virtual Box
• By default virtual box uses Network Address Translation (NAT).
• In NAT mode the Virtual OS is separated from outside (i.e., HOST
system).
• The virtual box itself allocates virtual IP’s to systems installed inside it.
• We can check that all OS installed in VM have the same IP address.
• We can connect to the Internet in this mode.
• To establish connection between host as well as other systems
installed inside virtual box, the best option is to enable Bridge
Adapter mode.

8
Alternatives
• Software setup in virtual box demands high RAM and storage.
• Minimum 4GB RAM, 30-40 GB storage.
• If we do not have such system, then we can use Live Kali Linux.
• Kali Linux in flash/pen drive.
• If we do not have windows system, then alternatively we can install
tools available in Kali such as NMAP, Metaexploit etc. in Unix/Linux
based system.

10
System Hacking

Nov 28, 2025


System Hacking
• What?
– Compromise of computer systems and
software
• Why?
– To access a target computer and steal / misuse
information stored therein
• How?
– Password cracking

Nov 28, 2025


11
Session Outcomes

 Analyze the possibilities of launching password


attacks on any information system.

Nov 28, 2025


12
Topics to be covered

 Password Cracking -Methods


 Demonstration of Dictionary Attack
 John The Ripper
 Hydra

Nov 28, 2025


13
Password Cracking
• Set of techniques used to recover passwords from
computer systems.
• Attackers use this techniques to gain unauthorized access
to the vulnerable system.
• Most of these techniques are successful due to weak or
easily guessable passwords.

Nov 28, 2025


14
Some statistics..

 A new cyberattack occurs every 44 seconds.


 Roughly 2000 cyber attacks per day.
 Four out of Five breaches are somehow related
to passwords.
 Courtesy: [Link]
 Research Study: University of North Georgia

Nov 28, 2025


15
Password Authentication - Basics
• Are passwords stored in our computers/web servers?
• How are the passwords stored???
User Name Password
admin admin
student student
Scott tiger

User Name H(password)


admin 8c6976e5b5410415bde908bd4dee15dfb167a9c87
3fc4bb8a81f6f2ab448a918
student 264c8c381bf16c982a4e59b0dd4c6f7808c51a05f6
4c35db42cc78a2a72875bb
Scott f15c16b99f82d8201767d3a841ff40849c8a1b812ffb
fd2e393d2b6aa6682a6e
Nov 28, 2025
16
Password Authentication - Basics
• User password stored as h(password)

• Hash function h : strings -> strings


– Given h(password), hard to find password

• When user enters password


– System computes h(password)
– Compares with entry in password file
– No passwords stored on disk

Nov 28, 2025


17
Password Files

Unix Systems
file\etc\password

Windows
C:\Windows\System32\config\SAM

Nov 28, 2025


18
Password Cracking Methods

• Shoulder Surfing
• Social Engineering
• Rule Based Attacks
• Brute-Force Attack
• Dictionary Attack
• Password Guessing

Nov 28, 2025


19
Password Cracking Methods

• Default passwords
• Trojan / Key logger
• Wire sniffing
• Rainbow Table

Nov 28, 2025


20
Shoulder Surfing
Looking at the user's keyboard or screen while he/she is logging in.

In May 2023, a shoulder surf victim in the UK lost 70,000 pounds. It constituted
his personal and business funds after he visited a busy pub.

In France, a gang was arrested for stealing over 153,000 euros after peering over
victims’ shoulders and watching them type in PIN codes at cashpoint machines.

Info Courtesy: [Link]

Nov 28, 2025


21
Social Engineering

Nov 28, 2025


22
Bruteforce Attacks

Nov 28, 2025


23
Dictionary Attacks

Nov 28, 2025


24
Dictionary Attacks
Create a dictionary of commonly used passwords.

Compute the hash of each of the password and store it in a


table 1(pwd, h(pwd))

Get the password file (user, h(pwd))

Compare table 1 and password file. If there is a match, the


corresponding pwd in Table 1 is the password.

Nov 28, 2025


25
Demonstration

Nov 28, 2025


Demonstration using John the Ripper

Nov 28, 2025


27
Demonstration using Hydra

Nov 28, 2025


28
Demonstration using Hydra

Nov 28, 2025


29
Nov 28, 2025
Nov 28, 2025

You might also like