Getting a suitable VM

This set of tasks will focus on getting a suitable VM up and running. We will be using this VM throughout the course of the module.

Installing a VM Platform

Task: Install a VM Platform

Install either VMWare or Virtual Box on your System

The first thing we want to do is have some way of running virtual machines.

We will also want a VM platform to run the various Virtual Machines on, again you have a couple of options here.

VMWare

Is my personal preference.

You can get a free copy of VMWare Pro / Fusion etc from the university at On the Hub

You can find it under "Productivity"

Virtual Box

You can also use Oracle VirtualBox

Personally, I am less keen on this due to the networking (which I still haven't quite got my head around) However, it is the virtualisation platform of choice for the Uni image outside of the hacking lab.

Note

If you are running Linux as your host system you are still going to want some way of using VM's most of the targets for the module will be VM (to stop you from breaking your own system) so its important you can run them.

Adding a Linux VM

Task: Get a copy of Linux

Create a VM running a Linux distro

We will be using Linux for the majority of the tasks. While this may not be your preferred desktop environment it does give us a lot of benefits over Windows.

1. We get a much more transparent system. While we can do almost all of the labs in windows, its much more of a PITA. Usually with Linux things like installing software, configuring permissions, or running more "interesting" tools are much easier.

2. While windows is still the most common desktop OS, Linux tends to rule the server world, meaning its arguably better to look at pen-testing that.

3. Its where all the good pen-testing tools live

When it comes to which version of Linux to use, its up to you¹. However, there are two distros that have a focus on penetration testing:

• Kali
• Parrot

While we probably wont be using too many specialist tools, either of these systems will have a wide range of software available for your pen-testing needs.

Note

While I mention Kali / Parrot, feel free to use whatever distro you want.

We wont make too much use of the more "dedicated" tools (like burpsuite), but having stuff like nmap, netcat and python is going to be essential.

Install Docker

The final piece of our lab setup. I like containerisation, its a really neat way of getting transferable setups between systems.

Docker is a tool used to create "containers". These behave like light-weight virtual machines, but in fact are cleverly constructed by creating filesystems and network interfaces that exist on the host system and use the host resources.

If you need to know how docker works, I have made a separate guide to using docker

Task: Install Docker

Install Docker and Docker Compose in your VM

Installing Docker

Depending on your OS you may need to go through different processes for installing Docker. Links to the "official" docs are below for different OS.

• Debian like systems
• For Parrot follow the Debian like instructions
• Kali

Debian

Unfortuatly its not quite as easy as runing apt install docker on debian.

The docker name has been taken by an applet manager. Follow the instructions above to get it working

There are also some post installation tweaks you can use.

Certainly I find adding you user to the docker group (so you don't need to type sudo each time) is a must²

Docker-Compose

We will also make a lot of use of docker-compose. This lets us setup "recipes" for groups of docker containers. This means that rather than remembering sometimes obscure docker syntax, we can just type docker-compose up and have all the containers start in the same way.

The easiest way to to install compose is via python, although it is also available through package managers.

sudo pip install docker-compose

---

1. Arch Obviously ↩

2. Yes, we can argue about giving users what is effectively password-less root. Convenience VS security is always a trade off. ↩