Setting up a Home Lab

Sadly, it doesn't look like we are going to get access to the hacking lab. This means that you are going to have to run the lab tasks on your own machines.

In this article I will run through the process of setting up a home lab

Important

We will be going through this in week 1, to make sure everyone has access to the systems they will need for the module. If you have things set up before then, excellent, but if not there will be a support session around getting your system set up for the module.

Linux

We will be using Linux for the majority of the tasks. While this may not be your preferred desktop environment, it does give us a lot of benefits over Windows.

1. We get a much more transparent system. While we can do almost all of the labs in windows, its much more of a PITA. Usually with Linux things like installing software, configuring permissions, or running more "interesting" tools are much easier.
2. While windows is still the most common desktop OS, Linux tends to rule the server world, meaning it's arguably better to look at pen-testing that.
3. It's where all the good pen-testing tools live

When it comes to which version of Linux to use, its up to you¹. However, there are two distros that have a focus on penetration testing:

• Kali
• Parrot

While we probably wont be using too many specialist tools, either of these systems will have a wide range of software available for your pen-testing needs.

Note

To be honest, I am going off of Kali at the moment. While lots of good things, like non-root user, have happened.
I still come across stability issues. (Also Gnome Desktop)

However, it's likely I will use it for the lab sessions, so we are all on the same page.

Virtual Machines

We will also want a VM platform to run the various Virtual Machines on, again you have a couple of options here.

Important

If this is a problem for you, let me know ASAP, so I can try to sort something out.

VMWare

Is my personal preference.

You can get a free copy of VMWare Pro / Fusion etc from the university at On the Hub

You can find it under "Productivity"

Virtual Box

You can also use Oracle VirtualBox

Personally, I am less keen on this due to the networking (which I still haven't quite got my head around) However, it is the virtualisation platform of choice for the Uni image outside of the hacking lab.

WSL

Windows subsystem for Linux is also becoming an option. It's pretty neat being able to run Linux terminal applications natively in a Windows terminal.

This should be OK for most of the lab tasks, but you may want a virtualisation platform as a backup (and you will need one for Coursework 2).

Important

If I distrubute any VM's for the lab tasks, I will make sure they are in OVA format. This means they should work on both systems

Docker

The final piece of our lab setup. I like containerisation, it's a really neat way of getting transferable setups between systems.

Docker is a tool used to create "containers". These behave like lightweight virtual machines, but, in fact, are cleverly constructed by creating filesystems and network interfaces that exist on the host system and use the host's resources.

As there's a lot to cover, I have made a separate guide to using docker

Installing Docker

Depending on your OS you may need to go through different processes for installing Docker. Links to the "official" docs are below for different OS.

• Debian like systems
• For Parrot follow the Debian like instructions
• Kali

Debian

Unfortunately it's not quite as easy as running apt install docker on debian.

The docker name has been taken by an applet manager. Follow the instructions above to get it working.

There are also some post installation tweaks you can use.

Certainly I find that adding you user to the docker group (so you don't need to type sudo each time) is a must²

Tip

One thing you might want to do is add your user to the docker group. This means you wont have to type sudo every time².

In a debian like system (kali / parrot / ubuntu) you can do this with

$ sudo usermod -aG docker <user>

You will need to logout and login again for the permission to take effect.

Docker-Compose

We will also make a lot of use of docker-compose. This lets us setup "recipes" for groups of docker containers. This means that rather than remembering sometimes obscure docker syntax, we can just type docker-comopse up and have all the containers start in the same way.

The easiest way to install compose is via Python, although it is also available through package managers.

sudo pip install docker-compose

Other Useful Software

• Git

  Use Verion Control, Enough Said.

• A Decent Text editor

  You can't beat a decent text editor, you will want to be making lots of notes, and something as heavy as word isn't really suitable for technical notes.

  Grab one with Markdown Support:

  • Emacs
  • VS Code / VS Codium
  • Even VIM

• Alternatives to using a text editor

  A few of you have suggested Joplin for keeping notes. I haven't used it that much in anger, but it seems like an excellent tool.

• Pandoc

  Pandoc Is a tool that lets our convert between file formats. Combined with a text editor it helps you make decent looking reports / notes / writups with very little effort.

• Asciinema

  Asciinema lets you record terminal sessions. I hope to play around with this to record lab sessions, and make it easier for you to replay what I do.

---

1. Arch Obviously ↩

2. Yes, we can argue about giving users what is effectively password-less root. Convenience VS security is always a trade-off. ↩↩