Penetration Testing Lab Setup¶
Lab Pentesting
There are many websites where you can test various vulnerabilities, and entire services providing complete infrastructure like Hack The Box or HackMe. However, you can also build your own laboratory and test it in a closed environment. This gives you full control over the setup and allows for offline practice. Popular vulnerable resources include:
- Damn Vulnerable Web Application (DVWA)
- OWASP WebGoat
- OWASP Juice Shop
- Metasploitable
- VulnHub - Collection of vulnerable VMs
Introduction¶
Virtual penetration testing laboratory provides a controlled, isolated environment for practicing and testing various cybersecurity attack techniques, vulnerability assessments, and security tool usage. It includes a diverse range of systems spanning different operating systems, vulnerable applications, and network infrastructure components. This setup allows for hands-on experience with common attack vectors including Active Directory exploitation, web application vulnerabilities, and exploitation of legacy systems. The lab is designed to be entirely self-contained, making it safe for testing without risk to production systems or external networks.
Environment¶
👉 Prerequisites¶
- VMware Workstation Pro
- Sufficient host resources (recommended: 32GB+ RAM, 6+ CPU Cores, 200GB+ free disk space)
- Downloaded ISO images and virtual appliances for all systems
💻⚙️ Lab Components¶
| Role / System | Capabilities | Resources | IP Address |
|---|---|---|---|
| Firewall, DNS, vLAN pfSense |
Filters traffic, isolates network segments, and manages internet access. Provides routing between VLANs and DNS services. | 1 CPU / 1GB RAM / 8GB Disk | 192.168.10.1 (WAN)10.0.0.1 (LAN) |
| Active Directory, DNS Windows Server 2003/2008 |
Enables testing of attacks on Active Directory, outdated Windows services, and legacy authentication mechanisms. | 1-2 CPU / 4GB RAM / 40GB Disk | 10.0.0.10 |
| Workstation Windows 7 (or XP) |
Older systems with vulnerabilities like SMBv1 (e.g., EternalBlue exploit). Useful for testing privilege escalation and lateral movement. | 1 CPU / 1-2GB RAM / 30GB Disk | 10.0.0.20 |
| Attacker Tool Kali Linux |
Standard distribution for penetration testing with pre-installed security tools (Metasploit, Nmap, Burp Suite, etc.). | 2 CPU / 2-4GB RAM / 40GB Disk | 10.0.0.100 |
| SSH, FTP, MySQL Ubuntu Linux |
Used for testing password attacks, brute force, service exploitation, and privilege escalation on Linux systems. | 1 CPU / 1-2GB RAM / 20GB Disk | 10.0.0.30 |
| Test Target Metasploitable 2, 3 |
Pre-configured with numerous vulnerable services ready for exploitation (FTP, SSH, Samba, web services, databases). | 1 CPU / 512MB RAM / 8GB Disk | 10.0.0.40 |
| Vulnerable Web Applications OWASP Dojo (Juice Shop, WebGoat, bWAPP, Mutillidae, DVWA) |
Collection of intentionally vulnerable web applications for testing XSS, SQLi, RCE, SSRF, authentication bypass, and other OWASP Top 10 vulnerabilities. | 1-2 CPU / 2GB RAM / 20GB Disk | 10.0.0.50 |
📡🔧 Network Configuration¶
- WAN Network:
192.168.10.0/24(simulated external network/internet access) - pfSense:
- Network Adapter 1:
192.168.10.1(bridged) WAN - Network Adapter 2:
10.0.0.1(LAN Segment) LAN
- Network Adapter 1:
- LAN Network:
10.0.0.0/24(internal lab network) - Gateway: pfSense
10.0.0.1 - DNS Server: pfSense / Windows Server
🔑 Key Features¶
- Isolated Environment: Complete network segmentation from production systems
- Realistic Attack Scenarios: Multiple vulnerable targets representing real-world systems
- Active Directory Testing: Full AD environment for testing domain attacks
- Web Application Security: Comprehensive OWASP vulnerability testing platform
- Network Services: Various services (SSH, FTP, SMB, HTTP, MySQL) for exploitation practice
- Scalable Design: Easy to add additional systems or modify network topology
Important Lab Configuration Notes
- Network Adapter Configuration: Remember to set the Network Adapter for each VM to the LAN Segment that is assigned to the LAN port on pfSense to ensure proper network connectivity
- Startup Sequence: Always start pfSense before launching other VMs to avoid network connectivity issues and ensure proper DHCP/DNS services are available
- Firewall Rules: Configure proper firewall rules to prevent access to your physical network. Consciously control traffic within the virtual network to maintain isolation and security
- Windows Firewall: Remember to configure Windows Firewall settings appropriately on the host machine, as overly restrictive rules may block virtual machines from accessing the internet through the hypervisor
- Network Isolation: Ensure all systems are set to use pfSense as their gateway to prevent unauthorized external access
- VLANs: Use separate VLANs for additional segmentation if needed