HOW TO SET UP

YOUR OWN
TESTING LAB
ENVIRONMENT

A HOW TO GUIDE

This e-book will guide you through the basics

of installing the software and the steps
Written By: needed to get your virtual machines and lab
Dan Cannon environment up and running.
INTRODUCTION

Welcome to your journey into building a lab

environment with VirtualBox!

Whether you're an aspiring penetration tester or just someone

passionate about cybersecurity, having a safe and controlled
environment to practice and experiment is crucial.

This e-book is designed to guide you through the very basics of

installing the necessary software and getting virtual machines
(VMs) up and running.

Creating a lab environment will not only help you sharpen your
skills, but also ensure that your testing activities do not interfere
with any real-world systems.

We'll start from scratch, so even if you're new to virtualisation,

you'll find this guide accessible and straightforward.

With detailed instructions and accompanying screenshots, you'll

be able to set up your own lab and dive into the world of
penetration testing with confidence.

page 02 S etti ng up a l ab e nv ir o nm en t
SETTING UP YOUR OWN TESTING LAB
Ready to get started?

Go to your downloads folder and double click the VirtualBox executable to

install it.

Click Next

Click Next

page 03 S etti ng up a l ab e nv ir o nm en t
Click YES

Click YES

page 04 S etti ng up a l ab e nv ir o nm en t
Click Install

Click Finish

page 05 S etti ng up a l ab e nv ir o nm en t
Congratulations, you have now successfully installed VirtualBox.

From here we can create both virtual machines to test from (typically Kali)
and virtual machines to attack (anything we choose).

page 06 S etti ng up a l ab e nv ir o nm en t
HOW TO CREATE A TESTING MACHINE
To create a testing machine, we will use Kali.

You will have two options when it comes to downloading Kali - either to
download a pre-built virtual machine, or the image installer (a .iso file)

The key difference is that downloading the ISO file will let you install Kali Linux
from scratch, giving you more control over the setup, while the pre-built VM is
a ready-to-use version that you can import directly into your virtualisation
software, saving time and effort.

First, let’s start with using a prebuilt machine.

Click Next

page 07 S etti ng up a l ab e nv ir o nm en t
Select the software you use (we are going to assume VirtualBox). This will give
you a zipped file.

To access this virtual machine, simply Add it to VirtualBox.

Click Add

Select the Kali Linux folder

page 08 S etti ng up a l ab e nv ir o nm en t
And choose the Kali VirtualBox file

Your Kali machine now appears in your VirtualBox interface.

Pressing start will boot up the machine. It will use the default credentials of
kali:kali

You will now be able to use your Kali virtual machine.

page 09 S etti ng up a l ab e nv ir o nm en t
Alternatively, we can build a virtual machine with an ISO file.

This is the installation file for an operating system. This gives us more flexibility
around how much power and storage a virtual machine has.

To do this simply select New from the virtual box interface.

Choose a name for the machine and select the location of the ISO file you
have downloaded, then hit Next.

page 10 S etti ng up a l ab e nv ir o nm en t
Choose how much RAM you want to use (you will need to think about how
much RAM is available on your computer and how many Virtual Machines
you intend to run at the same time).

Then choose how big you want the virtual hard drive to be.

page 11 S etti ng up a l ab e nv ir o nm en t
Once you are happy with your settings, you will see the following menu:

Hit Finish and your VM will be available from the VirtualBox interface.

page 12 S etti ng up a l ab e nv ir o nm en t
Once you have created your virtual machine, a simple way to test whether
you have network and internet connectivity is to use the terminal (command
prompt) to ping something on your network or an internet accessible IP
address.

(Don’t forget, in Linux ping does not stop after 4 packets, to stop you will
need to press CTRL+C)

When using virtual machines, you can select to use NAT (Network Address
Translation) or bridged mode.

In NAT mode, the VM uses your computer's internet connection, like it's hiding
behind your computer.

In bridged mode, the VM gets its own internet connection, just like any other
computer in your house.

By default, most VMs use NAT; the main difference is that your VM will not get
an IP address for the network your laptop is on due to it not being on that
network. If you want your VM to get an IP address that you recognise as part
of your network you will need to use bridged mode

page 13 S etti ng up a l ab e nv ir o nm en t
VM is currently in NAT mode. By right clicking the icon of two computers, we
get the option to look at the network settings

page 14 S etti ng up a l ab e nv ir o nm en t
HOW TO CREATE A TARGET MACHINE
Now it’s time to create a couple of target machines to practice against.

We are going to use Metasploitable 2 (an old and well documented vulnerable
machine so there are plenty of walkthroughs online if you get stuck).

First of all, navigate to https://www.vulnhub.com/entry/metasploitable-2,29/

and download the virtual machine.

This will download a zipped VDI file (Virtual Disk Image) – essentially the hard
drive of a machine, rather than the whole virtual machine. This means that
we have to set up a VM and then provide this file as the ‘hard drive’ to be
used. Go to your VirtualBox manager interface.

Click New and Name the virtual machine what ever you choose. Then set the
Type to Linux and Version to Other Linux (64-bit).

page 15 S etti ng up a l ab e nv ir o nm en t
Next you will configure how much RAM you want to assign to this virtual
machine (1GB should be plenty).

Then you will select the hard disk, choose the option Use an Existing Virtual
Hard Disk File and click the Folder icon.

page 16 S etti ng up a l ab e nv ir o nm en t
Choose to Add a hard disk and then navigate to your Metasploitable
download (make sure you have unzipped the file) and hit Open, then Choose.

Then you will select the hard disk, choose the option Use an Existing Virtual
Hard Disk File and click the Folder icon.

page 17 S etti ng up a l ab e nv ir o nm en t
Hit Next. Then at the following screen, hit Finish

Metasploitable is now available from VirtualBox and can be turned on (if you
need to log into the machine the credentials are msfadmin:msfadmin).

page 18 S etti ng up a l ab e nv ir o nm en t
To have a Windows machine to test against, we will use the machine Blue
from Hack The Box. This is a commonly used vulnerable Windows machine,
again with plenty of write ups available across the internet in case you get
stuck.

To get started, download Blue from https://darkstar7471.com/resources.html

by choosing the OVA link next to Blue.

This will download a zip file that contains the prebuilt VM called CTF - Win7.

We can now import this file into VirtualBox as an appliance, by navigating to

File, Import Appliance.

page 19 S etti ng up a l ab e nv ir o nm en t
From here, we simply select the CTF – Win 7 OVA file and hit Next

page 20 S etti ng up a l ab e nv ir o nm en t
Then Finish

To be able to scan both the Metasploitable and Blue VMs, make sure that
they are both set to Bridged Mode so that they are given an IP address on
your network.

page 21 S etti ng up a l ab e nv ir o nm en t
Congratulations - you’ve now set up your
very own lab environment with VirtualBox!
By following this guide, you've taken an important step towards
becoming a proficient penetration tester.

Your new lab provides a safe space to explore, test, and refine
your skills without the risk of causing harm to live systems.

Remember, the world of cybersecurity is vast and ever evolving.

Use your lab environment to continuously practice and stay up to

date with the latest tools and techniques.

And don’t forget to keep an eye out for future guides, on adding
more functionality to your lab environment.

page 22 S etti ng up a l ab e nv ir o nm en t
Turning individuals into
experts

North Green Security is a leader in

penetration testing and cyber security
training. Offering a comprehensive range of
courses to suit you. We are here to provide
guidance and skills that will make you more
successful.

Our trainers have over 12 years experience

creating and delivering training courses
that get results

MORE ABOUT US
Phone Email
0844 502 0042 training@northgreensecurity.com

Website Discord
www.northgreensecurity.com https://discord.gg/w7K8yVaFbD
 www.northgreensecurity.com

NORTH
GREEN
SECURITY
North Green Security is a leader in penetration
Increasing testing and cyber security training. Offering a
security comprehensive range of courses to suit you. We are
here to provide guidance and skills that will make
through you more successful.
education,
training and Our trainers have over 12 years experience creating
and delivering training courses that get results
testing

CYBER SECURITY TRAINING TO PROGRESS YOUR

CAREER

Training courses North Green Academy

Explore our catalogue of training courses For those who prefer self-study and want to
ranging from half-day targeted workshops, learn around their schedule, the north green
to week long courses all designed and academy provides an ever growing library of
delivered by experts that can teach you the videos to teach you the skills needed to drive
skills needed to take your next steps your career forward

https://northgreensecurity.com/upcoming- https://www.ngsacademy.co.uk/
events/

Our trainers are cyber security

Have the best career professionals who know the skills you need
possible to be successful. Reach out for a chat, or
book onto a training course