Cameron Walters | 1

Setting Up a Virtualized Lab Environment

CSOL 570 | Module 1 | Assignment 1

01 – 19 – 2020

Cameron Walters
 Cameron Walters | 2

Contents

Part 1 - Install VirtualBox & Run....................................................................................................3

Part 2 - Install Kali & Run...............................................................................................................5

Part 3 - Install Metasploitable & Run..............................................................................................8

Part 4 - Install Linux Mint & Run.................................................................................................11

Part 5 - Install WebGoat & Run....................................................................................................14

Part 6 - Network Diagram..............................................................................................................17

Part 7 - Scanning with NMAP.......................................................................................................18

References......................................................................................................................................19
 Cameron Walters | 3

Part 1 - Install VirtualBox & Run

VirtualBox Product Description:

VirtualBox is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as

home use. Not only is VirtualBox an extremely feature-rich, high-performance product for

enterprise customers, it is also the only professional solution that is freely available as Open

Source Software under the terms of the GNU General Public License (GPL) version 2. See

"About VirtualBox" for an introduction.

VirtualBox Website:

https://www.virtualbox.org/

Prerequisites to Installing:

 In the BIOS of your system enable “Virtualization” (VT-X/AMD-V)

Install Instructions:

1. Go to VirtualBox website

2. Download latest version of VirtualBox

3. After the download is complete run installer

4. Once finished installing, launch VirtualBox

 Cameron Walters | 4

VirtualBox Application Running:

 Cameron Walters | 5

Part 2 - Install Kali & Run

Kali Product Description:

Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration

testing. It is maintained and funded by Offensive Security Ltd.

Kali Website:

https://www.kali.org/

Offensive Security Kali Linux Prebuilt VirtualBox Image:

https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-image-download/

Prerequisites to Installing:

 In the BIOS of your system enable “Virtualization” (VT-X/AMD-V)

 System Virtualization Software such as VirtualBox installed

Install Instructions:

1. Visit Offensive Security Kali Linux Prebuilt VirtualBox Images website

2. Download Prebuilt image (should be a .ova file)

3. Once File has been downloaded move file into a VM folder to organize virtual systems

4. Open VirtualBox

5. Click Import and Import the kali .ova file

6. Once the system has is imported, adjust system settings

 Cameron Walters | 6

a. Right-click on the image in VirtualBox

b. Click Settings

c. In System Settings, on Motherboard adjust Base Memory to 4 - 8GB of memory

d. In System Settings, On Processor Increase the Processors to 2 – 4 CPUs

7. Click okay in Settings

8. Launch the Kali Virtual System

9. Log into the Virtual System using credentials (username: Root & Password: toor)

10. Open a Terminal window by right-clicking

11. Type sudo apt-get update & provide credentials

12. Type sudo apt-get upgrade

13. Your system has been upgraded and is running now shutdown the VM

14. Once off go back to settings

15. Click Network and click “Attached To” drop-down

16. Change Adapter to Host-Only Adapter

17. Click ok

18. Relaunch the Virtual System & login

19. Launch a Terminal Window

20. Type ifconfig -a to get IP Address

21. Shutdown system & it is ready for use

 Cameron Walters | 7

Kali Application Running:

 Cameron Walters | 8

Part 3 - Install Metasploitable & Run

Metasploitable Product Description:

Metasploitable is an intentionally vulnerable Linux virtual machine. This VM can be used to

conduct security training, test security tools, and practice common penetration testing techniques.

The default login and password is msfadmin:msfadmin.

Never expose this VM to an untrusted network (use NAT or Host-only mode if you have any

questions what that means).

Metasploitable Download Website:

https://sourceforge.net/projects/metasploitable/

Prerequisites to Installing:

 In the BIOS of your system enable “Virtualization” (VT-X/AMD-V)

 System Virtualization Software such as VirtualBox installed

Install Instructions:

1. Go to SourceForge Metasploitable download link

2. Download the zip file

3. Once downloaded, extract and move to VM folder

4. Make sure you have “Metasploitable.vmdk” at around 2GB in size

5. Open VirtualBox

6. Click New
 Cameron Walters | 9

7. In Name field enter Metasploitable

8. Type field enter Linux

9. Version field enter Ubuntu 64-bit

10. Slide memory bar to 1 GB of Memory

11. Click next

12. On “Create Virtual Hard Disk” Click “VMDK” option

13. File Location click right side file icon

14. Navigate to where you saved Metasploitable Download File

15. Click Metasploitable.vmdk

16. Click Create

17. Right-click new Virtual System

18. Click Settings and go to Network tab

19. Set “Attached to:” to Host-Only Adapter

20. Launch VM

21. Username is msfadmin & Password is msfadmin

22. Type in ifconfig -a to get IP Address

23. Metasploitable setup is finished

24. Shut down VM

 Cameron Walters | 10

Metasploitable Application Running:

 Cameron Walters | 11

Part 4 - Install Linux Mint & Run

Linux Mint Product Description:

Linux Mint is a community-driven Linux distribution based on Ubuntu or Debian that strives to

be a "modern, elegant and comfortable operating system which is both powerful and easy to

use." Linux Mint provides full out-of-the-box multimedia support by including some proprietary

software, such as multimedia codecs, and comes bundled with a variety of free and open-source

applications.

Linux Mint Download Website:

https://linuxmint.com/download.php

Prerequisites to Installing:

 In the BIOS of your system enable “Virtualization” (VT-X/AMD-V)

 System Virtualization Software such as VirtualBox installed

Install Instructions:

1. Download Linux Mint distro from the download page

2. Move download to VM folder

3. Open VirtualBox

4. Click New

5. Name the system “Linux Mint”

6. Click type as Linux

 Cameron Walters | 12

7. Click Version Ubuntu 64-bit

8. Set Memory Size as 4 – 8 GB

9. Click Create

10. Click VDI

11. File size slider should be 20 - 40 GB

12. Click Create

13. Right Click Linux Mint System in VirtualBox

14. Click Storage

15. Click CD image with + sign

16. Click Choose Disk

17. Click CD image with + Sign

18. Navigate to VM folder and click Linux Mint .iso file

19. Click Add

20. Click Linux Mint option

21. Click Choose

22. Click Ok

23. Launch VM

24. Once launched Click Graphic Installer

25. Install Linux Mint / Setup

26. After installing Launch Linux Mint VM

27. Login

28. Open Terminal

29. Type ifconfig -a to get IP Address

 Cameron Walters | 13

Linux Mint Application Running:

 Cameron Walters | 14

Part 5 - Install WebGoat & Run

WebGoat Product Description:

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach

web application security lessons.

This program is a demonstration of common server-side application flaws. The exercises are

intended to be used by people to learn about application security and penetration testing

techniques.

WARNING 1: While running this program your machine will be extremely vulnerable to attack.

You should disconnect from the Internet while using this program. WebGoat's default

configuration binds to localhost to minimize the exposure.

WARNING 2: This program is for educational purposes only. If you attempt these techniques

without authorization, you are very likely to get caught. If you are caught engaging in

unauthorized hacking, most companies will fire you. Claiming that you were doing security

research will not work as that is the first thing that all hackers claim.

WebGoat Download Website:

https://github.com/WebGoat/WebGoat

Prerequisites to Installing:

 In the BIOS of your system enable “Virtualization” (VT-X/AMD-V)

 System Virtualization Software such as VirtualBox installed

 Have a Virtual System such as a Linux Distro (Kali, Ubuntu, Etc) Or Windows
 Cameron Walters | 15

Install Instructions:

1. Launch your Virtual System where WebGoat is to be hosted

2. Go to https://github.com/WebGoat/WebGoat/releases

3. Download webgoat-server-8.0.0.M26.jar inside Virtual System

4. Open Terminal

5. Confirm java is installed using the command below

a. sudo apt install default-jre

6. Move webgoat-server-8.0.0.M26.jar to /opt directory

7. Open Terminal

8. Run follow command

a. java -jar webgoat-server-8.0.0.VERSION.jar [--server.port=8080] [--

server.address=localhost]

9. Open a web browser and type in the browser

10. Localhost:8080/WebGoat

11. Open new terminal

12. Type ifconfig -a to get IP Address

13. Install complete, shutdown VM

 Cameron Walters | 16

WebGoat Application Running:

 Cameron Walters | 17

Part 6 - Network Diagram

Below is the Network Diagram of the Virtual Network Environment that is set up from the

instructions above. In this diagram, the host system consists of a personal desktop computer,

which used VirtualBox to create a virtual network consisting of three virtual systems. The virtual

router is created using VirtualBox and allows a subnetwork to exist on my host machine between

the three systems which are disconnected from the internet. All three systems are configured to

Host-Only Adapters which disconnects them from the internet but allows access to one another.

The Linux Mint system contains OWASP WebGoat virtual testing web server and will host it

from within.
 Cameron Walters | 18

Part 7 – Scanning with NMAP

Below is an NMAP scan results from the Kali virtual system to the Metasploitable virtual

system. The NMAP scan command consists of nmap -sV 10.10.1.10. The -sV part of the NMAP

scan stands for version detection, which scans primary ports and grabs the basic versions of

software running on the system which can then be used to pair exploits with depending on the

vulnerabilities on those ports.

 Cameron Walters | 19

References
VirtualBox. (2020). Welcome to VirtualBox.org! Retrieved January 19, 2020, from

https://www.virtualbox.org/

Offensive Security. (2020). DOWNLOAD KALI LINUX VIRTUAL IMAGES. Retrieved

January 19, 2020, from https://www.offensive-security.com/kali-linux-vm-vmware-virtualbox-

image-download/

Linux Mint. (2020). Download Linux Mint 19.3 Tricia. Retrieved January 19, 2020, from

https://linuxmint.com/download.php

OWASP. (2020). Category: OWASP WebGoat Project. Retrieved January 19, 2020, from

https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

WebGoat. (2020, January 5). WebGoat/WebGoat. Retrieved January 19, 2020, from

https://github.com/WebGoat/WebGoat