This post will give you a step-by-step guide on setting up your virtual penetration testing lab and install the various operating systems and vulnerable machines you can start with.

Why Setup A Virtual Penetration Testing Lab

The most apparent reason you would need a penetration testing lab is to practice what you learn and test the different available security tools.

However, other than convenience, there are more reasons as to why you need a virtual lab.

1. Your safety

One is for your safety. Performing a penetration test on a system without permission from the owner is illegal and regarded as a computer crime. That can land you into trouble with the owner or even the authorities if issues escalate beyond control.

To avoid such problems and be on the safe side, you can host the various vulnerable machines available in your penetration testing lab and exploit them.

2. It’s isolated from the real-world environment

This is another reason why a penetration testing lab is necessary. Anything you perform in the lab does not affect the systems or people around you.

For example, if you are trying to get into malware analysis, you will deal with real viruses (the WannaCry ransomware). There is a high risk of this malware spreading through the computer network or even storage drives shared among people in a real-world scenario.

This virus will be isolated with a virtual testing lab and can only impact the installed virtual machine, whichs is much more manageable.

3. It’s a reliable testing platform

Finally, a virtual penetration testing lab is flexible and will provide you with a reliable platform for research and development.

You can develop new security tools, advanced exploitation tactics in a controlled environment without affecting any systems or networks around you.

Understanding Virtualization Technology

When setting up a penetration testing lab, you will have two options to choose from:

1. Use locally-hosted virtualization technology (Recommended)
2. Set up a home lab with additional computer devices and components available.

The latter (home lab) can be a little expensive and complicated to set up and manage. You will need to gather all computer devices and routers and use them to set up a lab. For example, you can have Computer A running your hacking distribution (say Kali Linux) and Computer B or C running your vulnerable machines (say DVWA or BWAPP). You will also need routers, switches, ethernet cables to manage the personal network.

Locally-hosted virtualization is much easier to set up, manage and only requires you to have one powerful PC that supports virtualization technology. That is the method that we will use in this post. Essentially, virtualization allows you to run more than one operating system on your computer. You will need to install virtualization software and use it to run the additional operating systems to get started. Some of the most common softwares are VirtualBox and VMware.

VirtualBox is a free and open-source virtualization software developed by Oracle distributed under the GNU General Public License (GPL) version 2.

VMware, on the other hand, is a commercial software company and has several products to offer. The only free version is the VMware Workstation Player intended for home or personal use. To get many more advanced features, including snapshots, you will need to upgrade to VMware Workstation pro.

Up to this point, I believe you have a good understanding of a penetration testing lab and the technology you need to come up with one.

Let’s dive in and set up our lab. Our virtualization software of choice for this post is VirtualBox.

Step 1. Download and Install VirtualBox on your PC

To get started, you will need to install VirtualBox on your current operating system. That can be Windows, Linux, or macOS. Additionally, install the VirtualBox guest Addition, which consists of drivers and system applications that improve the performance of your virtual machines. Other advantages of guest additions include:

• Mouse pointer integration
• Shared folders
• Improved video support
• Generic host/guest communication channels
• Seamless window management
• Shared clipboard
• Time synchronization
• Automated logins

After a successful install, proceed to launch the virtual box from the application menu.

Step 2. Install Kali Linux on VirtualBox

Once you have VirtualBox installed and running, we can start installing our virtual machines. We will begin by installing the penetration testing distribution of our choice.

In this post, we will use Kali Linux. However, that should not limit you from using other security operating systems like BlackArch Linux, Parrot, etc.

To install Kali Linux virtual machine, we will not need to download the setup ISO file and configure everything from scratch. Nowadays, Kali Linux comes packaged in several formats.

• Bare Metal setup – used to install Kali Linux on your PC in a single boot or multi-boot setup.
• Virtual machines: This option provides you with pre-configured virtual machine images to install on your virtualization software. As of writing this post, the only supported virtualization platforms are VMware and VirtualBox.
• ARM setup: Used for ARM devices such as the Raspberry Pi.
• Cloud setup
• Container setup (Docker)
• Live Boot setup
• WSL (Windows Subsystem for Linux)

In this post, we will download the Kali Linux virtual machine setup for VirtualBox from the official Kali Linux download page. It is a `.ova` file.

After the download is complete, launch VirtualBox from your applications menu and follow the steps below:

1. Click on the File menu and select Import Appliance. Alternatively, you can use the keyboard shortcut (Ctrl + I).
2. A new window will open. Click on the file icon, select the `Kali Linux.ova` file you downloaded, and click Next.
3. In the next window, you will see all the information about the virtual machine. Select the import option at the bottom to import the virtual machine.

After a successful import, you will see Kali Linux listed on your VirtualBox window, as shown in the image below.

You can tweak the settings of the virtual machine depending on your system resources. When done, click Start to boot the virtual machine. You don’t need to perform any configurations, just sit and wait till you get to the Kali Linux login screen.

The default credentials are:

• Username: Kali
• Password: Kali

Step 3. Install Windows 10 on VirtualBox

Microsoft’s Windows is the most popular operating system used worldwide. As an ethical hacker, you need to understand how to exploit and find vulnerabilities on Windows systems and software. For that case, we will also need to install Windows as a virtual machine – specifically Windows 10. You can download Windows 10 ISO file from Microsoft Official website.

Launch VirtualBox and follow the steps below to install Windows 10

1. Click New on the VirtualBox window
2. A small window will open. Enter the name of your new operating system (for example, Windows 10). Click Next.
3. Enter the memory size you wish to assign your new virtual machine and click Next.
4. In the next window, select Create a virtual hard disk now and click Next.
5. Select `VDI` (VirtualBox Disk Image)
6. Select whether you want to use the Dynamically allocated or Fixed Size hard disk on the next screen. Click Next.
7. Set the storage size of your Windows 10 virtual machine. Click Create.

That will create a Windows 10 virtual machine, as shown in the image below.

To install Windows 10 as a virtual machine, click the Start button on the VirtualBox window. A window will pop up and prompt you to select the Windows 10 ISO file you downloaded.

Click Start when done. After a few seconds, you will get to the Windows 10 installation screen.

Continue with the installation process like you were installing Windows natively on your PC.

When done, you can proceed to install Metasploitable.

Step 4. Install Metasploitable

Metasploitable is an intentionally vulnerable Linux-based system used to practice penetration testing.

Like the Kali Linux virtual machine, Metasploitable comes in a pre-configured virtual machine, making the whole installation easier.

Head over to SourceForge and download the Metasploitable VM.

After a successful download, launch VirtualBox and follow the steps below:

1. Click New on the VirtualBox window
2. Set a name for your virtualization machine (for example, `Metasploitable-2`). Click Next.
3. Set the memory (RAM) size. Metasploitable can run efficiently on 512 MB of RAM. Click Next.
4. On the next window, select “Use an existing virtual hard disk file.”
5. Click the file icon and select the Metasploitable VMDK file.
6. Click Create

You should now see Metasploitale virtual machine on your VirtualBox window as shown in the image below:

Click Start to launch Metasploitable.

This vulnerable machine doesn’t come with a Graphical User Interface (GUI). Therefore, when it’s fully booted, all you will see is a console. Use the following default credentials to log in:

• Username: msfadmin
• Password: msfadmin

Final Thoughts

This post has given you a step-by-step guide to setting up a virtual penetration testing guide. You can now use Kali Linux to exploit your target machines (Windows or Metapsploitable). However, that shouldn’t be the end. You can install more vulnerable machines like the Buggy Web Application (bWAPP), Bee Box, OWASP Broken Web Apps, and much more.

Additionally, depending on the field you want to specialize in, you can consider adding more advanced penetration testing systems. For example, if you’re going to specialize in web application security, try using the Samurai Web Testing Framework. Did you come across any issues, or do you have any additional information for our readers? Please, feel free to let us know in the comments and we’ll get back to you as soon as we can.

Most don’t know what they are, why we need them, and how to select the best adapter since we have so many brands and models available in the market.

A wireless adapter is a device that you connect to your computer via the USB port, and it allows you to connect to WiFi networks and communicate with other devices on the network.

🔥 My go-to VPN: 60% Off Special

Been using VPNBaron as my go-to for years. Their Trojan protocol makes it actually undetectable when needed, support is crazy responsive, and they’re running a rare 60% off right now. Works on all devices, adapts to whatever you’re trying to do.

1.99$/month

However, you might wonder: “Why would I need a USB network adapter since my laptop already has an inbuilt adapter that enables me to connect to wireless networks?”

Well, this is among the topics that we will discuss in this post:

• Problems with Built-in Wireless Cards
• Best WiFi adapters for hacking
• How to connect a wireless adapter to Kali Linux Virtual machine

Problems With Built-in Wireless Cards

There are two main problems with built-in WiFi adapters.

1. They can’t be used in Virtual machines – Kali inside a VM does not see the built-in WiFi card of your laptop as a WiFi adapter but will see it as an ethernet adapter. Hence you can have full internet access, but you cannot do packet injection or place the WiFi card into monitor mode.
2. Most built-in cards are not suitable for hacking – In wireless hacking, there are two main factors that we look out for in adapters. That is ‘packet infection’ and support for ‘monitor mode.’ Unfortunately, most of the built-in adapters support non of these two features.

Best WiFi Adapters for Hacking (With Monitor Mode)

Before diving into the different WiFi adapter brands and models, we first need to understand the Wireless Chipset present in these adapters. Like the CPU we have in a computer, this chipset is the “Brains” of the wireless adapter.

It is responsible for all the processing and calculation of data flowing through it. It also determines the capability of the wireless adapter. Whether it can support monitor mode, packet injection, and works with Kali Linux or not.

Some of the chipset supported by Kali Linux include:

• Realtek RTL8812AU
• Realtek 8187L
• Ralink RT5370N
• Ralink RT3572
• Ralink RT5572
• Ralink RT3070
• Ralink RT307
• Atheros AR9271
• MT7610U
• MT7612U

I understand all this information looks gibberish as of now; however, you will appreciate it when we look at the different WiFi adapters available and the chipset they use.

You will notice that the ALFA Networks company highly dominates the Wireless adapter market. Over the past couple of years, the company has risen to stand as the perfect supplier for efficient and reliable WIFI adapters. Other companies include TP-Link and Panda.

The table below shows a list of wireless adapters supported by Kali Linux and the Chipset, Frequency, and Protocol they are using.

Important: When it comes to TP-LINK TL-WN722N, it’s important to know that you can also get v2/v3 to work with a few workarounds, although it’s sometimes assumed that only v1 works.

A great and detailed tutorial on this topic is this one from David Bombal – Kali Linux TP-Link TP-WN722N.

TL-WN722N is a decent budget WiFi adapter for our purposes, but it’s sometimes difficult to find v1 in your immediate area, so v2/v3 is definitely a good option.

In some cases you won’t find the adapter’s version in the product description, so I think it’s definitely good to know you can make it work no matter which of those versions it is.

Connect a Wireless Adapter to Kali Linux Virtual Machine (VirtualBox)

To connect a wireless adapter to your Kali Linux virtual machine, when using VirtualBox, you can go in the Oracle VM VirtualBox menu > Devices > USB > [select_your_adapter].

It may not list the name of the WiFi Adapter, but something related to the chipset, instead. Here, I’m using a TP-LINK TL-WN722N 2.4GHz v2/v3, and as you can see, it’s displaying Realtek 802.11n NC.

Automatically Connect the WiFi Adapter to a VirtualBox VM

You can also automatically connect a wireless adapter to your Kali Linux virtual machine, when running VirtualBox. This way, you don’t have to manually connect it every time

To do this follow the steps below:

1. Shutdown the Kali virtual machine if it was already running
2. Connect your Wireless USB adapter to your PC
3. Right-click on your Kali Virtual machine and select the Settings option. A window will open displaying all the different configuration options.
4. Click on the USB option and check the Enable USB controller check box.
   
   

   

   
   
   We will need to add a USB filter on this window that will enable us to mount our wireless adapter to the Kali VirtualBox VM.
5. Click on the USB icon that has a plus (+) sign and select your Wireless adapter.
   Note: Be careful since the adapter may appear with the chipset na,e instead of the Brand name. For example, my adapter in this case is TP-LINK TL-WN722N 2.4GHz v1 but was listed under the chipset name Atheros AR9271.
   
   If you are not sure of the adapter’s name, just remove it, and you will notice the name that will disappear from the VirtualBox USB list.
   
   

   

   
   
6. Your wireless adapter will be listed under the “USB Device Filters” section.
   
   

   

   
   
7. To finalize everything, right-click on your newly added USB filter and select the Edit Filters option.
   A window will open listing all the details about your wireless adapter. Then, on the Remote option, click on the dropdown and select Yes.
   
   

   

   
   
8. Click Ok to save your configurations.

Connect a Wireless Adapter to Kali Linux Virtual Machine (VMware Player)

To connect a wireless adapter to your Kali Linux virtual machine, when using VMware Player, you can go to the VMware Player menu > Player > Removable Devices > [your_adapter] > Connect (Disconnect from host).

It may not list the name of the WiFi Adapter, but something related to the chipset, instead. Here, I’m using a TP-LINK TL-WN722N 2.4GHz v2/v3, and as you can see, it’s displaying Realtek 802.11n NC.

You should then receive a message informing you that the device will be safely stopped and disconnected from the host machine, so it can then be connected to Kali Linux in the VMware player.

I’m not sure of an easy way how you can automatically connect a WiFi Adapter with VMware Player, as we did with VirtualBox. The solution in VMware knowledge base seems to involve a bit of work https://kb.vmware.com/s/article/1648, and I haven’t tried it myself. If anyone has an easier solution for this and would like to share, then we’d love to hear from you.

Conclusion

Now you can boot your Kali VM and start practicing your wireless hacking skills. You can list all the wireless networks around you and even put your card in monitor mode.

I believe up to this point, you have a working wireless adapter on your Kali Linux VirtualBox machine. Please remember when selecting an adapter for wireless hacking to ensure the chipset used is among the chipsets listed above.