Time
4 hours 20 minutes
Difficulty
Intermediate
CEU/CPE
5

Video Description

In this final video in the module we go over setting up your pentesting environment. The key steps include: - Install Kali 2.0 on test box. - Download virtual images and configure your virtualized environment. - Download pentester.com exercises. - Download and install Arachni scanner - Create multiple VMs and establish networking between them. This is required for injection attacks.

Video Transcription

00:04
Welcome to Cyber Harry. I am Raymond Evans. I will be your subject matter expert for cyber areas, Web at penetration, testing course. In this video, we will be discussing environments set up. So what will we covered? We're gonna be talking about what? To download howto install instead of pure Callie to box and the pen tester labs and how to set them up. So what to download?
00:23
Well,
00:24
first, you're gonna want to go to the offensive security dot com's website
00:28
and download the newest image of Kelly. You could also go to the Cali website and download from there. However,
00:37
it's best to download the
00:40
premade VM wear
00:43
image that they have rather than I. So because sometimes I so is act funny when you try to install them. So
00:50
let's go. Ah, let's go. Look at what I'm talking about.
00:58
All right, so here I am
00:59
on the calendar page and you'll see these different I So images here
01:03
Now you're not gonna want to download them. What you want to go and want to do is good under the Cali virtual images
01:10
and
01:11
go to that page. So we already have it up here
01:17
and you're gonna want to download one of these VM images so
01:22
they have a pre built Callie V Emma image VM wear image than a virtual box image.
01:29
So
01:30
whichever
01:32
software you might be using to run your virtualized environment if you have a preference preference, go with that
01:38
virtualized environments software.
01:46
Next, we're gonna download VM wear player, so just go to the VM, where website go to the downloads and you'll be able to find it there. You can also just type this link in here and go directly to it. So when you're downloading your Callie to virtual image, if you decide to use VM wear player,
02:01
download the VM Wear player version of the Cali virtual machine image.
02:08
And if you go to that link, this is the page that you will see.
02:13
So if you have Windows or Lennox you're choosing,
02:16
download the appropriate software
02:21
and finally, pen tester labs environments. You want to go to the pen tester, lab dot com website,
02:27
forward slash exercises and any environments that we may be coming across in this course that that's where they will be located. At next. We're gonna go on to howto set up Kelly, too. And it's also suggested at this step that you download the Iraq and I tool from
02:44
the this link here. Now do this download from your virtual machine.
02:51
Do not do it from your Windows or Lennox desktop. Do it from your virtual machine. So the tool is on your Callie box.
03:05
So here we are,
03:06
and we've downloaded the Cali to virtual machine image. So what we're gonna d'oh
03:12
is simply
03:14
unzip it
03:15
or unwritten. Whatever software you're using to decompress it,
03:21
drag and drop it
03:23
to decompress it.
03:38
All right, we have the files, fully extract it. Now,
03:43
we're gonna go in,
03:44
and you're simply going to click on the V M X file.
03:53
Click. I copied it.
04:25
Now I have a fully functioning copy
04:29
of Cali Lennox.
04:31
Usually am route
04:33
password
04:35
T o R.
04:39
It was the default credentials for any Callie image. So if you downloaded a different Kelly image, credentials will be route and T o. R.
04:47
And when she come into this environment
04:50
going download that Iraq and I tool that I had told you about, you will need it for further
04:57
lessons
04:58
in this course.
05:18
Next, you're gonna need us up a pen tester. Lab pen tester Labs are really, really simple because the pen tester labs will actually unpackaged everything for you.
05:30
And there's only minor things that you're gonna have thio change such as your i p address inside the lab. So
05:38
let's go check that out, Roque. Okay.
05:49
All right. All right. Here we are in the VM wear workstation,
05:54
and you're gonna want to create a new virtual machine.
05:57
You're gonna create a virtual machine from a disk image file.
06:02
So let's select secret life to shell too.
06:11
You go. I want to name it something that you're gonna remember select how much disk space you wanna allocate to it.
06:20
Then click finish.
06:25
Like I said before,
06:27
these
06:29
environments are awesome because they run through and set everything up for you. And all you have to do is change the i p configuration.
06:40
All right, so we're gonna do a simple
06:43
i f configure.
06:46
And the I p addresses 192.168 out 101.1 30. You're gonna do it. I have config. 192.168
06:55
0.1 dot 11 because or whatever network you're running on myself. I'm running this virtual environment on a 192.168 dot 1.0 with a siren notation of 24.
07:09
So I will add a side of notation 24 here
07:13
and
07:15
says, air fetching interface device not found.
07:21
That's because we need to do I have config
07:26
eats zero because we are
07:30
saying which interface we want
07:31
and it says permission denied
07:34
because we're not root, You can't do that. So what we're gonna do is type pseudo
07:39
bang bang
07:41
with us doing is saying, Hey, run that last command that I asked, but do it and
07:46
with pseudo permissions
07:49
and it changed.
07:53
So now let's go over to our Lennox environment
07:56
s So here I am in my Lennix environment
07:59
and what we're gonna want to make sure
08:01
first on our VM wear here,
08:05
environment is we want to go to players the player have appear,
08:09
could've managed virtual machine settings,
08:13
and you're gonna want to go to your network adapter and you're gonna need to change this to V. M. Net one host on Lee. It's very important to do that because if you're running this vulnerable, vulnerable environment and
08:24
There's somebody on the network outside and they're skinning your network, and they see that they potentially use that as a way of trying to get into your network.
08:33
And also, you want to be on a V M. Net
08:37
one local host for all of this stuff. Because
08:41
if you are doing something in Cali, Lennox and you are
08:46
sending a sequel injection or cross a scripting or running sequel map against a
08:52
I. P address,
08:54
you want to make sure that that is on a network where nothing else going it touched. And by doing V m Net one, nothing else will get touched. You are safe, your
09:05
good to fire way, all the crazy packets that you want. So now we have that on that environment
09:11
on that network.
09:13
So we're gonna open up the terminal hero quick, and we're gonna do a quick ping check.
09:24
Honore. It can see it.
09:26
So now it's open up ice weasel
09:33
and simply type 192.168 dot one dot
09:39
11.
09:45
Check my I p configuration here. Oh, there we go. Came up.
09:50
So here we are. We are now on that vulnerable web page, so That's how you set up those virtual machines, and that's how you network between, um and ensure that you're able to communicate.
10:05
So
10:07
set up your sequel injection to Shell environment, as I showed you, and also set up Web for pen testers as well. So it was covered. Talked about what to download, how to install Kelly, too,
10:16
how to run the pen tester labs and do a little networking between the both of them,
10:22
so happy hacking everyone.

Up Next

Web Application Penetration Testing

In this web application penetration testing course, SME, Raymond Evans, takes you on a wild and fascinating journey into the cyber security discipline of web application pentesting. This is a very hands-on course that will require you to set up your own pentesting environment.

Instructed By

Instructor Profile Image
Raymond Evans
Instructor