HACKING:

Create Your Own Penetration Testing

Lab In 1 Hr!
(Kali Linux Booklet)

Gary Mitnick
 Copyright 2017. All rights reserved.

No part of this book may be reproduced or transmitted in any form or by any

means, electronic or mechanical, including photocopying, recording, or by any
information storage or retrieval system without prior written permission from
the author or copyright holder except in the case of brief quotations embodied
in reviews.

Although the author has exhaustively researched all sources to ensure the
accuracy and completeness of the information contained in this book, we
assume no responsibility for errors, inaccuracies, omissions, or any
inconsistency herein. Any slights of people or organizations are unintentional.
Reader should use their own judgment and/or consult a programming expert for
specific applications to their individual needs.
 Table of Contents
Welcome
Hardware Preparation
Minimum Requirements
Recommended Requirements
A Note on Contention
USB Wi-Fi Adapters
Enable Virtualization in your BIOS
Downloading Software
VMware
Kali Linux
Windows
Metasploitable
Ubuntu Server
Damn Vulnerable Web App (DVWA)
Alternatives to VMware
Virtual Box
Hyper-V
Installing VMware
Installing Kali Linux
Configuring the Virtual Machine on VMware Workstation Player
Installing Kali on VMware
Finalizing Kali Install on VMware
Installing Windows 10
Configuring the Virtual Machine on VMware Workstation Player
Installing Windows 10 on VMware
Finalizing Windows 10 Install on VMware
Importing and Configuring the Metasploitable VMware Image
Importing the Metasploitable VMware Image
Configuring the Metasploitable VMware Image
Installing DVWA
Installing Ubuntu Server on VMware
Configuring the Virtual Machine on VMware and Running Easy Install
Finalizing Ubuntu Install on VMware
Configuring the LAMP Stack on Ubuntu Server
 Installing DVWA
What Next?
 Welcome

Congratulations! If you are reading this it means you are about to embark on an
exciting journey. A journey that will not only improve your technical skills but
also introduce you to the exciting world of information security and penetration
testing. In this booklet, you will learn how to set up a penetration testing lab
where you will hone your hacking skills in a safe training environment before
you unleash them on the world.

This book follows a step by step approach. We will start by prepping your
hardware and downloading the necessary software you will need to get your
lab in professional shape. We will then follow that with installing
virtualization software and finally building your virtual machines. Ready to
go? Ok, lets do this!
 Hardware Preparation

Every great human endeavor starts with the laying of a solid foundation. The
foundation of your penetration testing lab is the hardware which you will need
to run multiple machines. These machines will be running different operating
systems which you will need to host multiple services and applications.

This booklet aims to build a real-world penetration testing lab so not only will
we be configuring Kali Linux which is a platform with many of the security
tools you will need, we will also configure a few exploitable machines which
will serve as targets for your simulated attacks. Honing your skills by
exploiting systems will go a long way in making you a skilled penetration
tester. We want to build an environment where you can exploit and
compromise targets so that you are able to replicate this when you move on to
real world penetration testing.

You may think that this sounds very expensive in that you will need plenty of
hardware for your lab. The good news is that virtualization technology will
keep your hardware costs down. In the past, before virtualization was the
industry norm, you would have needed to procure multiple machines to host
these servers and applications but now you can host all of them on a single
machine assuming of course you have the right amount of memory, CPU and
storage resources.
 Minimum Requirements

Here are the minimum requirements to host the virtual machines we will use in
this book to setup our pen testing lab:

x64 CPU - Quad Core 1.7 GHz (Virtualization Capable)

RAM - 8GB
Storage 65GB

These minimum requirements will give you a working pen testing lab where
you will have the capacity to run any two or perhaps three virtual machines at
the same time. You may however at some point need to run many more
machines at the same time and so this booklet recommends the following
hardware specification for your virtual machine host.
 Recommended Requirements
Here are the recommended requirements to host the virtual machines we will
use in this book to setup our pen testing lab:

x64 CPU - i7 2.8 GHz (Virtualization Capable)

RAM - 16GB
Storage 135GB
 A Note on Contention
As you may be running multiple machines simultaneously, each virtual machine
will compete with its neighbors for hardware resources which could result in
poor performance. If possible split your virtual machines across multiple
storage devices. USB storage devices which are USB 3 or better can easily run
virtual machines. Splitting your virtual machines across multiple disks will
most definitely increase the performance of each one.
 USB Wi-Fi Adapters
To perform wireless penetration testing you will need a USB Wi-Fi adapter
which is capable of packet injection. Unfortunately, not all USB Wi-Fi
adapters are created equal and some are not compatible with the tools you will
use to perform wireless penetration testing. For a list of compatible USB Wi-
Fi adapters please read this post: https://www.raymond.cc/blog/best-
compatible-usb-wireless-adapter-for-backtrack-5-and-aircrack-ng/
 Enable Virtualization in your BIOS
To ensure we can run virtual machines, your BIOS needs to be configured to
enable virtualization. Without this setting enabled you will not be able to
install the software needed to host your virtual machines.

To do this you will need to enter your BIOS during startup of your physical
machine. Each system is different so the key to press to enter the BIOS is
different on different vendor platforms. It is usually F2, F10, F12 or Esc so
watch your boot up screen carefully to see which key needs to be pressed to
enter your machines BIOS settings. You can also google this if you are not
able to find this setting on your specific machine.

Once you have entered the BIOS settings menu you will need find the
virtualization option and ensure it is set to enabled. Below is an example and
as you can see it is under the Advanced tab so you may need to search for it
on your systems menu options as well. In some systems, it may not say
Virtualization but instead say VT-x.

Once you have enabled this setting you can then exit the BIOS menu. Make sure
you remember to save changes. Your system should now restart and
virtualization should now be enabled
 Downloading Software
You will need the following pieces of software to create a proper penetration
testing lab:
 VMware

OR

VMware Workstation Player - VMware Workstation Player, formerly

VMware Player, is a virtualization software package for x64 computers
running Microsoft Windows or Linux, supplied free of charge by VMware, Inc.
You can download VMware Workstation Player from here:
https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_works

If you are using an Apple Mac you will need to download and install VMware
Fusion which is a software hypervisor developed by VMware for Macintosh
computers. Unfortunately, VMware Fusion is not free but does come with a 30-
day trial. You can download VMware Fusion from here:
https://my.vmware.com/en/web/vmware/info/slug/desktop_end_user_computing/vmware_fu
 Kali Linux
Kali Linux is a Debian-derived Linux distribution designed for digital
forensics and penetration testing. It is maintained and funded by Offensive
Security Ltd. This will be your primary attacking platform and you can
download it from here: https://www.kali.org/downloads/
 Windows
There are a few Pen testing tools that only run on Windows so it is always a
good idea to have a Windows VM handy for those occasions. You can
download Windows 10 from here: https://www.microsoft.com/en-
gb/software-download/windows10ISO
 Metasploitable
Metasploitable is an intentionally vulnerable Linux virtual machine. This VM
can be used to conduct security training, test security tools, and practice
common penetration testing techniques. This will be another one of your targets
and you can download it from here:
https://sourceforge.net/projects/metasploitable/
 Ubuntu Server
Ubuntu Server edition runs on physical or virtual servers comes with many
enterprise-class features. We will need Ubuntu server to host DVWA. You can
download Ubuntu Server from here: https://www.ubuntu.com/download/server
 Damn Vulnerable Web App (DVWA)
The creators state that Damn Vulnerable Web App (DVWA) is a PHP/MySQL
web application that is damn vulnerable. Its main goals are to be an aid for
security professionals to test their skills and tools in a legal environment, help
web developers better understand the processes of securing web applications
and aid teachers/students to teach/learn web application security in a class
room environment. This will be one of your targets and you can download it
from here: http://www.dvwa.co.uk
 Alternatives to VMware
There are some alternatives to VMware which you could also install to host
your virtual machines. However, as Metasploitable is a native VMware
virtual machine you will need to tweak the Metasploitable VM to which ever
platform you choose. This book will use VMware as the chosen virtualization
platform.

Virtual Box
VirtualBox is a cross-platform virtualization application. It runs on Intel or
AMD-based computers, whether they are running Windows, Mac, Linux or
Solaris operating systems. You can download VirtualBox from here:
https://www.virtualbox.org/wiki/Downloads

To install Metasploitable so on VirtualBox you can follow the instructions

detailed at this blog post: http://www.hacking-tutorial.com/tips-and-
trick/install-metasploitable-on-virtual-box/#sthash.LMUoK8L5.dpbs

Hyper-V
Hyper-V is a native hypervisor which only runs on Microsoft Windows. You
can use it to create and run virtual machines. Hyper-V is not recommended for
the purposes of penetration testing as it has no USB support which you will
require for any wireless hacking you intend on performing with your Kali or
Windows VM. To enable Hyper-V on your Windows machine, follow these
steps: https://technet.microsoft.com/en-us/library/hh846766(v=ws.11).aspx
 Installing VMware
Now that we have our hardware prepared and have downloaded all the
software we will need; the next step is to install VMware Workstation Player
on our machine so that we can start building our virtual machines.

This booklet illustrates the VMware Workstation Player install process on

Windows. For a detailed explanation on how to install VMware Fusion on an
Apple Mac go to this VMware knowledgebase article:
https://kb.vmware.com/selfservice/microsites/search.do?
language=en_US&cmd=displayKC&externalId=2014097

Once you double-click the VMware Workstation Player install file you will
be presented with a splash screen.

Once the welcome screen opens, click on Next to start the installation.

You will then be presented with the EULA. Ensure you select the tick-box to
accept the terms and then click on Next.

You will now be presented with the Custom Setup options where you can
change the installation directory and enabled an enhanced keyboard driver.
Click Next once you have made the changes or leave the default settings.

You will then move on to the User Experience Settings where you can opt to
let the software check for updates on startup and send anonymous data to
VMware to help improve the software. Once you have made the selection,
click Next. Both selections are optional and not enabling them will not
influence VMwares features or performance.

Next select the shortcuts you want the software to install for you. Desktop and
/ or Start menu. Once you have made your selection, click Next.

You are now ready to start the installation. Click Install.

You will be presented with a progress screen which will show you progress
being made by your machine on the installation.

Once the installation has completed click on Finish to finalize the installation
and close the installation wizard.

When you start VMware Workstation Player for the first time you will be
presented with a first start welcome message. Select use for non-
commercial use and enter your email address. Once completed click on
Continue

Your VMware Workstation Player is now installed and ready to go. Click
Finish to open the management console.
Installing Kali Linux
 Configuring the Virtual Machine on VMware Workstation
Player
The first step in getting Kali Linux up and running on VMware Workstation
Player is to configure the virtual machine settings before starting the actual
operating system install.

To begin click on Create a New Virtual Machine on your VMware

Workstation Player console as per the image below.

On the welcome screen click on Browse and navigate to the location of the
Kali Linux ISO you downloaded. Then click Next.
On the Select Guest Operating System screen select the Linux radio button
and in the dropdown list for the version select Ubuntu 64-bit. Click Next >.

On the Name the Virtual Machine window enter a name for your Kali VM
and configure the location where you want your virtual machine files to be
saved. In the example below the machine name is Kali and the chosen location
for the virtual machine files is C:\VM. Once done, click Next >.

You will now need to specify your virtual machines disk capacity. The larger
the better. In the example below we have gone with the default of 20GB. Then
select the radio button to store the virtual disk as a single file which will
enhance the virtual machines performance. Click Next > once done.
The configuration is now complete but we need to customize our virtual
machine by adding more memory and vCPUs. Click on Customize
Hardware.
Increase the memory of your virtual machine. The more the better. In the
example below we have increased it to 2GB. Kali Linux can run on 1 GB but
will be very slow so try to allocate at least 2GB. Once done click on
Processors as illustrated below.

Increase your processors. As with memory the more the better. Configure at
least 2 vCPUs. Once done click Close.
Your configuration is now complete. Click on Finish.
 Installing Kali on VMware
Now that we have configured the virtual machine its time to do the actual Kali
Linux install.

To get started click on Play virtual machine on the VMware Workstation

Console as shown in the image below.

You may get certain warnings when first starting your VM. Read through the
alert and accept or decline any changes VMware wishes to make. As per the
example below we have chosen to no longer receive warnings on keyboard
related errors as it does not affect the performance of the virtual machine.

When the virtual machine starts, you will be presented with boot options. Use
your arrows to select Graphic Install and then hit enter.
Once the virtual machine has finished booting you will be presented with the
installation wizard. The first step is to choose the installation language. Once
you have done this, click Continue.
The next screen asks you to select your location. Once done click Continue.
Please note that location settings are used to configure your time zone settings
so choose the correct location to ensure your clock and date are always
correct.

The next screen asks you to choose a keymap so that your keyboard can be
configured. Select the keymap that matches your keyboard and then click on
Continue.

The installation wizard will now load the installation components it needs to
proceed with the install.

Once the installation components have been loaded you will need to choose a
hostname for your Kali instance. It is important to note that in your
penetration testing lab this will not be an issue. However, in a real-world
penetration test, Intrusion Prevention Systems and Intrusion Detection Systems
have alerts that look for the hostname Kali on the network so choosing Kali
as a hostname in that instance would result in you being discovered. Once you
have chosen your hostname, click Continue.

Next you will be asked for a domain. If you have a domain fill in the necessary
information or leave it blank and click on Continue.

Now you will need to fill in the root password for your Kali instance. Fill it
in and verify it by filling it in again and REMEMBER it as there is no Lost
your password on Kali Linux so remembering your password is vital. Once
done, click on Continue.

You may be prompted for a specific time zone if you have chosen a location
with multiple time zones. If you are prompted choose your time zone and then
click on Continue.

The next step is to partition the disk. Choose the default Guided use entire
disk if you do not want to have multiple partitions. For beginners, this is
recommended. Once done, click Continue to move to the next screen.

You will then be asked to choose the disk to partition and install Kali Linux on.
If you have followed this guide, your virtual machine should only have a single
disk select it and click Continue.

Next you will be asked to choose on which partition you want the different
Linux folders and files located. Choose the default which is recommended
for new users and then click Continue.

Finally, you will get a confirmation screen showing your disk partition
configuration. If you are happy with the information click on Continue.

You will now be asked to confirm one last time. Select the Yes radio button
and then click on Continue.

The installation will now copy files from the ISO to your newly formatted hard
drive. After that has completed you will be asked if you want to use a network
mirror so that updates etc. can be downloaded. Select the Yes radio button
and then click on Continue.

After some time, you will be prompted to configure the package manager. If
you use a proxy to access the Internet fill in the information or leave it blank if
you do not use a proxy. Once done, click Continue.
The installation wizard will now configure APT which is the package tools
used by Kali to install new software and update existing software.

Once APT has been configured you will be prompted to install GRUB boot
loader. Select the Yes radio button and then click Continue.

Select your boot disk which should be /dev/sda and then click Continue to
start the installation of GRUB.

The Kali Linux installation wizard will now finish the installation.

Once the installation has completed you will be presented with the Installation
Complete screen. Click Continue to finalize the install.

You have now successfully install Kali Linux on VMware Workstation Player.
 Finalizing Kali Install on VMware
Now that you have successfully installed Kali Linux you need to install the
VMware Tools and update your Kali instance. Kali is now what is called a
rolling release so new functionality and updates are added all the time. To
take advantage of these new features and patches you must update your Kali
instance regularly.

First lets get the VMware tools installed. Which will give better integration
into your host system and allow you to resize the screen as well as copy and
paste documents from your host machine to the Kali virtual machine and vice
versa.

Login to your Kali virtual machine with the default username root and then
click Next.

Enter the password you created during the installation and then click Sign In.

On the VMware Workstation Player menu click Player then Manage and
finally Install VMware Tools as shown in the image below.
If prompted choose to download and install the VMware tools for Linux.

If all goes well, VMware Workstation Player should mount the VMware tools
CD for you as shown in the image below. Double click the icon to open the
disk image.
Once the folder has opened right-click on the tar.gz file and select Extract
To

Choose to extract the files and folders to your Home directory and then click
on Extract.
Once this has completed open a terminal by going to Applications / Favorites
/ Terminal as per the image below.

At the terminal prompt type ls to get a directory listing and ensure vmware-
tools-distrib is present.

Then navigate into that directory by typing the command cd vmware-tools-

distrib.

Finally start the installation by typing ./vmware-install.pl

At each prompt hit Enter to accept all the default settings.

Once the script has run its course and finished and you are once again
presented with a prompt. Type reboot to reboot the virtual machine and
finalize the installation of the VMware tools.
Once the virtual machine has rebooted, login so that we can run updates to
ensure you have latest version of all the software that comes bundled with Kali
Linux.

Open a terminal and type sudo apt-get install update && sudo apt-get
install upgrade to start the process.

You will then be prompted to proceed with the installation once Kali has
informed you which packages are out of date as shown by the image below. Hit
Y to proceed with all the updates and restart the virtual machine once this
process has completed. This could take a long time depending on your Internet
speed and number of updates needed.

Once you have restarted the installation and configuration of Kali Linux has
been completed. To shut down the machine click on the shutdown icon which
is in the top right-hand corner of the screen as shown in the image above.
 Installing Windows 10
Configuring the Virtual Machine on VMware Workstation
Player
Now that we have Kali up and running lets install and configure our Windows
virtual machine.

The configuration of your Windows 10 virtual machine will be similar to the

configuration we did for the Kali Linux virtual machine. Refer to the
screenshots in the Kali Linux section if you need a refresher.

On the VMware Workstation Play Console click on Create a New Virtual

Machine.

Click browse and navigate to the location where you saved your Windows
ISO. Once done click Next >.

On the next screen, you need to fill in the name of the virtual machine as it
will appear on the VMware console and you will need to specify a storage
location for the virtual machine files. Once completed, click Next >.

On the following screen, you will need to specify the capacity of the hard
drive for your virtual machine. As always more is better than less so allocate
accordingly. 60 GB should be sufficient for your Windows 10 virtual
machine. Once completed, click on the Store virtual disk as a single file
radio button and the click Next > to continue.

On the next screen click on Customize Hardware

On the Hardware screen click on Processors to increase the processor count.

As with storage more is better than less. Increase your processor count to at
least 2. It is recommended that 4 processors be assigned to your Windows
virtual machine. Click Close once you have increased your CPUs.
Finally, click on Finish to close the Create a New Virtual Machine wizard.

VMware may take a little longer to create the virtual machine due to the size of
the hard drive. Once this process is completed you can then start the virtual
machine.
 Installing Windows 10 on VMware
Once you have started your virtual machine you will then be prompted to start
the installation of Windows. Select your Language, Time and currency
format and Keyboard from the dropdowns provided and then click Next.

On the next screen click on Install now to start the installation process.

On the next screen, you will be asked to enter a product key. If you do not have
one click on I do not have a product key as illustrated in the image below.
When asked for which version of Windows you want to install, select
Windows 10 Pro as the version you want to install and then click Next.

On the next screen, Accept the license terms by enabling the tick-box as
shown below and then click Next.

On the next screen, click on Custom Install Windows Only (Advanced).

Select the hard drive and then click Start to begin the installation process.
Windows will now run through its installation process and restart once it has
completed.
 Finalizing Windows 10 Install on VMware
Once Windows has completed its installation process the configuration
process will begin. You can click on Customize to customize each Windows
setting or click on Use Express Settings as we have done in the image
below.

You will then be asked to enter a username, password and verify your
password. Once completed, Windows will finalize its settings.

Once the configuration process has been completed, you will be presented
with the Windows home screen.

We now need to install VMware Tools. Click on Player > Manage >
Install VMware Tools
You may be prompted to download the latest tools. If so, click on Download
and Install.

Once the VMware Install ISO is mounted, double click the DVD icon to start
the installation.

If you are presented with a User Account Control challenge click Yes to
continue.
You will now be presented with the VMware Tools installation wizard, click
Next > to continue.

Select the Typical setup type and then click Next >.

On the next screen, click Install to install VMware Tools.

VMware Tools will now be installed on your virtual machine.

When the installation has completed, click Finish to close the installation
wizard.

You will need to restart your virtual machine for the settings to take effect.
Click Yes if asked to do so.

Your virtual machine will restart and your Windows machine is now ready.
 Importing and Configuring the
Metasploitable VMware Image
Importing the Metasploitable VMware Image
Metasploitable is downloaded as a VMware image so all we need to do is
import it into our VMware console. First, we need to extract the downloaded
zip file. Right-click on the file and click on Extract. In the dialog box that
opens browse to the location where you want to store your virtual machine
files as per the image below.

Your extracted files should open and you should have a collection of VMware
files as per the example below.

Now that we have extracted the files we follow this by importing the virtual
machine so that we can access it via the VMware console. To begin, open
VMware Workstation Player and click on Open a New Virtual Machine.

Browse to the location you extracted your Virtual Machine files to and click on
Open.

Your virtual machine should now appear in your virtual machine list. Click on
Play virtual machine to start Metasploitable.
The first time you start Metasploitable it will prompt you as per the image
below. Select I copied it so that VMware creates a new machine ID for it.
 Configuring the Metasploitable VMware Image
To ensure working with Metasploitable is a consistent experience in your
Penetration Testing Lab we need to configure the Metasploitable virtual
machine with a fixed IP address. To begin we need to login to Metasploitable
once we have started it and we are presented with the login prompt as per the
image below. The username and password are both msfadmin.

VMware Workstation Player creates a NAT network for all the virtual
machines we have created in this lab and the IP address range is random from
host to host. To see what your VMware NAT network range is type ifconfig at
the prompt. As you can see below this virtual machine is on IP address
192.168.83. 29 and on a subnet mask of 255.255.255.0. Make a note of yours
as you will need it when we assign a fixed IP.
We also need to ascertain the default gateway assigned to your virtual machine
by VMware. To check what your default gateway is type ip route | grep
default at the prompt. As you can see below the virtual machine in the
example has a default gateway of 192.168.83.2. Make a note of yours as you
will need it in the next step.

To set a fixed IP address on Metasploitable we need to configure the

interfaces file located at /etc/network on the Metasploitable file system. To
start configuring this file open it with nano by typing the command sudo nano
/etc/network/interfaces.
If you are prompted for an admin password use msfadmin.

To set a fixed IP address use the configuration as illustrated by the image

below but remember to change your NAT address to match the NAT network
assigned to your virtual machine by VMware. In this case, we have assigned a
fixed IP address of 192.168.83.10. Note that the default gateway and DNS
name servers are both set to the default gateway obtained in the previous step.
Once you have configured your file hit Ctrl + x to exit and save the changes
to your file.

Your Metasploitable virtual machine is now configured and ready. To

shutdown Metasploitable type sudo shutdown h 0 at the prompt and enter
msfadmin as the administrator password if you are prompted to do so.
 Installing DVWA
No Penetration Testing Lab is complete without a vulnerable web application
so lets get started on installing Damn Vulnerable Web App. DVWA runs as a
PHP application on a web server. In this section, we will install and configure
Ubuntu server, configure a LAMP (Linux, Apache, MySQL, PHP) stack and
then finally install DVWA.
 Installing Ubuntu Server on VMware
Configuring the Virtual Machine on VMware and Running
Easy Install
VMware Workstation Player comes with a useful feature called Easy Install,
which makes the installation of an operating system a very simple process. We
will be using this feature to install Ubuntu server. To start click on Create a
New Virtual Machine as you did for the Kali and Windows virtual machines
you already created.

Browse to the location of your Ubuntu Server ISO and click Next >.

Enter the user information needed by Easy Install as illustrated by the image
below and click Next >.

On the next screen give the virtual machine a name and select a location
where you wish to install your virtual machine files. Click Next >.

Next select the disk capacity. 20GB is more than enough for DVWA. Select the
Store virtual disk as a single file and then click Next >.

On the next screen, click Customize Hardware.

On the hardware screen click on Processors.

Increase your CPU count to 2 and then click Close.

Click Finish to finalize the creation of the virtual machine.

VMware Easy Install will now install Ubuntu server for you with no
interaction needed.

Finalizing Ubuntu Install on VMware

We now also need to give our DVWA server a fixed IP address. First, we
need to login to Ubuntu server with the credentials we created during the
installation process. Enter the username and password to login to the
server.

Check the IP address config assigned to your Ubuntu server by running the
ifconfig command. Remember to take note of it as we will need this to set a
fixed IP address.
Open the interfaces file by typing sudo nano /etc/network/interfaces and
hitting enter. If you are prompted for an administrative password enter it and
hit enter.

Now amend the interfaces file so that it mirrors the one in the example
image below. Remember that your IP address will differ so ensure you
create a fixed IP address which is part of the NAT IP range that VMware has
allocated for you. Your default gateway and DNS name server IP addresses
should be the same as those you set for Metasploitable.
To save your changes hit Ctrl + x and then hit enter after confirming you want
to save the changes. Once completed, type sudo reboot to restart your
virtual machine so that changes can take effect.

Confirm the changes have in fact taken effect by typing ifconfig once your
virtual machine has restarted and you have logged back in.
It is important to ensure DNS is configured correctly and that your Ubuntu
server virtual machine has access to the Internet as you will need this to
configure the LAMP stack. A quick way to achieve this is to ping a website
address that responds to ICMP requests. Test your virtual machine by running
the following command ping www.news24.com.
 Configuring the LAMP Stack on Ubuntu Server
Now that we have our Ubuntu server installed and configured it is time to start
the installation of the LAMP stack. First, we will install the Apache web
server. To do this type sudo apt-get install apache2 at the prompt and hit
enter. If prompted for your sudo password enter your server admin password
and hit enter.

Your virtual machine will now go out onto the Internet and look for the files
needed to install Apache. If all goes well you should be prompted to start the
install as per the example below. Type Y and hit enter.

Now we repeat the same process for the other components of the LAMP stack.
To install MySQL type sudo apt-get install mysql-server and hit enter.

At the prompt type Y and hit enter to proceed with the installation.

During the installation process for MySQL you will be prompted to set a root
password for MySQL as per the image below. Type in a password and hot
enter. Remember this password as you will need it to install PHPMyadmin
and DVWA later.

When prompted to confirm your password retype it and hit enter.

Once MySQL has completed we now need to install PHPMyadmin which will
install the necessary PHP files as well as the PHPMyadmin application which
we will need to configure MySQL for DVWA. To install PHPMyadmin type
sudo apt-get install phpmyadmin and hit enter.

At the prompt type Y and hit enter to proceed with the install.

During the installation process for PHPMyadmin you will be asked to assign a
web server. Hit your space bar to select Apache and then tab to OK and
hot enter.
You will also be asked to setup the PHPMyadmin database during the
installation process. Select YES when prompted and hit enter.

When you are prompted to enter the password for the databases administrative
user enter the password you created during the MySQL installation
process and hit enter.

You will now be asked to create a password for PHPMyadmin. Enter a

password and hit enter. You will need to remember this password so that you
can login to PHPMyadmin later during the DVWA installation process.
Reenter the password for PHPMyadmin to confirm it and hit enter.
Once the installation for PHPMyadmin has completed the configuration of the
LAMP stack is complete. To test your installation, open a web browser on your
host machine or on your Kali Linux or Windows virtual machine and go to
http://<IP address of your DVWA server> to see if Apache has been
installed correctly. You should be presented with a page as per the example
below.

Check your PHPMyadmin install. Go to http://<ip address of DVWA

server/phpmyadmin. You should be presented with a login screen as per the
example below. Enter root as the username and enter the PHPMyadmin
password you created during the installation of PHPMyadmin.
 Installing DVWA
Now that we have the prerequisites in place the time has come to install and
configure DVWA. The first thing we need to do is create an empty database. To
do this login to PHPMyadmin and click on Users as shown in the image
below.

On the Users page click on Add User.

Fill in the necessary information as shown in the image below and make a
note of the username and password as you will need these later. Note that the
username will also be then name of the database and the host must be set to
localhost. Also tick the two tick-boxes in the database for user area and
once all the data has been entered click on Go.
We now need to login to our Ubuntu server and install Unzip which we will
need in the next step. To install unzip type sudo apt-get install unzip and hit
enter. If asked to enter a sudo password enter your Ubuntu server
administrative password.

Now we will use wget to download DVWA. At the prompt type:

wget https://github.com/ethicalhack3r/DVWA/archive/master.zip

Once the DVWA zip file has downloaded unzip it by typing unzip master.zip

Once all the files and folders have been extracted check the extracted files are
in place by typing ls to check your directory, then cd DVWA-master
followed by ls. Since we want to copy all the files and folders to our web
directory type cd .. to go back one level.

Now copy all files and folders to the /var/www/html directory by running the
following command sudo cp rf DVWA-master/* /var/www/html. If you
are prompted to enter a password, enter your server administrative password.

To confirm all files and folders have been copied type ls /var/www/html to
check if all the files and folders have copied. We now need to remove
index.html from /var/www/html to ensure Apache renders our index.php file.
To accomplish this type
mv /var/www/html/index.html /home/<user folder> as shown in the
example below.

We are now ready to configure DVWA. Open web browser on your host or
Kali or Windows virtual machine and go to http://<ip of DVWA server>. You
should be presented with a page that looks like the example below. You will
note that there are a few items marked in red that need to be rectified before
we can proceed with the installation including an error connecting to the
database we created earlier.
To resolve most of these issues we need to modify DVWAs config file. On
your DVWA server and type sudo nano
/var/www/hmtl/config/config.inc.php and hit enter.

Once the config.inc.php file has opened you need to modify the sections
highlighted in the example below. Enter your database credentials in the
database section and enter RECPTCHA keys in the area set aside for
these. You can generate RECAPTCHA keys by going to
https://developers.google.com/recaptcha/. Once you have made the changes hit
Ctrl + x to exit and save your changes.
Now we need to make a specific folder and file writable. Enter the following
commands:
sudo chmod 777 /var/www/html/hackable/uploads/
sudo chmod 777
/var/www/html/external/phpids/0.6/lib/IDS/phpids_log.txt

Finally, we need to make a modification to the php.ini file on our server. Open
the php.ini file by typing sudo nano /etc/php5/apache2/php.ini

As php.ini is a quite a long file we are going to use nanos search functionality
to find the location we need. Hit Ctrl + w to open search, type
allow_url_include and hit enter.
Modify the setting by changing Off to On as per the image below.

Save the php.ini file by exiting with Ctrl +X and saving your changes. Now
we need to restart the Apache service to ensure all our changes take effect. To
do this type sudo service apache2 restart and hit enter.

Go to the DVWA web app in your browser as before and you will now be
presented with a login screen. The default username is admin and the
default password is password.

Your DVWA setup page should now be good to go with no errors. Click on
Create / Reset Database to finalize the installation.
Once this is completed and login again, you should be presented with the
DVWA welcome page which means your installation is now complete.
 What Next?
Well done. You have now completed setting up your very own Penetration
Testing Lab.

Check out these resources where you can start using your Penetration Testing
Lab to get your skills to the next level.

http://pen-testing.sans.org/resources

https://www.owasp.org/index.php/Main_Page

http://www.securitytube.net

https://github.com/enaqx/awesome-pentest

https://www.cybrary.it

https://null-byte.wonderhowto.com

http://www.hackinsight.org