How to setup a PenTesting Lab/Environment using Virtual Box.

Well!! instead of spending money on setting up a Pen-Testing lab its easy and cost effective to use virtual environment for this purpose.In this tutorial I will show you how you can setup a Pen-Testing lab without losing a single buck from your pocket.

What is Penetration Testing(a.k.a Pen Testing)?

This is a process by which the security and the vulnerability level of the target system is estimated.It is of three types

1.White Box Testing :Here the tester has complete details about the configuration of the box.

2.Grey Box Testing :Here the tester has partial details about the configuration of the box.

3.Black Box Testing : Here the tester has no details about the configuration of the box.

How to setup a Pen Testing Lab using Virtual Box.

I will proceed keeping in mind that you know how to install a Virtual box.


1.2GB  RAM will do great.

2.Virtual Box(Download)

3.Backtrack .iso (Download) and a Windows OS .iso will do.

* Having setup Virtual box in your host PC here my host is "Ubuntu" you can also use windows.Make two virtual machine in your virtual box one loaded with "Backtrack"(attacker) and another with "Windows(vulnerable)"(target).

 *Now the main step is that to connect the two virtual machine on the same network.You should use the "Internal Network" in the network settings on both so that they will not be connected to the host in any way,actually it is safer if your host is connected to any external network.

*Now your pen testing environment is ready.Take a look at mine at the image below.
 This scenario comes very handy if you are using metasploit  or any pentesting tool for the first time because here you can ensure maximum safety and do loads of practice before you hop over to real life scenario

Good Luck :)

I hope you will find this post useful....if so,so drop your comments it will be appreciated. :)
Suggest Article

Subscribe to Posts....

Enter your Email-ID and get "Security Tips and Hacking Tutorials"alert in your inbox,we promise to keep your email private and safe.

comment 5 comments:

Velocismedia on November 18, 2010 at 11:48 AM said...
This comment has been removed by a blog administrator.
Jacky on December 11, 2010 at 12:48 AM said...


A great post , full of high level information !
Keep up the good work.

Satyajit (Admins,a.k.a Satosys) said...

@Jacky Thanks that you liked the post... :) Keep Visiting... :)

Cain on February 14, 2011 at 4:58 AM said...


Can I make a hacker lab with my real machine and the virtual? I like to use my real machine as attacker and the virtual as target. it is possible?

Anonymous said...

hi....its Realy very usefull.thanks brother..

Post a Comment

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Delete this element to display blogger navbar

© 2018 SecurityHunk All Rights Reserved and Template by Fresh Blogger Templates