How to setup a PenTesting Lab/Environment using Virtual Box.

Well!! instead of spending money on setting up a Pen-Testing lab its easy and cost effective to use virtual environment for this purpose.In this tutorial I will show you how you can setup a Pen-Testing lab without losing a single buck from your pocket.

What is Penetration Testing(a.k.a Pen Testing)?

This is a process by which the security and the vulnerability level of the target system is estimated.It is of three types

1.White Box Testing :Here the tester has complete details about the configuration of the box.

2.Grey Box Testing :Here the tester has partial details about the configuration of the box.

3.Black Box Testing : Here the tester has no details about the configuration of the box.

How to setup a Pen Testing Lab using Virtual Box.

I will proceed keeping in mind that you know how to install a Virtual box.


1.2GB  RAM will do great.

2.Virtual Box(Download)

3.Backtrack .iso (Download) and a Windows OS .iso will do.

* Having setup Virtual box in your host PC here my host is "Ubuntu" you can also use windows.Make two virtual machine in your virtual box one loaded with "Backtrack"(attacker) and another with "Windows(vulnerable)"(target).

 *Now the main step is that to connect the two virtual machine on the same network.You should use the "Internal Network" in the network settings on both so that they will not be connected to the host in any way,actually it is safer if your host is connected to any external network.

*Now your pen testing environment is ready.Take a look at mine at the image below.
 This scenario comes very handy if you are using metasploit  or any pentesting tool for the first time because here you can ensure maximum safety and do loads of practice before you hop over to real life scenario

Good Luck :)

I hope you will find this post useful....if so,so drop your comments it will be appreciated. :)
How to setup a PenTesting Lab/Environment using Virtual Box. How to setup a PenTesting Lab/Environment  using Virtual Box. Reviewed by Satyajit (Admins,a.k.a Satosys) on Friday, October 08, 2010 Rating: 5


Velocismedia said...
This comment has been removed by a blog administrator.
Jacky said...


A great post , full of high level information !
Keep up the good work.

Satyajit (Admins,a.k.a Satosys) said...

@Jacky Thanks that you liked the post... :) Keep Visiting... :)

Cain said...


Can I make a hacker lab with my real machine and the virtual? I like to use my real machine as attacker and the virtual as target. it is possible?

Anonymous said...

hi....its Realy very usefull.thanks brother..

This blog is "DoFollow",Use a "Real Name" rather than using "Keywords" otherwise comment will be rejected.

Powered by Blogger.