Wednesday, September 28, 2016

Adding More Machines to Your Virtual Hack Lab

There are intentionally vulnerable virtual machines that security professionals use to practice penetration testing trainings, conduct security trainings and test out tools and exploits. These virtual machines are best for honing your skills as the most basic vulnerabilities are available for you to discover and exploit giving you confidence and experience at finding them.

Metaploitable 2

Metasploitable is am Ubuntu Linux virtual machine. This is number 1 on my list because it allows you to learn from basics to advance on both infrastructure penetration testing and web penetration testing with Mutillidae and DVWA pre-installed.

You can find the VM here 

Good thing about Metaploitable is that it will use the least amount of your computer’s resources with 512MB of RAM and 8GB of HDD leaving you more room for more VMs’ running at the same time.

Go ahead download the VM and get it ready to run.

Note that, by default, there are 2 network adapters installed on the VM. Remove the 2nd network adapter and change the first one from NAT to VMNet1 (Host Only) so that it is in the network as your attacker machine.


This is designed as a game where you have to gain root access to the system through the progressing the game story. This is focused on web application hacking.

You can find the VM here

There are hundreds of other vulnerable VMs available out there which have not been mentioned. Because all you need to get started is Metaploitable and Hackxor. After mastering these two, you will have enough experience to go on and pwn machines solo :) 

-Jayesh Kerai (@secjay)

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.