One of the most common questions I see people asking is “how can I practice security concepts on my own?” I think there’s a general misconception that it requires substantial investments in hardware when, really, you can get started with a mediocre laptop thanks to virtualization. The scope of this article will detail how to set up a target and an attack VM on a single Windows host.
To host multiple VMs properly on a single device, I would suggest utilizing a host that has a decent processor, 8GB+ RAM and 500+GB storage space. At the time of this writing, though, I use a laptop with only 4GB RAM and have no problem hosting a 32-bit version of Windows 7 as well as a Kali VM at the same time. If you’re unsure of your device’s specifications, you can view them from task manager or by running Speccy. To begin we will need to find and install a hypervisor, or the platform which will be performing the virtualization. Two of the more popular free versions are VMware Workstation and Oracle VirtualBox. Both have installers available for Windows and Linux. I personally have always used VirtualBox and haven’t had a reason to change, so this guide will focus primarily on that. A quick Google search can find the installer for us. Download and launch the installer as administrator and we’ll be on our way. We’ll also want to grab the Extension Pack to provide support for various other functions. The defaults will be fine for most people, I would just make sure it’s prompted to install all available components. While it’s installing it will likely ask you if you want to add various adapters, which you should allow or you may have issues connecting peripheral devices.
Once we’ve got VirtualBox up and running we’ll want to start installing some VMs. Depending on your specific scenario you’ll want to download either the ISO or OVF file of your desired appliances. An OVF is a VM cooked-to-order where all you have to do is import it and run it, whereas an ISO is a compressed file that contains all components of the OS required to install it. With the ISO you will have to do all the installation and configuration prior to using it. VirtualBox offers pre-made configurations for your VM based on the operating system so installation is a breeze. Any Linux distribution can be found by a quick search, vulnerable machines can be downloaded from Vulnhub, while a handful of 30-day Windows trials can be found here.
Once you’ve got your VMs installed, your VirtualBox may look something like this:
We’ll take this time to go ahead and set up a few additional features prior to using any of our appliances. First up is USB integration, which was an absolute nightmare for me to get up and running. Ideally, though, all you have to do is select the VM you wish to use USBs on and navigate to Settings > USB. Here you will have to enable the USB Controller as well as the version you will be using (probably 2.0 or 3.0) and select the Add Filter button:
With your desired USB plugged into your host, you should be able to add it to your list of trusted devices as shown above. Or you can simply add an empty filter to allow any USB device to connect to your guest. Once you have your filter(s) created, double click each of them and change Remote to Yes:
When I originally attempted to do this I was getting a variety of errors in my VMs and had to disable legacy USB support in my system BIOS, modify my registry and then manually install VirtualBox’s USB driver. Hopefully that won’t be your scenario, but if it is you can find additional support here.
You’ll also want to navigate to File > Preferences > Extensions and install the Extension Pack we downloaded earlier:
The next thing we’ll configure is bidirectional clipboards so that we can copy and paste from host to VM and vice versa. Simply enough, select your VM and navigate to Settings > General > Advanced and change Shared Clipboard and Drag’n’Drop to Bidirectional:
Lastly we want to set our network settings to NAT network. At this stage we can go ahead and boot into our VMs. You should be able to ping each other:
You should also be able to mount any of the USB drives you created filters for:
Assuming everything worked as intended, you should now have a working lab as well as the fundamental knowledge to build and rebuild new environments as your attention shifts to different areas. Virtualization as a whole offers many benefits. In the business sector it saves time, money and physical space. For the enthusiast it offers a logical playground where we can teach ourselves new environments and new skills, as well as gives us the resources to host services of our own.