Basic Lab Setup for Penetration Testing

Basic Lab Setup for Penetration Testing

In this tutorial we are going to see how we can setup a basic pentest lab and perform port scanning. (I feel this should have been the first post as I encourage every reader here to create a personal pentest lab. Performing unauthorized penetration testing and hacking on other people/organization systems MAY LAND YOU IN JAIL).

I will assume you already have Kali Linux installed in VirtualBox.

Note: Port Scanning without the prior permission is illegal. So please get office or website permission before doing port scanning.

Tools Needed.

  • Virtual Box.


  • We are going to set up Metasploitable as our target for hacking. Metasploitable is an OS designed to be vulnerable for the purpose of pentesting and hacking.
  • First go the Given link below and download the Metasploitable Machine.

  • Open the virtual box and click on “new”.
  • Enter the name you want and select the “type” as Linux and select “version” as Ubuntu.
  • Select the RAM as you want.
  • Click use an existing disk and click on the file icon.
  • Select Metasploitable and click open. Now click “Create”.
  • Now start the testing OS. Enter “msfadmin” as username and password.
  • Type “ifconfig” to see the IP address of the Metasploitable machine.
  • Now go to the Kali Linux and type “ping [ip address of the Metasploitable machine]” to see if the target machine is reachable.
  • Its worked fine. If it doesn’t work, select the virtual machine click settings-> network options and check the network settings of both machines.

Port scanning is the basic reconnaissance step that help to identify which port are open and which services are running.

Why port scanning?

For hackers its help to find the weak point in the system. For network engineers, we can see the vulnerable points and help mitigate the risks.

So lets get started

  • Open the terminal and type nmap [ip address].

We can see the list of open ports and the services that are running on them. In next tutorial we are going to see how we can do advance scanning.

Caution: Never expose metasploitable to the internet.

Leave a Reply

Your email address will not be published. Required fields are marked *