Here's a simplified way to get an attack machine and a defense machine on your computer without too much fuss.

(There are a number of different ways to go about this and they depend on your hardware and host operating system.)

 

Your mileage may vary & TRY THIS AT YOUR OWN RISK - getting this wrong can lead to data loss or worse.

TREAD LIGHTLY - BE CAREFUL - CHECK YOUR WORK - GET SOMEONE ELSE TO CHECK YOUR WORK

 

I'll start with a recipe that works on many Windows 10 computers:

  • You need a multi-core CPU (4 is good, more is better).
  • You need about 8GB RAM (You may scrape by with less, more is better)
  • You need about 100GB of hard disk space, or you can use a USB drive.
  • You must have a Windows 10 license (Free educational licenses are included in your vcccd account).
  • (You can also install these Windows licenses under bootcamp on macOS, or natively on some older macs)

 

This recipe will make a RED KALI LINUX VM to attack a BLUE Metasploitable VM

 

This is a link to the Hyper-V documentation

  1. First you need Hyper-V on Windows 10
  2. Start Hyper-V Manager
  3. Make a new External Virtual Switch called SUPERDEMO-INSTALL
  4. Make a new Private Virtual Switch called SUPERDEMO-PRIVATE
  5. Download a Kali Linux .iso
  6. Create a Kali Linux VM called RED-VM
  7. Connect the Network Adapter of RED-VM to SUPERDEMO-INSTALL
  8. Enable nested Virtualization on RED-VM
  9. Update Kali and install extra packages
  10. Connect the Network Adapter of RED-VM to SUPERDEMO-PRIVATE
  11. Remove the External Virtual Switch called SUPERDEMO-INSTALL

 

At this point stop and check your work.

You should have:

  • A secure Kali Linux installation with default defenses

You probably want to go through defense hardening procedures on this installation and you can do it while connected to the SUPERDEMO-PRIVATE network.

 

Here's the BLUE VM recipe

  1. Download the metasploitable VM 2
  2. Create the metasploitable VM called BLUE-VM
  3. Connect the Network Adapter of BLUE-VM to SUPERDEMO-PRIVATE
  4. STOP WHAT YOU'RE DOING!

***IT'S IMPERATIVE THAT THE BLUE-VM DOES NOT GET CONNECTED TO ANY NETWORK OR COMPUTER THAT YOU VALUE***

 

At this point stop and check your work.

You should have:

  • A secure Kali Linux installation with hardened defenses
  • A vulnerable VM
  • A PRIVATE Virtual Switch with no local network or internet access.

NOW YOU CAN FOLLOW ALONG WITH THE METASPLOIT MANUAL 

(dv+superdemo@danv.com - 202104061815-TODO: needs clean up and conversion to markup)