Why Do I Want Vulnerable Host To Practice On?
For the sake of learning, trying to attack a patched host or service with no known vulnerabilities or poor configurations is not going to get you far. So today, I will show you where to get a vulnerable host to practice on. Then I am going to show you how to install them in a safe environment so that you do not leave yourself or your network vulnerable.
Windows Vulnerable Host
You will not have any success finding vulnerable Windows operating systems on the internet for download as far as I have seen. But, a way to get around this is to just install a copy of Windows into your virtual machine (VM). Once installed, Be sure to disable automatic updates for the vulnerable host to ensure it stays in an un-patched (vulnerable) state.
As soon as you install a fresh copy of Windows into your VM, create a snapshot of it so that in the event of it accidentally becoming updated or damaged, you can quickly recover and continue working.
For VMware, at the top of your window, you will see three buttons dealing with snapshots. Click the far left one to create a snapshot.
For Oracle VirtualBox, on the top bar, you will see an option for Machine. Click on it, then in the drop down menu, click Take Snapshot.
You are now ready to practice attacking a un-patched windows operating system.
Linux Vulnerable Host
One of the best exploitation frameworks is Metasploit, which comes standard on Kali Linux. It has a vulnerable Linux host created with the sole purpose of being exploited by the framework. You can download it here.
If you need help installing it, follow the directions for installing Kali Linux for both Oracle VirtualBox and VMware.
Once installed, but sure to take a snapshot of it the same way we did for the Windows vulnerable host.
Hacking Capture the Flag (CTF)
In case you did not know, hacking can be a sport too. There are competitions hosted locally and online. Participants are given access to hosts specifically created for the tournament. Hackers and Penetration Testers attempt to capture as many flags as they can by gaining more and more access to the machine(s).
If you want to host a CTF machine yourself, you can find plenty at Vulnhub. Be advised that these will likely be much more difficult to gain root (administrative access) on compared to the Metaplsoitable2.
There are online services that provide similar types of real world objectives where you can legally practice hacking into a number of different hosts. If that is something you would be interested in, then CTF365 has a 30 days unlimited access trial.
If you are wanting to get a certification that shows your hacking prowess, then the Offensive Security Certified Professional (OSCP) is just for you. It has 3 different lab networks that you progressively gain access to as you compromise the different hosts in the labs. It culminates with a 24 hours exam where you must exploit five different hosts. Afterwards, you are given 24 hours to write your report.
Be sure to change all of your vulnerable hosts network settings in Oracle VirtualBox and VMware to Host Only. This will prevent anyone else from having an easy target to gain access to your network.
For Oracle VirtualBox, make the following changes in Settings.
For VMware, make the following changes in Virtual Machine Settings.
This limits the network access for the vulnerable host to a private network. It only interacts with your primary operating system. As a result, your vulnerable host will be invisible to everyone else. This will secure it from being a pivoting point for attackers into your network.