Creating virtual labs with Kali Linux, Metasploitable, Windows XP, and Windows 8 in

Oracle VirtualBox involves several steps. Below is a step-by-step guide along with
source links and a simplified diagram for better understanding.

Step 1: Download Required Software

● Download Oracle VirtualBox:
1. Oracle VirtualBox
Install Oracle Virtual Box - https://www.wikihow.com/Install-VirtualBox
● Download Operating System Images:
2. Kali Linux
Reference-
https://www.cyberithub.com/how-to-install-kali-linux-on-virtualbox-using-prebuilt-vm-i
mage/

3. Metasploitable
Reference link-
https://www.geeksforgeeks.org/how-to-install-metasploitable-2-in-virtualbo

Optional VMs below

4. Windows XP

Reference link- (any link to follow)

https://archive.org/details/windows-xp-all-sp-msdn-iso-files-en-de-ru-tr-x86-x64
https://ia601704.us.archive.org/16/items/XPProSP3ActivatedIE8WMP11/Windows
%20XP%20Professional%20SP3%20PreActivated%20with%20IE8%20and%20WMP11
.iso

5. Windows 8
Reference link-
https://drive.google.com/file/d/1KEcf4r9b6j-z-QxkJlEyaG2QP-VMQIzi/view
6. OWASP Broken Web Applications Project

https://sourceforge.net/projects/owaspbwa/

7. Bee WebApp
https://sourceforge.net/projects/bwapp/files/bee-box/bee-box_v1.6.7z/downl
oad

bee-box is a custom Linux VM pre-installed with bWAPP.With bee-box you

have the opportunity to explore all bWAPP vulnerabilities!bee-box gives you
 several ways to hack and deface the bWAPP website. It's even possible to
hack the bee-box to get root access...

Step 2: Install Oracle VirtualBox

​ Install Oracle VirtualBox on your host machine by following the installation
wizard.

Step 3: Create Virtual Machines (VMs) in VirtualBox

For Kali Linux:

​ Open VirtualBox and click "New."
​ Name: Kali Linux, Type: Linux, Version: Debian (64-bit).
​ Allocate at least 2GB RAM and create a new virtual hard disk.
​ Download Kali Linux ISO, attach it to the VM, and start the VM for installation.

For Metasploitable:
​ Create a new VM with the name Metasploitable, Type: Linux, Version: Ubuntu
(32-bit).
​ Allocate at least 512MB RAM and create a new virtual hard disk.
​ Download Metasploitable ISO, attach it to the VM, and start the VM for
installation.

For Windows XP:

​ Create a new VM with the name Windows XP, Type: Windows, Version:
Windows XP.
​ Allocate at least 512MB RAM and create a new virtual hard disk.
​ Download Windows XP ISO, attach it to the VM, and start the VM for
installation.

For Windows 8:
​ Create a new VM with the name Windows 8, Type: Windows, Version:
Windows 8.1 (64-bit).
​ Allocate at least 2GB RAM and create a new virtual hard disk.
​ Download Windows 8 ISO, attach it to the VM, and start the VM for
installation.
Step 4: Install Operating Systems
​ Follow the installation prompts for each operating system on its respective
VM.

Step 5: Configure Networking

​ Set up a host-only network in VirtualBox for internal communication between
VMs.
● Go to File -> Host Network Manager -> Create a new host-only network.
​ Attach each VM to the host-only network for communication.

Step 6: Optional - Snapshot VMs

​ Take snapshots of each VM to save a baseline configuration.

Step 7: Connect Kali Linux to Metasploitable

​ Open Kali Linux VM and ensure it is connected to the host-only network.
​ Obtain the IP address of Metasploitable (use ifconfig).
​ Use tools like nmap on Kali Linux to discover open ports on Metasploitable.

Step 8: Experiment with Vulnerabilities

​ Use tools like Metasploit on Kali Linux to identify and exploit vulnerabilities on
Metasploitable.
​ Experiment with various penetration testing techniques.

Step 9: Connect Windows XP and Windows 8

​ Ensure both Windows VMs are connected to the host-only network.
​ Use IP addresses to establish connections between Kali Linux and Windows
VMs.

Step 10: Experiment with Windows Systems

​ Use tools like Nmap, Wireshark, or Metasploit on Kali Linux to identify
vulnerabilities on Windows systems.
​ Experiment with penetration testing techniques on Windows XP and Windows
In details- VirtualBox Set up step
Step 1: Download VirtualBox
​ Open your web browser and go to the official VirtualBox website:
https://www.virtualbox.org/
​ Click on the "Downloads" menu.
​ Under "VirtualBox platform packages," find the version for Windows hosts, and
click on the link to download the installer.

Step 2: Run the Installer

​ Once the installer is downloaded, locate the file (usually in your Downloads
folder) and double-click on it to run the installation wizard.
​ If prompted by the User Account Control (UAC), click "Yes" to allow the
installation.

Step 3: Installation Wizard

​ The VirtualBox installation wizard will appear. Click "Next" to start the
installation.
​ Choose the components you want to install. The default settings are usually
sufficient for most users. Click "Next."
​ Choose whether you want to create shortcuts on your desktop and/or Start
menu. Click "Next."
​ Review the installation settings and click "Install" to begin the installation.
​ During the installation, you may see a prompt from the Oracle Universal
Installer asking to install device software. Click "Install."

Step 4: Complete the Installation

​ Once the installation is complete, click "Finish" to exit the wizard.

Step 5: Configure VirtualBox

​ After installation, launch VirtualBox from the desktop shortcut or the Start
menu.
 ​ You may be prompted to update the VirtualBox Extension Pack. You can
choose to update it immediately or later. The Extension Pack is optional but
provides additional features.

Step 6: Verify Installation

​ Open VirtualBox, and you should see the main VirtualBox Manager window.
​ The installation is successful if you can see the interface with no errors.

Step 7: Download Operating System Images (Optional)

​ While not required for VirtualBox installation, you may want to download
operating system images (ISO files) for the virtual machines you plan to
create.
​ For example, you can download images for Kali Linux, Windows, or any other
operating system you plan to run as a virtual machine.

Congratulations! You have successfully installed VirtualBox on your Windows laptop.

Now you can start creating and managing virtual machines for various operating
systems.

Kali linux setup Steps

Step 1: Download Kali Linux ISO

​ Go to the official Kali Linux website: https://www.kali.org/downloads/

​ Choose the appropriate version (e.g., Kali Linux 64-Bit) and download the ISO
image.

Step 2: Install Oracle VirtualBox

If you haven't installed VirtualBox yet, follow the steps in the previous answer to

install Oracle VirtualBox on your Windows laptop.

Step 3: Create a New Virtual Machine

​ Open VirtualBox.
​ Click on "New" to create a new virtual machine.
Step 4: Configure Virtual Machine Settings
​ Name and Operating System:
● Name: Enter a name for your virtual machine (e.g., Kali Linux).
● Type: Linux
● Version: Debian (64-bit) if you downloaded the 64-bit version;
otherwise, choose the appropriate version.
​ Memory (RAM):
● Assign at least 2 GB of RAM to the virtual machine. Adjust based on
your system's available resources.
​ Hard Disk:
● Choose "Create a virtual hard disk now" and click "Create."
​ Hard Disk File Type:
● Choose the default option (VDI) and click "Next."
​ Storage on Physical Hard Disk:
● Choose "Dynamically allocated" and click "Next."
​ File Location and Size:
● Choose the location to store the virtual hard disk and set the size. A
minimum of 25 GB is recommended. Click "Create."

Step 5: Attach Kali Linux ISO to Virtual Machine

​ With the new virtual machine selected, click on "Settings."
​ Go to the "Storage" tab.
​ In the "Controller: IDE" section, click on the empty disk icon under "Attributes."
​ Choose "Choose a disk file" and select the Kali Linux ISO you downloaded.

Step 6: Start the Virtual Machine

​ Select your Kali Linux virtual machine in VirtualBox.
​ Click on "Start" to launch the virtual machine.

Step 7: Install Kali Linux

​ The virtual machine will boot from the Kali Linux ISO. Follow the on-screen
instructions to install Kali Linux.
​ Choose your preferred language, location, keyboard layout, and configure the
network settings.
​ When prompted to set up users and passwords, follow the instructions.

Step 8: Complete Installation

 ​ Once the installation is complete, restart the virtual machine.
​ After restarting, log in with the credentials you created during the installation
process.

Congratulations! You have successfully installed Kali Linux in Oracle VirtualBox. You

can now use Kali Linux for various security testing and ethical hacking purposes

within the virtual environment.

Setup Metasploitable steps in Virtual Box

Step 1: Download Metasploitable VM Image

​ Go to the Metasploitable download page: Metasploitable Download.

​ Download the latest version of the Metasploitable VM image.

Step 2: Install Oracle VirtualBox (If Not Installed)

If you don't have Oracle VirtualBox installed on your machine, follow the steps

provided in a previous response to install it.

Step 3: Import Metasploitable VM into VirtualBox

​ Open Oracle VirtualBox.

​ Click on "File" in the menu, then select "Import Appliance."

​ In the Import Appliance window, click on the folder icon and navigate to the

downloaded Metasploitable VM image.

​ Select the Metasploitable VM file and click "Open."

​ Review the appliance settings and click "Import."

Step 4: Configure Metasploitable VM Settings

 ​ With the imported Metasploitable VM selected, click on "Settings."

​ Adjust the settings based on your system resources:

● Under the "System" tab, allocate sufficient RAM (e.g., at least 512 MB).

● Under the "Network" tab, ensure the "Attached to" field is set to "NAT" or

"Bridged Adapter."

Step 5: Start Metasploitable VM

​ Select the Metasploitable VM in Oracle VirtualBox.

​ Click on "Start" to launch the virtual machine.

Step 6: Verify Network Settings

​ Once the Metasploitable VM is booted, check the IP address assigned to it.

You can find this information by logging in or using the ifconfig command.

Step 7: Test Connectivity

​ Open a terminal or Command Prompt on your host machine.

​ Test the connectivity to the Metasploitable VM using the assigned IP address.

Step 8: Explore and Experiment

​ Metasploitable is intentionally vulnerable, so you can explore and experiment

with various security tools and techniques.

​ Use tools like Nmap, Wireshark, and Metasploit from your host machine to

test the vulnerabilities on Metasploitable.

Notes:
● Metasploitable is designed for educational and testing purposes. Use it

responsibly and ensure that you have permission to perform any security

testing.
 ● Always keep your Metasploitable VM up to date, and avoid exposing it to

external networks.

Congratulations! You have successfully set up Metasploitable in Oracle VirtualBox,

and you can now use it for security testing and ethical hacking practice within the

virtual environment.