How to practice penetration testing safely?

Practicing penetration testing legally was always a difficult thing to do while learning this skill. This problem did exist years ago where even the information was not so organized and rare, and I personally face it when I was in the learning process. Fortunately, this problem does not exist anymore, and a lot of solution was made by experts to help you learning legally this skill. Therefore, How to practice penetration testing?

Practicing penetration testing can be done in two ways, locally by creating a virtual lab with multiple vulnerable machines in a personal computer, or by subscribing to a cloud one.

In this blog post, I will explain both solutions while giving my personal review of some of the cloud solutions that I have personally tested. Some of those solutions offer a FREE ACCESS to practice. So if you are interested just keep reading …

Practicing penetration test in a local lab

Penetration testing is a technical skill which means, practicing that knowledge is necessary to master it. As I said in the first paragraph of this blog post, practicing the penetration test skill in a safe and legal environment was the main problem to learn these skills.

To solve this issue, cybersecurity researchers started to create vulnerable application and machines and distribute it for free. Therefore, the idea was to download those machines and creating what we call a virtual lab.

Virtual penetration test labs are just a group of virtual machines that has a number of vulnerabilities that you need to find and exploit. You can imagine this like a sort of mathematic exercise designed to teach you a specific penetration test technique. Of course, once you download the machine you can perform a sort of reverse engineering and you can root it without going through the exercise. However, this is not the objective behind downloading and installing the machine, the idea is to learn new penetration testing techniques by trying to solve those exercises without cheating.

How to create a local penetration test lab?

When I was learning penetration test, even those vulnerable machine was not well known, as only a few machines were created and it was very difficult to download even just one virtual machine. Unfortunately, this was due to the size of those machines and the poor internet connection.

However, today this problem does not exist anymore, as more vulnerable machines have been created by the community and are ready to be legally hacked. In fact, now you can even create a local network of virtual vulnerable machines also called virtual penetration test lab.

To create a local penetration test lab, you will need to have:

1. A virtualization software
2. A virtual vulnerable machine

Taping the word “virtualization software” on google will give you a list of the best virtualization software in the market. However, most virtual machines created and shared in the community were made with the two most popular software (VMware and Virtualbox). Unfortunately, a lot of those machines would not work if you don’t use the right tool that they were created with.

VMware is a paid software and you will need a license to use his workstation version to be able to create and modify any virtual machine and trust me you will need this. Here is the link to the download platform of VMware where you can find all kinds of versions, VMware download interface The Virtualbox solution is in another hand a free open-source software. If you want to download the last version of it, here is the link to Virtualbox last versions download

Once you have a working virtualization software, you can start downloading the vulnerable machines. To do that you can visit the famous vulnhub, here is the link to the list of downloadable vulnerable machines.

Once you download the machine, you can then either started it by just clicking on it or by importing it. You can Google the virtual machine extension and you will get the needed information to make it work.

To be honest, this process is for technical people a headache as a lot of those machines cames with a bunch of problems due to the version of software used while creating the machine or due to the version of OS used. Therefore, the lab creation will require a lot of patience to deal with those machine’s problems.

Practicing penetration test in a cloud lab

If you are not a fan of kicking your head with the wall trying to figuring out how to fix a technical issue in one of those machines, then I highly recommend that you use a cloud lab. Now, this is something that didn’t exist when I first started, or even if it did, I think it wasn’t very popular so I can hear about it.

Cloud penetration test labs, are just a network of vulnerable virtual machines connected with each other to make you feel you are in a real network environment. Those cloud platforms offer both paid and free labs and a variety of machines started at once to practice. In the following section of this blog post, I will give you my personal review of those labs as I have tested some of them lastly.

Free penetration test cloud lab

I think the most popular free penetration test cloud lab is the one created by Hack the box (HTB). This virtual lab gives you access to a network of 20 machines started at once and ready to be hacked. The process of subscription is quite different from the normal one, as you need to solve a small task before being able to correctly subscribe. (I really don’t know if this still exists as this is what it was about 2 years ago). Here is the link to subscribe for the Hack the box lab (not an affiliate link don’t worry)

What I have liked in this lab is the way the machine’s difficulties are made. Rather than defining the difficulty of the machine at the beginning, the HTB team gives the users who finish the machine the ability to rate it from easy to hard. All those ratings are then displayed for the other users to see what the difficulty of the machine is. If many users find it difficult then, most ratings will be marked as difficult and the final difficulty would be Hard.

However, what I didn’t like here is the way those machines are created, I mean I was once a Capture the flag game player, and I felt that the machine was created with this in mind. Unfortunately, CTF machines are not in most cases realistic machines and will never be pedagogical.

Therefore, for a beginner, this virtual lab will be very difficult for him to start in the field and might even be discouraging. I highly do not recommend this free lab for beginners.

Another new free cloud lab is the TryHackMe. To be honest, I personally never tested this lab, but I’ve heard a lot of positive feedback about it and I think it is worth trying. One of the best things I heard about is that it is more pedagogical than HTB.

Paid penetration test cloud lab

Unfortunately, free cloud labs have some cons here is some of them:

• They suffer from low connectivity as the number of connected users is extremely high
• While performing a penetration test some exploits could crash or stop the vulnerable services and a reset of the whole machine would be needed. Multiple reverting of those machines could impact your learning progress.

Therefore, opting for a private paid lab is a good solution to avoid all these problems.

All the previously mentioned cloud labs offer premium labs for their solutions, some even give the solutions to their labs so that you can use them to help you progress even faster.