Hacking for beginners: Setup a Penetration testing Lab

This post may contain affiliate links/ads and I may earn a small commission when you click on the links/ads at no additional cost to you. As an Amazon Affiliate, I earn from qualifying purchases. Techsphinx also participates in the StationX Affiliate program. You can read my full disclaimer here.

Do you want to be a Hacker? Do you want to learn “hacking” and practice your pen-testing skills? If your answer is YES!! Then let me tell you, the best way to learn “hacking” is by doing. In this hacking for beginners post, you’ll learn to create your own pen-testing lab to practice your hacking skills.

In this scenario, the lab consists of 1 attacker machine (Kali Linux) and 2 victim machines (Windows and Metasploitable).

So, without wasting time, Let’s start.


  • A PC or Laptop with at least 4GB RAM.
  • VirtualBox
  • Kali Linux
  • Windows 10
  • Metasploitable

(Links to VirtualBox, Kali Linux Image, Windows 10 image and Metasploitable are provided in this post in their respective sections.)


VirtualBox is a software (a Hypervisor) that allows us to run an operating system (OS) inside another operating system using a technology known as virtualization.

In the world of virtualization, the main OS that is installed directly onto your hardware is known as a “host machine” or “host OS”, and the other one that is installed onto your hypervisor (In this case, VirtualBox) is known as a “virtual machine”, “guest machine” or “guest OS”.

A virtual machine has their own dedicated resources provided by the hypervisor taken from the main hardware, i.e. a portion of your ram, hard disk, and CPU form the main hardware is used by the guest OS when it is running. Also, the changes you make in the guest machine will not affect the host machine. They are like a whole different computer, just as you are using 2 laptops at the same time. Don’t worry if this is not clear now, when we install and run a virtual machine later in this post, you’ll know what I am talking about.

Install VirtualBox

Now, you know what is a virtualbox? Let’s see how to Install VirtualBox.

1.) Download VirtualBox and its extension pack from its official website. Make sure you download the version compatible with your OS.

2.) Once Downloaded, Start the installer.

3.) Click Next.

4.) Click Next.

5.) Again Click Next.

6.) Click Yes.

7.) Click Install.

8.) Click Install to install the device software.

9.) Click Finish.

Let’s now install the extension pack.

1.) Double click on the downloaded VirtualBox extension pack file.

2.) It’ll automatically open VirtualBox, then click install.

3.) Agree to the terms and conditions.

4,) Hit OK after successful installation.

Now you’ve successfully installed VirtualBox its time to install a guest OS.

Kali Linux

Kali Linux is an operating system specifically designed for “penetration testing” (pen-testing). It has all the necessary tools pre-installed that are used for hacking for beginners as well as pro-hackers.

You can go to offensive security website and learn more about Kali Linux, and OSCP certifications.

How to install Kali Linux in VirtualBox?

Offensive Security has provided VirtualBox images for Kali Linux, that is ready for use. You don’t have to install it; you just have to import it.

1.) Download Kali Linux VirtualBox image. (Make sure you don’t download the VMware image)

Kali VirtualBox Image

2.) Go to the downloaded location of Kali image & Double click on the Kali Linux “.ova” file. It’ll automatically open VirtualBox.

Double-Click the .ova file

3.) Click on import.

Click on Import

Please wait, until the import has finished then you can start your Kali Linux virtual machine.

The default username & password of Kali Linux is:

Username: root
Password: toor

How to Install Windows in VirtualBox?

Microsoft has also provided ready to use windows images for VirtualBox.

1.) Head on to this link and download the windows image, make sure you download windows 10 stable for VirtualBox.

2.) It will take some time to Download. After the download, go to the downloaded location and extract the downloaded zip file.

3.) Double click on the windows “.ova” file.

4.) It will automatically open VirtualBox. Click on import.

After importing you can start your windows virtual machine.

Windows VM Password : Passw0rd!


Metasploitable is a Linux distro that is designed vulnerable, you can say it as the opposite of Kali Linux, as Kali is designed for hacking whereas metasploitable is designed to be hacked.

It also comes with DVWA (Damn Vulnerable Web Application) & Mutillidae already installed, which makes it the best victim machine to practice hacking for beginners.

How to install Metasploitable in VirtualBox?

There is no actual need to install Metasploitable, we just need to import the already installed hard disk image of metasploitable.

1.) Download Metasploitable.

2.) Extract the zip file.

3.) Start VirtualBox and Create a New Machine.

4.) Fill out the fields, Name, OS version etc.

5.) Select the amount of RAM.

6.) Select Use existing hard disk

7.) Choose the “metasploitable.vmdk” from the extracted metsploitable folder.

8.) Click on create

Now, start the virtual machine.

Username: msfadmin
Password: msfadmin

Metasploitable has no Graphical interface like Kali and Windows, you have to do everything via terminal.

Configure NAT network for VirtualBox VMs.

1.) Open VirtualBox, Click on File.

2.) Select preferences.

3.) Click on Network.

4.) Click on the small Plus icon.

5.) A new network will be created, Click OK.

6.) Click on a VM (Make sure it’s not running)

7.) Click on Settings.

8.) Navigate to Network tab.

9.) Select “NAT network” in “attached to” dropdown and Select the name of the NAT network you created above.

10.) Hit OK.

Do this for all your VMs to have connectivity among them. (In my case, I’ve done this for KALI, Metaploitable and Windows. Make sure you select same NAT network name for each virtual machine.)

There you go, you have successfully created a lab to practice your skills. I hope you enjoyed this hacking for beginners guide.

If you encountered any problems, feel free to ask them in comments.

If you like this post, then follow Techsphinx on Facebook and Twitter for more reviews, tricks, tips and tutorials.

This article needs update or correction? Report the issue here so I can update it.

Like it? Share with your friends!

Rahul R Nair

Rahul is obsessed with technology and electronic devices. He is also the founder of TechSphinx. Being a technophile, he is always busy doing some techy stuff or learning about the latest technologies. When not busy with his usual routine (staring at the computer screen) he likes to write and share his knowledge with the world.
Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x