I’m just putting together a proposal to establish a small suite where pupils can complete the practical elements of this course and wondered whether anyone out there has any good advice on potential pitfalls which I might avoid along the way? I’m looking at a stand-alone suite of 4-8 W10 machines networked via an old router.
Grateful for any advice or cautionary tales from others who have already been here…
I’ve managed to get Virtualbox and the Kali, Metasploitable, Windows XP SP0 virtual machines working on a test PC running windows 7 (an old machine that’s off network). In order to speed up the process of putting it onto another 17 machines, I’ve created appliances of metasploitable and winxp that can be loaded into virtualbox (the same way Kali is loaded). This means I don’t have to go through the installation procedures every time and they’ll all run without needing to play with the settings. I’ve written myself a little guide to remind myself if another 2 machines come my way in future. You can find this and the software on my department’s google drive. If it’s of any use to you or anyone trying to set up a “hacker lab” then please help yourself to it.
There is a virtualbox install for Ubuntu in there as well – 8 of my machines are laptops running that instead of Win7 but the standard windows installer is there as well.
Just an update to my post about the hacker lab setup.
I’ve reached the limit of the department’s google drive so I’ve had to remove the Kali and Metasploitable virtual machines from it. I’ve modified the setup file to provide details on where you can download both from. With the new version of Kali that came out this year, there were a number of problems to work around so there are more steps in this updated setup.
I also found a workaround for the SQA’s exercise on Cloning a Website. The problem stemmed from the fact that the task required the VM to have Internet access but the SQA have firmly said that they should not have access (no idea why that was missed by them). The toolkit used has got some templates it can use so I’ve successfully used these to complete the task.
The lesson on spoofing emails – I’m not even going to attempt this one because again, it requires Internet access. Given I’ve spent weeks trying to solve the clone task, I’m in no mood to try this.
I’ve kept the Win XP virtual machine on the google drive as this seems a bit harder to find online.
Thanks for your feedback on this, I got sidetracked by all sorts so have not been back here in ages to check it out. We had some discussion about getting a set-up established by the local authority tech team, but latest word on this appears to be “talk to google about doing this in the cloud” which seems to be a bit at conflict with the directions provided in the Educator’s Guide and, to be perfectly honest, stretching my personal ability to know what to ask for!
Realy positive discussion today with Microsoft, looks like we can implement a hacking lab in a virtualised sandbox for what appears to be a fair price (about £130ish for a class of 20 to get through all required activities). Hope to see a demo soon, will update with review soon.
Progress report – we now have an AZURE virtual machine which I am trying to work with, however VirtualBox is throwing errors because we cannot seem to implement hardware accelleration which is required to create 64bit Kali or Metasploitable machines. While Microsoft and Stirling Council are working to address this issue, yesterday I had an epiphany….
Since all pupils will have Chromebooks across our council area (thank you Covid) we have a pile of laptops which have suddenly become redundant. I started work cleaning one of these up to make it into a dedicated hacking lab yesterday, as this is clearly the sort of solution expected by the course writers. While the VM is clearly an infinitly sexier solution, repurposing existing hardware is looking like being a much simpler job, and given we have the machines sitting idle on a shelf, one I’m tending to regard as the way to go now.
Ken, I’d recommend Ubuntu for those old laptops if you’re unable to use the windows build (ours came from Sky and had no OS. Also, the LA wouldn’t touch them with a barge pole so no Windows). There’s an install of Kali for Ubuntu and it works quite well.
Cheers Alex, they are all existing Windows machines, so just going to rip off all non-essential software, clean up the registry and HD then set up with VirtualBox and take it from there. Might also get the DF software on them too, simplify a bit of that unit too…
Unfortunately in Highland – where we have Chromebooks already – the delivery is virtual and my actual presence in the classrooms to find the old laptops and re-purpose them not possible. If the Microsoft offer needs someone to support it please let me know…
I’ve left the virtual hacking lab to lie for a while but hope to give it another bash during the forthcoming break. Meanwhile it’s looking more and more likely that I’ll be trying to re-image old laptops to get them to enable the hacking tools.
Alex, is this likely to be as simple as formatting the HD and booting from a USB imaged with Ubuntu? Am about to google the process as it’s not one I’ve previously dabbled with but keen to hear from someone with prior knowledge…
Ken, I found the Ubuntu install pretty straightforward to begin with. I had the image on a USB and installed it from that in school. The installation was even simpler than a windows one! I then ran into issues getting virtualbox on it as Ubuntu needed to update it’s app store (despite having the deb file for it) but it wasn’t able to connect to the school network. I just took the machines home and did that part there (I looked like a proper thief walking out of the building with a bag of laptops).
It was my first foray into Linux and it was quite good. I looked at the Digital Forensics software to see if there were compatible versions so I could just bin Windows on the desktops too and it’s not very promising. You can get Autopsy for it, but FTK Imagers only has a command-line interface version and given some of the kids we have doing this course, I think that might be a push too far for them.
Alex, I was that thief yesterday afternoon, got an old laptop home, imaged it with Ubuntu and started with the installation of VirtualBox. Got an issue with conflicting extension pack but reckon I have that sorted and will get that working tonight. I think I will be up and running for EH by the start of next week now, finally, after over a year of fighting!
I spent ages on it too. I’m still fighting the good fight, trying to get physical target machines for the kiddies to hack. I’ve run into locked BIOSes.. BIOSus…BIOSses…yeah, that, I’ve also had antivirus that can only be removed by having the technician put it back in the network but because the machines are so old, he’s not allowed to put them back on. It just seems never ending! It is a welcome distraction from my day-to-day living hell though, so that’s something 😀
You must be logged in to reply to this topic.