As a future ethical hacker, penetration tester, or cybersecurity professional, it's recommended that you test various techniques to simulate real-world attacks on different types of operating systems. At times, when you are conducting a penetration test or performing a vulnerability assessment on an organization's network and servers, you will encounter many different operating systems. We will be using the following operating systems in our lab environment, and I'll provide a download link for each operating system:
- Windows 10: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-10-enterprise
- Windows Server 2016: https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2016
- Ubuntu Server: https://www.ubuntu.com/download/server
- Kali Linux: https://www.kali.org/downloads/
- Metasploitable: https://sourceforge.net/projects/metasploitable/files/Metasploitable2/
- OWASPBWA: https://sourceforge.net/projects/owaspbwa/
Each operating system listed here has a unique purpose in our lab. In the remainder of this chapter, we will execute various types of attacks on each.
The Open Web Application Security Project (OWASP) (https://www.owasp.org) has created a virtual machine that allows cybersecurity professionals to execute various applications with known vulnerabilities; this is the OWASP Broken Web Applications (OWASPBWA) virtual machine. Metasploitable is a vulnerable Linux-based virtual machine created by Rapid7 (https://www.rapid7.com). Its objective is to help people learn about, and practice, penetration testing in a safe environment.
In this section, we covered the essentials of virtualization—including the core component, the hypervisor—and we are now ready to build virtual lab environments to support many operating systems and use cases. In the next section, we will be looking at putting all the pieces together and building our lab.