LAB-SETUP.md

Password Cracking Lab - Complete Setup Guide

🎯 Overview

This guide provides step-by-step instructions to replicate the password cracking lab environment using VirtualBox, Kali Linux, and Ubuntu Server.

📋 Prerequisites

Hardware Requirements

• Minimum: 8GB RAM, 50GB free disk space
• Recommended: 16GB RAM, 100GB free disk space
• CPU with virtualization support (Intel VT-x or AMD-V)

Software Requirements

• VirtualBox 7.0 or later (Download)
• Kali Linux ISO (Download)
• Ubuntu Server ISO 22.04 LTS or later (Download)

---

🖥️ Part 1: VirtualBox Network Configuration

Step 1: Enable Virtualization in BIOS

1. Restart your computer and enter BIOS/UEFI settings
2. Navigate to CPU/Processor settings
3. Enable Intel VT-x (Intel) or AMD-V (AMD)
4. Save and exit BIOS

Step 2: Create VirtualBox Host-Only Network

This creates an isolated network for your VMs to communicate.

1. Open VirtualBox Manager
2. Go to File → Tools → Network Manager
3. Click the Host-only Networks tab
4. Click Create (or verify vboxnet0 exists)
5. Configure the adapter:

   IPv4 Address: 192.168.56.1
   IPv4 Network Mask: 255.255.255.0
   

6. In the DHCP Server tab:
   • ☑ Enable Server
   • Server Address: 192.168.56.100
   • Server Mask: 255.255.255.0
   • Lower Address Bound: 192.168.56.101
   • Upper Address Bound: 192.168.56.254
7. Click Apply

Step 3: Verify Network Configuration

# On your host machine
ip addr show vboxnet0
# Should show: 192.168.56.1/24

---

🐧 Part 2: Kali Linux VM Setup

Step 1: Create Kali Linux Virtual Machine

1. Open VirtualBox → Click New
2. Configure VM:

   Name: Kali-Attacker
   Type: Linux
   Version: Debian (64-bit)
   

3. Memory allocation: 4096 MB (4GB minimum)
4. Create virtual hard disk: 80 GB (VDI, dynamically allocated)

Step 2: Configure VM Settings

1. Select the VM → Click Settings
2. System tab:
   • Processor: Allocate 2-4 CPUs
   • ☑ Enable PAE/NX
3. Network tab:
   • Adapter 1:
     • ☑ Enable Network Adapter
     • Attached to: NAT (for internet access)
   • Adapter 2:
     • ☑ Enable Network Adapter
     • Attached to: Host-only Adapter
     • Name: vboxnet0

Step 3: Install Kali Linux

1. Attach Kali ISO to the VM
2. Start the VM and follow installation:
   • Graphical Install
   • Hostname: kali-attacker
   • Domain: (leave blank)
   • Username: appledev (or your choice)
   • Password: (choose a strong password)
   • Partitioning: Guided - use entire disk
   • Install GRUB bootloader
3. After installation, remove ISO and reboot

Step 4: Configure Kali Network

# Check network interfaces
ip addr show

# You should see:
# - eth0 or ens33 (NAT - internet)
# - eth1 or ens37 (Host-only - 192.168.56.x)

# If Host-only adapter doesn't have an IP, configure it:
sudo nano /etc/network/interfaces

# Add these lines:
auto eth1
iface eth1 inet dhcp

# Restart networking
sudo systemctl restart networking

# Verify connectivity
ip addr show eth1
# Should show IP in 192.168.56.x range

Step 5: Update Kali Linux

sudo apt update && sudo apt full-upgrade -y
sudo apt install -y john wordlists

---

🎯 Part 3: Ubuntu Server VM Setup

Step 1: Create Ubuntu Server Virtual Machine

1. Open VirtualBox → Click New
2. Configure VM:

   Name: Ubuntu-Target
   Type: Linux
   Version: Ubuntu (64-bit)
   

3. Memory allocation: 2048 MB (2GB)
4. Create virtual hard disk: 25 GB (VDI, dynamically allocated)

Step 2: Configure VM Settings

1. Select the VM → Click Settings
2. System tab:
   • Processor: Allocate 1-2 CPUs
3. Network tab:
   • Adapter 1:
     • ☑ Enable Network Adapter
     • Attached to: Host-only Adapter
     • Name: vboxnet0
   • Adapter 2 (optional for internet):
     • ☑ Enable Network Adapter
     • Attached to: NAT

Step 3: Install Ubuntu Server

1. Attach Ubuntu Server ISO to the VM
2. Start the VM and follow installation:
   • Select your language
   • Network connections:
     • Configure enp0s3 (Host-only) with DHCP or static IP 192.168.56.102
   • Hostname: ubuntu-target
   • Username: student
   • Password: student (weak password for testing purposes)
   • ☑ Install OpenSSH server
   • No additional snaps needed
3. After installation, remove ISO and reboot

Step 4: Configure Static IP (Recommended)

# Login as student
sudo nano /etc/netplan/00-installer-config.yaml

# Configure as follows:
network:
  version: 2
  ethernets:
    enp0s3:
      addresses:
        - 192.168.56.102/24
      nameservers:
        addresses:
          - 8.8.8.8
          - 8.8.4.4

# Apply configuration
sudo netplan apply

# Verify
ip addr show enp0s3

---

🔐 Part 4: SSH Configuration on Port 2222

Step 1: Backup Original SSH Config

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Step 2: Modify SSH Configuration

sudo nano /etc/ssh/sshd_config

# Find and modify these lines:
Port 2222
PermitRootLogin no
PasswordAuthentication yes
PubkeyAuthentication yes

Step 3: Restart SSH Service

sudo systemctl restart sshd

# Verify SSH is listening on port 2222
sudo ss -tlnp | grep 2222
# Should show: LISTEN on 0.0.0.0:2222

Step 4: Test SSH Connection from Kali

# From Kali Linux
ssh -p 2222 student@192.168.56.102

# If successful, you should see Ubuntu login prompt
# Enter password: student

---

👥 Part 5: Creating Test User Accounts

On Ubuntu Server, create multiple test accounts with various password strengths:

# Switch to root or use sudo for each command

# 1. Create user 'student' (already exists from installation)
# Password: student (weak - username equals password)

# 2. Create user 'temu' with a moderate password
sudo useradd -m -s /bin/bash temu
echo 'temu:P@ssw0rd123' | sudo chpasswd

# 3. Create user 'testuser1' with a stronger password
sudo useradd -m -s /bin/bash testuser1
echo 'testuser1:C0mpl3x!ty2024' | sudo chpasswd

# 4. Create user 'testuser2' with another test password
sudo useradd -m -s /bin/bash testuser2
echo 'testuser2:MyS3cur3P@ss' | sudo chpasswd

# 5. Create user 'weakuser' with a dictionary word
sudo useradd -m -s /bin/bash weakuser
echo 'weakuser:password123' | sudo chpasswd

# 6. Create user 'testuser3' (disabled account)
sudo useradd -m -s /bin/bash testuser3
sudo passwd -l testuser3  # Lock the account

# Verify users were created
cat /etc/passwd | grep -E 'student|temu|testuser|weakuser'

Set Proper Permissions on Home Directories

# Ensure home directories exist with correct permissions
sudo chmod 755 /home/student
sudo chmod 755 /home/temu
sudo chmod 755 /home/testuser1
sudo chmod 755 /home/testuser2
sudo chmod 755 /home/weakuser
sudo chmod 755 /home/testuser3

---

🌐 Part 6: Network Routing & Connectivity

Step 1: Verify Network Connectivity

From Kali Linux:

# Check routing table
ip route

# Should show routes like:
# default via 192.168.1.1 dev eth0 (NAT - internet)
# 192.168.56.0/24 dev eth1 (Host-only - lab network)

# Test connectivity to Ubuntu Server
ping -c 4 192.168.56.102

# Test SSH connectivity
nc -zv 192.168.56.102 2222
# Should show: Connection to 192.168.56.102 2222 port [tcp/*] succeeded!

From Ubuntu Server:

# Check routing table
ip route

# Test connectivity to Kali
ping -c 4 192.168.56.1  # VirtualBox host
# Note: You might not be able to ping Kali directly if firewall is enabled

# Verify SSH service
sudo systemctl status sshd

Step 2: Configure Firewall (Optional but Recommended)

On Ubuntu Server:

# Enable UFW firewall
sudo ufw enable

# Allow SSH on port 2222
sudo ufw allow 2222/tcp

# Allow from specific IP (Kali) only
sudo ufw allow from 192.168.56.0/24 to any port 2222

# Check status
sudo ufw status verbose

On Kali Linux:

# Kali typically has firewall disabled by default
# If you want to enable it:
sudo ufw enable
sudo ufw allow out to 192.168.56.0/24

---

📁 Part 7: Preparing Files for Extraction

On Ubuntu Server, copy passwd and shadow files:

# Login as student
cd /home/student

# Copy passwd file (world-readable)
cp /etc/passwd passwd.lab

# Copy shadow file (requires root)
sudo cp /etc/shadow shadow.lab

# Change ownership to student
sudo chown student:student shadow.lab

# Set appropriate permissions for lab
chmod 644 passwd.lab
chmod 600 shadow.lab

# Verify files
ls -l *.lab

---

✅ Part 8: Testing the Complete Setup

Connectivity Test

# From Kali Linux

# 1. Ping test
ping -c 4 192.168.56.102

# 2. SSH test
ssh -p 2222 student@192.168.56.102
# Enter password: student
# Should successfully login

# 3. Exit SSH
exit

File Transfer Test

# From Kali Linux

# Create a test directory
mkdir ~/lab-test

# Transfer files via SCP
scp -P 2222 student@192.168.56.102:/home/student/passwd.lab ~/lab-test/
scp -P 2222 student@192.168.56.102:/home/student/shadow.lab ~/lab-test/

# Verify files were transferred
ls -l ~/lab-test/
cat ~/lab-test/passwd.lab

Password Cracking Test

# From Kali Linux in ~/lab-test

# Combine files
unshadow passwd.lab shadow.lab > unshadow.txt

# Run John the Ripper
john --wordlist=/usr/share/wordlists/rockyou.txt unshadow.txt

# Should crack 'student' account quickly

---

🔧 Troubleshooting

Issue: Cannot SSH to Ubuntu Server

# On Ubuntu Server, check SSH status
sudo systemctl status sshd

# Check if port 2222 is listening
sudo ss -tlnp | grep 2222

# Check firewall
sudo ufw status

# View SSH logs
sudo tail -f /var/log/auth.log

Issue: Network Not Reachable

# On Kali, verify Host-only adapter
ip addr show eth1

# On Ubuntu, verify network configuration
ip addr show enp0s3

# Restart networking on Ubuntu
sudo netplan apply

# On Kali
sudo systemctl restart networking

Issue: Permission Denied when copying shadow.lab

# On Ubuntu Server
sudo chmod 644 /home/student/shadow.lab
sudo chown student:student /home/student/shadow.lab

Issue: VirtualBox Host-Only Network Not Working

# Reinstall VirtualBox network drivers
# On Linux host:
sudo /sbin/vboxconfig

# On Windows host:
# Control Panel → Network → Change Adapter Settings
# Right-click VirtualBox Host-Only → Disable, then Enable

---

📸 Screenshots to Include in Documentation

1. VirtualBox Network Manager showing Host-only configuration
2. Kali VM settings showing dual network adapters
3. Ubuntu VM settings showing Host-only adapter
4. Terminal showing successful SSH connection
5. John the Ripper cracking output
6. Network routing tables from both VMs

---

🔒 Security Best Practices

After Lab Completion:

1. Snapshot VMs: Take snapshots before and after testing
2. Disable/Delete VMs: When not in use, shut down or remove
3. Change Passwords: If reusing VMs, change all test passwords
4. Network Isolation: Keep VMs on Host-only network only
5. No Production Data: Never use real credentials in lab environment

During Testing:

1. Document Everything: Keep logs of all commands and results
2. Legal Compliance: Ensure you own all systems being tested
3. Ethical Boundaries: Practice responsible disclosure
4. Data Protection: Don't share actual password hashes publicly

---

📚 Additional Resources

• VirtualBox Documentation
• Ubuntu Server Guide
• Kali Linux Documentation
• OpenSSH Configuration
• John the Ripper Documentation

---

🎓 Learning Objectives Achieved

By completing this setup, you will have:

• ✅ Configured virtual network infrastructure
• ✅ Deployed Linux servers in isolated environments
• ✅ Configured SSH with custom ports
• ✅ Practiced secure file transfer protocols
• ✅ Created realistic penetration testing scenarios
• ✅ Understood network segmentation concepts
• ✅ Gained hands-on experience with security tools

---

📝 Next Steps

1. Complete the password cracking lab (see main README.md)
2. Experiment with different hash algorithms
3. Try Hashcat for GPU-accelerated cracking
4. Set up additional services (FTP, HTTP) for testing
5. Practice privilege escalation techniques
6. Document your findings and create a portfolio project

---

Remember: This lab environment is for educational purposes only. Always practice ethical hacking and obtain proper authorization before testing any systems you don't own.