As a security professional, you need to know how attackers will exploit system vulnerabilities to gain unauthorized access to your company’s network. The best way to learn hacking techniques is to try them yourself. This method provides a deep understanding of how networked computer systems behave and how best to protect them from attack.
But how can you “practice” breaking into real systems without risking real damage to someone else’s property and potential repercussions for your career? The last thing you want is to have your learning activities mischaracterized as black-hat hacking or to cause real data loss for a reputable organization.
A Safe Playground for Learning Ethical Hacking
Fortunately, ethical hacking professionals can take advantage of a library of downloadable virtual machines that are ripe for attacking, and 100% safe from those risks. The idea is simple: you run your own copy of a virtual machine that contains some vulnerabilities and then deploy your knowledge and tools to try to gain root access. You can find a catalog of such machines at VulnHub.
What is VulnHub?
VulnHub’s stated goal is to “provide materials that allow anyone to gain practical hands-on experience in digital security, computer software & network administration.” They do this by making virtual machines available to download for free which contain one or more known vulnerabilities that could be exploited by an attacker.
When you download and run one of VulnHub’s virtual machines on your VMWare or VirtualBox host, it becomes available to you as a “black box” for probing and testing. Machines are vulnerable by design and available in a variety of difficulty levels, so there is something for everyone regardless of your experience in penetration testing. Your goal is to find the vulnerability and exploit it to gain root access.
VulnHub describes their varying degrees of difficulty–from ‘very easy’ to ‘very hard’–according to the types of attacks that would need to be deployed in order to gain root access:
- Brute force
- No information needs to be gathered (able to guess) about the target
- Singe vector for completing the machine
- Software exploits where code is suitable out of the box (no modifications/alterations required) (e.g. SearchSploit/Metasploit-Framework)
- SQL injection
Often no need to escalate privileges, as already as the highest user (root access) when getting initial access
Vulnerability types (“Very Easy” as well as the following):
- Command injection
- File inclusions
- Hash cracking
- Kernel exploits for privilege escalation
- Very little amount of information needs to be gathered about the target
A single exploit to get initial access, another single exploit for privilege escalation
Vulnerability types (“Very Easy + Easy” as well as the following):
- Cross-Site scripting
- Multiple vectors
- Software exploits where code requires some modifications/alterations for it to work (e.g. SearchSploit)
- System administrator knowledge
- Privilege escalation is required
In order to get root access, you may need to use a few vulnerabilities (short chain)
Vulnerability types (“Very Easy + Easy + Medium” as well as the following):
- Harden/Defense enabled on the Operating System
- No public software exploits
- Time-based challenge limitations
In order to get initial & root access, having to chain multiple vulnerabilities (long chain)
Vulnerability types (“Very Easy + Easy + Medium + Hard” as well as the following):
- The Unknown
In order to get initial & root access, having to chain multiple vulnerabilities in various different ways
Ready to learn more about ethical hacking?
If you’re ready to dive in and learn more about ethical hacking techniques you can use against the machines available on VulnHub, I highly recommend the book The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws by Dafydd Stuttard. You can take the techniques outlined in this book and apply them to the available machines on VulnHub to quickly become skilled at ethical hacking.