Skip to content

Beantown02122/virtualbox-pentest-lab

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
diagrams
diagrams
 
 
screenshots
screenshots
 
 
README.md
README.md
 
 

Repository files navigation

VirtualBox Penetration Testing Lab

Project Objective

Build an isolated penetration testing lab using Oracle VirtualBox to simulate a vulnerable internal network. The objective was to perform structured reconnaissance, host discovery, and service enumeration while documenting findings in a controlled NAT environment.

This project demonstrates practical skills in network analysis, attack surface identification, and security assessment methodology.

Lab Environment

  • Host System: Windows 11
  • Hypervisor: Oracle VirtualBox
  • Attacker Machine: Kali Linux
  • Target Machine: Metasploitable 2
  • Network Configuration: NAT Network (10.0.2.0/24)

Tools Used

  • Nmap
  • Netcat
  • Wireshark
  • theHarvester
  • WHOIS
  • dig
  • nslookup
  • Shodan

Methodology

This lab followed a structured two-phase approach:

  1. Passive reconnaissance using public intelligence sources
  2. Active enumeration inside an isolated virtual network

Passive Reconnaissance

WHOIS Lookup

WHOIS

DNS NS Record Enumeration (dig)

![DIG NS](screenshots/dig ns.png)

DNS MX Record Enumeration (dig)

![DIG MX](screenshots/dig mx.png)

NSLookup Verification

NSLookup

theHarvester Enumeration

theHarvester

Shodan Research

Shodan

Active Enumeration

Attacker Machine IP (Kali Linux)

Kali IP

Target Machine IP (Metasploitable)

Target IP

Connectivity Test (Ping)

Ping Test

Host Discovery Scan (nmap -sn)

Host Discovery

Basic Port Scan (nmap)

Basic Scan

Service Version Enumeration (nmap -sV)

Service Scan

FTP Banner Grabbing (Netcat)

FTP Banner

Packet Capture Analysis (Wireshark)

Wireshark

Findings

  • Multiple open TCP ports and services were identified on the target system.
  • Service enumeration revealed outdated and potentially vulnerable software versions.
  • Enumeration provided enough intelligence to identify high-risk exposure areas without executing exploits.

Risk Analysis

Open and outdated services increase attack surface exposure. Service version details can enable targeted exploitation. Proper segmentation and service restriction reduce exposure.

Security Recommendations

  • Disable unused services
  • Restrict inbound access using firewall rules
  • Apply patch management and keep services updated
  • Segment networks to limit lateral movement

Lessons Learned

  • Structured methodology improves accuracy and reduces missed findings
  • Enumeration provides high-value intelligence
  • Documentation quality matters in professional reporting
  • Lab isolation is essential when testing vulnerable systems

About

Isolated VirtualBox penetration testing lab demonstrating structured reconnaissance, service enumeration, and attack surface analysis using Kali Linux and Metasploitable

Topics

virtualbox cybersecurity nmap penetration-testing kali-linux ethical-hacking network-security

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors