PEN-101 Setup Guide

Kali Linux, authorized lab targets, and legal-authorization checklist. Complete everything on this page before Week 1 begins.

Legal and authorization checklist

Read this section before you touch a single tool. The items below are not formalities.

• You understand the bright line. Authorized testing means you own the system or have explicit written permission from the system owner. Everything else is unauthorized access. In the United States, the Computer Fraud and Abuse Act (CFAA, 18 U.S.C. 1030) makes unauthorized computer access a federal crime regardless of intent or whether you found anything.
• You understand what this course authorizes. This course authorizes you to use penetration testing tools and techniques against the specific systems listed in each lab, in the local lab environment described in each lab, during the lab session. It does not authorize you to scan, probe, or test any other system.
• You have read and signed the academy's lab-use agreement. The agreement specifies the authorized target ranges, the lab session windows, and the reporting obligation if you accidentally reach a system outside scope.
• You know the emergency stop. If you realize you have accessed a system that is not an authorized lab target, stop immediately, do not continue, document what happened with a timestamp, and contact your instructor within 30 minutes.
• You understand CTF and authorized range ethics. TryHackMe, HackTheBox, and VulnHub machines are explicitly authorized targets when accessed through those platforms' interfaces per their terms of service. They are not general permission to probe any IP address.

Host system requirements

Enable virtualization extensions in your BIOS before proceeding. On most modern machines it is off by default. The exact menu path varies by manufacturer; search for your model + "enable virtualization BIOS."

Kali Linux installation

Kali Linux (kali.org) is the Debian-based distribution that comes with the tooling this course uses pre-installed. The course uses Kali in a virtual machine on your host OS; do not install Kali as your only OS on a personal machine used for other work.

Step 1: Install a hypervisor

VMware Workstation Player (Windows/Linux) or VMware Fusion Player (macOS) -- free for personal use at broadcom.com/products/software/vmware. VirtualBox (virtualbox.org) is also acceptable and runs on all three host platforms.

Step 2: Download the Kali VM image

Download the pre-built VMware or VirtualBox VM image from kali.org/get-kali/#kali-virtual-machines. Using the pre-built image is faster and avoids installer edge cases.

Verify the SHA256 checksum before booting:

sha256sum kali-linux-2024.x-vmware-amd64.7z
# compare against the hash on kali.org

Step 3: Import and boot

Extract the 7z archive (7-zip.org). In your hypervisor, open/import the .vmx or .ova file and click Play. Default credentials: kali / kali. Change the password immediately after first login.

Step 4: Configure the network adapter

For local lab work (Metasploitable, DVWA, WebGoat), use Host-Only networking so your attack traffic never touches your real LAN or the Internet. The hypervisor creates a private virtual network the VMs share.

For OSINT labs (Lab 2) and TryHackMe/HTB engagement, use NAT so Kali has Internet access through your host. Switch back to Host-Only for exploitation labs.

Do not use Bridged networking for exploitation labs. Bridged networking puts your attack traffic on the real LAN and can affect systems you have no authorization to touch.

Step 5: Update Kali

sudo apt update && sudo apt full-upgrade -y

Allow 20-40 minutes on first run. Run this before each lab session.

Step 6: Verify the tool inventory

The following tools must be present. All are included in Kali by default:

nmap --version
masscan --version
msfconsole --version
sqlmap --version
hydra --version
hashcat --version
burpsuite   # launches the GUI
zaproxy     # or owasp-zap

Install Nuclei (not in Kali by default):

sudo apt install golang-go -y
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@latest
echo 'export PATH=$PATH:~/go/bin' >> ~/.bashrc && source ~/.bashrc
nuclei --version

Install Impacket (Python library + scripts):

pip3 install impacket
# verify:
python3 -c "import impacket; print(impacket.__version__)"

Lab target virtual machines

Metasploitable 2

Metasploitable 2 is an intentionally vulnerable Linux VM created by Rapid7 for security training. It is the primary target for Labs 5 and 7.

Download: sourceforge.net/projects/metasploitable/

Important: Metasploitable must run on Host-Only or an isolated NAT network. It has no firewall and is trivially exploitable. Never connect it to a network with other devices.

Boot sequence:

1. Import the VMDK into VMware/VirtualBox.
2. Set the network adapter to Host-Only (same virtual network as Kali).
3. Boot. Default credentials: msfadmin / msfadmin.
4. Note the IP address: ifconfig or check the boot screen.

Confirm Kali can reach it: ping <metasploitable-ip>

DVWA (Damn Vulnerable Web Application)

DVWA is a PHP/MySQL web application for practicing web attacks. Lab 4 and Lab 5 use it.

Docker install (recommended):

sudo apt install docker.io -y
sudo docker pull vulnerables/web-dvwa
sudo docker run -d -p 80:80 vulnerables/web-dvwa
# access at http://127.0.0.1 from Kali

Login: admin / password. Click "Create / Reset Database" after first login.

OWASP Juice Shop

Juice Shop is a modern Node.js web application with intentional OWASP Top 10 vulnerabilities. Lab 8 primary target.

Docker install:

sudo docker pull bkimminich/juice-shop
sudo docker run -d -p 3000:3000 bkimminich/juice-shop
# access at http://127.0.0.1:3000

OWASP WebGoat

WebGoat is a Java web application for practicing server-side injection patterns. Lab 8 secondary target.

sudo docker pull webgoat/webgoat
sudo docker run -d -p 8080:8080 -p 9090:9090 webgoat/webgoat
# access at http://127.0.0.1:8080/WebGoat

HackTheBox / TryHackMe (Labs 7, 10)

These platforms provide authorized lab environments accessible over VPN. Create an account at each:

• HackTheBox: hacktheox.eu/register (free Starter tier sufficient for retired machines)
• TryHackMe: tryhackme.com (free tier sufficient for this course)

Each platform provides a .ovpn file you import into Kali to connect:

sudo openvpn your-platform-vpn-file.ovpn

Verify connectivity to the assigned lab machine's IP before each session.

Note-taking discipline

OSCP and professional engagements require meticulous evidence preservation. Start that discipline now.

Create a course workspace directory and a Git repository:

mkdir -p ~/pen101-workspace/{notes,screenshots,evidence,reports}
cd ~/pen101-workspace
git init
echo "# PEN-101 Workspace" > README.md
git add . && git commit -m "workspace init"

For each lab session, create a dated directory and capture every command, its output, and timestamps. The script utility captures a full terminal session:

script -a ~/pen101-workspace/evidence/lab-07-session.log
# ... do your work ...
exit  # ends the script session

Screenshot every meaningful step. On Kali: PrtSc for full screen, Shift+PrtSc for region select.

Why this matters: The capstone report must be reproducible from your evidence alone. An exploit you cannot re-demonstrate from your notes is a finding you cannot include in a professional report.

Before Week 1

Confirm all of the following are ready:

• Kali Linux VM boots and is up to date
• Metasploitable 2 VM is on Host-Only network and Kali can ping it
• DVWA is running in Docker and accessible at http://127.0.0.1
• Juice Shop is running in Docker at http://127.0.0.1:3000
• WebGoat is running in Docker at http://127.0.0.1:8080/WebGoat
• Nmap, Masscan, sqlmap, Metasploit, Nuclei, Impacket all verify
• pen101-workspace Git repo initialized
• Legal-authorization checklist above completed
• Academy lab-use agreement signed and submitted

If anything above does not work before Week 1, post in the course support channel with the exact error message. Do not wait until lab time.