Getting Started with Kali and Vulnhubs

Now that you have decided to start learning some offensive skills, where should you start? This is the most asked question from folks just climbing into the arena. Luckily there are loads of free tools and guides out there. This post is meant to get you up and running with an Operating System and the tools you need as well as a machine to test against.
Download and Install VMware Player
I am partial to VMware because that is what I use, however, virtual box is out there as well. VMware Player can be downloaded from here:
 https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/12_0.
Download and Install Kali
Kali can be found on the Offensive Security website as they are the ones that maintain the project now (https://www.offensive-security.com/kali-linux-vmware-virtualbox-image-download/). In order to get the operating system going:

1. Navigate to download and unzip file
2. In VMware Player -> Home -> Open a Virtual Machine:
3. Navigate to the .vmx file and click open
4. Power On Virtual Machine
5. Once Kali loads, the username is “root” and password is “toor”

NOTE: You may need to install software to uncompress the Kali image. I recommend 7zip found here.
NOTE: Some people have issues here related to Intel VT-x not being enabled. Simply enable and you are good to go. Follow the section "Turn Intel VT-x On in Your BIOS or UEFI Firmware​" on this page.
Find a Victim Test Machine
Now that we have Kali up and running let’s find a victim to start practicing on. Vulnhub is a great place to find vulnerable Virtual Machines and has much user-driven content. At the link https://www.vulnhub.com/faq/ vulnhub recommends De-ICE: S1.100, De-ICE: S1.110 & De-ICE: S2.100, Metasploitable 1.0, and pWnOS 1.0 as starter VM’s. I will use Metasploitable as an example and I highly recommend starting with this one.  Perhaps I am a little biased and started here myself, but it has many vulnerabilities and great walkthroughs.
Download and Install Metasploitable
Link: https://www.vulnhub.com/entry/metasploitable_1,28/
Choose Download (Mirror)
Setting Up The Lab
The Installation of the virtual machine is the same as above except we now need to set up our lab network. After you have downloaded the VM and opened up the .vmx file in VMware, we click the Network Adapter link on the left-hand side.
Make sure that host only is selected in the configurations. This will put the vulnerable system on an isolated virtual network.
Also ensure you take the same steps with Kali, so that the two host may communicate.

Begin Attacking
Now that the home lab is up and running it is time to start having some fun. New folks usually have difficulties at this point as they don’t have an idea of where to start with an attack methodology. Fortunately, every VM has a walkthrough on vulnhub. Just scroll down and you will see an expandable tab.

A good walk through is found at https://tehaurum.wordpress.com/2015/06/13/metasploitable-walkthrough-an-exploitation-guide/. Unfortunately, these guides start with a service scan and not a discovery scan but at this point, we do not know the IP address of the target so would not be able to follow the examples directly.

Target Discovery
Host discovery is one of the initial steps when beginning reconnaissance activity. We must find the targets before any other targeted recon can take place. Nmap is our tool of choice for this discovery and is a simple but powerful command line utility.
We first we open a terminal in kali by clicking the terminal icon on the left. It is the black screen with a dollar sign ($) and underscore(_).

Next run ifconfig to determine the subnet kali is on.

Looking at the subnet mask, I am on a Class C subnet (255.255.255.0). This means that the only numbers available are the last octet or where the zero is located. The addresses available are 192.168.206.0 to 192.168.206.255. I won’t get into networking theory, as that is something you should be looking up yourself. We can represent these ranges in two simple forms for nmap consumption CIDR (192.168.206.0/24) or ranges (192.168.206.0-255). Our nmap command is then:
# nmap 192.168.206.0/24.
Four hosts were found with the nmap scan, how do we determine which one is the target. In this case, it is a process of elimination. We know what our host address is, we know the target and our host should have an IP address that is numerically close, and we know ports should be open. Using that information, we can see that our target is x.x.x.129

Notes
I had the error listed below and had to change networks so the IP addresses are different in the last picture. Also note, this is the scan for Mr.Robot not Metasploitable.
​Errors
Can’t find victim on network
If for some reason you did not detect any live hosts other than your kali box, you have a networking issue. Below you can see that the only IP listed is mine, the same from the ifconfig command.
The easiest way I have found is to create a custom network and restart the victim VM.
​1. At the top of VMware go to edit -> Virtual Network Editor

2. Click “Change Settings” in the lower right
​3. Click “yes” and then “Add Network”. Select a VMnet name that is not in use and then OK.

4. Ensure that It is “host only” and note the subnet.

5. Using my example, we should see an IP in the 192.168.186.0/24 subnet when we run the ifconfig utility on kali. Hit apply.
6. Now we must change the network for each host to the new network.
7. VM ->Settings->Network Adapter.
8. Select “Custom:” and the network we added. Go ahead and hit ok to apply changes.
9. In Kali run “ifconfig”, if you do not see a change run “dhclient eth0” followed by “ifconfig” again to verify the change.
10. Now do the same to the victim VM but instead of using “ifconfig” and “dhclient” just restart the box.
11. VM -> Power -> Restart Guest​​

Could not get vmci driver version: The handle is invalid, You have an incorrect version of driver ‘vmci.sys’

1. Navigate to directory of which ever vm is getting this error
2. Open the .vmx file with notepad
3. Locate the line – vmci0.present = “TRUE”
4. Change “TRUE” to “FALSE”
5. Save
6. Attempt to start vm again