The development of a hacking lab

Abstract

Although many books and articles about computer security can be found in libraries or on the Internet, few of them provide learners with hands-on exercises. This project aims to develop a virtual hacking laboratory for beginners to improve their theoretical knowledge and practical skills in terms of various vulnerabilities and hacking methods. The main methodology of this project is using VMware vSphere to build up a virtual network environment formed by several virtual machines with different OS. These virtual machines include hacker’s PCs, victims' PCs, servers and virtual routers. Some vulnerabilities are set up on victims' PCs, servers and routers on purpose. I designed six experiments with detailed lab manuals. These experiments will teach learners the theories, attack methods and solutions to some most popular vulnerabilities nowadays. Main vulnerabilities and attack methods include ARP spoofing, sslstrip, weak password, brute force, MS10-048 privilege escalation vulnerability, default admin login page path, SQL injection, XSS, session hijacking, default router username and password, CSRF, uploading webshell and Linux Privilege Escalation. In the lab manuals, I also give some links for learners to further study in fields of computer security.