Hey folks. Here i’ll write down my pentetsting experience beginns with THE LAB. First of all, why proxmox? There’s are lot of learning plattforms out there. They all seems to be very good but they mostly coasts a whole bunch of money. To start a pentesting carrier your goal will to be a professional hacker and this is the reason why we build our own testing area.

Proxmox gave us the possibility to easy manage the virtualized systems on a graphical interface that interact as all in one box. This maschine saves ressources on our daily driver notebook cause its still a client and we need no graphical interface, not even a gpu. Okay, at one point you need a gpu and this is on the installation.

I won’t show how to install proxmox - the web is full of this

goals:

  • client setup
  • import OVA’s from vulnhub or so on
  • networking
  • automate this

First we setup the client for using the spice protocol with virt-viewer

## add package
> pacman -S virt-viewer

setup protocol handler in your browser to open session directly

Now we want to add some maschine images

## curl the images
> curl -O https://download.vulnhub.com/chillhack/Chill_Hack.ova

Create a new VM without installation medium

  • Then detach and remove the dummy disk in hardware section (unused disk)

After this we import the OVA to the new created maschine

## convert and import OVA image to qcow2
qm importdisk 5623 Chill_Hack.ova data-pool -format qcow2

In the hardware section we add the new unused disk and boot the system


To connect our bleeding network we create an additional interface on gui