You'll be installing a few different free, open-source software to build your lab:

• VMware

• Kali Linux

• Metasploitable

Step 1 – Installing VMware – Our Virtualization Software

VMware is a virtualization software, which allows us to install different virtual machines for your lab. You can install it on all major operating systems, including Windows and Mac.

First you'll need to register for a free account with Broadcom (the official owners of VMware) here.

Then, you'll go here to download the official VMware Workstation Pro software for Windows.

We will be using Windows in the labs. I wont be focusing on the differences when using a Mac device, mainly because I don’t own one. But if you're studying hacking, you’re likely savvy enough to figure out any different steps you’ll need to take. If not, comment below and either myself or any our other members will help you the best we can.

Once downloaded, follow the steps to install the VMware software on your computer you can leave all settings as default and just clickthrough the installation process for this.

Step 2 – Kali Linux Installation & Initial Setup

Kali Installation

Kali Linux is a Linux based operating system loaded with more proven hacking tools than you'll ever need. There are other options such as Parrot OS, but Kali Linux has been known as the ‘industry standard” for a long time now.

To install Kali Linux, go here.

Select and install the option that says “installer”. After its downloaded it should be a file named something similar to “kali-linux-2026.1-installer-amd64.iso”,based on the version.

Once that download completes (may take several minutes) open the VMware Workstation software, and select “Create A New Virtual Machine”. Select the option “Installer Disc Image File (ISO)”, click Browse and select the Kali Linux File you downloaded, then click Next.

Under Guest Operating System, Select Linux, and choose the latest Debian version. Currently as I write this tutorial, it is Debian 12.X 64bit. Then, click Next.

Name your virtual machine Kali Linux, select where you want the virtual machine to be installed. I just left mine at the default location. You may want to copy and save this path for later when you install metasploitable, so you can save metasploitable in this same location, but if not that's ok. Then, click Next.

On the next screen, you can leave the settings at default to do anything we are going to do in the labs, but if you want to keep the same settings I'm using, set the Maximum Disc Size (GB) to 50. Also, select the option Split Virtual Disc into Multiple Files, then click Next.

In the next Screen, you can also leave these settings default, or do what I did. I changed the Memory from 2 to 4 GB. Under Processors > Number of Processor Cores, I changed it from 2 to 3. Next, click Close then click Finish. You should see that your Kali Linux Virtual Machine has been added to your VMware now.

Kali Initial Setup

Click on the Kali Linux VM in your VMware, and click Play Virtual Machine. Since this is the first time you're running it, it will require some initial setup.

If you get the popup about side channel mitigations, you can just click the box for “Don’t Show This Hint Again” and click OK.

When the Kali Linux Screen opens, select Graphical Install, then English > Continue, United States > Continue, American English > Continue. You will then see some setup processes running.

For the next two screens, you can leave the default host name as “Kali” and click Continue, then you can leave the domain name blank and click Continue.

For Full Name of New User, you can name it whatever you want. In my version, I will use the name “secret-lab”, you can too if you wish. It will then ask you to select a user name for the account. You can use what is added there by default based on your previous choice, and click Continue.

Next, you’ll need to set a password. You will need to remember this, so write it down if needed. I recommend keeping it short and simple since this is only for learning purposes, and you'll be using it a lot when you use Kali Linux to hack in your labs.

You'll see a few configuration processes running again, then click Continue. Select Eastern for your clock setting, then Continue.

For the next few options, we will just select Continue and keep the default selections. Do this for Guided – Use Entire Disc, Select Disc to Partition, All Files in One Partition, and Finish Partitioning and Write Changes to Disc.

In the next screen for Partition Discs, Select Yes, then Continue.

More configuration processes will run. Once complete, The Software Selections screen will show several options with most selected by default. Keep those selected, and also select the ones that are not selected so that you have them all checked, then click Continue.

More processes will run. Next, for Configuring gdm3, leave gdm3 selected and click Continue.

After more processes complete (these may take a little longer than the others), for Install The GRUB Boot Loader, select Yes and click Continue. In the next screen for Device for Boot Loader Installation, select /dev/sda, then Continue.

More processes will run, then you’ll see the screen for Finish the Installation. Click Continue, and Kali Linux will reboot.

Once Kali Linux opens to its main locked screen, double-click on your username, provide your password, then click enter on your keyboard. You are now looking at your new Kali Linux Desktop Interface.

You can power off Kali Linux by selecting the power button icon in the top right corner, then selecting Power off.

Next, we will install the Metasploitable Virtual Machine, which we will often use as a hacking target in our labs.

Step 3 –Installing Metasploitable – A Vulnerable Hacking Target

Metasploitable will act as a server within your hacking lab. This is an open-source VM that was created specifically to practice hacking, and it has plenty of vulnerabilities to exploit. To download it, go here and click Download.

This will download as a compressed folder, so you'll have to extract the files using whatever program you use to extract .zip folders. Once you have extracted the folder, you will want to save it somewhere in your computer that is more long-term than in your downloads folder, because if it gets deleted, you will need to download it and set it up again (which isn't a big deal at all, but still). I extracted mine into the same location where my Kali Linux VM folder was saved. If you want to do that, just reference the path you saved for it earlier. If you didn't save it before, you can search for "Kali Linux" in your computer and copy the path to it's parent folder (the folder where your Kali Linux folder is saved, not the path to Kali Linux folder itself).

Open your VMware software, and select Open A Virtual Machine. Select the extracted metasploitable folder from wherever you saved it, and you should only see one selectable option there named metasploitable.vmx. Select that, and click Open.

Now, you will see that Metasploitable has been added to your VMware Workstation Player.

Select it, and click Play Virtual Machine. For the pop-up, select “I Copied It”. If you do get a second pop-up about other tools you can install, just select remind me later. Once metasploitable loads, you will be prompted to enter a metasploitable login.

To type into a metasploitable field, click on the screen inside the VMware or press ctrl+G. To allow your mouse cursor to return back to your actual, physical computer screen, click ctrl+alt.

Metasploitable uses the same default login and password here, which is msfadmin. Enter that for both fields. You wont see your text appear when you enter the password, this is a normal security feature. Once logged in, you should see msfadmin@metasploitable:~$_ displayed.

Now you have successfully installed Metasploitable into your virtual NAT, (your hacking lab). We wont be navigating within metasploitable much, we will mainly just be using it as a target to hack.

You can power off the metasploitable VM by selecting one of the options at the top left, and selecting Shut Down Guest, or by entering the command sudo poweroff.

When you power off virtual machines, you could see a warning such as this: Are you sure you want to power off the virtual machine and exit? Please make sure the virtual machine is in a safe state for shutdown; abruptly powering off can damage data. When possible, shut down your virtual machine with its operating system.

Don’t worry about these warnings, they are not referring to your actual computer. And as a reminder, even if you “break” any of these virtual machines, you just reset them.

Closing Thoughts

Now you have a virtual network of devices that you can use to practice the same hacking techniques used by criminals, and also by ethical hackers/penetration testers. In other labs, we will start learning things like how to hack WIFI, or how to write malware.

Please Subscribe to keep up with all of my tutorials, and always feel free to contact me, or leave a comment below.