Alrighty, in my previous post I got my invite to Hack The Box, an excellent resource for penetration testing. There’s over 40 vulnerable machines to hack into. So how are we going to hack into them?

Enter Kali Linux, a custom Linux flavour chock-full of handy pen-test tools. Rather than actually install it (which is both risky and time-consuming), we’re just gonna run it in a virtual machine.

What’s a virtual machine you may ask? Best way I can put it is that it’s a computer inside a computer. It utilises your computer’s hardware to emulate a full operating system.

It’s an extremely important technology, as it allows safe multi-user operation on the same machine. Cloud servers can use it to quickly create a (to the user) completely separate system to use for anything, such as a web server.

Anything that happens on the VM is contained to that VM (usually). This makes it extremely easy to test programs in a variety of different setups without the need for reinstalling and worrying about breaking anything. If the VM breaks, it can easily be reset, or simply deleted and reinstalled.

So why would we want to have a Kali VM?

One reason is for our own security. When you stare into the void, sometimes the void stares back. Hacking into a system leaves a butt-load of data that can possibly be traced back to you. And what could happen with that data? You could be hacked right back, or even have it used against you. With a VM, it’s extremely easy to just delete the VM and it’s almost like it never existed. If someone managed to get into your VM, they’re limited to that VM, which will hopefully be a fresh Kali VM with nothing that can be tracked back to you. But we’re not going to be doing anything that could lead to that.

Another reason is convenience. As you’ll soon see, it’s mind-boggingly easy to spin up a fresh image (VM instance) of Kali. Rather than spending 30 minutes dicking around with a Linux install (which I’ll be doing in a later post), we just install the image and we’re ready to go.


So, first thing’s first. You need something to run the virtual machine. I use VirtualBox simply because VMware gives me the shits. So download and install your choice of virtualiser.

Navigate to the Kali download page and scroll down to the downloads. It honestly doesn’t matter if you choose the VMware or VirtualBox image, as they’re both  .ova files.

Edit: it does matter. The VMware  .ova doesn’t work (for me at least) in VirtualBox.

Kali image downloads

Does anyone actually have a 32-bit system nowadays? If you’re not sure if you’ve got 64-bit or not, choose 32-bit to be safe.


This is super simple. Open VirtualBox. Go File > Import Appliance.

Yes, it’s a Mac. deal w/ it

Select the  .ova that you just downloaded.

Make sure you pick the .ova you downloaded

Click Continue.

Some info about the Kali image

Click Import.

It’s installing

Now wait.

Now we can run our brand-spanking new Kali VM. Double click the Kali VM to open it.



Debian has the ugliest login screen I’ve ever seen

The default login for Kali is the username root and the password toor. So put’em in and log in.

Eyyyy, it’s Mushu

Now we can do things! Woo!


Internet Access

One last thing: I want my Kali VM to be able to access the Internet. There’s no point in having a VM if I can’t use it to connect to the boxes I want to hack.

Lucky for us, it’s automatically set up to use our network adapter. So uh, disregard this section, I guess.


Now we can start hacking these boxes. Stay tuned!