Lab Architecture
This is an isolated 3-VM lab running on QEMU/KVM on Arch Linux. The host system is an i7-13700HX with 15GB RAM and an RTX 4060 GPU. All virtual machines are connected to an isolated virtual bridge network (virbr1) with no external internet access, ensuring complete isolation for safe penetration testing exercises.
Network Diagram
┌─────────────────────────────────────────────────────┐ │ HOST: Arch Linux (owo) │ │ i7-13700HX | 15GB RAM | RTX 4060 │ │ ┌──────────────────────────────────────────────┐ │ │ │ virbr1: 192.168.100.0/24 │ │ │ │ ┌──────────────┐ ┌──────────────────┐ │ │ │ │ │ KALI LINUX │───▶│ METASPLOITABLE │ │ │ │ │ │ 192.168.100.10 │ 192.168.100.20 │ │ │ │ │ └──────────────┘ └────────┬─────────┘ │ │ │ │ ┌──────────▼─────────┐ │ │ │ │ │ WAZUH SIEM │ │ │ │ │ │ 192.168.100.30 │ │ │ │ │ └────────────────────┘ │ │ │ └──────────────────────────────────────────────┘ │ └─────────────────────────────────────────────────────┘
VM Specifications
| VM | Role | OS | RAM | vCPUs | IP |
|---|---|---|---|---|---|
| Kali Linux | Attacker | Kali 2024.x | 3GB | 4 | 192.168.100.10 |
| Metasploitable 2 | Victim | Ubuntu 8.04 | 1GB | 2 | 192.168.100.20 |
| Wazuh SIEM | Monitor | Ubuntu 22.04 | 4GB | 4 | 192.168.100.30 |
Tools Used
nmap
Network scanning
Metasploit
Exploitation framework
Hydra
Password brute force
msfvenom
Payload generation
Wazuh
SIEM monitoring
netcat
Network utility