My Pentest Toolkit & Lab Setup — Hack2Harden

1. Hardware & host/VM

UpdatedOctober 11, 2025

•2 min read

My Pentest Toolkit & Lab Setup — Hack2Harden

Host: Windows 11 (AMD Ryzen Threadripper 2950)
Memory: 32 GB RAM
Storage: 1 TB NVMe (fast snapshots and VM disk resizing matter)
VM host: VMware Workstation (latest)

Offensive VM: Kali Linux kali-2024.3 vmware-amd64

- VM config: 4 processors, 8 GB RAM (adjust per lab)
Network mode:
- Use Host-only networks for isolated vulnerable VMs.
- Use NAT only when you must reach the internet (CTF VPNs).
- Never attach lab VMs to an unfiltered bridged network — that risks accidental exposure.
Snapshots: take a snapshot before every engagement.

2. Core tooling (what I actually use — categorized)

Recon & scanning

rustscan - lightning fast port scanning
nmap — full scans, version detection, NSE scripts.
- quick example:
```
  sudo nmap -sC -sV -p- -oA nmap/full 10.10.10.10
```
ffuf — fast web fuzzing.
- install (if not present): sudo apt install ffuf or go install github.com/ffuf/ffuf@latest

Web app

Burp Suite — main web proxy and intruder. (Community ok; Pro if you have license)
ffuf — dir busting and fuzzing.
sqlmap — automated SQLi checks.
- install: sudo pip install sqlmap (or apt install sqlmap where available)
hydra — HTTP / form brute force for testing.
netcat — simple shells, listeners, and servers.
python — web servers and scripts.

Windows / Active Directory (AD)

Impacket — common AD toolkits (wmiexec, psexec, secretsdump etc.).
- install: python3 -m pip install impacket or clone and python3 -m pip install . in repo
NetExec — AD enumeration and automation (install per repo instructions).
Bloodhound — AD graphing for visibility.
Responder — NBNS/LLMNR poisoning to capture hashes.
ntlm_theft (or equivalent NTLM relay/harvesting tools) — for specific NTLM workflows.

Privilege escalation & post-exploitation

linpeas.sh, winPEAS — *Linux & Windows local-privilege checks.
PowerUp.ps1 — Windows PowerShell privilege escalation checks.
chisel — quick TCP/HTTP reverse-forward tunnels for pivoting.
netcat — raw sockets and simple shells.

#pentesting #labsetup #oscp #tools #privilege-escalation #cybersecurity

Comments

Join the discussion

No comments yet. Be the first to comment.

More from this blog

OSCP Prep #25 HTB Write-Up Love

1. Target Overview Machine Name: LovePlatform: HackTheBoxOperating System: WindowsTarget IP: 10.129.48.103 Objective:Love was a straightforward Windows machine built around a vulnerable web applicatio

Apr 26, 202611 min read

OSCP Prep #25
HTB Write-Up Love

OSCP Prep #24 HTB Write-Up Certified

1. Target Overview Machine Name: CertifiedPlatform: HackTheBoxOperating System: WindowsTarget IP: 10.129.231.186Objective: Use the provided low-privileged domain credentials to enumerate the Active Di

Apr 26, 202610 min read

OSCP Prep #24
HTB Write-Up Certified

OSCP Prep #23 HTB Write-Up EscapeTwo

Alright — this is the version you were actually aiming for.Slower, clearer, more instructional, tighter logic, and clean transitions. No shortcuts. 1. Target Overview Machine Name: EscapeTwoPlatform:

Apr 23, 20268 min read

OSCP Prep #23
HTB Write-Up EscapeTwo

OSCP Prep #22 HTB Write-Up Jarvis

1. Target Overview Machine Name: Jarvis Platform: HackTheBox Operating System: Linux Target IP: 10.129.229.137 Objective: Obtain initial access and escalate privileges to root Jarvis was a box

Apr 16, 202621 min read

OSCP Prep #22
HTB Write-Up Jarvis

OSCP Prep #21 HTB Write-Up Codify

1. Target Overview Machine Name: Codify Platform: HackTheBox Operating System: Linux Target IP: 10.129.15.49 Objective: Gain user and root access Codify was a well-rounded machine that started

Apr 6, 20266 min read

OSCP Prep #21
HTB Write-Up Codify

H

Hack2Harden

26 posts

Deonte Spencer — hands-on pentester documenting my OSCP journey, CTF & lab writeups, and practical CVE analysis. I publish clear commands, detection ideas, and remediation steps. Subscribe.