November 18, 2017, 07:49:38 AM
Welcome, Guest. Please login or register.

You Did *NOT* Just Win a Nigerian Lottery...

Author Topic: Help setting up lab with virtualbox  (Read 2650 times)

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Help setting up lab with virtualbox
« on: December 17, 2013, 02:59:30 PM »
This is my first time setting up a lab with Virtualbox so apologies if this is somewhat basic.

Set up
Pentesting machine (laptop 1) running THS-OS v3.
Laptop 2 running ubuntu 13.10, a desktop running windows 7, and laptop 3 also with THS-OS v3 running xp in Virtualbox.
All of these machines are connected to my wireless router.
My xp VM connects to internet no worries.

Problem
When I run metasploit/armitage (laptop 1) and scan for hosts, it dosn't detect my XP VM (192.168.2.10), but dose detect laptop 3 (192.168.2.6) which is running it.
I guessing I haven't set up the network settings correctly in the xp VM network settings.
I have attached a screen shot of its network settings.
Adapter 2, 3 and 4 settings have not been configured.

I have done some googling but most tutorials I have read are about setting up a lab on one machine, all within a virtualbox network. I could do this on my desktop which would work well with its triplehead, but would like to use my laptop as the pentester and not slow it down with multiple VM's.

Any help or suggestions much appreciated.
Thanks in advance


« Last Edit: December 17, 2013, 03:03:21 PM by C3rb3ru5 »

Offline yashar26

  • Top Hat Member
  • Elite
  • ********
  • Posts: 584
  • Internets: +76/-2
  • Sec+, CEH v8, eCPPT Gold, eWAPT
Re: Help setting up lab with virtualbox
« Reply #1 on: December 17, 2013, 03:04:15 PM »
what scan are you running to detect those machines?

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: Help setting up lab with virtualbox
« Reply #2 on: December 17, 2013, 03:09:10 PM »
did you turn off firewall on windows xp?
"He who passes not his days in the realm of dreams is the slave of the days."

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #3 on: December 17, 2013, 03:13:08 PM »
yashar26,

Nmap quick scan, 192.168.2.1/15.
MSF , 192.168.2.1/15.
Both in Armitage.

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #4 on: December 17, 2013, 03:15:52 PM »
OE800,

Firewall not turned off on XP VM or any other for that matter, but scans detect the Win7 desktop and my girlfriends Win7 laptop when its on, plus all my other machines, and Rasberry Pi plus phones etc.
« Last Edit: December 17, 2013, 03:18:25 PM by C3rb3ru5 »

Offline yashar26

  • Top Hat Member
  • Elite
  • ********
  • Posts: 584
  • Internets: +76/-2
  • Sec+, CEH v8, eCPPT Gold, eWAPT
Re: Help setting up lab with virtualbox
« Reply #5 on: December 17, 2013, 03:21:03 PM »
yashar26,

Nmap quick scan, 192.168.2.1/15.
MSF , 192.168.2.1/15.
Both in Armitage.

maybe try a quick OS detect with 192.168.2.0/24, if not are you sure your vm is connected to the internet? because i know there can be loads of problems with bridge (vmnet0) on certain systems, if that persists, maybe virtual player? have you got a wifi adapter for that vm? is it connected to a USB3 port? there can be loads of different possibilities

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #6 on: December 17, 2013, 03:30:15 PM »
yashar26

Was also trying quick OS detect, possibly just with 192.168.2.1/15, though think I must have done one at least one with 192.168.2.1/24.
XP VM connects to internet with no problems, ipconfig in VM yields address of 192.168.2.10.
Not using separate wifi adapter for VM (but could do), I believe its connected via wlan0 on the laptop thats running it. 

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: Help setting up lab with virtualbox
« Reply #7 on: December 17, 2013, 03:34:12 PM »
can you ping your xp box from your window 7 box or from ths-os? what service pack is your xp box? I would also still try disabling firewall on your windows xp box and see if that changes anything.
« Last Edit: December 17, 2013, 03:36:19 PM by 0E 800 »
"He who passes not his days in the realm of dreams is the slave of the days."

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #8 on: December 17, 2013, 03:52:29 PM »
OE800
xp VM running service pack 2.
Not at lab set up at mo.
I am on laptop 3 from my set up, THS-OS v3, which has the xp VM on it, and I can ping it successfully from this machine, and Armitage Nmap quick OS detect finds it in the tab output, but says it has too many fingerprints for OS detect and won't put it in the target window.
Will try turning off firewall and re-scanning.

Offline yashar26

  • Top Hat Member
  • Elite
  • ********
  • Posts: 584
  • Internets: +76/-2
  • Sec+, CEH v8, eCPPT Gold, eWAPT
Re: Help setting up lab with virtualbox
« Reply #9 on: December 17, 2013, 03:56:08 PM »
can you ping your xp box from your window 7 box or from ths-os? what service pack is your xp box? I would also still try disabling firewall on your windows xp box and see if that changes anything.

yep, great advice 0E, also maybe try a stealth scan? or try scanning from 192.168.2.1-253? if not try ping other machines with your xp vm? or add host manually to armitage

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #10 on: December 17, 2013, 04:03:08 PM »
OE 800

Firewall off and now it is scanned and put in the target window, progress  :)
Will try it tomorrow night back in the lab set up, and see if my THS-OS machine which isn't running the VM, can still pick it up when its running in another as per my original problem but this time with its firewall off.

If so, and it was because the xp VM firewall was on, why did I manage to pick up my Win7 machines which had there firewalls on??

Thanks to yourself and yashar26 for your help and time.
« Last Edit: December 17, 2013, 04:05:06 PM by C3rb3ru5 »

Offline 0E 800

  • If something can corrupt you, you're corrupted already.
  • Top Hat Member
  • Elite
  • ********
  • Posts: 961
  • Internets: +154/-0
  • ??? ???????? ?s ?? ??c?c??-???
Re: Help setting up lab with virtualbox
« Reply #11 on: December 17, 2013, 04:07:04 PM »
I not sure exactly, but I remember hearing about certain software that required xp firewall to be turned off in order for it to run. I also recall when I exploited my xp sp2 that it needed the firewall off in order for me to exploit it.

Im sure in windows 7 they fixed or changed the firewall. Is your xp box built from a genuine xp cd? If not, then maybe there is some custom setting that was ticked when whoever made the xp install image.

"He who passes not his days in the realm of dreams is the slave of the days."

Offline yashar26

  • Top Hat Member
  • Elite
  • ********
  • Posts: 584
  • Internets: +76/-2
  • Sec+, CEH v8, eCPPT Gold, eWAPT
Re: Help setting up lab with virtualbox
« Reply #12 on: December 17, 2013, 04:08:25 PM »
OE 800

Firewall off and now it is scanned and put in the target window, progress  :)
Will try it tomorrow night back in the lab set up, and see if my THS-OS machine which isn't running the VM, can still pick it up when its running in another as per my original problem but this time with its firewall off.

If so, and it was because the xp VM firewall was on, why did I manage to pick up my Win7 machines which had there firewalls on??

Thanks to yourself and yashar26 for your help and time.

Hey dude, that is what this forum is for! i really enjoyed trying to help, and that is what this forum is for, although its hard not being able to see exactly what is going on! best of luck dude! keep us posted on how your pentest is going

Offline C3rb3ru5

  • Top Hat Member
  • Prospect
  • ********
  • Posts: 27
  • Internets: +2/-1
Re: Help setting up lab with virtualbox
« Reply #13 on: December 17, 2013, 04:35:47 PM »
Quote
Hey dude, that is what this forum is for! i really enjoyed trying to help, and that is what this forum is for, although its hard not being able to see exactly what is going on! best of luck dude! keep us posted on how your pentest is going

Thanks fella, much appreciated, glad to be on board.
Ran a stealth scan with Nmap without VM firewall on and gave the following;
Quote
Nmap scan report for 192.168.0.14
Host is up (0.021s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
135/tcp  open  msrpc
139/tcp  open  netbios-ssn
445/tcp  open  microsoft-ds
2869/tcp open  icslap
MAC Address: 08:00:27:9C:F9:5C (Cadmus Computer Systems)
microsoft-ds.....so detecting its xp with this I guess.

Then ran stealth scan again with its firewall on;
Quote
Nmap scan report for 192.168.0.14
Host is up (0.00045s latency).
All 1000 scanned ports on 192.168.0.14 are filtered
MAC Address: 08:00:27:9C:F9:5C (Cadmus Computer Systems)

Then inserted host manually to Armitage, scanned host, but wont detect OS.
So it seems when running Armitage on the machine running the VM, its the xp firewall causing the problems as OE 800 suggested.

I will test again tomorrow night as see if it was the firewall all along.

Quote
OE 800
Is your xp box built from a genuine xp cd?

Yes genuine xp cd installation.

Thanks guys, C3rb3ru5 out.....


Offline mazzif

  • Experienced
  • ***
  • Posts: 159
  • Internets: +19/-1
  • Seals say "ARP ARP ARP!!!"
Re: Help setting up lab with virtualbox
« Reply #14 on: December 17, 2013, 08:29:01 PM »
yashar26,

Nmap quick scan, 192.168.2.1/15.
MSF , 192.168.2.1/15.
Both in Armitage.

Could be wrong here but, based on subnet math

192.168.2.1/15 = Class C Network with one subnet and 131,072 Nodes with a subnet mask of 255.254.0.0 and this gives you a broadcast address of 192.169.255.255.

That is one screwy IP addy for sure.  Do you really want to scan 131K+ Hosts? 


My hacker box has a Linux system.init