Virtual Machines for the Security Labs

I prepare virtual machines for students in my class to use, which communicate over a infosec-net NatNetwork. This page documents the virtual machines, along with how to install and configure virtualbox to use the network.

Setting up Virtualbox and the infoset-net network

I pre-prepare the virtual machines to be on the same virtual network so that they have internet access and so that they can talk to one another. However, you must initialize the virtualbox network after you install virtualbox. To do so:

Note: Ideally you will have at least 8 GB memory (RAM)

  1. First, install one of the VirtualBox platform packages from here.
  2. Then, create the virtual network.
    • If on Windows, download and run this script
    • If on Mac:
      • Open Terminal application
      • Copy-paste the following lines into the terminal, and press enter

          vboxmanage natnetwork add --netname infosec-net --network 192.168.55.0/24 --enable --dhcp off
          vboxmanage natnetwork start --netname infosec-net
        

    You can test whether the scripts were successful by navigating to Virtuabox > File > Preferences > Network, where you should see “infosec-net” in the list of networks. If you don’t see that network, then you can manually create the network from this dialog prompt by clicking the plus and using the following options:

    Then click ‘ok’, ‘ok’.

    * Enable Network: `checked`
    * Network Name: `infosec-net` (case-sensitive!)
    * Network CIDR: `192.168.55.0/24`
    * Network Options:
        * Supports DHCP: `unchecked`
        * Supports IPv6: `unchecked`
    

    img

Troubleshooting

If you are a mac user and virtualbox fails to install with the ever-so-helpful message that “Virtualbox Failed to Install”, then I have no idea how to help you, stupid Macs. Let me know if you figure out a solution. There is a computer science help desk in the engineering school who can help you set up virtualization.

“I forgot to do this before importing the VM, what should I do?”

You will need to reconfigure the network adapter for each VM that you imported before creating the infosec-net network. To do this, shut down the virtual machine (shut down, not power off!), then select the virtual machine from the virtualbox manager, click Settings > Network > Adapter 1 > attached to Nat Network' > name infosec-net`. Then, start up the VM again. You should hopefully now have a working internet connection.

img

Importing Virtual Machine (VM) .ova files

Note: Ideally you will have at least 8 GB memory (RAM)

  1. Obtain the .ova files for the lab from this section
  2. Launch Virtualbox > “File” > “Import appliance”
    • select your downloaded .ova file
    • go through the prompts
  3. Launch the newly-created VM by double-clicking it in the list on the left.
  4. You can now delete the .ova file if you’re disk-space-starved.

Troubleshooting

The Virtual Machines

All VMs can be found here: VM Download Page

infosec-net Network Map

The network map is as follows:

IP Address Machine
192.168.55.1 Gateway
192.168.55.100 Windows 10
192.168.55.101 Kali
192.168.55.102 Metasploitable2
192.168.55.103 Security Onion

IPv4 network block in CIDR block notation: 192.168.55.0/24

_ _ _ _ __ _____ | | | (_) | | / || _ | | | | |_ _ __ __| | _____ _____ `| || |/' | | |/\| | | '_ \ / _` |/ _ \ \ /\ / / __| | || /| | \ /\ / | | | | (_| | (_) \ V V /\__ \ _| |\ |_/ / \/ \/|_|_| |_|\__,_|\___/ \_/\_/ |___/ \___/\___/

Download link ready! See above

username: labuser
password: Password1

Building your own Vuln Windows 10 vm instead of using mine

lol good luck.

I installed:

Add two network adapters to the machine. I set my first one to be NATNetwork with a static ip set in windows.

____ __. .__ .__ | |/ _|____ | | |__| | < \__ \ | | | | | | \ / __ \| |_| | |____|__ (____ /____/__| \/ \/

Download link ready! See above

username: root
password: toor

Building your own Kali instead of using mine

Warning: If you are in my class and you do this, you are crazy yet I salute you.
  1. Download Kali Linux Light 64 Bit from here. It’s less than 1GB.
  2. Follow the instructions here to create the VM, except:

    • Use 40GB instead of 15GB for the dynamic disk size (just to be safe).
    • Choose whatever for the “Configure the Network” step. My scripts below reset all that anyway.
    • For Step 7 “Partition disks” step, choose “Guided - use entire disk” to save yourself extra work. Choose “All files in one partition” a few steps later on, too. Continue the instructions with Step 16.
  3. Confirm that Network Adapter 1 is set to NATNetwork pointed to the infosec-net network, and set Network Adapter 2 to be NAT.
  4. In a terminal in Kali, run the following commands.

    # confirm that the apt repositories are set up
        
    cat <<EOF > /etc/apt/sources.list
    deb http://http.kali.org/kali kali-rolling main non-free contrib
    EOF
        
    #############
    # virtualbox guest additions
    # for fullscreen and shared clipboard
    #################
        
    apt-get update && apt-get upgrade -y                # This might take a while. It will make sure your system is up-to-date.
        
    DEBIAN_FRONTEND=noninteractive \
    APT_LISTCHANGES_FRONTEND=none \
    apt-get \
    -o Dpkg::Options::="--force-confnew" \
    --force-yes \
    -fuy \
    dist-upgrade
        
    reboot
        
    apt-get install -y virtualbox-guest-x11 && reboot   # This should give you nice things like shared clipboard between your host and Kali, and fullscreen.
        
    # speaking of shared clipboard, do 'Devices' > 'Shared Clipboard' > 'Bidirectional'.
        
    ########
    # fix networking
    ########
        
    # first, make sure that 
    #   * your machine has network interface 1 set to NATNetwork and infosec-net
    #   * your machine has network interface 2 set to NAT
    # then, 
        
    apt-get purge network-manager   # banish the horrible mess that is the network-manager
    apt-get install net-tools       # go back to the glory days of ifconfig
    
    cat <<EOF >> /etc/network/interfaces
    auto eth0
    iface eth0 inet static
        address 192.168.55.101
        netmask 255.255.255.0
        gateway 192.168.55.1
    
    auto eth1
    iface eth1 inet dhcp
    EOF
    
    cat <<EOF > /etc/resolv.conf
    nameserver 192.168.55.1
    nameserver 8.8.8.8
    nameserver 8.8.4.4
    EOF
    
    service networking restart
    
    ###########
    # Package installations
    ############
    
    apt-get install -y libssl-dev libssh-dev
    apt-get install -y hashcat hydra wordlists vim metasploit-framework cewl openvpn leafpad mirage xtightvncviewer
        
    ####
    # metasploit framework database setup
    ###
        
    msfdb init
    systemctl enable postgresql
    service postgresql start
    
    
    ######
    # social-engineer-toolkit
    #######
    
    apt-get --force-yes -y install git apache2 python-requests libapache2-mod-php \
      python-pymssql build-essential python-pexpect python-pefile python-crypto python-openssl
    
    cd /opt
    git clone https://github.com/trustedsec/social-engineer-toolkit/ set/
    cd set
    python setup.py install
    
  5. You should now have a pretty good Kali install for this class.

Install the Nessus vulnerability scanner (wait to do this step until you actually need Nessus – it takes 1+ hrs to complete)

  1. Register for a Nessus Home license. Browse to the URL below and enter your name and email address:

    https://www.tenable.com/products/nessus-home

  2. (Note: Nessus is already installed on the lab VM, skip this step if you’re using the VM I provided.) Download Nessus to your Kali machine from here. Navigate to your Download directory and run dpkg -i <filename of your download> to install Nessus.

  3. After you receive the email from Tenable containing your serial number, type in the following command in the Kali terminal:

    /opt/nessus/sbin/nessuscli fetch --register <serial>
    

    Where <serial> is the serial number you received in the email from Tenable. You should see a message saying that your activation code has been registered properly.

  4. In the Kali VM, open a terminal and type service nessusd start

  5. Open a web browser in Kali and navigate to https://kali:8834 to open the Nessus web interface (note the “s”). (Click ‘Advanced’ > ‘Add Security Exception’ > ‘Confirm Security Exception’ to get past the SSL warning.)

  6. For consistency with my lab, create user root password toor when prompted by Nesssus. Click “reload” if the page fails to load.

__ __ _ _ _ _ _ _ ___ | \/ | | | | | (_) | | | | | |__ \ | \ / | ___| |_ __ _ ___ _ __ | | ___ _| |_ __ _| |__ | | ___ ) | | |\/| |/ _ \ __/ _` / __| '_ \| |/ _ \| | __/ _` | '_ \| |/ _ \ / / | | | | __/ || (_| \__ \ |_) | | (_) | | || (_| | |_) | | __// /_ |_| |_|\___|\__\__,_|___/ .__/|_|\___/|_|\__\__,_|_.__/|_|\___|____| | | |_|

Download link ready! See above

username: msfadmin
password: msfadmin

Configure your own Metasploitable2 instead of using mine.

The only change that I made was to the network interfaces so that they would connecto the infosec-net. If you want to make the same changes, do the following from within Metasploitable2:

cat <<EOF >> /etc/network/interfaces
auto eth0
iface eth0 inet static
    address 192.168.55.102
    netmask 255.255.255.0
    gateway 192.168.55.1

auto eth1
iface eth1 inet dhcp
EOF

cat <<EOF > /etc/resolv.conf
nameserver 192.168.55.1
nameserver 8.8.8.8
nameserver 8.8.4.4
EOF

/etc/init.d/networking restart

___ ____ ___ __ __ ____ ____ ____ _ _ _____ _ _ ____ _____ _ _ / __)( ___)/ __)( )( )( _ \(_ _)(_ _)( \/ ) ( _ )( \( )(_ _)( _ )( \( ) \__ \ )__)( (__ )(__)( ) / _)(_ )( \ / )(_)( ) ( _)(_ )(_)( ) ( (___/(____)\___)(______)(_)\_)(____) (__) (__) (_____)(_)\_)(____)(_____)(_)\_)

Download link ready! See above

username: securityonion
password: Password1

Setting up your own instead of using mine

Download and install Security Onion following these instructions and these instructions. Make note:

If you just want to quickly evaluate Security Onion in a VM, the bare minimum amount of RAM needed is 3GB. More is obviously better!