How To Vulnhub with VirtualBox

Set up a VBox Pentesting Lab

Clone a Kali Rolling image and change the MAC address before putting it on an internal network and exposing it to a VM.

DHCP Server

# Start DHCP Server (Windows)
PS > cd 'C:\Program Files\Oracle\VirtualBox\'  
PS > .\VBoxManage.exe dhcpserver add --netname penlabnetwork --ip --netmask --lowerip --upperip --enable 

# To Restart (Windows)
PS > .\VBoxManage.exe dhcpserver restart --network=penlabnetwork

# Start DHCP Server (Linux)
$ vboxmanage dhcpserver add — netname test-network — ip — netmask — lowerip — upperip — enable

If you've lost connection with the DHCP Server, you can run sudo service networking restart. If that doesn't work, restart your VM. If you still get no IPcheck your VM's Networking Settings to make sure the Cable Connected box is checked.

Static IP

In Kali VM, add the following to the end of /etc/network/interfaces:

auto eth0
iface eth0 inet static
    address  # new static IP

Then run:

sudo ifup eth0 
sudo service networking restart

Find VMs on your Internal Network

If you are using a DHCP server, just nmap <your_ip_range>. You can cross off the DHCP server address and your attacker VM's address (which you can check with ifconfig eth0). Vulnerable boxes usually have more ports open too.

Add Hostnames for IP Addresses

Just add a line to your /etc/hosts file in your attacker VM.

$ echo "    dc-2" >> /etc/hosts
$ cat /etc/hosts       localhost       kali
...    onetwoseven.htb    dc-2

Convert VMs from VMWare (.vmx) to VirtualBox (.ovf)

PS C:\Program Files (x86)\VMware\VMware Player\OVFTool> ./ovftool "C:\Users\<user>\VMWare VMs\Kioptix Level 1\Kioptix Level 1.vmx" "C:\Users\<user>\VirtualBox VMs\Kioptix Level 1.ovf"

Last updated