How To Vulnhub with VirtualBox

Set up a VBox Pentesting Lab

LogoA Beginners Guide to Vulnhub: part 1Medium

Clone a Kali Rolling image and change the MAC address before putting it on an internal network and exposing it to a VM.

DHCP Server

# Start DHCP Server (Windows)
PS > cd 'C:\Program Files\Oracle\VirtualBox\'  
PS > .\VBoxManage.exe dhcpserver add --netname penlabnetwork --ip 10.10.10.1 --netmask 255.255.255.0 --lowerip 10.10.10.2 --upperip 10.10.10.12 --enable 

# To Restart (Windows)
PS > .\VBoxManage.exe dhcpserver restart --network=penlabnetwork

# Start DHCP Server (Linux)
$ vboxmanage dhcpserver add — netname test-network — ip 10.10.10.1 — netmask 255.255.255.0 — lowerip 10.10.10.2 — upperip 10.10.10.12 — enable

If you've lost connection with the DHCP Server, you can run sudo service networking restart. If that doesn't work, restart your VM. If you still get no IPcheck your VM's Networking Settings to make sure the Cable Connected box is checked.

Static IP

In Kali VM, add the following to the end of /etc/network/interfaces:

auto eth0
iface eth0 inet static
    address 10.0.0.1  # new static IP
    netmask 255.255.255.0

Then run:

sudo ifup eth0 
sudo service networking restart

Find VMs on your Internal Network

If you are using a DHCP server, just nmap <your_ip_range>. You can cross off the DHCP server address and your attacker VM's address (which you can check with ifconfig eth0). Vulnerable boxes usually have more ports open too.

Add Hostnames for IP Addresses

Just add a line to your /etc/hosts file in your attacker VM.

$ echo "10.0.0.6    dc-2" >> /etc/hosts
$ cat /etc/hosts
127.0.0.1       localhost
127.0.1.1       kali
...
10.10.10.133    onetwoseven.htb
10.0.0.6    dc-2

Convert VMs from VMWare (.vmx) to VirtualBox (.ovf)

PS C:\Program Files (x86)\VMware\VMware Player\OVFTool> ./ovftool "C:\Users\<user>\VMWare VMs\Kioptix Level 1\Kioptix Level 1.vmx" "C:\Users\<user>\VirtualBox VMs\Kioptix Level 1.ovf"
PreviousPentest Labs, Wargames SitesNextCourses

Last updated