# How To Vulnhub with VirtualBox ## Set up a VBox Pentesting Lab {% embed url="" %} {% embed url="" %} Clone a Kali Rolling image and change the MAC address before putting it on an internal network and exposing it to a VM. ### DHCP Server ``` # Start DHCP Server (Windows) PS > cd 'C:\Program Files\Oracle\VirtualBox\' PS > .\VBoxManage.exe dhcpserver add --netname penlabnetwork --ip 10.10.10.1 --netmask 255.255.255.0 --lowerip 10.10.10.2 --upperip 10.10.10.12 --enable # To Restart (Windows) PS > .\VBoxManage.exe dhcpserver restart --network=penlabnetwork # Start DHCP Server (Linux) $ vboxmanage dhcpserver add — netname test-network — ip 10.10.10.1 — netmask 255.255.255.0 — lowerip 10.10.10.2 — upperip 10.10.10.12 — enable ``` If you've lost connection with the DHCP Server, you can run `sudo service networking restart`. If that doesn't work, restart your VM. If you still get no IPcheck your VM's Networking Settings to make sure the Cable Connected box is checked. ### Static IP In Kali VM, add the following to the end of /etc/network/interfaces: ``` auto eth0 iface eth0 inet static address 10.0.0.1 # new static IP netmask 255.255.255.0 ``` Then run: ``` sudo ifup eth0 sudo service networking restart ``` ## Find VMs on your Internal Network If you are using a DHCP server, just `nmap `. You can cross off the DHCP server address and your attacker VM's address (which you can check with `ifconfig eth0`). Vulnerable boxes usually have more ports open too. {% embed url="" %} ## Add Hostnames for IP Addresses Just add a line to your `/etc/hosts` file in your attacker VM. ``` $ echo "10.0.0.6 dc-2" >> /etc/hosts $ cat /etc/hosts 127.0.0.1 localhost 127.0.1.1 kali ... 10.10.10.133 onetwoseven.htb 10.0.0.6 dc-2 ``` ## Convert VMs from VMWare (.vmx) to VirtualBox (.ovf) ``` PS C:\Program Files (x86)\VMware\VMware Player\OVFTool> ./ovftool "C:\Users\\VMWare VMs\Kioptix Level 1\Kioptix Level 1.vmx" "C:\Users\\VirtualBox VMs\Kioptix Level 1.ovf" ```