Explain the pentest lab virtualbox.
So i'm trying to set up a pen test lab in a virtual box on my windows 7 host.
I have 3 guest OS is installed:
1.) BackTrack5
2.) Centos 5 Server/Snort (My Snortbox)
3.) Win XP (Unpatched)
I have 3 Ethernet adapters created IP'S
192.168.191.1
192.168.127.1
192.168.56.1
My goal is to use BackTrack5 to map the Win XP guest and have the snort box sniff the network. I'm new to networking and virtualization and I need help setting up my virtual network to get this to work. What should I do? All help appreciated
Centos:
Adapter1: NAT
Adapter2: Host-only
Adapter3: Internal Network
Backtrack:
Adapter1: Internal Network
XP:
Adapter1: Internal Network
Also take for granted I'm on a University Network with a ridiculous firewall so I need to stay all within the host. I'm trying to set this network up so that all my guest systems can communicate with each other, as well as the Internet. Currently, only the CentOS guest is able to connect to the Internet. How can I achieve my desired network configuration without causing problems on my university's network?
There's a few problems with your configuration as it stands, and some other concerns which should be addressed regarding setting up a pentesting lab in a shared network environment. Firstly, only systems with a Bridged or NAT adapter will be able to communicate with anything beyond the VM network and/or host system. A quick summary of common pentest lab VirtualBox networking modes will help explain this: Internal Network: One of the most restrictive networking configurations, this will only allow communication among guest systems in the Internal Network of the same name.
Host-Only Adapter: The other most restrictive configuration, this will only allow communication between the guest and its host. NAT: This is the most controlled means by which you can allow the guest systems to communicate beyond the host. In this configuration, the host system acts as a NAT router between the external network and the guest systems' network. All guest systems using this configuration should be able to communicate with each other and the host, as well as any external systems. However, port forwarding will be needed if you wish to expose some services of the guest systems to external systems.
Bridged: This configuration joins the guest computers to the external network as if they were completely separate systems. It allows the most seamless possible communication between the guests and the outside network. The guest systems should be able to communicate with the Internet and other systems on the external network, just as easily as those systems already communicate with each other. You can read more about these networking modes, and more, in the VirtualBox manual under chapter 6: http://www.virtualbox.org/manual/ch06.html#networking modes
Your second problem, I'm presuming, is with your IP configurations. Assuming that all of your systems are configured to use the default subnet masks for the IPs they've been configured on, all of your systems are effectively on three different networks. Without a router or two between them, or a different subnet mask configuration, they will not be able to communicate with each other. To understand this better, you'll need to read up on some materials covering basic network routing and switching. All you really need to understand, so that these devices can communicate with each other and the outside, is that every 255 in the subnet mask represents a portion of the system's IP which must match the IPs of other systems which are to be considered part of the local network. The zeroes in the subnet mask represent portions of the IP which are used to uniquely identify systems on the local network. You should try to learn much more about networking before exercising this knowledge though, and especially before attempting to conduct any sort of penetration testing exercises on a system connected to a network you do not own.
So, in order to get your guests to communicate with other systems, including each other and the outside world, you need two things:
- A compatible guest network adapter configuration.
- A properly configured IP address and subnet mask.
- For local network communications, the IP address and subnet mask must be compatible with those of the target systems.
- For Internet communications, the IP address and subnet mask must be compatible with the router providing the Internet link. The system will also need to be told the IP of that router (configured as the "gateway"), and appropriate DNS servers.
- Having covered this, there is another issue that should be addressed.
Penetration testing and network monitoring are very sensitive activities which should not ever be performed on a network where they are not authorised. Your university's network would most likely, to you, be one such network. Therefore, you should be very mindful to not conduct these activities while your guest systems are connected to the external network.
Before enabling any Bridged or NAT adapters - and, for your host system's protection, any Host-Only adapters - make sure that all software and services used for your penetration testing or network monitoring exercises have been stopped and/or disabled. Only enable Bridged or NAT adapters when needed, to download new software or updates to the guest systems. Disable those adapters after the need has been fulfilled. Before performing any penetration testing exercises, or network monitoring, make sure that all Bridged or NAT adapters are disabled. To avoid causing problems with your host system, you may also wish to disable any Host-Only adapters. Again, before you do more in terms of penetration testing or network monitoring exercises, you should strive to gain a much better understanding of how computer networks work.