Setting up a VirtualBox Pen Test Lab

There’s a few problems with your configuration as it stands, and some other concerns which should be addressed regarding setting up a pentesting lab in a shared network environment.

Firstly, only systems with a Bridged or NAT adapter will be able to communicate with anything beyond the VM network and/or host system. A quick summary of common VirtualBox networking modes will help explain this:

  • Internal Network: One of the most restrictive networking configurations, this will only allow communication among guest systems in the Internal Network of the same name.
  • Host-Only Adapter: The other most restrictive configuration, this will only allow communication between the guest and its host.
  • NAT: This is the most controlled means by which you can allow the guest systems to communicate beyond the host. In this configuration, the host system acts as a NAT router between the external network and the guest systems’ network. All guest systems using this configuration should be able to communicate with each other and the host, as well as any external systems. However, port forwarding will be needed if you wish to expose some services of the guest systems to external systems.
  • Bridged: This configuration joins the guest computers to the external network as if they were completely separate systems. It allows the most seamless possible communication between the guests and the outside network. The guest systems should be able to communicate with the Internet and other systems on the external network, just as easily as those systems already communicate with each other.

Your second problem, I’m presuming, is with your IP configurations. Assuming that all of your systems are configured to use the default subnet masks for the IPs they’ve been configured on, all of your systems are effectively on three different networks. Without a router or two between them, or a different subnet mask configuration, they will not be able to communicate with each other. To understand this better, you’ll need to read up on some materials covering basic network routing and switching.

All you really need to understand, so that these devices can communicate with each other and the outside, is that every 255 in the subnet mask represents a portion of the system’s IP which must match the IPs of other systems which are to be considered part of the local network. The zeroes in the subnet mask represent portions of the IP which are used to uniquely identify systems on the local network. You should try to learn much more about networking before exercising this knowledge though, and especially before attempting to conduct any sort of penetration testing exercises on a system connected to a network you do not own.

So, in order to get your guests to communicate with other systems, including each other and the outside world, you need two things:

  1. A compatible guest network adapter configuration.
  2. A properly configured IP address and subnet mask.
    • For local network communications, the IP address and subnet mask must be compatible with those of the target systems.
    • For Internet communications, the IP address and subnet mask must be compatible with the router providing the Internet link. The system will also need to be told the IP of that router (configured as the ‘gateway’), and appropriate DNS servers.

Having covered this, there is another issue that should be addressed.

Penetration testing and network monitoring are very sensitive activities which should not ever be performed on a network where they are not authorized. Your university’s network would most likely, to you, be one such network. Therefore, you should be very mindful to not conduct these activities while your guest systems are connected to the external network.

  • Before enabling any Bridged or NAT adapters – and, for your host system’s protection, any Host-Only adapters – make sure that all software and services used for your penetration testing or network monitoring exercises have been stopped and/or disabled.

  • Only enable Bridged or NAT adapters when needed, to download new software or updates to the guest systems. Disable those adapters after the need has been fulfilled.

  • Before performing any penetration testing exercises, or network monitoring, make sure that all Bridged or NAT adapters are disabled. To avoid causing problems with your host system, you may also wish to disable any Host-Only adapters.

Again, before you do more in terms of penetration testing or network monitoring exercises, you should strive to gain a much better understanding of how computer networks work.

Leave a Reply

Your email address will not be published. Required fields are marked *