Q.) I’ve just downloaded ‘xyz’, what do I do with it?
Well that depends on what you have downloaded:
- ‘.7z’, ‘.RAR’, ‘.TAR’, ‘.TAR.BZ2’ and ‘.ZIP’ – These are different compressed archive formats. They can be extracted to reveal additional files. 7-zip is free, cross-platform and is able to extract all the mentioned formats.
- ‘.ISO’ and ‘.IMG’ – These are disk images of an optical disc. They could be burnt onto a CD/DVD (IMGBurn), loaded onto a USB stick (UNetbootin) or mounted inside a virtual machine.
- ‘.NVRAM’ – The virtual machine’s BIOS.
- ‘.OVA’ – ‘Open Virtualization Archive’ is a single compressed archive (‘.tar’) which contains the entire virtual machine (Virtual machine’s settings (‘.OVF’) & hard drive (‘.VMDK’)). This can be imported into virtualization software.
- ‘.OVF’ – ‘Open Virtualization Format’ is the configuration file for the virtual machine. This can be imported into virtualization software.
- ‘.VMDK’ and ‘.VHD’ – ‘Virtual Machine Disk (VMDK)’ and ‘Virtual Hard Disk (VHD)’ are virtual hard drive formats. These can be compressed to save room and expand when required. These can be imported into an existing virtual machine.
- ‘.VMEM’ – The Virtual machine’s paging file.
- ‘.VMSN’ and ‘.VMSD’ – VMSN are VMware snapshots and VMSD file stores metadata related to the snapshots.
- ‘.VMX’ – Virtual machine’s settings. This can be imported into virtualization software.
Q.) I’ve downloaded ‘xyz’, But it’s not working. What can I do?
- Did it download correctly?
Check the checksum of the file. For every download, we list the MD5 and SHA1 checksum of the file. Alternatively, they will be individually displayed on their entry page.
- Using the right software?
- How do you know it’s not working?
Q.) What is a checksum? How do I find a file’s checksum?
A checksum is a ‘cryptographic hash function’ which is an algorithm that takes a section of data to produce a string, which has a ‘fixed’ length. The string produced is the hash value, the checksum. If the data is modified, it will cause the hash value to change.
Q.) Help! I can’t get networking to work correctly!/I can’t see the virtual machine on the network
When the author created the virtual machine, they may have chosen for the machine to have a static IP address, or for it to be assigned one via a Dynamic Host Configuration Protocol (DHCP) server.
If there is a README file to go alongside the machine, it might be mentioned there. It may also be discussed on the author’s download page. However, there are certain cases when this hasn’t been disclosed.
If you’re new to setting up a lab, you might be unsure if the target machine is working correctly or not, or, if you have overlooked something. This is why on the entry page on Infosec Warrior; we have listed the networking status of each machine.
If it is using a static IP address it will have a pre-assigned IP address. As IP addresses are unique and shouldn’t have duplicates on the same network, you will need to check that there isn’t already a device using the machine’s static IP address. Usually, this shouldn’t be a problem as these machines should be placed in an isolated network.
However, if the virtual machine requires a DHCP server to assign an IP address, there needs to be a DHCP service running within the environment. Both Virtualbox and VMware products offer a DHCP service, which, when using the right ‘network type’, will isolate the machine from the current network.
It is highly recommended that you DO NOT run these machines on a: production network, home network, a network with Internet access and/or a network containing sensitive information (Infosec Warrior will not be responsible for any loss or damage caused). These virtual machines will work in isolated networks.
Q.) I’ve started up ‘xyz’, and it’s asking me to login. What’s the password?
Depending on the virtual machine, that’s the aim of it! You gain access to the system, with the highest user privilege you can reach, usually by exploiting a service running on the machine. Giving you the user credentials would defeat the purpose of the exercise.
This isn’t always the case, some machines have local challenges which require you to login locally.
If this is the case, the username & password would be mentioned in the README file.
Q.) I’m still having issues/You haven’t answered my question. Where do I go from here?
Sorry to hear that!
Depending on the nature of the question:
- You can try to search the internet using a search engine.
- Contact the original author (You can find contact details on their profile).
- Get in touch with Infosec Warrior (Please allow for 3 business days for a response).
Q.) What is a ‘virtual machine’?
A ‘virtual machine (VM)’, is the simulation of a machine (called the ‘guest’) that is running inside another machine (the ‘host’).
The ‘guest’ machine uses the ‘hosts’ system resources to create a virtual environment, which allows for multiple machines to be created and running at the same time.
These machines behave as close as possible to a ‘real’ instance.
Depending on the virtualization software, the virtual machine could use ‘hypothetical specifications’ or emulate the host’s hardware.
These machines can be integrated with a virtual network or interact with an existing network.
Q.) Virtualbox vs. VMware. Which one is ‘the best’?
It depends what you want to get out of them:
- Virtualbox is free & open source. VMware has a freeware and commercial products. VMware player is freeware; VMware workstation & VMware fusion are commercial.
- Both solutions work on Linux & Windows hosts, and both support Linux & Windows guests. However, Virtualbox also supports OSX as a host & guest. Whereas VMware fusion is the only product which VMware currently offers which supports OSX host & guest.
- VMware player has the same ‘core’ as workstation, but its either missing various features, or has limitations.
- Virtualbox has all the features of VMware player, including any features that are ‘limited’ (e.g. snapshots & virtual network control) along with additional ones (e.g. cloning).
- Virtualbox has a few features that VMware doesn’t (currently) offer, such as, capping ‘processor usage’.
- VMware workstation offers a lot more features which Virtualbox (currently) doesn’t, for example, fully automated installations of operating systems, USB3.0 support, better USB device control (more reliable connecting & releasing devices).
- VMware player is free, and is a limited version of workstation. It’s good if you just want to run a virtual machine.
- Virtualbox is free, works everywhere and has various features over VMware player that are very beneficial: this product is good if you want to run & manage various virtual machines.
- VMware workstation needs to be purchased, works everywhere and has additional features that are very beneficial. This product is great if you want to run & manage various virtual machines, especially across multiple hosts.
Q.) What are the dangers/security issues of running an (unknown) virtual machine?
There are a few issues to take into consideration:
- You’re taking a machine that has known vulnerabilities in it and its purpose is to be broken into. As a result, you’ll be increasing the risk of the network it’s attached to.
- You’re running someone else’s code, so you’re trusting the author hasn’t made it perform/run in a malicious manner. Just like running an unknown/untrusted program, the virtual machine could:
- Try and attack the host and/or network in-which its been attached to.
- Connect back to the author, becoming a ‘zombie’ in botnet.
- You could end up attacking yourself or the incorrect target. For example if the virtual machine network was set to ‘NAT’ and uses port forwarding for the guest system, any other open ports which haven’t been forwarded are services running on the host machine.
DigiNinja wrote a blog post on exactly this, ‘Blindly Installing VMs and Using Live CDs‘. Also to highlight the issue, ScriptJunkie created a VM to demonstrate these issues, called ‘The Hackers Games‘. His blog post that explains the dangers of it can be found here ‘Malicious VM to Host Attacks‘.
Q.) What can I do to protect my network and myself?
- Isolate the virtual machine from the internal network & disable external access. It ishighly recommended
these machines are not attached to aproduction network
or ahome network
. Ideally they want to be in an isolated lab environment. For our guide on creating a virtual lab. Alternatively, here is a quick breakdown:
- For machine(s) which have network access to the virtual machine(s) in question, make sure they are:
- Fully up-to-date with patches (Operating system & applications).
- Behind an internal firewall.
- Do not contain any sensitive information on them.
- Close any unneeded services.
- If possible, use another virtual machine to attack them, so a snapshot can be taken in a known ‘clean’ state before attacking. Then it can be ‘restored’ once the target machine has been powered off.
- Have an anti-virus solution installed, working correctly and up-to-date.
- If possible, use an IDS or IPS. (See Security Onion for a ‘live CD’ of a collection of useful network monitoring tools).
Q) Who are you? What’s this all about?
See this page.
Q.) Why have you given walkthroughs? Doesn’t that ruin it?
We all learn in different ways. What works for some people, doesn’t for others.
Some people learn by “watching others”, or “hands on experiences”, other learn by “reading about it”.
We offer walkthroughs for various reasons:
- If this is all new to you, you might want a helping hand to get you started.
- After giving it a go, you might become stuck for a few hours, so they offer a nudge in the right direction.
- Once completing it, you can compare methods.
Q.) Why haven’t you added ‘xyz’? Where can I submit an entry?
Either because we don’t know about it, busy or both!
Please get in contact with us and make sure we are aware of it.
This isn’t our job & we do have personal lives to live, so don’t expect it to be added instantly.