Frequently Asked Questions

Troubleshooting
Software
Pentesting
Formats
Virtual Machines
Networking
VulnHub

Troubleshooting

Q.) I've just downloaded 'xyz', what do I do with it?

Back to the Top

Well that depends on what you have downloaded:

Q.) I've downloaded 'xyz', But its not working. What can I do?

Back to the Top

If you're still having issues, see here.


Q.) What is a checksum? How do I find a file's checksum?

Back to the Top

Below are different methods for Linux, OSX & Windows to calculate the checksum value of a file. We will use 'metasploitable-linux-2.0.0.zip' in the examples below.

Linux

If you have the 'coreutils' packaged install (which is very common with major Linux distribution), you can use 'md5sum' & 'sha1sum' for checking files checksums.
[dev@localhost ~]# md5sum metasploitable-linux-2.0.0.zip
8825f2509a9b9a58ec66bd65ef83167f  metasploitable-linux-2.0.0.zip
[dev@localhost ~]# sha1sum metasploitable-linux-2.0.0.zip
84133002ef79fc191e726d41265cf5ab0dfad2f0  metasploitable-linux-2.0.0.zip
[dev@localhost ~]#

OSX

Simlar to Linux, OSX comes with 'md5' & 'shasum' to generate files' checksums.
[localhost:~ dev]$ md5 metasploitable-linux-2.0.0.zip
8825f2509a9b9a58ec66bd65ef83167f  metasploitable-linux-2.0.0.zip
[localhost:~ dev]$ shasum metasploitable-linux-2.0.0.zip
MD5 (metasploitable-linux-2.0.0.zip) = 84133002ef79fc191e726d41265cf5ab0dfad2f0
[localhost:~ dev]$

Windows

By default, windows doesn't come with a program to calculate checksums. We recommend using a 3rd party tool called 'hashtab'.
To use it:
hash_windows.png
HashTab

Q.) Help! I can't get networking to work correctly!/I can't see the virtual machine on the network!

Back to the Top

Static IP? DHCP Server?

When the author created the virtual machine, they may have chosen for the machine to have a static IP address, or for it to be assigned one via a Dynamic Host Configuration Protocol (DHCP) server.
If there is a README file to go along side the machine, it might be mentioned there. It may also be discussed on the author's download page. However, there are certain cases when this hasn't been disclosed.
If you're new to setting up a lab, you might be unsure if the target machine is working correctly or not, or, if you have over looked something. This is why on the entry page on VulnHub; we have listed the networking status of each machine.

If it is using a static IP address it will have a pre-assigned IP address. As IP addresses are unique and shouldn't have duplicates on the same network, you will need to check that there isn't already a device using the machine's static IP address. Usually this shouldn't be a problem as these machines should be placed in an isolated network.
However, if the virtual machine requires a DHCP server to assign an IP address, there needs to be a DHCP service running within the environment. Both Virtualbox and VMware products offer a DHCP service, which, when using the right 'network type', will isolate the machine from the current network. See the lab for our guide on doing this.
It is highly recommended that you DO NOT run these machines on a: production network, home network, a network with Internet access and/or a network containing sensitive information (VulnHub will not be responsible for any loss or damage caused). These virtual machines will work in isolated networks. See security for reasons why. Click here to see how to setup a network correctly.

Subnetwork

IPv4 network addresses can be broken down into various classes:
 Class   -    Start-End        Subnet Mask (Dotted)-CIDR notation  - Common Ranges
Class A - 0.0.0.0-127.255.255.255 255.0.0.0 /8 - 10.xxx.xxx.xxx
Class B - 128.0.0.0-191.255.255.255 255.255.0.0 /16 - 172.16.xxx.xxx
Class C - 192.0.0.0-223.255.255.255 255.255.255.0 /24 - 192.168.xxx.xxx
If the machine is using a DHCP to get an IP address, it will be placed into the same subnet as the DHCP configuration.
But, if the machine is using a static IP address, the machine could lie outside the subnet. Common ranges for a class C network are 192.168.0.0/24, 192.168.1.0/24. However, if the virtual machine uses '192.168.2.50/24', or '10.10.10.100/16' as examples, the attacker will need to adjust their virtual environment so they are in the same subnet.

Being the attacker, you will need to learn techniques to locate machines on a network.

Ping

A common way to see if the machine is 'alive' on a network is to send a ping packet (Internet Control Message Protocol (ICMP) echo request) and see if there is a reply.
However, if the machine has a firewall installed, it could be designed to drop the packet. This would result in no response to the ping request, thus failing the test to see if the machine is 'alive'.

Being the attacker, you would have to discover/research other methods to see if the machine is actually online & functioning correctly.


Q.) I've started up 'xyz', and it's asking me to login. What's the password?

Back to the Top

Depending on the virtual machine, that's the aim of it! You gain access to the system, with the highest user privilege you can reach, usually by exploiting a service running on the machine. Giving you the user credentials would defeat the purpose of the exercise.

This isn't always the case, some machines have local challenges which require you to login locally.
If this is the case, the username & password would be mentioned in the README file.
Such machines are: 'Damn Vulnerable Linux' & 'Exploit-Exercises'.

holynix-v2.tar-1.pngDVL_1.5_Infectious_Disease-1.png
Holynix v2's & Damn Vulnerable Linux's login screen


Q.) I'm still having issues/You haven't answered my question. Where do I go from here?

Back to the Top

Sorry to hear that!
Depending on the nature of the question:

Software

Q.) What is a 'virtual machine'?

Back to the Top

A 'virtual machine (VM)', is the simulation of a machine (called the 'guest') that is running inside another machine (the 'host').
The 'guest' machine uses the 'hosts' system resources to create a virtual environment, which allows for multiple machines to be created and running at the same time.
These machines behave as close as possible to a 'real' instance.
Depending on the virtualization software, the virtual machine could use 'hypothetical specifications' or emulate the host's hardware.
These machines can be integrated with a virtual network or interact with an existing network.

Q.) Virtualbox vs. VMware. Which one is 'the best'?

Back to the Top

It depends what you want to get out of them:

Pentesting

Q.) What software should I use to 'attack'?

Back to the Top

Our answer can be found here, and been touched on in the 'Lab' guide.

Q.) What can 'target'?

Back to the Top

We answered this question here, in our 'Lab' guide.

Q.) Where do I start/Where do I go from here?

Back to the Top

These are our recommendations if you're completely new to this:

Afterwards, that's up to you! If you're stuck for ideas/wanting to do something specific, feel free to join the IRC channel and see what someone suggests.

Formats

Q.) How do I convert a Virtualbox machine to work with VMware?

Back to the Top

Both Virtualbox and VMware use different virtual machine formats, but each support the 'Open Virtualization Format'. However, you can be at risk of breaking a virtual machine by doing so. The reason for this is that there may be a 'new' network card attached (as each VM solution uses a different virtual network card). Because a different interface will be active, it may conflict with the setup script of the machine (inside the VM itself) that the author created. It really depends on how the original author designed the machine.
All the virtual machines can be converted, however, some will function correctly, others will not. Maybe at a later date, this is something VulnHub will look into documenting.

In the following example, we will move a 'Windows 7' VM from Virtualbox 4.2.4 to VMware Player 5 & Workstation 9, on a windows host.
To do so, we will use 'OVF Tool', which comes pre-installed with VMware player, fusion & workstaion. You can find the homepage of the tool here.
The basic method/principle is the same when the host OS is Linux or OSX.

Virtualbox (Export)

  1. Power off the machine (Make sure it's not suspended).
    convert_vbox_vm_01.png

  2. Virtualbox --> File --> Export Appliance.
    convert_vbox_vm_02.png

  3. <Machine name> --> Next.
    convert_vbox_vm_03.png

  4. Choose --> <path to export to> (Leave the two boxes 'un-ticked').
    convert_vbox_vm_04.png

  5. Check values --> Export.
    convert_vbox_vm_05.png

  6. Wait.
    convert_vbox_vm_06.png


VMware Player (Import)

  1. Press 'Open a Virtual Machine'.
    convert_vbox_vm_07.png

  2. Locate exported file (See stage 4 of Virtualbox).
    convert_vbox_vm_08.png

  3. Check machine name & where to store the virtual machine.
    convert_vbox_vm_09.png

  4. Wait.
    convert_vbox_vm_10.png

  5. The virtual machine should now work.
    convert_vbox_vm_11.pngconvert_vbox_vm_12.png

  6. The virtual machine will then detect new hardware as a result of the switch in the software.
    convert_vbox_vm_22.png


VMware Workstation (Import)

  1. Press 'Open a Virtual Machine'.
    convert_vbox_vm_13.png

  2. Locate exported file (See stage 4 of Virtualbox).
    convert_vbox_vm_14.png

  3. Check machine name & where to store the virtual machine.
    convert_vbox_vm_15.png

  4. Wait.
    convert_vbox_vm_16.png

  5. If 'The import failed because <path> did not pass OVF specification conformance or virtual hardware compliance checks', press 'Retry'.
    convert_vbox_vm_17.png

  6. The virtual machine should now work.
    convert_vbox_vm_18.pngconvert_vbox_vm_19.png

  7. The virtual machine will then detect new hardware as a result of the switch in the software.
    convert_vbox_vm_20.png


You can see what files were produced as a result.
(First window: the original Virtualbox format. Middle: an export in OVA format. Bottom: VMware format).
convert_vbox_vm_21.png

Q.) How do I convert a VMware machine to work with Virtualbox?

Back to the Top

The same introduction message in converting 'Virtualbox' to 'VMware' applies here. Even if it is successfully converted it may still not function correctly due to the internal scripts not being coded to use the 'new' hardware.
VMware has the ability to convert to different formats, however, it is achieved by 'Command Line Interface (CLI)', not a 'Graphical User Interface (GUI)'.

In this example, we will move a 'Windows 7' VM from VMware to Virtualbox 4.2.4.
It doesn't matter if it's player or workstation, as they are both in the same directory.
The basic method/principle is the same when the host OS is Linux or OSX.

VMware (Export)

  1. Power off the machine (Make sure it's not suspended).
    convert_vm_vbox_01.pngconvert_vm_vbox_02.png

  2. Locate the working path of VMware (Windows users can quickly find it by right clicking on the shortcut then 'Open file location').
    Windows XP: 'C:\Program Files\VMware\VMware Workstation'
    Windows Vista or higher: (x64) 'C:\Program Files (x86)\VMware\VMware Workstation' or (x86) 'C:\Program Files\VMware\VMware Workstation'
    Linux: '/usr/lib/vmware-ovftool/'
    OSX: '/Applications/VMware Fusion.app/Contents/Library/VMware OVF Tool/'
    convert_vm_vbox_03.png

  3. Once the path of VMware is known, open a command prompt window in the same directory (Window Vista or higher users can quickly do this by holding 'shift' & right clicking then press 'Open command window here').
    convert_vm_vbox_04.png

  4. Type the following commands:
    Windows
    :
    • cd OVFTool
    • ovftool.exe <path of the virtual machine> <path to export to> For example: ovftool.exe "C:\Virtual Machines\Windows 7.vmx" "C:\Virtual Machines\Windows 7.ovf"
    Linux/OSX
    :
    • ./ovftool <path of the virtual machine> <path to export to> For example: ./ovftool /home/user/vms/vmware/win7.vmx /home/user/vms/vbox/win7.vmx
    convert_vm_vbox_05.png

  5. Wait.
    convert_vm_vbox_05.pngconvert_vm_vbox_06.png


Virtualbox (Import)

  1. Virtualbox --> File --> Import Appliance.
    convert_vm_vbox_07.png

  2. Open appliance --> Locate exported file (See stage 4 of VMware) --> Next.
    convert_vm_vbox_10.pngconvert_vm_vbox_11.pngconvert_vm_vbox_12.png

  3. Virtualbox then displays a summary of the machine which will be imported. The settings now can be altered from the VMware values.
    convert_vm_vbox_14png

  4. Wait.
    convert_vm_vbox_15.png

  5. The virtual machine should now work.
    convert_vm_vbox_16.pngconvert_vm_vbox_17.png

  6. The virtual machine will then detect new hardware as a result of the switch in the software.
    convert_vm_vbox_18.png


Q.) What should I do with an existing virtual hard drive for an VMware machine?

Back to the Top

In this example, we will add the virtual hard drive from Kioptrix level 1.3 to an existing machine.
If you don't have a existing machine to amend, you'll need to create a new virtual machine. This guide

doesn't
cover this.
It doesn't matter if it's player or workstation.
The principle is the same when the host OS is Linux or OSX.
  1. Power off the machine (Make sure it's not suspended).
    vm_hdd_01.png

  2. Edit virtual machine settings.
    vm_hdd_02.png

  3. Add --> Hard Disk --> Next (You may get a UAC prompted if you're using Windows Vista or higher and have UAC enabled. Press 'Yes').
    vm_hdd_03.png

  4. Select 'Use an existing virtual disk'.
    vm_hdd_04.png

  5. Browse --> Locate the image file.
    vm_hdd_05.png

  6. Select 'Keep Existing Format'.
    vm_hdd_06.png

  7. Okay.
    vm_hdd_07.png

  8. The virtual machine should now work.
    vm_hdd_08.png

Virtual Machines

Q.) What are the dangers/security issues of running an (unknown) virtual machine?

Back to the Top

There are a few issues to take into consideration:

  • You're taking a machine that has known vulnerabilities in it and its purpose is to be broken into. As a result, you'll be increasing the risk of the network it's attached to.
  • You're running someone else's code, so you're trusting the author hasn't made it perform/run in a malicious manner. Just like running an unknown/untrusted program, the virtual machine could:
    • Try and attack the host and/or network in-which its been attached to.
    • Connect back to the author, becoming a 'zombie' in botnet.
  • You could end up attacking yourself or the incorrect target. For example if the virtual machine network was set to 'NAT' and uses port forwarding for the guest system, any other open ports which haven't been forwarded are services running on the host machine.
DigiNinja wrote a blog post on exactly this, 'Blindly Installing VMs and Using Live CDs'. Also to highlight the issue, ScriptJunkie created a VM to demonstrate these issues, called 'The Hackers Games'. His blog post that explains the dangers of it can be found here 'Malicious VM to Host Attacks'.

Please see below on our recommendations on protecting yourself.

Q.) What can I do to protect my network and myself?

Back to the Top

  • Isolate the virtual machine from the internal network & disable external access. It is
    highly recommended
    these machines are not attached to a
    production network
    or a
    home network
    . Ideally they want to be in an isolated lab environment. For our guide on creating a virtual lab, see here. Alternatively, here is a quick breakdown:
  • For machine(s) which have network access to the virtual machine(s) in question, make sure they are:
    • Fully up-to-date with patches (Operating system & applications).
    • Behind an internal firewall.
    • Do not contain any sensitive information on them.
    • Close any unneeded services.
    • If possible, use another virtual machine to attack them, so a snapshot can be taken in a known 'clean' state before attacking. Then it can be 'restored' once the target machine has been powered off.
    • Have an anti-virus solution installed, working correctly and up-to-date.
  • If possible, use an IDS or IPS. (See Security Onion for a 'live CD' of a collection of useful network monitoring tools).
For tutorials on how to set up your lab: you can find our guide here, a blog post from metasploit on 'How to set up a penetration testing lab' as well as a page from SecurityXploded.

Q.) VMware is telling me: 'This virtual machine might have been moved or copied'. What should I do?

Back to the Top

You have two options: 'I moved it' or 'I copied it'.

vm_move_copy.png
I moved it

This keeps the current 'Universally Unique Identifier (UUID)' for the VM. The UUID is generated from the host's identifier and the location of the VM's configuration file.
If there is only a single instance of the virtual machine, it's safe to use this option. For example, if you have downloaded a virtual machine from the Internet)
You may also get this issue if you update VMware to a newer version, as the host's identifier could be updated as well.

I copied it

This generates a new UUID for the VM, so that it doesn't clash with the original VM. (The UUID shouldn't clash as it could cause issues with system management).
You will want to use this option if you're cloning machines. For example, if you made a 'template' machine, and cloning instances of it.

A link to VMware's answer is here (KB: 1541).

Q.) VMware is telling me: 'Convert existing virtual disk to newer format'. What should I do?

Back to the Top

This is a result of having a newer version of VMware compared to the version used to create the virtual disk (and/or machine).
You have two options: 'Keep Existing Format' or 'Convert'.

vm_convert.png
Keep Existing Format

VMware has backwards compatibility with machines that were produced by older versions. As a result, VMware is able to use an older virtual disk without having to modify it. This allows the virtual machine to be same as when the author created it (as we wish to keep any modification to a minimum).
We recommend selecting this option to maintain the integrity of virtual machines as much as possible.

Convert

By selecting this option, it would upgrade the virtual disk to current version of VMware. This update makes sure its compatible with future versions of VMware.

Networking

Q.) VMware player: What's the difference between: 'Bridged', 'NAT', 'Host-only' and 'LAN segment'?

Back to the Top

By enabling the option 'Replicate physical network connection state' under 'Bridged' network type selection, when the network connection is disconnected on the host this will be reflected inside the VM. For example, if the host was using a wired connection and the cable is unplugged, or if disconnected from a wireless network, the VM will also be disconnected. By doing so, the IP address of the VM will be renewed. This is useful for mobile devices that might not always have a permitted network connection as they could be moving from wired connections or using a different wireless connection.

A good guide explaining the differences in network modes can be found here.

You can customise VMware player further by pressing on 'advanced', to reveal more control over the virtual network.
vm_settings_04.png

Q.) VMware fusion: What's the difference between: 'Share with my Mac/NAT', 'Bridged Networking' and 'Private to my Mac/Host-only'?

Back to the Top

Q.) VMware workstation: What's the difference between: 'Bridged', 'NAT', 'Host-only', 'Custom' and 'LAN segment'?

Back to the Top
By enabling the option 'Replicate physical network connection state' under 'Bridged' network type selection, when the network connection is disconnected on the host this will be reflected inside the VM. For example, if the host was using a wired connection and the cable is unplugged, or if disconnected from a wireless network, the VM will also be disconnected. By doing so, the IP address of the VM will be renewed. This is useful for mobile devices that might not always have a permitted network connection as they could be moving from wired connections or using a different wireless connection.

A good guide explaining the differences in network modes can be found here.

You can customise VMware workstation further by pressing on 'advance' or going to 'virtual network editor' (from either the start menu or VMware workstation --> Edit), to reveal more control over the virtual network.
vm_settings_01.png

vm_settings_02.pngvm_settings_03.png

Q.) Virtualbox: What's the difference between: 'NAT', 'Bridged Adapter', 'Internal Network', 'Host-only' 'Generic Driver' and 'Not attached'?

Back to the Top

If 'Promiscuous mode' is disabled, only the traffic that was intended to receive will be passed along. It's seen as more 'secure' because only the intentional traffic for each node will forward along. This is how a 'network switch' functions.
However, if it's enabled, the 'network interface controller (NIC)' will pass all the traffic which is going though. This is used for 'packet sniffing' and a single node can view all the traffic on the network, useful for inspecting & debugging the network. This is how a 'network hub' functions.
Virtualbox has multiple settings regarding promiscuous mode:

VulnHub

Q.) Who are you? What's this all about?

Back to the Top
See this page.

Q.) Why have you given walkthroughs? Doesn't that ruin it?

Back to the Top

We all learn in different ways. What works for some people, doesn't for others.
Some people learn by "watching others", or "hands on experiences", other learn by "reading about it".
We offer walkthroughs for various reasons:


We don't make you press the 'walkthrough' button, if you wish to 'cheat' - that's your decision and you're only 'cheating' yourself.
This is the reason why we will not have a 'hall of fame' or 'user rankings' as it wouldn't be fair to the people who tried.

Q.) Why haven't you added 'xyz'? Where can I submit an entry?

Back to the Top
Either because we don't know about it, busy or both!
Please get in contact with us and make sure we are aware of it.

This isn't our job & we do have personal lives to live, so don't expect it to be added instantly.

Q.) Where can I submit a walkthrough?

Back to the Top
If you have taken the time to write up a walkthrough, we would love to mention it on the list.
Either submit it on the entry page, or get in touch with us and it will be added.

Q.) What can I do to help?

Back to the Top
You can:
  • Help out other people (Check out the IRC channel).
  • Create an entry for us to index & others to complete (and then submit it!)
  • Write up a walkthrough (afterwards submit it!)
  • If you wish to help with the project (VulnHub) itself, please do get in touch (We have the ideas/plans but not the time/man power to achieve them!)