Q.) I've just downloaded 'xyz', what do I do with it?Back To The Top
Well that depends on what you have downloaded:
Q.) I've downloaded 'xyz', But its not working. What can I do?Back To The Top
Q.) What is a checksum? How do I find a file's checksum?Back To The Top
A checksum is a 'cryptographic hash function' which is an algorithm that takes a section of data to produce a string, which has a 'fixed' length. The string produced is the hash value, the checksum. If the data is modified, it will cause the hash value to change.
Below are different methods for Linux, OSX & Windows to calculate the checksum value of a file. We will use 'metasploitable-linux-2.0.0.zip' in the examples below.
[[email protected] ~]# md5sum metasploitable-linux-2.0.0.zip 8825f2509a9b9a58ec66bd65ef83167f metasploitable-linux-2.0.0.zip [[email protected] ~]# sha1sum metasploitable-linux-2.0.0.zip 84133002ef79fc191e726d41265cf5ab0dfad2f0 metasploitable-linux-2.0.0.zip [[email protected] ~]#
[localhost:~ dev]$ md5 metasploitable-linux-2.0.0.zip 8825f2509a9b9a58ec66bd65ef83167f metasploitable-linux-2.0.0.zip [localhost:~ dev]$ shasum metasploitable-linux-2.0.0.zip MD5 (metasploitable-linux-2.0.0.zip) = 84133002ef79fc191e726d41265cf5ab0dfad2f0 [localhost:~ dev]$
Q.) Help! I can't get networking to work correctly!/I can't see the virtual machine on the network!Back To The Top
Class - Start-End Subnet Mask (Dotted)-CIDR notation - Common RangesIf the machine is using a DHCP to get an IP address, it will be placed into the same subnet as the DHCP configuration.
Class A - 0.0.0.0-127.255.255.255 255.0.0.0 /8 - 10.xxx.xxx.xxx
Class B - 128.0.0.0-191.255.255.255 255.255.0.0 /16 - 172.16.xxx.xxx
Class C - 192.0.0.0-223.255.255.255 255.255.255.0 /24 - 192.168.xxx.xxx
Q.) I've started up 'xyz', and it's asking me to login. What's the password?Back To The Top
Depending on the virtual machine, that's the aim of it! You gain access to the system, with the highest user privilege you can reach, usually by exploiting a service running on the machine. Giving you the user credentials would defeat the purpose of the exercise.
This isn't always the case, some machines have local challenges which require you to login locally.
If this is the case, the username & password would be mentioned in the README file.
Such machines are: 'Damn Vulnerable Linux' & 'Exploit-Exercises'.
Q.) I'm still having issues/You haven't answered my question. Where do I go from here?Back To The Top
Sorry to hear that!
Depending on the nature of the question:
Q.) What is a 'virtual machine'?Back To The Top
A 'virtual machine (VM)', is the simulation of a machine (called the 'guest') that is running inside another machine (the 'host').
The 'guest' machine uses the 'hosts' system resources to create a virtual environment, which allows for multiple machines to be created and running at the same time.
These machines behave as close as possible to a 'real' instance.
Depending on the virtualization software, the virtual machine could use 'hypothetical specifications' or emulate the host's hardware.
These machines can be integrated with a virtual network or interact with an existing network.
Q.) Virtualbox vs. VMware. Which one is 'the best'?Back To The Top
It depends what you want to get out of them:
Q.) What software should I use to 'attack'?Back To The Top
Our answer can be found here, and been touched on in the 'Lab' guide.
Q.) What can 'target'?Back To The Top
We answered this question here, in our 'Lab' guide.
Q.) Where do I start/Where do I go from here?Back To The Top
These are our recommendations if you're completely new to this:
Q.) How do I convert a Virtualbox machine to work with VMware?Back To The Top
Both Virtualbox and VMware use different virtual machine formats, but each support the 'Open Virtualization Format'. However, you can be at risk of breaking a virtual machine by doing so. The reason for this is that there may be a 'new' network card attached (as each VM solution uses a different virtual network card). Because a different interface will be active, it may conflict with the setup script of the machine (inside the VM itself) that the author created. It really depends on how the original author designed the machine.
All the virtual machines can be converted, however, some will function correctly, others will not. Maybe at a later date, this is something VulnHub will look into documenting.
In the following example, we will move a 'Windows 7' VM from Virtualbox 4.2.4 to VMware Player 5 & Workstation 9, on a windows host.
To do so, we will use 'OVF Tool', which comes pre-installed with VMware player, fusion & workstaion. You can find the homepage of the tool here.
The basic method/principle is the same when the host OS is Linux or OSX.
Q.) How do I convert a VMware machine to work with Virtualbox?Back To The Top
The same introduction message in converting 'Virtualbox' to 'VMware' applies here. Even if it is successfully converted it may still not function correctly due to the internal scripts not being coded to use the 'new' hardware.
VMware has the ability to convert to different formats, however, it is achieved by 'Command Line Interface (CLI)', not a 'Graphical User Interface (GUI)'.
In this example, we will move a 'Windows 7' VM from VMware to Virtualbox 4.2.4.
It doesn't matter if it's player or workstation, as they are both in the same directory.
The basic method/principle is the same when the host OS is Linux or OSX.
Q.) What should I do with an existing virtual hard drive for an VMware machine?Back To The Top
In this example, we will add the virtual hard drive from Kioptrix level 1.3 to an existing machine.
If you don't have a existing machine to amend, you'll need to create a new virtual machine. This guide
Q.) What are the dangers/security issues of running an (unknown) virtual machine?Back To The Top
There are a few issues to take into consideration:
Q.) What can I do to protect my network and myself?Back To The Top
Q.) VMware is telling me: 'This virtual machine might have been moved or copied'. What should I do?Back To The Top
You have two options: 'I moved it' or 'I copied it'.
Q.) VMware is telling me: 'Convert existing virtual disk to newer format'. What should I do?Back To The Top
This is a result of having a newer version of VMware compared to the version used to create the virtual disk (and/or machine).
You have two options: 'Keep Existing Format' or 'Convert'.
Q.) VMware player: What's the difference between: 'Bridged', 'NAT', 'Host-only' and 'LAN segment'?Back To The Top
Q.) VMware fusion: What's the difference between: 'Share with my Mac/NAT', 'Bridged Networking' and 'Private to my Mac/Host-only'?Back To The Top
Q.) VMware workstation: What's the difference between: 'Bridged', 'NAT', 'Host-only', 'Custom' and 'LAN segment'?Back To The Top
Q.) Virtualbox: What's the difference between: 'NAT', 'Bridged Adapter', 'Internal Network', 'Host-only' 'Generic Driver' and 'Not attached'?Back To The Top
Q.) Who are you? What's this all about?Back To The Top
See this page.
Q.) Why have you given walkthroughs? Doesn't that ruin it?Back To The Top
We all learn in different ways. What works for some people, doesn't for others.
Some people learn by "watching others", or "hands on experiences", other learn by "reading about it".
We offer walkthroughs for various reasons:
Q.) Why haven't you added 'xyz'? Where can I submit an entry?Back To The Top
Either because we don't know about it, busy or both!
Please get in contact with us and make sure we are aware of it.
This isn't our job & we do have personal lives to live, so don't expect it to be added instantly.
Q.) Where can I submit a walkthrough?Back To The Top
If you have taken the time to write up a walkthrough, we would love to mention it on the list.
Either submit it on the entry page, or get in touch with us and it will be added.
Q.) What can I do to help?Back To The Top
You can: