As part of the Privasec (now Sekuro) Hackcelerator program, I was tasked with experimenting with a very basic meterpreter shell in order to identify potential indicators of compromise. To begin, the first thing I needed to do was set up a couple of virtual machines using VirtualBox, one Kali machine to act as my attack box and one Windows machine to act as my victim box.
Setting Up the Machines
Setting up these machines was a fairly stock standard process and didn’t really deviate from what I’d do with any other VM setup. For the Kali machine, I simply downloaded an ISO file from the Kali website and set things up from there. Once I’d managed to log in to my machine, I ran a quick update and upgrade of the packages and I was good to go.
For the Windows machine the process was much the same, I downloaded a Windows 10 VirtualBox file from Microsoft’s selection of images for testing and then set it up as per usual. After logging into this machine, I made sure to switch off Windows Defender’s real-time protection feature in order to make basic malware testing a bit easier.
Networking the Machines
This portion of the process was a bit new to me, I had never really attempted to network to VMs before, so I set about researching my various options. During my research I learned that VirtualBox offers two main strategies for allowing VMs to network:
- Network Bridging: Essentially allows a VM to behave as if it’s an entirely separate computer on your local network.
- Virtual NAT Network: Allows you to create a virtual NAT network in VirtualBox which both VMs can connect to.
In this case I chose to go with the virtual NAT network option, setting this up was fairly easy, first I created the virtual network:
Then I added both of my machines to it using their settings.
I then tested this network using a simple Python HTTP server on my Kali machine which I was able to access from my Windows machine.
With that done, I had set up everything I needed to begin doing some testing.