Setting Up A Hidden Network W/ Vmware Workstation

[555]

Hello,

I recently finished installing BT4 on VM1 and WinXP on VM2, how do I network the two together so I do not mess up anything else when pentest practicing?

Infiltrator and others said something about setting up a "Hidden network", how is that accomplished? Any good tutorials? Thanks

[Mr-Protocol]

Not hidden. "Internal Network" I use VirtualBox now VMWare well because I think VMWare installs too much BS to work. But look @ the networking modes as discussed in other thread...

Internal Networking is similar to bridged networking in that the VM can directly communicate with the outside world. However, the "outside world" is limited to other VMs on the same host which connect to the same internal network.

http://www.virtualbox.org/manual/ch06.html internal networking section.

[digip]

When wmware starts the VM's they should be on the same subnet automatically, just set both their NICs to NAT, and then get the IP from each machine and ping from the other, you should get a response. If Windows doesn't respond, after doing the ping, do an arp -a to display known mac addresses, and chances are, it will be in there. When on a local network, even machines whom don't respond to an icmp ping replay still have to do an arp replay. Otherwise, they can't communicate on the local lan with other machines and even the router.

Just make sure the host OS and your router, use a different subnet than the one set in VMware. You can select what subnet to set it to manually in VMware, but its easier to just change your routers subnet to something other than the 192.168.1.0/24 subnet, such as the 10.x.x.x or 172.16.x.x-172.31.x.x subnets. This way if you scan the subnet that backtrack is on for other machines, such as the XP machine, you don't get any responses from the host OS via nmap or metasploits scanner.

[hexophrenic]

If you want it truly isolated, choose a custom vm network (vmnet2) that does not have a host interface. That way each of the VMs can talk to each other, but none of them can talk to anything that is not using that custom vm network (including the host). Host-only networking OOTB still allows the host to communicate with the vm network. You can always change a host to NAT, hit the internet for updates, then change back to custom when you are done.

[Mr-Protocol]

If you want it truly isolated, choose a custom vm network (vmnet2) that does not have a host interface. That way each of the VMs can talk to each other, but none of them can talk to anything that is not using that custom vm network (including the host). Host-only networking OOTB still allows the host to communicate with the vm network. You can always change a host to NAT, hit the internet for updates, then change back to custom when you are done.

AKA Internal Network, Read my previous post...

[hexophrenic]

All due respect, he uses VMWare Workstation, not VirtualBox. "Internal network" has no meaning in VMWare, thus your explanation would not be too meaningful to someone who is asking this question. I was simply trying to offer a more clear idea of how to accomplish this in VMWare.

[Mr-Protocol]

Right, I'm sure VMware has a similar network mode. Or he could just set static IP's to both boxes on a subnet / ip range not currently in use.

http://www.vmware.com/pdf/ws71_manual.pdf <-- Manual

Page 285 & 304

Edited March 10, 2011 by Mr-Protocol

[555]

I set both to NAT networking, and booted both at once, did a ifconfig on BT4 and a ipconfig on Win XP, got both IP's but when pinging from BT4 VM to Win XP VM, got a "network is unreachable" error. Mr. Protocol, thank you for the link (will read).. and also yes I am using VMWare workstation, I have used VirtualBox with Ubuntu but am using VMWare right now because I have to run Win as my main OS on this pc.. so I should set it to Bridged instead? ughh.. I will keep playing with this program until it works.

[digip]

I set both to NAT networking, and booted both at once, did a ifconfig on BT4 and a ipconfig on Win XP, got both IP's but when pinging from BT4 VM to Win XP VM, got a "network is unreachable" error. Mr. Protocol, thank you for the link (will read).. and also yes I am using VMWare workstation, I have used VirtualBox with Ubuntu but am using VMWare right now because I have to run Win as my main OS on this pc.. so I should set it to Bridged instead? ughh.. I will keep playing with this program until it works.

Do not used bridged as that would put the host OS in the loop, what you want is to make sure the NIC is started for the VMware NAT adapter. Then they should be able to see each other. If you ping from BT to the XP IP address and get unreachable, doesn't mean it can't see the machine, could just be that the windows firewall is blocking the ICMP ping echo. Thats why I said check ARP after doing a ping to confirm it is listed, as any machine on the same subnet that does not accept a ping must respond to arp, or it can't communicate on the network.

[hexophrenic]

NAT also allows the host to be reachable from any of the guests, as does the default host-only network. What bridged does is bring everything else connected to the LAN that the host is connected to into the picture. When you use NAT, unless you specifically want otherwise, make sure the NAT interface is set to public rather than private (or whatever your firewall software calls it) to protect your host from yourself^H^H^H^H guests.

[digip]

NAT also allows the host to be reachable from any of the guests, as does the default host-only network. What bridged does is bring everything else connected to the LAN that the host is connected to into the picture. When you use NAT, unless you specifically want otherwise, make sure the NAT interface is set to public rather than private (or whatever your firewall software calls it) to protect your host from yourself^H^H^H^H guests.

Yes, but don't use bridged if you want the HOST out of the loop, bridged will only put you in the middle if you do. This is why I said to use NAT for the VM's and then change the subnets they reside on to be different than that of the HOST machine, or change the subnet in your router so the host is not the same as the VM's.

Most consumer routers put you in the 192.168.1.0/24 subnets, and by default, vmware should use the 192.168.2.0/24 subnet, but its possible that even your router might be on the 192.168.2.0/24 subnet, so just make sure these are different. Its still possible to reach the host machine if you plug in its IP since the VM router interface can see both the internal and outbound facing interfaces, but if its on a different subnet than the HOST machine, a normal NMAP and metasploit scan shouldn't see it for the subnet of the VM's only.

Edited March 11, 2011 by digip

[555]

So I have them both on NAT but they can not connect to the internet, so I am thinking maybe that is why they can not reach each other. The picture above is my settings for the VM network, maybe they need to go on a custom network setting? I get a drop down box with VMnet0 threw 9 one says host only and the other says NAT next to it. So maybe set Win to host only and BT4 to NAT? but will they still be able to access the internet like say if I need to google something while im pen testing?

posted image but just says "posted image" here is link to screen shot http://img845.imageshack.us/i/vmsubnetting.jpg

Edited March 11, 2011 by 555

[digip]

Few things. 1, make sure they all have the connected box checked as well as connected upon boot. 2, make sure the network adapter for the VMware NAT NIC is started on the host machine (same place you start "Local Area Network" adapter, should be two for vmware, one for bridged and one for NAT). Make sure the machines have valid IP addresses in the vmware subnet, and aren't pointing to the 169.254.x.x subnet(which means they aren't getting addresses from DHCP). 3 Make sure all services for VMware are running. Go into services.msc, and make sure the following are started - VMware Authorization Service, VMware DHCP Service, VMware NAT Service, and VMware USB Arbitration Service(only if you want to use USB devices such as a wireless nic with backtrack). 4 Check your hosts firewall rules to make sure its allowing vmware to act as a server as well as connect to the internet. and 5 - in Vmware Workstation, to to EDIT > VIRTUAL NETWORK EDITOR > And then check that NAT (usualy VMnet8) is conencted, enabled, and is the subnet you want these two VMs to speak on.

It will look something like this:

Edited March 11, 2011 by digip

[555]

DigiP,

I checked out virtual network manager, and changed the settings to "custom" with vm#1-bt4 & vm#2-win-xp, still can not get a google screen or net connect from eaither one. I have used bridged before to just connect to the net threw the VM, but this is a different type of situation of usage. here is the screenshot..

screenshot:

http://img855.imageshack.us/i/subnetting2.jpg

How did you get to the one you posted? Do we have different versions or something? I got 6.5

edit::: also how did you post a pic, is this access based on post count or something to rid spammers? BB Code did not work for me.. also not a spammer.

Edited March 11, 2011 by 555

[misfitsman805]

How did you get to the one you posted? Do we have different versions or something? I got 6.5

He most likely has Vmware Workstation Ver 7.1.3

[555]

Got the VM's to ping each other using bridged & connect to the internet, but I dont want my real OS in the middle of all my goofed up BT4 attacks. I remember being warned several times by DigiP not to use a bridged connection for this lol :) NAT does not seem to be working for me, and I think we have different versions (most likely a end user mistake by me). In custom settings, VM2=Win XP should be the host correct? since I am using the other VM1=BT4 to try and attack that one?

[digip]

Got the VM's to ping each other using bridged & connect to the internet, but I dont want my real OS in the middle of all my goofed up BT4 attacks. I remember being warned several times by DigiP not to use a bridged connection for this lol :) NAT does not seem to be working for me, and I think we have different versions (most likely a end user mistake by me). In custom settings, VM2=Win XP should be the host correct? since I am using the other VM1=BT4 to try and attack that one?

Versions have nothing to do with it, it works the same across all versions I've ever used from version 5 up to the latest. The Virtual machines can share the same NAT VMnet adapter. If you downloaded the BT4 VM, you might have to change the NIC settings to NAT, since I think it ships with it in bridged mode from the bt site.

As far as attacks, you can do it in bridged, won't hurt anything. Just make sure you are only pointing to the IP of the other vm you want to attack, and not scanning the IP range your HOST machine sits on. The HOST, is your real desktop machine and OS running VMware. The Vms are just the virtual machines you have running in Vmware Workstation.

Edited March 13, 2011 by digip

[555]

Awesome, problem solved. Thanks for all of your help! :)

Bridged it is..