is it possible to practice target vm's inside kali ?

[Skorpinok Rover]

Hi,
is it possible to practice target virtual machine like xp or metasploitable 2 if installed inside kali linux through virtual box in case if i dual boot kali along side windows 7 ? if yes how ?

Regards
skorpinok

[newbi3]

Of course it is! Just install virtualbox on kali and create your vms then install the OS that you want on them. Once that is done change the network settings from nat to bridge and thats it :)

[iamk3]

Is there a good reference on doing this? I have limited experience with VMs, but would like to be able to do this for practice... Also, where do I find an XP ISO to do this?

[newbi3]

It is exactly the same process as setting up virtual machines on Windows and if you are looking for an XP iso you can pirate it BUT make sure you have an authentic license to register the software with otherwise its illegal. But because Windows XP will no longer be supported come the end of this month I don't think Microsoft would care to much BUT IT IS STILL ILLEGAL AND I DO NOT CONDONE IT! :D

And if you still want help setting up a virtual machine google: "create a virtual machine with vritualbox"

[Skorpinok Rover]

Of course it is! Just install virtualbox on kali and create your vms then install the OS that you want on them. Once that is done change the network settings from nat to bridge and thats it :)

if changed from NAT to Bridged will it be a problem for other LAN user's or outside network while doing extensive penetration testing ? will my packets leak outside when sent from kali ?

[newbi3]

if changed from NAT to Bridged will it be a problem for other LAN user's or outside network while doing extensive penetration testing ? will my packets leak outside when sent from kali ?

Well yes but it wont really matter as long as there are no IDS's or IPS's on your network that might go off (which if you are at home this shoudn't be an issue). Just having the traffic on your network should not cause an issue for users on your network if you are not targeting them.

[Skorpinok Rover]

when ethernet cable is connected & network adapter is bridged in virtualbox, a successful connection is established inside vm, but when i disconnect cable & access kali through iphone's wifi hotspot i get good internet access in kali linux , but in virtualbox NAT works & in bridged mode there is no connectivity, how to fix this ?

Well yes but it wont really matter as long as there are no IDS's or IPS's on your network that might go off (which if you are at home this shoudn't be an issue). Just having the traffic on your network should not cause an issue for users on your network if you are not targeting them.

[newbi3]

try setting a static IP for your virtual machines it could be a problem with the DHCP server on your iphone.

[digip]

If you need to attack a port over NAT, you need to port forward the open port, or leave it bridged and only attack the target VM's IP on the lan. Either that, or add another virtual NIC on the VM and set it to bridged, and give it an IP on the subnet of the host machine is in.

If its not on the same subnet, it can't see them which is why you would normally use bridged, but when using NAT, port forwarding ports you want to attack would be the only way to really see the VM's outside of adding another NIC so it sits on both subnets.

[Skorpinok Rover]

SOLVED*

Thanks digip & newbi3, in virtualbox Network settings select PcNet FAST III (Am79C973) as adapter type when connected in Bridged Mode & when you connect kali through wifi. in my case i have kali linux hard disk install dual booting along side windows 7. dell xps i7

Regards.

skorpinok.

[GuardMoony]

It is exactly the same process as setting up virtual machines on Windows and if you are looking for an XP iso you can pirate it BUT make sure you have an authentic license to register the software with otherwise its illegal. But because Windows XP will no longer be supported come the end of this month I don't think Microsoft would care to much BUT IT IS STILL ILLEGAL AND I DO NOT CONDONE IT! :D

And if you still want help setting up a virtual machine google: "create a virtual machine with vritualbox"

Dont forget you can run windows in trail ;) mostly its 30days. On some windows version you can extend it to 120days using legal commands inside windows.

[digip]

Vista let you delay it with commands pre service pack 1 for 120 days(but I think you can only do it like 3 times) using slmgr -rearm or manually editing the registry. Not sure if it works on 7 still. Some updates on 7 run without any control over them. There was a site though, that offered VM's of windows XP and I think Server 2003 for pentesting, I just don't have the link handy. These were legal downloadable VM's setup for testing that would run for 180 days I beleive, but I think the images were for Windows Hyper Visor or Vmware. You'd have to use something like QEMU to convert them to VBox images if I'm not mistaken unless they have support for Hyper-V images out of the box now(personally hated virtual box and only used it a few times).

Search the forums though, the link has been posted numerous times. Also check out the Offsec Metasploit wiki which talks about how to setup XP VMs. They might have the link on there as well to download the VMs.

There is also matilladae which is a VM that contains various things to test against which you can get from Owasp, and a distro of linux called Damn Vulnerable Linux setup for similar things to help people learn pentesting.

https://www.owasp.org/index.php/Category:OWASP_Mutillidae