Pen testing lab vbox issues

[Steve_Jobs]

Hello all

I'm having a bit of trouble in my lab.  The way I have it set up is on a separate router which doesn't connect to the internet I have  a ubuntu machine hosting metasploitable 2 from virtualbox.  I also have a separate laptop on the network running kali on virtualbox as the attack machine.  I have the vms set to bridged mode so they have ip's on the network and can communicate.  For some reason when I run nmap from the attack machine I'm reading that all ports on metasploitable are closed.  However if I run both kali and metasploitable on the ubuntu host, the ports are open.  I thought it could be the ubuntu firewall but when I run ufw status it is set to inactive.  Both vms have promiscuous mode set to allow all.

I want to be able to use a separate machine to save on system resources.

[PoSHMagiC0de]

If you are running the VM from ubuntu, you may want to check the firewall settings.

[Steve_Jobs]

Is there some way other than through ufw?

[PoSHMagiC0de]

you can use iptables to look too.

#For main policies
sudo iptables -L

#For nat tables
sudo iptables -t nat -L

This will list all your policies including those that were placed there by ufw I believe.

When I ran Ubuntu, I looked up a way to destroy their preset firewall rules so I could do my own with iptables.

 

[Steve_Jobs]

Hmm well I tried doing ufw disable then followed up with 

sudo iptables-save > $HOME/firewall.txt
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

 

I ran another nmap scan from my second host and am still seeing the ports as closed

[Steve_Jobs]

It's possible that there's a firewall auto configured on my gl-mt300n running openwrt

[PoSHMagiC0de]

Well, lets try and troubleshoot this.  So, if you nmap from the Ubuntu host to the metsploitable VM do you get any open ports?

If so then next I would try this little thing.  Run "python -m SimpleHTTPServer" from the Ubuntu host and see if you can browse to it from your remote machine.

Last thing is instead of scanning for an open port on metasploitable, try and connect to the web port with your browser from remote machine to see if you get the page.  If you can browse it from the Ubuntu host, use the same URL on the remote machine.

Pretty much trying to see what is being blocked and where.  Also is your VM on the same subnet as the ubuntu host as well as the remote machine?

 

[Steve_Jobs]

Alright when I scan metasploitable from the ubuntu machine which is hosting it I get the open ports. 

When I run the simplehttpserver I can browse to it from the ubuntu machine hosting it. However I cannot access it from my laptop.

when I run an nmap scan of 192.168.8.1-249 I can see all devices on the subnet from the remote machine.

[Steve_Jobs]

After running ufw disable again tonight I am able to access the http server from other machines but still seeing the metasploitable ports as closed...

[PoSHMagiC0de]

After disabling ufw try,

sudo iptables -F
sudo iptables -X
sudo iptables -Z