Before We Start
To preface this guide, you should at the very least have a running version of Kali and understand how to setup a virtual machine. If you are unfamiliar with this process, check out my guide Setting Up A Test Environment.
If you don’t feel like installing Kali from scratch or want to save some time, you can download a pre-built virtual images directly from Offensive Security. Personally, I find this to be the easiest, quickest way to get Kali up and running on a new PC or when backups are lost. You can find these images for your application of choice here: Pre-built Kali Images.
Importing an OVA file
When getting into virtualization, you’ll most likely come across an .ova file or two while getting your setup to your liking. OVA files, Open Virtualization Format, allow people to store virtual machine settings in XML format as well as the machine itself. This lets us download various .ova files online, import them into VirtualBox, and run them as if you set it up yourself. If you check out the pre-built Kali images for VirtualBox, they are downloaded in OVA format. The import process is very simple and the instructions are listed below. Also note, you can use this process for almost any virtualization format and VirtualBox can import the machine quite nicely.
- In VirtualBox, click File then Import Appliance.
- Click the file icon and navigate to where you downloaded the .ova file. Click Next.
- Edit any virtual machine settings desired and click Import.
- Run the VM to ensure it works. You can login with user ‘root’ and password ‘toor’.
Depending on your hardware setup, you may need to edit a couple settings to get the machine to boot. In my case, I have to go into the VM properties, go into System, and enable PAE/NX. If you have any issues importing, feel free to send me a message and I can append the information via a troubleshooting section.
You should now have Kali installed and ready to go. If you’re unfamiliar with Linux, I would suggest reading some beginner guides. At the very least, you should know how to traverse file directories and understand permissions within Linux. I’d recommend linuxcommand.org for their beginner bash tutorial if you have never tried out a Linux terminal before.
The first step is updating Kali. This goes for just about any Linux install you perform. This process may take several minutes depending on your internet connection.
apt-get update && apt-get upgrade
Apt-get update updates the list of packages and version information, while apt-get upgrade updates the packages based on the updated version information. Running these commands together ensures we get the latest and greatest available from the repositories.
Making a Snapshot
We should now have a fully functioning image of Kali. This image can be a baseline we can restore from in case anything happens while experimenting in Kali.
- Ensure Kali is selected and click Snapshot.
- Click on Current State and then click the camera button.
- Name your snapshot and hit enter.
We now have our first snapshot! This is an incredibly useful feature if you ever need to recover from a mistake or an experiment gone wrong. You can create more snapshots whenever you feel you added enough to make the revert worth it.
Creating a Host Only Network
We now need to create a host only network. Right now, we’re using NAT to get internet access and connect to the outside word. This is great for updating or downloading needed software but is unacceptable for a penetration testing environment. We need a segmented, offline network. To do this, we have to first create the network.
Click File then Preferences. You should now see VirtualBox settings. Go down to Network and click on Host Only. You should now be able to click the add network button, which will create vboxnet0.
Next step is to enable the DHCP server for the host only network. Make sure vboxnet0 is highlighted and click the edit button (the screwdriver icon). Click the DCHP server tab and ensure Enable DHCP server is checked. I specifically configured mine but you can edit yours to whatever you want.
Make sure you have Kali updated and have any additional software you wish installed. Once you’re ready to go, we can place our Kali VM on the vboxnet0 network. Power down the Kali VM and go into the VMs properties. Go to Network and click on the Attached To: in Adapter 1. Change the value to Host-Only Adapter and ensure the name is vboxnet0 and click OK.
Testing the Network
We can now boot up into the Kali image and test out the DHCP server. Go into the terminal enter in the following command:
This will print out interface information. Ensure that your IP address coincides with the DHCP server configured on the vboxnet0 host only network.
To ensure routing works properly, I like running a second VM on the host only network and ensure the machines can communicate. I booted up my DroopyOS VM and was able to discover and ping the machine.
Part 2: Complete
We now have a great start to begin booting up vulnerable VMs! You should now have a great understanding of VirtualBox, how to setup a VM from scratch via an .iso file, how to import .ova files, and how to setup a safe, segmented host only network. If you have any questions or are having any problems, feel free to send me an email or post a reply!