Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Kali Linux Web Penetration Testing Cookbook

You're reading from   Kali Linux Web Penetration Testing Cookbook Over 80 recipes on how to identify, exploit, and test web application security with Kali Linux 2

Arrow left icon
Product type Paperback
Published in Feb 2016
Publisher
ISBN-13 9781784392918
Length 296 pages
Edition 1st Edition
Arrow right icon
Author (1):
Arrow left icon
Gilberto Najera-Gutierrez Gilberto Najera-Gutierrez
Author Profile Icon Gilberto Najera-Gutierrez
Gilberto Najera-Gutierrez
Arrow right icon
View More author details
Toc

Table of Contents (12) Chapters Close

Preface 1. Setting Up Kali Linux FREE CHAPTER 2. Reconnaissance 3. Crawlers and Spiders 4. Finding Vulnerabilities 5. Automated Scanners 6. Exploitation – Low Hanging Fruits 7. Advanced Exploitation 8. Man in the Middle Attacks 9. Client-Side Attacks and Social Engineering 10. Mitigation of OWASP Top 10 Index

Configuring virtual machines for correct communication

To be able to communicate with our virtual server and client, we need to be in the same network segment; however, having virtual machines with known vulnerabilities in our local network may pose an important security risk. To avoid this risk, we will perform a special configuration in VirtualBox to allow us to communicate with both server and client virtual machines from our Kali Linux host without exposing them to the network.

Getting ready

Before we proceed, open VirtualBox and make sure that the vulnerable server and client virtual machines are turned off.

How to do it...

  1. In VirtualBox navigate to File | Preferences… | Network.
  2. Select the Host-only Networks tab.
  3. Click on the (How to do it...) button to add a new network.
  4. The new network (vboxnet0) will be created and its "details window" will pop up. If it doesn't, select the network and click on the (How to do it...) button to edit its properties.
    How to do it...
  5. In this dialog box, you can specify the network configuration, if it doesn't interfere with your local network configuration, leave it as it is. You may change it and use some other address in the segments reserved for local networks (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16).
  6. After proper configuration is done, click OK.
  7. The next step is to configure the vulnerable virtual machine (vulnerable_vm). Select it and go to its settings.
  8. Click Network and, in the Attached to: drop-down menu, select Host-only Adapter.
  9. In Name, select vboxnet0.
  10. Click OK.
    How to do it...
  11. Follow steps 7 to 10 in the client virtual machine (IE8 - Win7).
  12. After having both virtual machines configured, let's test if they can actually communicate. Start both the machines.
  13. Let's see the network configuration of our host system: open a terminal and type:
    ifconfig
    
    How to do it...
  14. We can see that we have a network adapter called vboxnet0 and it has the IP address 192.168.56.1. Depending on the configuration you used, this may vary.
  15. Log into vulnerable_vm and check its IP address for adapter eth0:
    ifconfig
    
  16. Now, let's go to our client machine IE8 - Win7; open a command prompt and type:
    ipconfig
    
  17. Now, we have the IP addresses of our three machines:
    • 192.168.56.1 for the host
    • 192.168.56.102 for vulnerable_vm
    • 192.168.56.103 for IE8 - Win7
  18. To test the communication, we are going to ping both virtual machines from our host:
    ping -c 4 192.168.56.102
    ping -c 4 192.168.56.103
    
    How to do it...

    Ping sends an ICMP request to the destination and waits for the reply; this is useful to test whether communication is possible between two nodes in the network.

  19. We do the same from both the virtual machines thus checking communication to the server and the other virtual machine.
  20. The IE8 - Win7 machine may not respond to pings; that's normal because Windows 7 is configured by default to not respond to ping requests. To check connectivity in this case, we can use arping from the Kali host:
    arping –c 4 192.168.56.103
    

How it works...

A host-only network is a virtual network that acts as a LAN but its reach is limited to the host that is running the virtual machines without exposing them to external systems. This kind of network also provides a virtual adapter for the host to communicate with the virtual machines as if they were in the same network segment.

With the configuration we just made, we will be able to communicate between a client and server and both of them can communicate with the Kali Linux host, which will act as the attacking machine.

You have been reading a chapter from
Kali Linux Web Penetration Testing Cookbook
Published in: Feb 2016
Publisher:
ISBN-13: 9781784392918
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at £16.99/month. Cancel anytime