Basic Terminology and Concepts

When talking about virtualization, we need to define a few terms. The hypervisor is the software responsible for leveraging the virtualization features of the specific chipset in use. The host is the operating environment on which the hypervisor is running. In your case, this would be whatever operating system you currently have installed on the physical machine. The term guest is generally used to refer to the virtualized operating system. So, when we say hypervisor or host, we are talking about the underlying physical machine, and when we say guest, we are talking about the VM.

When it comes to using and managing VMs, like with operating systems, there are plenty of choices. Three main virtualization solutions are available, and they can vary depending on whether it is an enterprise solution or designed for personal or desktop use. We are strictly interested in the personal or desktop virtualization solutions where KVM, VirtualBox, and VMware are the major players. Both KVM and VirtualBox are open-source solutions, while VMware is a commercial offering. It used to be that VMware was the market leader in functionality, but that has changed. Generally speaking, all three are equal in terms of features and functionality. For this book, we recommend using VirtualBox. It is free, cross-platform, and has an easy-to-use graphical interface. If you already happen to be familiar with another virtualization solution, feel free to use it.

Benefits of Virtualization

As previously mentioned, there is more than enough material out there to answer the question: why virtualize? We won't bother regurgitating the generalized benefits. For here, let's stay brief and focus on why security professionals like yourself want to virtualize.

Installing VirtualBox

VirtualBox can be downloaded from https://www.virtualbox.org/wiki/Downloads. Be sure to select the version that matches your operating system. Notice that on that page you can also download the VirtualBox Extension Pack. This allows for various advanced features, such as USB pass-through and shared folders between the guest and host machine. We walk through how to install the VirtualBox Extension Pack, but it is important to note that these features do not fall under the same open-source license as the rest of VirtualBox, and there are certain restrictions that need to be taken into account if you plan on using the Extensions for anything other than personal use or evaluation. The details of the VirtualBox Personal Use and Evaluation License (PUEL) can be found at https://www.virtualbox.org/wiki/VirtualBox_PUEL.

We will walk through the installation of VirtualBox for the Windows operating system. If you happen to be running Linux as your host operating system, we assume that you are familiar with how to install software using the recommended tools for whichever distribution you are running. After downloading the VirtualBox installer, it is simply a matter of double-clicking to start the installation. Depending on your Windows configuration, you may be prompted with a warning stating the file has been downloaded from the Internet and asking if you are sure you want to run it.

Double-click the installation file to run it. A dialog box appears similar to what is shown in Figure 2-3. You need to make sure either that you have administrative privileges on your Windows machine or that you have a means of obtaining the necessary privileges to install VirtualBox.

Click Next to continue the installation. The next window, as shown in Figure 2-4, allows you to choose which features you want to install. For our purpose, the default options are acceptable, so just click Next again.

The next window (Figure 2-5) provides the option of creating various shortcuts and the registering of various file extensions. You are more than welcome to uncheck either of the shortcut options, but make sure to keep the checkbox regarding registering file extensions checked. This will make it so that various files associated with VirtualBox are automatically handled by the VirtualBox application. Again, click Next to proceed with installation.

The next window (Figure 2-6) provides a warning that the VirtualBox networking features will cause a temporary network disruption. Proceed with the installation by clicking Yes.

The next window (Figure 2-7) is the last one prior to the installer actually beginning the installation process. Click Install to kick off the installation process.

You should see a window with a status bar that displays the progress of the installation process (Figure 2-8).

At some point during this process, you will likely be presented with another window regarding installation of device software (Figure 2-9). This is the dialog the Windows operating systems prompts an end user for when system drivers are being installed. VirtualBox uses the system drivers to handle various tasks, such as managing the virtualization features of the host CPU. This window appears numerous times throughout the installation process. Click Install each time to complete the VirtualBox installation.

After clicking through the driver installation prompts, you should eventually end up at a window specifying that the installation has been completed and asking if you want to launch the VirtualBox application (Figure 2-10). Click Finish. By default, the VirtualBox graphical interface launches.

You should be presented with the VirtualBox graphical interface. You might also be prompted to restart your machine to finish configuring VirtualBox (Figure 2-11), depending on your Windows version. Make sure you have saved any important things you are working on and click Yes to start the reboot.

You should now be able to select VirtualBox via one of the shortcuts created during installation or through the Start menu.

Installing the VirtualBox Extension Pack

With VirtualBox installed, you can install the VirtualBox Extension Pack so that you can access some of the more advanced features. You need to make sure that you download the version that supports the version of VirtualBox you have installed. For the figures, we installed VirtualBox verson 5.1.12, so we clicked the appropriate link on the VirtualBox Download page, as shown in Figure 2-12.

As with the installer, you want to follow the same process of checking the SHA-256 hash to ensure that the file was not modified in transit. Copy and paste the PowerShell code used earlier into a PowerShell window, making sure to change the $vboxinstaller variable to the name of the VirtualBox Extension Pack that you just downloaded. After getting the SHA-256 hash, make sure that it matches the checksum provided on the VirtualBox website. Assuming they match, continue with the installation process.

First, launch the VirtualBox GUI by clicking the VirtualBox shortcuts created during installation or by selecting it from the Start menu. With the VirtualBox GUI open, click File on the menu bar, then select Preferences from the pull-down menu. A new dialog box appears. Highlight Extension from the left pane to show what extension packs have been installed. None is installed yet, but you are about to install one. On the far right of the dialog box is a triangle and square-shaped button. Click that button to add a VirtualBox Extension Pack. Figure 2-13 should help make this process clearer.

You should now have a file dialog box. Select the VirtualBox Extension Pack file that you previously downloaded. With that, you should be presented with another window (see Figure 2-14) regarding the installation of the Extension Pack. Click Install to continue or Upgrade, if a previous version was already installed.

You will be prompted with the VirtualBox Personal Use and Evaluation License (PUEL). Read it and click I Agree. After a quick status bar pops up, you should be presented with a window similar to what is shown in Figure 2-15. This specifies that the VirtualBox Extension Pack is now installed.

Click OK, and then click Cancel to exit the preferences window. Congratulations! You now have VirtualBox installed and are ready to install your first guest operating system.

Creating a Kali Linux Virtual Machine

Let's not waste a minute more—time to create the first VM. Because we are using Kali Linux throughout this book, our VM will run Kali Linux. A big advantage to using Kali is that it is supported on multiple architectures. You can even install a version of Kali on your Android phone.

The first action to take is to download Kali. You can find the download at the https://www.kali.org/downloads/ website. As shown in Figure 2-16, there are several options.

You may notice there is an option to download prebuilt VMware and VirtualBox images. These images are only available via Torrent download (in this case, a legal Torrent). We avoid this option for two reasons: First, we don't want to require you to download more software than necessary—in this case, a Torrent client. Second, it is best to have the Kali ISO image handy. This file can be burned directly to a CD and can be used to boot a machine directly into Kali. So, let's download the Kali Linux ISO image.

The ISO image is 2.9GB, so before you start, make sure you have enough room on your hard drive. Once the download finishes, fire up VirtualBox and select the New icon (see Figure 2-17) to create a new guest VM.

Use any name you like but make sure the type is set to Linux and the version to Debian (64-bit), as Kali is based off of Debian. Click Next to display the window allowing you to choose the amount of memory (RAM) to give the VM. Be wary of how much RAM you currently have available and try to give ample memory to your VM. You could give as much as possible, but also consider whether you intend to have multiple VMs running simultaneously. If possible, give the VM at least 1GB (1024MB) of memory. As you see in Figure 2-18, 2GB of memory is allotted for our future VM.

The next screen (Figure 2-19) gives the option for specifying the storage your VM will use as a hard disk. The default is to create a virtual disk. This will be the file that the VM will use as its virtual hard drive.

Ensure that Create a Virtual Hard Disk Now is selected to get to the screen for selecting the disk type. For the hard disk file type, ensure that VDI (VirtualBox Disk Image) is selected (see Figure 2-20).

The next option is for how the data is stored on the file. We want the default option, Dynamically Allocated. This option means our Virtual Disk Image (VDI) file will grow as the VM requires, up to the limit stated here. If we were to select Fixed size, VirtualBox would create a VDI file on the hard drive taking up 50GB. Instead we choose the option of Dynamically Allocated (see Figure 2-21) to ensure the only space taken up by the VDI is what is needed by the guest VM. Obviously this helps save hard drive space. Note that if your required space gets smaller, the VDI size does not shrink but remains at the largest needed so far.

The next window gives the option to select the size of the virtual disk file (see Figure 2-22). Kali recommends a disk size of at least 10GB, but we recommend at least a 20GB file to make sure you have enough room for the lab environment you are going to build later in the book.

After you click Create, your new VM is available. To start this VM, you can just highlight the newly created guest and click Start. Before you do this, however, you need to enable the PAE feature; otherwise, you will not be able to install Kali. As mentioned earlier, a 32-bit processor can only address up to 4GB of RAM. This is only partially true: There are actually features in newer 32-bit processors that allow an operating system to address more than the traditional 4GB limit. This feature is known as Physical Address Extension (PAE), also known as Page Address Extension. The Kali Linux kernel, which is the core of the operating system, is configured with PAE, so it expects to be running on a CPU that can support that.

To enable PAE, select Settings, highlight System in the left pane, and then click the Processor tab. Note that clicking Settings applies to whatever VM you have highlighted—an important tip for when you'll have several VMs built. Make sure the Enable PAE/NX checkbox is selected and click OK (see Figure 2-23). The NX refers to the No-eXecute processor bit that helps defend a CPU against malicious software attacks. On a physical PC, enabling the NX bit, if available, is done through the BIOS.

After enabling PAE, you can start the VM. Make sure the Kali VM is highlighted, and then click Start. You are then prompted for a start-up disk (see Figure 2-24). This is going to be the ISO file you downloaded earlier, so click the icon that displays the open file dialog box and select the Kali ISO image you downloaded earlier.

Clicking Start starts the VM with your Kali ISO image as the boot device. This should present you with the Kali boot menu (see Figure 2-25).

Installing Kali Linux

So far you have a VM that starts up to a boot menu. This section covers installing the operating system.

Move down the options to Install and click to continue. (Important: Be sure to choose Install, not any of the Live versions.) Keep in mind that as the VM has captured the input, you will have to press Ctrl+Alt to have control back to your host machine. You can have the VM regain capture of your input devices by again clicking anywhere on the VM window.

You might briefly see an error that resembles Figure 2-26. The error might appear for a second or two, if at all. Then the installation will proceed to prompt you for configuration questions. The installation prompts you to configure the language, country, and keymap (keyboard letter assignment).

After selecting your personal choices, you will be prompted for a system name. Again, this is a personal choice. As shown in Figure 2-27, we chose “w4sp” as our system name.

The installation prompts for a domain. This is not necessary; you may choose to continue, as shown in Figure 2-28.

The next prompt is for the password for the root account, as shown in Figure 2-29.

Obviously, you should choose this password carefully. You will be prompted to enter the password again to verify.

The next prompt will be to select your time zone. Select the time zone that corresponds to your location.

The next prompt is configuring the disk partition. Select the default option of Guided – Use Entire Disk, as shown in Figure 2-30.

The installation process requests you confirm the disk as presented. For our machine, Figure 2-31 shows we confirmed to partition SCSI1 (0,0,0).

Following the confirmation, you are prompted to select whether you want all files in one partition. Select the default, All Files in One Partition, as shown in Figure 2-32.

At this point, you are shown an overview of your partition-related choices. Select the option Finish Partitioning and Write Changes to Disk to continue, as shown in Figure 2-33.

One final confirmation prompt: Select Yes to write the changes to the disk, as shown in Figure 2-34.

Once confirmed, the installation proceeds to copy data to the disk. As you have come to expect with any installation, a status bar (see Figure 2-35) shows the progress. Along the bottom of the full VM application window, you should see a number of icons symbolizing the virtual hardware. The first one, a hard drive, denotes activity. The installation might take several minutes to finish.

After data copying is finished, you are prompted whether you want to have a network mirror (see Figure 2-36).

A network mirror is the source from which your Linux distro will update. If you are keeping an Internet connection to the host machine, then select to use a network mirror. The installation process then has an opportunity to enter a proxy, if applicable, as shown in Figure 2-37.

If your Internet connection does not rely on a proxy, leave the field blank and continue. After this step, the installation will retrieve updates for the Linux distribution. Depending on your connection speed and how long it has been since the distro you're using was released, the subsequent update might take several minutes to an hour.

After the update completes, it is time to install the GRUB boot loader. Your new Kali Linux VM has only one operating system (Kali Linux), and the GRUB boot loader recognizes that. Continue to the prompt where you confirm the device for boot loader installation. Select the drive presented, which in our case is /dev/sda, as shown in Figure 2-38.

After a few progress bars showing the final installation steps, you are prompted to restart the system (see Figure 2-39). Restart the system to your freshly installed Kali Linux VM. Once Kali reboots, you are prompted for the username and password. Log in as root.

In the next section we introduce the W4SP Lab, a full environment of systems for experimenting and testing with Wireshark.

Requirements

A key requirement for the W4SP lab is a VM running 64-bit Kali Linux. For this, host machine's CPU should be capable of handling 64-bit addressing.

The W4SP Lab is run from within the Kali Linux VM you just installed. And that VM must be the 64-bit version, which requires a host system to have a 64- bit-capable processor. Again, this is fairly common already for desktop computers, but it's best to verify. On a Windows machine, this is done through Settings ⇨ System ⇨ About, revealing specifications about the current operating system installation, as shown in Figure 2-40.

If you see your host operating system is a 64-bit version, then your VM and W4SP Lab should both run as needed.

A Few Words about Docker

An alternative to creating a VM is containerization. Containerization is a big word for its small footprint. There are key differences between running VMs (using virtualization) and using containerization. A VM is a complete operating system, including its kernel and any applications you want running on that VM. A container, however, is just the application you want running, wrapped in just enough software to keep it independent. With containers, you can have several applications running, but sharing the Linux kernel of their host operating system. When you need to run many systems at once, containerization quickly benefits from the economy of scale, versus trying to have ample host memory for the same number of VMs to parcel up.

Docker is a relatively new project, becoming open source only a few years ago. In a short time, Docker has grown to become one of the most popular open-source projects, with major contributions by companies such as Google, Cisco, Red Hat, Microsoft, and others. And at the time of this writing, Docker is widely seen as the successor to VMs. Rightfully so, we think, so we made use of Docker to create an entire virtual network of systems on which to run your own labs.

This environment built with Docker is special because, unlike creating VMs from scratch with VirtualBox, this W4SP Lab provides a subnet of VMs, all self-contained.

Now, given we just discussed Docker, containerization, and VMs, it's time to offer a small technical disclaimer. Our W4SP Lab uses Docker and containerization to provide you with several virtual systems. Technically, these systems are Linux containers, using Docker, not VMs using a hypervisor. Conceptually, however, the containers can be thought of as VMs, which is why throughout the book we refer to the systems within the W4SP Lab as VMs.

What Is GitHub?

We won't assume you've ever visited GitHub before. Maybe you heard of it or came across a link to someone's project hosted on GitHub. But unless you're a software developer or web programmer, clicking on a GitHub link ends with backing out and mumbling “Someday I'll figure out how that helps me… .” Well, today's that day.

Yes, information security is very broad, with people often staying in specialties, many of which require no coding or development. But for infosec folks who do write code, even the smallest scripts, there are common headaches with coding that GitHub helps to cure. Let's take a few words to explain how GitHub got so important.

Developing a piece of software seems to be a thing you can start but can never completely finish. It starts with developers writing enough code to perform the function they wanted. Then end users enjoy it (ideally). But then end users want another function and to tweak the function already there. So, the developer returns to the code to add and tweak. And add and tweak. It never ends, see?

On top of that, software development is something at which you can be good, but likely you are not the very best in the world. As with everything, there is always someone with value to offer and share. With writing software, you want that someone to see your code and you need a way to keep track of any tweaks he or she suggests for your own approval. Enter GitHub.

GitHub is a place where people can publish their code, keep track of changes done so far (versioning), as well as invite others to make changes. GitHub is a hosted Git service with a fancy web user interface. In GitHub speak, coders publish their repositories, or repos, for others to collaborate on. Being a collaborative service, GitHub also has a social network feel to it. The social network side of it empowers different repo owners and collaborators to interact. To see more of what GitHub collaborators are up to, visit GitHub.com and click Explore.

As a security person, you are likely concerned about the “making changes” part. Don't worry. No one makes permanent, unauthorized changes to someone else's repo. For every GitHub repo, there is the owner who reviews, and (maybe) approves, those changes. In the case of the W4SP Lab to accompany this book, the authors are the repo owners. We'll be watching the repo and bug tracker for suggested updates.

Creating the Lab User

As a security professional, you are well aware of the risks of always being logged in as root. Best practice dictates that normal day-to-day work be done under a different account. Your lab work is no different.

Before installing the Lab, you create the user “w4sp-lab.” To do so, you start by opening a Terminal window. Terminal is found two ways: by clicking either on Applications at the top left of the Kali desktop or on the black Terminal icon on the left dock. A Terminal window opens, starting with you in the directory /root.

At the root prompt, type useradd -m w4sp-lab -s /bin/bash -G sudo -U at a Terminal window. Hit Enter to create the user. Nothing is echoed back.

The next step is to set the new user's password. Again, in Terminal, type passwd w4sp-lab and hit Enter. You will be prompted for the password and again to confirm, as shown in Figure 2-41.

Now that you have this new user, you need to log out and log back in, as the user w4sp-lab.

Installing the W4SP Lab on the Kali Virtual Machine

Where to find this lab? Why, it's available on GitHub, of course: https://github.com/w4sp-book/w4sp-lab/.

There's no need to sign up on GitHub to get the W4SP Lab. Only sign up if you're interested in submitting bugs, contributing to it, or forking the code (copying the code to branch off of in your own repo).

Always check out the GitHub repo for updates to the lab. Any changes that are not reflected in the book will be noted in the repo. In addition to creating your own lab of VMs, there is available a fully contained “lab” of virtualized systems.

Note that you visit GitHub from a browser in the Kali VM, not from your host machine's browser. As shown in Figure 2-42, the Firefox web browser is used, the icon for which is at the top of the stack of icons on the Kali desktop. Browse to the GitHub address from above.

Clicking the green button labeled Clone or Download on the right expands to show a blue Download ZIP. Click to download as a ZIP file.

The file is named w4sp-lab-master.zip. A pop-up window should appear asking what to do with the file (see Figure 2-43). Select the option Save File and click OK. You open it in a Terminal window.

Once downloaded, unzip the compressed file and run the Lab installation script. To unzip the file, open a Terminal window. Open Terminal by clicking on Applications at the top left of the Kali desktop (see Figure 2-44).

A Terminal window opens, starting with you in the directory /w4sp-lab. The downloaded file is in the Downloads directory. To unzip the file, first enter the command cd Downloads, then the command unzip w4sp-lab-master.zip, as shown in Figure 2-45.

The zipped file expands into its own directory, /w4sp-lab-master/. The ls command will list the files. Type ls to see the files, including the installation script, w4sp_webapp.py.

Now it's time to run the Lab installation script. In the w4sp-lab-master directory, type python w4sp_webapp.py to run the Python script. The Terminal window should be similar to Figure 2-46.

The installation will take several minutes, echoing on the screen the script's progress through its steps. Be aware that there will be only minor screen activity during when Docker is building the images. (You will recognize this when the more recent screen statements mention “images found, building now” and slowly listing the base, switch, victim images, and so on.) It could take 10–20 minutes for most peoples' lab installs to finish.

You will know the W4SP Lab installation is finished when the final line confirms the installation and opens the browser. The browser should open to go to the localhost, port 5000: http://127.0.0.1:5000.

Setting Up the W4SP Lab

The W4SP Lab was developed as a learning tool. Many books out there can teach a subject through text, figures, and otherwise showing the material. But it's something special to be able to demonstrate that material. This lab gives you the environment to trial and demonstrate what's covered in the book—and much more, obviously.

After the W4SP Lab is installed, the web browser is launched. The browser opens to the localhost at port 5000. The browser presents the front end for the W4SP Lab. After briefly looking it over, click the SETUP button on the left. Setup will start, as shown in Figure 2-47.

In about a minute or less, setup will be complete and the Lab installed and ready to go. We will return to the Lab on multiple occasions throughout the book.

The W4SP Lab facilitates certain attacks (with the associated traffic) with confidence because whatever systems are needed per attack, the Lab creates those systems. Throughout this book, you will be tasked with exercises and read through demonstrations, both of which will require a system or group of systems. In some exercises it might be necessary to set up certain customizations or additional systems. In those cases you will be instructed to press a button on this W4SP Lab browser page to set up the needed changes.

Disclaimer: The Lab is a continual work in progress and will be updated and fixed as time goes on. If at any point there is a discrepancy between what you are seeing in the book and in the lab, you can always refer to the GitHub project Wiki for details on any changes.

The Lab Network

Once the setup procedure finishes, the network diagram, which was one system (the local Kali box), has now grown to multiple systems, as shown in Figure 2-48.

The first thing you'll notice after setup completes is the network diagram in the middle of the screen. Each circle denotes a device, be it a switch (sw1, sw2) or router (r1, r2), servers of various services (ftp1, ftp2, smb2, and so on), or a victim machine (vic1, vic2, and so on).

The network topology is not fixed in the W4SP Lab. The topology changes according to what's needed for different scenarios. Of course, we'll get more into each scenario as we first use them in later chapters. The red buttons on the right will customize the lab to prepare for particular exercises and demonstrations. For example:

• Start mitm—Places Kali VM for a man-in-the-middle attack (Chapter 5).
• Start ips—Launches an intrusion detection/prevention system (Chapter 6).
• Start sploit—Launches Metasploitable (Chapter 6).
• Start elk—Launches the Elastic Stack (Chapter 6).

On occasion, however, we noticed it should have changed but didn't. In that case, it might be necessary to click REFRESH on the left to jog it a bit.