Setting Up a Virtualized Lab Environment

Quincey Jackson

CSOL-570-03-SP23: Network Visual/Vulnerability

Dr. McCready

January 17, 2023

 Engineer Notes

For week 1, our task was to configure a virtual environment that will be used as a lab to

demonstrate how to test for vulnerabilities in a network! The steps were very tedious and

confusing at times due to working from an Apple computer. Most of the tech threads I found for

installing virtual machines on Apple computers were for iMacs with M1 chips; newer CPU chips

that drastically improve the performance of Apple computers. My computer is an earlier model

Macbook Pro from 2015 that is an Intel CPU. Despite my tedious experience with installing the

proper programs, I was able to create a lab environment suitable for the assignment. Please see

the installation process, below.

Installing New Software on MacBook Pro 2015 Intel

1. Install VirtualBox

a. Virtual Box is a type-one hypervisor; which means that I must run VirtualBox

from a host operating system. This powerful application allows users to create a

virtual environment that is capable of running multiple operating systems at a

time.

b. It is important to mention that VirtualBox will be updated since it was installed in

May for the beginning of the program. I wanted to make sure my computer was

compatible and strong enough for the programs so I installed Virtual Box 6.1.34

in May. After about 7 months, VirtualBox 7.0 is one of the latest builds for
 VirtualBox so I thought it would be in my best interest to do a clean install for this

assignment. My computer has the required specifications for Virtual Box 7.

i. VirtualBox was installed using the link provided in the assignment;

https://www.virtualbox.org/wiki/Downloads

2. Configuring a DHCP for VirtualBox

a. After the installation of the VirtualBox application, we were instructed to

configure the settings in VirtualBox to set up a Dynamic Host Configuration

Protocol (DHCP). A DHCP in a virtual machine such as VirtualBox is used to

create a safe and private network for the VirtualBox application and the other

Virtual Machines (VMs) that will be later installed in the assignment.

b. Instructions for this step were straightforward and were executed by utilizing the

tools section of the VirtualBox application:

i. Locate the tools section near the top-left corner of the VirtualBox

Manager. Here you will find three tabs; Host-Only Networks, NAT

Networks and Cloud Networks. To configure a private DHCP, I would

need to utilize the tab labeled, Host-only Networks since the goal is to

create an internal network for the VMs to safely run for the assignment.

ii. After locating the Host-Only Network tab, I followed the assignment’s

instructions that requested me to create a pool of 21 IP (Internet Protocol)

addresses. Each address was in the 192.68.56 range!

iii. It is imperative that I point out that I left the 0/24 range on each created

IPv4 addresses that I created.

3. Install Kali Linux onto VirtualBox

a. The next step is to install the Kali Linux application onto VirtualBox. This

powerful tool is used for penetration testing and other security measures such as

auditing security controls, analyzing computer forensics and other security

measures.

i. As instructed in the assignment, I used the link provided to download the

‘iso’ version of the Kali Linux application.

 ii. The next step was to reopen VirtualBox and use the create tab to begin the

process of adding the newly downloaded Kali Linux.

iii. After doing research on recommended memory and hard drive space that

would be allocated for Kali Linux, I decided to allocate 4 GB of memory

and 20 GB of Hard drive space to ensure Kali Linux would be able to

work without any issues. Installation complete!

4. Install Metasploitable 2 onto the VirtualBox

a. This application is known to be “leaky”! In simpler terms, this Linux virtual

machine is commonly used for security training and to purposely have

vulnerabilities within the application for penetration testing and other security

auditing features.

b. It is important to point out that the Metasploitable 2 file that was downloaded was

downloaded with a ‘vmdk’ extension. VirtualBox requires the files to be ‘iso’ so I

took it upon myself to purchase an application that converts dmg files to iso files.

This method was unsuccessful due to the file needing to be converted from a cdr

file instead of a dmg file.

c. I was able to use the Terminal application on my Macbook to use a command to

convert the cdr file to an iso image. I was successful!

d. After converting the image to an ISO file, I was able to add the new

Metasploitable2 VM to VirtualBox successfully. However, when attempting to

launch the VM in VirtualBox, I received an error message and was prompted to

use a bootable CD to complete the installation. Not the results I was looking for

but these findings indicate that I may need another computer for future

assignments.
 e. After failing to download Metasploitable 2 with the download link provided, I

decided to try another route. I purchased an application called Parallels. This

application allows Apple computers to run multiple virtual machines at once.

Trying Parallels Desktop as an Alternative for Macbook Pro 2015

5. I had to start every installation over from the beginning so every application could be run

from the Parallels application.

a. With that being said, for the first step, I reinstalled Kali Linux to the Parallels

machine using the same link that was provided. This install took some time but it

seemed to be completing a full install. Please see figures one and two for

reference.

b. The second step was to reconfigure the DHCP for Parallels since VirtualBox was

unable to use Metasploitable2 on my computer and I had to completely switch

over to Parallels. I used the same concepts and knowledge from the VirtualBox

network settings to figure out how to create a pool of 20 IPv4 addresses in the

Parallels desktop. It is important to point out that settings were adjusted so that

the networks were Host-Only networks and I lost all connection to the web

browser in each virtual manager installed. This happened immediately after I

unchecked the box that gave the option to enable shared networks. Please see

figures three and four for reference.

c. The third step was to use the link provided to install Metasploitable 2 to Parallels!

When attempting to create a new Virtual Machine in Parallels, the file is installed

using the Metasploitable 2.vmx file. This method worked! Please see figures 5

and 6 for reference.

d. The final step was to install OWASP Webgoat VM to what would be

VirtualBoard. However, since I had to use Parallels, I utilized CentOS per the

professor’s suggestion. It was very simple to download CentOS because it seems

as if the application is embedded into the Parallel Desktop platform. While the

installation of CentOS was very simple, I ran into some difficulties when it was

time to install Webgoat VM. I continuously ran into errors despite downloading
the necessary Java components that multiple troubleshooting threads mentioned.

After searching through dozens of threads, I came across a YouTube tutorial that

explained how to download Webgoat using Kali Linux! I was successful! It’s very

important to point out that I was unable to download Webgoat on CentOS. I had

success with using Kali Linux, though! Please see figures 7 and 8 for reference.

Figure 1: Kali Linux being installed on Parallels.

Figure 2:
Basic functions of Kali Linux working properly on Parallels application.

Figure 3: Configuring a DHCP for Parallels Desktop

Figure 4: Package contents for Metasploitable 2.

Figure 5: Successful Metasploitable 2 installation.

Figure 6: Error messages displayed despite downloading Java with instructions from YouTube.

Figure 7: Successful installation of WebGoat VM on Kali Linux

Creating a Network Diagram with the new Virtual Testing Lab

Kali Linux CentosOS Stream 9 Metasploitable

Assigned IP 192.168.56.1 192.168.56.2 192.168.56.3
MAC 00:1C:42:4D:D4:72 00:1C:42:81:A6:DC 00:1C:42:81:A6:DC
 MacBook Pro 2015

Parallels:DHCP-192.68.56.1

Kali Linux VM & Webgoat VM Metasploitable 2 VM CentOS Stream 9

Running NMAP on new Virtual Lab Environment

1. After the tiring installation process of each virtual machine, I watched several videos and
did some background research on NMAP and the significance of it in regards to the new
testing environment! I found that Network Mapping (NMAP) is necessary for auditing a
network, for checking the footprint of a target!
a. The first step taken was to open and login to Kali Linux as well as Metasploitable
2
2. Using notes and YouTube tutorials, I found that the first step was to check the status of

the DCHP that was setup earlier by running a check in the Metasploitable 2 terminal.

a. The command used was ifconfig. The response showed that Metasploitable was

running under the IP address 192.68.56.3! This was a relief to see that it was

attached to one of the addresses in the pool of 21 I created earlier!

3. Using class notes and YouTube tutorials, I followed the next step of leaving

Metasploitable open while heading over to Kali Linux to run an NMAP command of the

192.68.56.3 IP address that was recently found to be linked to Metasploitable. The

command used was nmap 192.68.56.3. This prompted Kali Linux to run an audit of the

IP address. Results of the network map found that every port for Metasploitable 2 was

open!
4. I ran an nmap on a few more IP addresses in the pool of 20. I found that when I ran an

nmap for 192.68.56.5, I was able to find the IP address that was being used by Kali

Linux. I found that all 1000 ports in Kali Linux were in an ignored state. After doing

some research, I found that this means that Kali Linux is secure and not relaying

messages back! Success!

 5. The last command sent was through CentOS 9. I was curious to see what IP address was

being used so I ran the same ifconfig command in the CentOS 9 terminal and found that

192.68.56.4 was being used by CentOS 9.

All in all, after stressing and exhausting every resource. I feel much better about my

understanding of testing Networks! There’s a sense of relief because at the beginning of this
assignment, I was clueless about the programs, the installation process as well as the actual

testing of the Networks! This was a much needed assignment!

 References

Understanding the difference between Apple’s M1 chips and Intel Computers

Dalakoti, V., & Chakraborty, D. (2022). APPLE M1 CHIP VS INTEL (X86). EPRA

International Journal of Research and Development (IJRD), 7(5), 207-211.

Understanding Debian/Linux

Murdock, I. (1994). Overview of the Debian GNU/Linux system. Linux Journal, 1994(6es),

15-es.

What is NMAP

Orebaugh, A., & Pinkard, B. (2011). Nmap in the enterprise: your guide to network scanning.

Elsevier.

What is a Network Diagram

Waller, R. (1981). Understanding Network Diagrams.