0x00 Summary

It's easy to setup, open-source, and you don't have to jump through hoops to find a 'free-version' of their product. This is VirtualBox, and it's an absolutely incredible piece of software.

Although we won't go too far in depth, I will provide you with an intermediate introduction to some of VirtualBox's lesser known bells and whistles. Virtualbox is the beloved and preferred choice by many developers and open-source communities. Throughout the years, Virtualbox has slowly been evolving it's minimal and sleek design, with a fairly intuitive user interface. More importantly, virtualbox also comes equipped with a collection of powerful yet flexible command line interface tools.

However, We simply won't touch base on everything in this write up. The command line tools can be a write up all in their own! Instead, we will lightly touch on them and see some of the other features available in VirtualBox. This is a write up for those users who touch VirtualBox once in a blue moon to launch a single VM. I hope you have some great take aways.

Let us dive in!


0x01 - Terminology

So lets quickly cover some terminology which is frequently used when discussing virtual machines.

Host OS - This is the operating system that VirtualBox is actually installed on. When we talk about the Host machine, we are talking about the actual physical machine made up of hardware components.

Guest OS - This is the operating system running inside of your virtual machine.

Virtual Machine (VM) - This is the environment that VirtualBox and other hypervisors create. By borrowing Host OS resources such as RAM, CPU and disk space, we can create a virtual environment and install a Guest OS on it.

Guest Additions - These are software packages that can be installed (as the name implied) inside the Guest OS. These add a variety of features which we will cover later!

Hypervisor - Hypervisors are a medium that creates and manages virtual machines by carving out sections of system resources from your Host OS. Also, there are two types!

Hypervisor (type 2) - This is software that is ran on the Host OS. Applications such as VmWare, VirtualBox, and Hyper-V. These platforms allow us to create, delete, import utilize and overall manage our virtual machines.

Hypervisor (type 1) - This is software that is installed on bare metal like an operating system. You can format your laptop, and instead of installing Windows or Linux, you could install a type 1 hypervisor such as VmWare's ESXi or Proxmox.

Bare metal - Much like it sounds. When someone mentions bare metal, they are talking about the physical piece of hardware. For Example, "You could run Kali Linux on bare metal for optimal performance, as oppose to a virtual machine."

VM Diagram

VM-diagram-small


0x02 - Organization w/ Groups

 

Summary

Much like anyone else, when I first started using virtualization I didn't use it for anything more than a Kali VM machine and maybe an Ubuntu server. As the years went on however, I began snowballing and collecting VMs for everything. I had a VM for Kali, plus 3 VulnHub VMs for pentesting, WhoNix for Tor routing, and then maybe some Linux VMs to try different distros. After a while, your VirtualBox can begin to look a bit cluttered and messy...

Thankfully, VirtualBox allows us to group our Virtual Machines with ease.

  1. Right click a VM and select group.
  2. Right click the new group name and select rename to call it what you will.

Below, I've created two groups. One group has been named Capture The Flag, which is comprised of virtual machines that assist with pentesting. The second group has been titled Where The Wild Things Are which is composed of a separate instance of Kali Linux, WhoNix and other VMs for the regular internet.

02-CTF-Group-edit

Being able to collapse groups allows us to keep VirtualBox nice and tidy so we can peruse a specific section without contracting an aneurysm. VirtualBox also supports nested groups, allowing us to break down groups into smaller subsections if needed. Below, we have now added a new group called Privacy in the Where The Wild Things Are group.

03-Groups-nested-edit


0x03 - Format Types and Storage

 

Summary

One thing that virtualization needs is portability. Portability as in, having the ability to create a virtual machine on your Windows host OS, and copying it over to your Linux host OS. If you have ever browsed to the path of your virtual machines from different hypervisors, you may have noticed different file extensions. These file extensions types are called container formats and they handle how the virtual machine is stored. VirtualBox supports multiple container format types which we will cover below. We will also touch on the two ways that you could write to your virtual disk.

 

Format Types

OVF - Open Virtualization Format is a cross-platform standard for virtualization. Similar to how we have other protocol standards, OVF is a standardized way of packaging the virtual machine to a file so that it can be extracted and distributed easily. OVF is supported by just about all virtualization vendors.

Note: According to VirtualBox, Due to its ongoing integration in VirtualBox there are some limitations, but for the most part you shouldn't experience any issues importing OVF files.

VDI - This is the default standard for VirtualBox. Unless you specify differently when creating your image, this is the option that automatically clicked when creating a new disk.

VMDK - VirtualBox supports the VMDK container format, which is commonly used by VmWare. If you think there is a chance you will be copying this machine to VmWare, consider using this option.

VHD - VirtualBox supports Microsoft's container format used for Hyper-V machines.

HDD - Image files of Parallels version 2, which I have never seen nor used.

08-Disk01

 

Disk Image Types

When creating your VM you are asked to select one of the two options you are presented with.

08-Disk02

Fixed-Size - When using Fixed-Size, Virtualbox will create a file reserving the amount of space you set aside for the VM, regardless of how much you initially use. If you create a Windows virtual machine with 50GB of space, you will be creating a disk file with 50GB in size.

Dynamically Allocated - When using Dynamically Allocated, you initially start off with a small file that grows as disk sectors are written for the first time. This can add to slower write times, but after a while as growth slows the write speeds become negligible.


0x04 - Cloning Machines

 

Summary

Another great feature that is often overlooked is cloning. Cloning will save you a lot of time from configuring VMs which you have already configured once before. If you need two instances of Kali, or maybe multiple Ubuntu servers, you can simply clone a VM to prevent having to go through the OS configuration. The time it takes for the cloning process to finish depends on the size of the disk, snapshots and of course your Host OS hardware specs. Notwithstanding, in my experience it usually doesn't take very long. There are two Clone types, so lets discuss those.

00-cloning

Full Clone - Copies all of the disk images into an entirely new VM folder. A full clone doesn't require it's parent VM or it's files to operate. Fully independent.

Linked Clone - Linked clones use differencing images. In short, they are special disk files that only hold and compare the differences of another image. This means that differencing images by their own nature, are dependent on their parent images in order to make the comparisons. The parent image becomes read only, and any applied write changes are saved to the child image; aka the link clone.

Note: Notice in the GIF below that the Linked Clone is missing it's VDI file. If you haven't already guessed, that is because it is relying on it's parent Kali VDI image.

Clones-1

 

Expert Mode

The Cloning wizard also offers an expert mode which gives you a few more options that can be configured.

01-cloning-expert

Snapshots - When cloning your image, you can choose from two options. Everything means to copy the current machine state as well as all of it's snapshots. Else you can choose Current Machine State.

MAC Address Policy - Specify whether or not you would like to generate a new MAC address for your cloned VM. This is generally something you would want to do and it is the default selection.

Keep Disk Names - "Retains the disk image names when cloning the VM"

Keep Hardware UUIDS - "Retains the hardware universally unique identifiers when cloning the VM." This typically causes Windows to prompt you to reactivate the OS, as it will appear that the hardware ID's have changed since the initial install.


0x05 - Guest Additions

 

Summary

Guest additions are the additional drivers and packages that enable a
lot of convenient features. Those who are familiar with VmWare have likely seen this before. As its name might give away, it is a software package that is to be installed on the Virtual Machine's Guest OS. Typically when installing a VM, VirtualBox will automatically mount a guest-additions.iso in your optical drive. If you are downloading from a Linux distro, you can usually find it in your package manager as:

virtualbox-guest-additions-iso

Note: As of recent, Virtual Box Guest Additions now comes preinstalled in Kali Linux! (Minimal package Kali installations may still need to install it through the package manager, however)

 

The Features

Mouse Pointer Integration - Without this feature, your mouse can only be in one place at once; The Guest OS, or the Host OS. When you click inside the VM, your mouse is locked down until you press the host key to escape back to your Host OS. With Mouse Pointer Integration you can move your mouse fluidly. You will be able to traverse in and out of the VM seamlessly without having to press your host key to exchange control.

Shared Folders - You can setup a folder on your host, which your Guest OS will be able to access. Great for exchange files and folders. (Could also pose a security risk if your Guest OS is compromised, keep that in mind)

Drag and Drop - As the name implies, you can drag and drop files / folders to the Guest OS and vice versa. (Saves you time from having to use SCP or RSYNC)

Hardware-Accelerated Graphics - Although this is a lot more complex than I'm about to explain, this in essence allows you to utilize your Host OS graphics card for processing in the Guest OS. Theoretically, you could use your Nvidia graphics card to crack hashes inside your Guest OS with Hardware-Accelerated Graphics enabled.

Better Video Support - You will be able to go fullscreen with larger resolutions. With the exception of masochist, everyone hates being confined to a 800x600 window.

Time Synchronization - Virtual Machines often lose track of time for various reasons. For example, if you pause your VM for several minutes and then unpause, your VM will be out of sync. However with guest additions, if the VM is unpaused or a saved state is restored, the guest time is changed immediately.

Shared Clipboards - This feature is great for when you are copying and pasting. Think of everything we tend to copy... credentials, configurations, commands, code, and everything else that we usually send to our clipboard.

Memory Ballooning - Normally if you want to adjust your VM's RAM allocation, you have to shutoff the machine before making the configuration. With Memory Ballooning you can add or remove RAM from the cli while the VM is running so you don't have to stop in the middle of your pentest when you realize 4GB just isn't enough.

Guest Control File Manager - Another great option for transferring files between Host and Guest OS is using the Guest Control File Manager. From the Guest OS, go to Machine -> File Manager From there you must authenticate with your Guest OS's username / password and click Create Session

07-filemanager

Seamless Windows - In my opinion, this is one of the coolest features that typically flies under the radar. As the name suggests, you can integrate the VM into your Host OS seamlessly. Seamless Windows provides a nice tucked away panel bar overlay on top of your Host OS. Great for when you want to run your Kali tools in conjunction with other activities on your Host OS. This feature also comes in handy when you want to run Native OS applications on your host... Windows Calculator on a XFCE desktop? What kind of black magic sorcery is this?!

06-seamless

Note: In the cropped image above, the Kali VM is running in Seamless mode. Notice the Host OS panel down below and the Guest OS panel running up top. I also launched a Kali terminal which can be seen on the desktop. (Seamless mode is enabled by pressing Host key + L or by going to View -> Seamless mode)


0x06 - VirtualBox RDP (VRDP)

 

Summary

Using a compatable protocol to Microsoft's RDP, VRDP is another great feature that is offered with the Guest Additions package. Simply put, RDP lets you connect to a VM running on another server and interact with the GuestOS's GUI. This is incredibly convenient and allows you to startup VMs in headless mode without the GUI. As an example, we could be connecting to a remote Ubuntu server where we don't want a GUI configured but we still want to use some graphical text editting applications. We could use RDP and connect to one of several VMs running on that Ubtuntu server and interact with their graphical user interface. VRDP also allows simultaneous connections, which allow you to share your mouse and keyboard with several other remote users on a VM; great for training sessions! Using some port-forwarding magic, we could also provide someone RDP access to our machine over the internet without having to configure your router. You can check out some of those tunneling techniques which are covered in a previous article here. Lets take a quick look at how to set this up.

 

Basic Configuration Explained

  • Port - VRDP port you would like to use. (3389 by default)
  • Authentication Method -
    • Null - Null authentication is the default method which is insecure by nature. It requires no authentication to RDP to the VM.
    • External - In Linux, external relies on specific files to authenticate against the Host OS.
      1. VBoxAuth.so for Linux (Authenticates against PAM)
      2. VBoxAuth.dll for Windows
      3. VBoxAuth.dylib for Mac.
    • Guest - (BETA - May not work) "Authentication is performed not on the host, but on with the guest user accounts...This method is currently in testing and not yet supported... "
  • Authentication Timeout - Time user has to authenticate (milliseconds)
  • Allow Multiple Connections - Have multiple RDP connections to a Guest OS at once. This allows multiple users to share the screen and keyboard.

 

Configuration (Basic)

  1. Open your VM's Settings
  2. Click Display
  3. Click Remote Display

09-enable-RDP

  1. If you don't care about the port, leave it to the default VRDP port. (timeout shouldn't need to be adjusted either)

  2. Use a RDP client such as rdesktop or xfreerdp and connect to your VM. If your network is configured to NAT (default), simply using localhost as seen below, will work.

rdp

 

Additional Configurations

When using the command line we will have a lot more options to interact and configure the virtual machine (Go figure!). Though it won't be covered in this write up, here are a few additional things that can be configure for VRDP within the CLI:

  1. A 4th VRDP Authentication method using a XML file
  2. Enable VRDP encryption with TLS
  3. Multiple Remote Monitors
  4. VRDP Video Redirection
  5. VRDP Customization (DisableUSB, DisableAudio, DisableClipboard etc)

0x07 - Networking

 

Summary

Not everyone is a network ninja and networking options can be fairly confusing. The two modes you will be most likely interacting with are NAT and Bridged modes. However, lets briefly cover some of the modes and capabilities.

 

Networking Modes

  1. Not Attached - VirtualBox informs the GuestOS that there is a Network Card attached, but with no connection.

  2. Network Address Translation (NAT) - This is the default configuration that is setup within VirtualBox. You are assigned an IP address from VirtualBox which isn't shared with anything else. Also, NAT is capable of port forwarding to your Guest OS.

  3. NAT Network - A NAT network is attached to an internal network, which has to be created using the VBoxManage natnetwork add command. Not commonly used.

  4. Bridged Networking - When used, your VirtualBox connects to one of your Host OS's network cards, receiving an IP from your network's DHCP server (or using a statically assigned IP).

  5. Internal Networking - This allows you to create an internal network that other virtual machines can join, but not applications running on the Host machine / network. A more secure method of having VM's talk to eachother as oppose to Bridged Networking where traffic can be sniffed on the Host OS network interface. Internal networks are created automatically and are not managed through any interface.

  6. Host-Only Networking - A hybrid between bridged and internal networking modes. This can be used to create a network containing the host and a set of Virtual Machines. A loopback interface is created on the host providing connectivity between VMs and the Host.

  7. Generic Networking - Rarely used mode which allows a user to select a specific driver. (Used with GNS3 Network Simulator)

VDE Networking: Virtual Distributed Ethernet is a flexible, virtual network infrastructure system, spanning across multiple hosts in a secure way. It enables L2/L3 switching, including STP protocol, VLANS and WAN emulation. This requires additional plugins which can be found at https://wiki.virtualsquare.org

 

NAT Port Forwarding

Configuring port forwarding within a virtual machine that is segmented from your network with NAT presents a beautiful opportunity. You can connect to what appears to be your Host Machine, to a Virtual Machine, in a Segmented network, running a different OS. This provides you with the advantage of any vulnerabilities or bug in the service being limited to the Guest OS. If you have a development environment running within a virtual machine, this is a great opportunity to use Port Forwarding to SSH into the VM from your Host OS.

Note: Make sure that the port you select is not already in use on your Host OS!

You can configure your VM's Port Forwarding using the GUI within the VM's Network Settings or within the cli by using VBoxManage. See the GIF below.

portforwarding-1

 

Configuring Port Forwarding

Name - The name you would like to give your rule

Protocol - TCP or UDP protocol for the service

Host IP - IP address of your Host OS

Host Port - Port you would like to access the Guest OS port at

Guest IP - IP address of the Guest IP (Default NAT address is: 10.0.2.15)

Guest Port - Port number the service is running on within the Guest OS

0A-Port-Fwding

Note: - This can also be done in the command line interface by using the following command: VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,4444,,22"

0x08 - Disk Encryption

 
Disk Encryption allows us to Encrypt the disk image. This feature provides an additional layer of security, but should not be solely relied on. Here are a few notes about VirtualBox's Disk Encryption.

 

Things to Note

  • Only the disk image is encrypted. Snapshots, configuration files and saved states are not!
  • Once a disk has become encrypted, it is no longer portable to other hypervisors.
  • Vbox uses 128-bit or 256-bit AES data encryption keys (DEK)
  • The DEK is stored in the vbox configuration file. If it is missing or corrupted, you may lose access to your GuestOS.
  • The DEK is kept in your HostOS's memory to decrypt data. If your HostOS is compromised, the DEK could be extracted.

 

Configuration

Enter your virtual machine's settings. Under General you will notice the sub tab Disk Encryption. Check Enable Disk Encryption and then select whether you want to encrypted with 128-bit or 256-bit key.

0D-diskencryption

Enter and confirm the password you would like to use. Like anything else that you encrypt, it the time it takes to finish is dependent on several factors. Your Host OS hardware specifications, the encryption key size, and the size of your disk on the Guest OS.

Below I browsed to my virtual box folder and made a copy of the virtual box configuration before and after encryption. The diff below shows the encryption key value has been added to the configuration file.

0B-diffing

I then attempted to edit the key to see what kind of error message would be produced, however to my surprise when I attempted to launch the Guest OS, it prompted me for a password like normal. I was then able to login normally. I then decided to delete the configuration file all together, and yet the VM still started! I reviewed the logs to see what was occurring, and it appears that VirtualBox sees that the configuration file is missing and just creates a new one in its place containing the DEK key.

  • VD#0: DEK is missing
  • VM: Raising runtime error 'DrvVD_DEKMISSING' (fFlags=0x6)
  • Changing the VM state from 'RUNNING' to 'SUSPENDING'
  • AIOMgr: Endpoint for file '/home/.../Kali-Wild.vdi' (flags 00c0781) created successfully

I didn't spend any additional time researching what was happening here, but I would still suggest taking VirtualBoxes recommendation, and store a backup of the configuration file.

0C-log4DEK

WARNING: Do not solely rely on VirtualBox encryption for security. Your best defense is encrypting your Host OS. You could then look into encrypting your Virtual Machine from inside the Guest OS. Be wary of saved states and do some research!


0x09 - VBoxManage Command

 

Summary

VBoxManage is where everything begins to shine. It opens the doors for so many possibilities. Although this section won't do it justice, we should at least briefly touch on it. VirtualBox provides you with their command VBoxManage which contains a plethora of flexible subcommands each with their own list of options that we can configure.

Everything that we have covered thus far can be configured in the the command line. There are also many options and features that can only be configured within the command line. VBoxManage gives us the possibility to script, automate, manage and interact with VMs in all different kinds of environments.

There is a huge list of commands, so I encourage you to explore VBoxManage on your own. Here is a few examples of some the VBoxManage subcommands.

Commands

  • VBoxManage createvm - Creates a new XML VM configuraiton file. Options include setting the OStype, uuid, vm name, groups and basefolders.

  • VBoxManage startvm - Start Virtual Machines that are powered off or in saved states. Options allow you to specify gui, headless or seperate.

  • VBoxManage modifyvm - Allows you to edit a VM while it is not running. Options include the name, groups, descriptoin, ostype, memory,cpu, and everything else under the sun.

  • VBoxManage snapshot - Create, delete, and restore snapshots.

  • VBoxManage clonevm - Clone your VM. Options allow you to select the mode, keepallmacs, keepalluids, etc.

  • VBoxManage natnetwork - Create or manipulate existing NAT networks.

  • VBoxManage sharedfolder - Add or remove shared folders

 
There are plenty of commands to review. Use VBoxManage commands to automatically build complex environments from a single script, or remotely manage VMs via SSH!


0x0A - The Documentation

 
I must applaud oracle for the documentation, as it is some of the best I've come across. It avoids using any kind of esoteric langauge and makes it incredibly easy to follow. The documentation feels fluid, in that it can be read in a linear fashion with ease or you could hop around as you see fit. It covers everything from each single tab on the GUI, down to each option's usage within the CLI.

0E-TheManual

Everyone wants to be a hacker until it's time to RTFM. Set yourself apart and at least skim through the user guide! If you are on a Debian based distro, then you can find the documentation located at /usr/share/doc/virtualbox/UserManual.pdf.

I hope you learned something and feel free to share with others!