Join Malcolm Shore for an in-depth discussion in this video Setting up a VirtualBox subnet, part of Penetration Testing: Advanced Tunneling and Exfiltration.
- [Instructor] Let's set up a subnet, 10.1.1.024, in VirtualBox to use throughout this course. The host on this subnet will be my Tiny Linux box, and I'll use a dual-homed Windows system to pivot through. This network topology is shown on the slide. I've already set up a subnet on VirtualBox. Let's see how I've done that. Let's look at the network configuration of the Windows seven VM.
For this system, I've added a second adapter, enabled it, and set it to Internal Network. I've called it "pivonet." This is what we call a dual-homed host. My Ubuntu host has the same network configuration. Let's look at the network configuration of the Tiny Linux VM.
For this, I've just got one network adapter, and it's configured as an internal network called "pivonet." This host is not accessible directly from the main lab, but only when routed via one of the dual-homed hosts. That's all we need to do to create a subnet. Let's configure the Tiny Linux target on the subnet.
The system currently doesn't have an IP address. Let's give this the static IP address, 10.1.1.5. Okay, we have the IP address, 10.1.1.5, now. I can open the Services menu, and we can see that Tiny Linux has four services.
This shows OpenSSH off, but in fact, it is active, and I'll start up TFTP to get an additional service running. I'll set my Ubuntu system up on the internal subnet also. Let's check its IP addresses. We can see that the main lab interface on "ep0s3" has address 10.0.2.12.
The "pivonet" interface on "enp0s8" doesn't currently have an IP address. Let's give this the static IP address, 10.1.1.7. Let's set up the Windows host now. I've opened Network and Sharing Center, and we can see the various networks. I'll select Local Area Connection two, Properties, Internet Protocol version four, Properties.
And we can see this is set to get a DHCP address, as we would expect. This will be in the test lab 10.0.2.X range. Okay, I'll close that, and I'll select Local Area Connection three, Properties, IPV four properties. And we can see, we've set this up to 10.1.1.4 as a static address.
This is the interface onto the subnet, and we have a dual homed Windows system. I'll close this. Let's check that we can ping our Tiny Linux system. And we can see it. Let's see what we can see in Kali.
I can ping Windows through its first adapter. And that's fine. When I try to ping 10.1.1.4 and 10.1.1.5, I get no response, as expected. Okay, we've got ourselves a subnet with a target and a couple of dual-homed systems bridging the networks.
- How tunneling works
- Running a local SSH tunnel
- Dynamic SSH tunneling
- Pivoting with Armitage and Metaspoit
- Exfiltrating using DET and DNS
- Covert exfiltration with Cachetalk
- Using PyExfil to exfiltrate over HTTPS