Open source and free environments
There are a number of free and open source virtual environments; we will look at some of the more popular ones here. For this section, we will discuss the following products:
- VMware Player
- VirtualBox
- Xen
- Hyper-V
- vSphere Hypervisor
VMware Player
The team at VMware has created a number of different products that are available for free. At the time of writing this book, VMware Player is still available free of charge, but unfortunately only for home users. One of the biggest limitations in the past was the fact that you could not use VMware Player to build and create virtual machines. Thankfully, the latest versions allow you to create machines. The limitations of the current version are in the networking department; this is because you cannot create additional switches with the VMware Player tool. For our purposes of building virtual pentesting labs, this is something that we really need, and if you do decide to use it, then you can only use VMware Player for basic network architecture. It is free, and this is why we are going to cover it. The first thing you want to do is download it. You can download it from https://my.vmware.com/web/vmware/free#desktop_end_user_computing/vmware_player/6_0. Once you have downloaded it, you will have to obtain a license key by registering with the site. Once you have the key, you can enter it during the installation or at a later time, and it will enable you to use the tool. For reference, to use the tool, the user guide is a good source, and there are several tutorials on the Internet for it too. Again, it is limited in what it can provide us, but a viable solution is to use it to test machines you build on as well as other machines without having to purchase another license for the software.
VirtualBox
Oracle VirtualBox is a very powerful tool and is one of the most popular when it comes to selecting a virtualization solution. The fact that it is so powerful and free makes it a great choice. The tool performs well on a variety of platforms and offers desktop as well as enterprise level capabilities. The current version at the time of writing this book is 4.3.2; you can download it from https://www.virtualbox.org/wiki/Downloads. There are versions available for Windows, Mac, Linux, and Solaris. The reviews of Version 3 for VirtualBox reported a number of problems with the tool, but ever since Version 4 has come out, there have not been reports of the problems from the previous version.
As it is so popular and a viable choice, we will create a virtual machine using this tool. The user guide is very useful too if you have not used VirtualBox before. You can download it from https://www.virtualbox.org/wiki/Documentation.
Once you have installed the software, the program will launch itself automatically, and you should see a screen similar to that shown in the following screenshot:
We will need an ISO image to use for our virtual machine. For this, we will use the excellent tool Samurai Web Testing Framework (WTF). This is a web application testing framework that is a live Linux environment that has been preconfigured as a web pentesting framework. The CD contains some of the best open source and free tools to use to test and attack websites. You can download the ISO image from http://www.samurai-wtf.org/.
To start the creation of the virtual machine, click on New to begin the process. In the window that opens to create the virtual machine, enter Samurai in the name field and select Linux as the operating system. Then, select the required version and click on Next.
In the next window that comes up, you will select the RAM for the virtual machine; you can leave the setting at the default of 256 MB or change it to another value that works best for you. An example of this window is shown in the following screenshot:
The next thing we want to do is to create a hard disk for our virtual machine, but for our purposes, we are not going to use a hard disk; so, we will select the do not add a virtual hard drive setting and click on Create. You will be warned about creating a virtual machine without a hard drive, but this is OK because this is what we want to do. So, read the warning and click on Continue.
Congratulations! If all has gone well, you have just created a virtual machine in VirtualBox. You should now have a window showing you the machine you have created, and it will look similar to the following screenshot:
We are now ready to start our virtual machine! Click on the Start setting and start the virtual machine. This is where you will get a message about how you need to select an optical image to boot from, and this is where the image we downloaded comes in. So, we will do that now. At the prompt, navigate to the ISO image you have downloaded and boot the Samurai-WTF virtual machine. This is the process to use VirtualBox, and we will not continue on from here. You are welcome to experiment and practice on your own. One thing to be aware of is that sometimes, with certain machines, the VirtualBox software will have difficulties with the keyboard and the input. If this happens, it is recommended that you load the extensions that can be found at https://www.virtualbox.org/wiki/Downloads. This is one of the reasons why VirtualBox is not the selected software for this book.
Xen
It is no secret that the i386 market has been dominated for years by the solutions offered by VMware, but as time goes by, the market has plenty of solutions that continue to increase the size of their followings. This is where Xen comes in. It has gained popularity and continues to do so as word gets around about it and as the product continues to improve. You will probably ask this question if you are new to Xen: what is Xen? This is a very good question, and to explain it in detail is beyond the scope of the book. There are entire books written on Xen, so we will only cover the basics here. Xen got its start at the University of Cambridge in the UK. Since then, there have been many players in the Xen game, and this has added features and capabilities to the tool, which in turn has increased its popularity.
Once the Xen project took off, as is typical in the IT world, the founders started their own company called XenSource, and then the company was taken over by Citrix. Citrix has expanded on the project and offers it as a solution along the lines of VMware ESX. Additionally, other vendors have added Xen into their product vendors such as Red Hat and Novell.
For the latest information or to download Xen, refer to the website www.citrix.com. For a very good tutorial, that is, a step-by-step guide to set up Xen on a SUSE Linux machine, you may refer to the URL http://searchservervirtualization.techtarget.com/tip/Xen-and-virtualization-Preparing-SUSE-Linux-Enterprise-Server-10-for-virtualization. Note that there is a free registration required that consists of providing your e-mail address to read the document. It is worth it as they will send you links as new papers are published, so it becomes a nice, quick reference to stay updated.
Note
I had a university professor when I was an undergraduate student who gave me some sound advice that I continue to follow and recommend others do too: to spend one hour a day reading something or doing something related to the IT industry. Those of you who are reading this book probably know that the IT industry is in a constant state of change and the data is perishable, so we have to do something to keep it fresh. For me, that one hour a day has been part of my daily life for more than 25 years and has helped me stay updated.
Finally, as we wrap up this section on Xen, one of the features we need as we build complex environments is the capability to convert from one format to another. This is something we will cover later on in this chapter, but for Xen, we will share a reference with you that explains in detail how to take a Xen virtual machine and convert it into a Hyper-V format. You will find that information at http://technet.microsoft.com/en-us/library/hh427283.aspx. You will note the reference is from Microsoft, and you will also note that this only works with specific versions of the Microsoft System Centre software, but it is good to know it is possible. So, if you ever find or have a Xen VM and want to convert it for use in Hyper-V, it is possible.
Hyper-V
This is Microsoft's virtualization tool, and it is a continuation of their virtual PC product. While still relatively new to the virtualization landscape, Microsoft is catching up fast. The one area I find lacking within their tool is the networking and integration with desktop interfaces on Linux and Unix. Once they get these figured out, they will be worth serious consideration when selecting your virtual environment for your pentesting labs. Originally, Hyper-V was only offered as part of the server products for Microsoft starting with Windows Server 2008 and currently with Windows Server 2012.
Now, there are options to install the capability with Windows 8. This decision by Microsoft was based on the fact that the tool has been so popular on the server versions of their software that they wanted to expand it to give their customers more options when it comes to virtualization.
There are two main requirements for Hyper-V. The first requirement is that the operating system has to be 64 bits. The second requirement that is often overlooked is the capabilities of the processor in the machine. The Hyper-V technology requires that the chip support Second Level Address Translation (SLAT). To run Hyper-V on a platform other than a server, you will need to have one of the following:
- Windows 8 Professional
- Windows 8 Enterprise
Once you have your platform of choice, you can either add it as a feature if you are using one of the servers, or if you have selected one of the Windows 8 platforms, then you can download Hyper-V from http://www.microsoft.com/en-us/download/details.aspx?id=36188. Microsoft refers to the version of Hyper-V for non-server products as client Hyper-V.
Regardless of the platform, the installation and configuration follows the same sequence. Now that you have Hyper-V, we will create a virtual machine so that you can work through the process of creating one. With Hyper-V, we have to set up a network that we are going to connect it to. We can set this up at the beginning or we can set it up after the creation of a virtual machine. For our purposes, we will create the network before we start the virtual machine creation process. In a basic architecture, we need two networks, one that connects to the external world (for example, the Internet) and a second network to connect to the internal machines. For simplicity, we will call them ExternalNet and InternalNet.
The first thing that you need to do is define a DHCP scope of 192.168.177.0/24 for the DHCP server. This is the network that will be used for external access, and the labs would be required to be set this way if you were to use this machine. If you are using a server platform, the steps to set up the network are as follows:
- Navigate to Start | Administrative Tools | Hyper-V Manager.
- Click on Virtual Network Manager on the right-hand pane of Hyper-V, The Virtual Network Manager window appears.
- Select New Virtual network on the left-hand pane and select External as the type of network, then click on Add. This is shown in the following screenshot:
The process to create the InternalNet is the same, so we will not repeat it here. We will go through the steps of creating a virtual machine with Hyper-V to the point of a successful boot, then we will continue with the chapter.
You will need an ISO image, and if you have one you want to use, then that is fine. We will use the popular pentesting framework from Offensive Security Kali Linux. You can download the ISO image from the location http://www.kali.org/downloads/. Once you open this link, pick the version you would like to use and download it. Once you have downloaded it launch Hyper-V. If you are using a server platform, the steps are as follows:
- Navigate to Start | Administrative Tools | Hyper-V Manager.
- When the program opens, navigate to Action | New | Virtual Machine, and when the new virtual machine wizard opens, click on Next.
- Enter a name for Kali for the virtual machine and click on Next. In the memory section, enter the maximum of RAM you can enter, and it should be at least 1024 KB. Kali needs at least 1 GB of memory to run efficiently. Once you have entered the RAM, click on Next.
- This will bring up the network connection selection; click on Not connected and then click on Next twice.
- In the Installation Options window, select the radio button Install an operating system from a boot CD/DVD-ROM and then select the image file (ISO) and browse to the Kali image. Refer to the following screenshot:
This is the installation options screen for your reference
- Once you have navigated to the ISO image, click on Next. Verify that your settings are correct and click on Finish.
- We now want to configure our network adapter. Within the Hyper-V environment, this can be a tricky process; so, the safest way when you are dealing with machines that are not from the Windows family is to select the legacy card. Right-click on the Kali virtual machine you have created and select Legacy Network Adapter. Then, click on Add as shown in the following screenshot:
- Now that we have selected our network adapter type, we have to connect it to our network. In the drop-down window, select External network, click on Apply, and then click on OK.
- A new virtual network will appear on the left-hand side of the window. Select it and then enter the name as
ExternalNetin the right-hand pane of the window. Ensure that the External radio button is selected, click on the network adapter of your computer, and then click on Apply, as shown in the following screenshot:
- If you get a warning message similar to the next screenshot, click on Yes to clear it. It is just to let you know that you may lose connectivity and have to re-enter the static network configuration data if you do lose the network connectivity.
- If you do not want to be bothered by the alert again, then select the Please don't ask me again checkbox before you click on Yes, as shown in the following screenshot:
- We are now ready to start our virtual machine. Right-click on the Kali virtual machine and select Start. Then, right-click again and select Connect. Your virtual machine should boot, and you can enter
startx, which will start the environment. At this point, it is up to you how much you explore with this virtual machine. We will continue with the chapter so that we can get through the different options of virtualization and move on to bigger and brighter things.
vSphere Hypervisor
This is the free version of the commercial entity, which is something you should consider for your lab environment. There are some versions that will work on a laptop and make it a part of their mobile lab environment too, but in my opinion, this is not the way to exploit the power of this type 1 virtualization solution.
As previously discussed, a type 1 solution has the Hypervisor ride on the actual hardware of the system itself. There are no emulation routines or interaction with the OS required; it is a pure bare metal environment that, in most cases, equates to raw power.
While the setup is very easy to perform and most can do it without assistance, the VMware site has excellent resources for you to use to assist you with the installation. You can review these resources, including a video of how to perform the setup, at the following website:
http://www.vmware.com/products/vsphere-hypervisor/gettingstarted.html
As you will see when you visit the site, the team at VMware has provided you plenty of references to assist you with the installation, configuration, and deployment of their virtualization solutions. One last thing to mention here is the hardware requirements that are listed on the site; most of these are considered to be recommendations, and it is best to test the hardware for the product before you make it your preferred solution. Again, this is another reason why we do not recommend this solution on your mobile or laptop platform; laptops, for the most part, do not have the power that we want at our disposal when it comes to a bare metal virtual solution.