Question

Virtualization is a technology that system administrators have been using in our datacenters for years, and it is at the heart of cloud computing infrastructure. It is a technology that allows the physical resources of a computer (CPU, RAM, hard disk, graphics card, etc.) to be shared by virtual machines (VMs). Consider the old days when a single physical hardware platform—the server—was dedicated to a single‐server application like being a web server. It turns out that a typical web server application didn't utilize much of the underlying hardware resources available to it on the server. For purposes of this discussion, let's assume that a web application running on one of our physical servers utilized 30 percent of the hardware resources. That meant that 70 percent of the physical resources were going unused; thus, the server was being underutilized.

With virtualization, we could now install three web servers by using VMs each utilizing 30 percent of the physical hardware resources of the server. Now we are utilizing 90 percent of the physical hardware resources of the server, which is a much better return on our investment in the server. We will be using this technology to help us master the tools discussed in this chapter. By installing virtualization software on your computer, you can create VMs that can be used to work with the tools discussed. The rest of this chapter is concerned with doing just that.

Let's first define some of the proper vocabulary:

A hypervisor is the software that is installed on a computer that supports virtualization. It can be implemented as firmware, which is specialized hardware that has permanent software programmed into it. It could also be hardware with installed software. It is within the hypervisor that the VMs will be created. The hypervisor allocates the underlying hardware resources to the VMs. Examples of hypervisor software are VMware's Workstation and Oracle's VM VirtualBox. There are free versions of each of these hypervisors that you can download and use as we did in Lab 10.4 in Chapter 10 , “Metasploit.”

There are two types of hypervisors. Type 1 hypervisor runs directly on the bare metal of a system. Type 2 hypervisor runs on a host operating system that provides virtualization services. In our lab, you will be setting up a Type 2 hypervisor in the first lab of this chapter.

A virtual machine is a machine that is created on the hypervisor. It will have its own operating system and be allocated physical hardware resources such as CPU, RAM, hard disk, etc. Various network resources can also be allocated to each VM.

The host operating system is the operating system of the computer the hypervisor is being installed on.

The guest operating system is the operating system of the VM that resides within the hypervisor.

For example, I have a tower computer with an Intel i7 processor, 32 GB of RAM, and multiterabytes of hard disk space running Windows 10 Pro as the host operating system. I also have VMware Workstation Pro as my hypervisor with multiple VMs loaded in it, like Kali Linux and Metasploitable2. Linux is the guest operating system of both these instances.

Before you start this process, you need to make sure that the computer you plan to use for virtualization can support the VMs you intend to load on it as well as its host operating system. Table 14.1 lists the requirements for Windows 10, Ubuntu Linux, and Kali Linux.

Table 14.1 : Resource requirements for Windows 10, Ubuntu, and Kali Linux

RESOURCE	WINDOWS 10	UBUNTU LINUX	KALI LINUX
Processor	1 GHz or faster	2 GHz dual‐core processor	CPU supported by at least one of the AMD64, i386, armel, armhf, or arm64 architectures
RAM	1 GB for 32 bit 2 GB for 64 bit	2 GB	2 GB
Hard drive space	16 GB for 32 bit 32 GB for 64 bit	25 GB	20 GB
Graphics card	Direct 9 or later with WDDM 1.0 driver
Display	800×600	1024×768

https://www.microsoft.com/en‐US/windows/windows‐10‐specifications

https://help.ubuntu.com/community/Installation/SystemRequirements

https://kali.training/topic/minimum‐installation‐requirements/

Just like any environment, there will be pros and cons. Some of the pros of running Kali in a VM are that you can run more than one OS at a time; you can install, reinstall, or back up any time you want quite easily; and you can manage the allocation of resources. The cons would be that performance may not be as robust as if you were on bare metal, USB drives can cause issues, and some of us would rather roll back than actually troubleshoot the issue. I've been guilty of that because I was in a time crunch.

For demonstration purposes, in Lab 14.1 , I walk you through installing VMware Workstation Player on my Windows computer and then importing a Kali Linux VM. Let's get started.

---

LAB 14.1 : INSTALLING VM WORKSTATION

1. Download VMware Workstation Player for the Windows computer (if you did not already do so in Chapter 10 , “Metasploit’’). As of the writing of this book, the link to Workstation Player is https://my.vmware.com/en/web/vmware/free#desktop_end_user_computing/vmware_workstation_player/15_0 , which you see in Figure 14.1 .

   

   Figure 14.1 : Download VM Workstation Player page

2. After you have VM Workstation downloaded, open the install file and double‐click. A User Account Control (UAC) window will be displayed where you will need to click Yes to allow the program, as shown in Figure 14.2 .

   

   Figure 14.2 : VMware UAC

3. Click Next to advance to the Setup Wizard. You can click Next five times to accept the EULA, install at the default location, accept the User Experience Settings, add shortcuts, and then finally click Install. The next window you see is the installation starting, as shown in Figure 14.3 .

   

   Figure 14.3 : Installing VMware Workstation 15 Player page

4. The VMware Workstation player icon will be on your desktop. Double‐click the icon to access the Welcome screen. You have two options at this point of installation. If this is for noncommercial use, as you see in Figure 14.4 , leave the default and click Continue and on the next screen Finish.

   

   Figure 14.4 : Accepting the free noncommercial license

5. When you open the player, it will prompt you if you have any updates. As you see in Figure 14.5 , you will make the educated decision to download the update, especially if you read Chapter 12 , “Patch and Configuration Management.” You are not too busy to make sure you have the latest updates and patches and bug improvements.

   

   Figure 14.5 : VMware Workstation Player software updates

6. With VMware Workstation 15 Player, you have the ability to create a new VM from scratch or open one that already exists.
7. The next level of this process will be to download the Kali Linux VMware image.

---

There are several Kali Linux distributions to choose from. You have the WSL version that can be pulled directly into a Windows OS. From www.kali.org , every few months there is a new Kali image you can download. From www.offensive‐security.com , the VMs are already created for you. They are shared with the disclaimer that they are maintained on a “best‐effort” basis, and all future updates will be listed here:

www.offensive‐security.com/kali‐linux‐vm‐vmware‐virtualbox‐image‐download/19/

There are a few more important things I want to mention before we open Kali. Offensive Security does not supply technical support for Kali images, but support can be found on the Kali Linux Community page. Odds are if you have a question or problem, someone else has experienced the same thing. Scroll down the page until you see the Kali Linux VM for the architecture of your machine. As you see in Figure 14.6 , there will be a version as well as a hash.

Figure 14.6 : Downloading Kali Linux

---

NOTE

If you are interested in using an Android distribution for penetration testing, I have run Kali NetHunter on my tablet. It's a lot of fun on an airplane, but please remember to make ethical decisions. I had an interesting conversation on a flight from Denver to Los Angeles sitting next to a physician using the wireless service the airline offers. He was obviously reading confidential patient information that I could see because he had no privacy screen on his laptop. A peek at his taskbar told me a lot about the precautions he was taking. I pulled up NetHunter on my Android tablet and asked if he wanted to see something interesting. I'm not sure if I was supposed to be flattered that he said I looked like a librarian, not a hacker.

---

Download the appropriate VMware image, and in Lab 14.2 , you'll unzip it and open it with the player.

---

LAB 14.2 : INSTALLING 7‐ZIP AND USING KALI LINUX IN VMware WORKSTATION

1. The file you just downloaded ends with the extension .7z . 7‐zip is open source and free software that is a file archiver that utilizes a high compression ratio. To download the 7‐Zip software for Windows, go to www.7-zip.org . Like you see in Figure 14.7 , you have a choice between 32‐bit and 64‐bit architecture. It is a teeny tiny file, so it takes only a few seconds to download. Double‐click the 7‐zip icon and install the software.

   

   Figure 14.7 : Downloading and installing 7‐Zip

2. Now that you have 7‐Zip installed, find your download of Kali Linux. Right‐click the file and choose 7zip And Extract Here. This will unpack the zipped file create folder with the VM inside.
3. Open your VMware Workstation Player and choose the Open A VM option. When the Open dialog box opens, navigate to the proper folder and, like you see in Figure 14.8 , the Kali Linux VM will be an option. Select the folder and then click Open.

   

   Figure 14.8 : Opening Kali Linux VM

4. Once the Kali Linux VM is open, you will have several options. As you see in Figure 14.9 , you have the ability to power on the VM or edit the settings. If you click the Edit VM Settings link, you will be able to allocate more resources to the virtual environment before you hit the Play button.

   

   Figure 14.9 : Editing VM settings

5. In Figure 14.10 , you see the Hardware tab. The default configuration of 2 GB of memory, four processors, a 80 GB hard drive, a CD/DVD that will auto‐detect if one is installed on your host and a NAT network adapter. For most workloads, CPU virtualization adds only a small amount of overhead, which means it will be very close to what you see on a bare‐metal installation. The host operating system will not perform very well when it runs low on memory, so be careful about giving yourself too much memory. If the host OS doesn't have enough memory for itself, it can cause thrashing, constantly swapping data between memory and the paging file on disk. If you want this VM to connect to the Internet using the host's network, NAT is often the easiest way to go. The sound card and display will auto‐detect unless you make a change. Take note of the defaults currently displayed for future performance tuning.

   

   Figure 14.10 : Default configuration for Kali Linux

6. The next tab to the right of Hardware is Options. The options for your Kali Linux VM include giving the VM a new name, using power options such as entering full‐screen mode when the VM is ready to be powered on, and enabling or disabling folders. Considering this is Kali Linux and you will be compromising machines, I usually disable this. Shared folders will expose your host files to programs in the VM. In Figure 14.11 , you see the option to disable shared folders or enable if you trust the VM with the data you have stored on the host. Edit your Power options to enter full‐screen mode after powering on by selecting the box to the left and clicking OK.

   

   Figure 14.11 : Disabling shared folders

7. The only other viable option to consider is Unity. Unity in VMware is the ability to display applications directly on the host desktop. The VM console is hidden, and you can minimize the Workstation window. If you're feeling really fancy, you can change the border color around the applications that run in Unity mode on the desktop, as shown in Figure 14.12 .

   

   Figure 14.12 : Running Kali Linux in Unity mode

8. Click the OK or Cancel button after you have made your VM modifications, and from the Home page, click the Play Virtual Machine green triangle. You will see the Kali Linux machine spin up. The first time you spin up this VM, it may ask if you moved it or copied it. Select the I Copied It option. “It” is the VM you have created or downloaded.
9. When the Kali Linux VM is ready, you will see the login screen that's shown in Figure 14.13 . The default username is root , and the password is toor .

   

   Figure 14.13 : Logging into Kali Linux

10. If the screensaver pops up while you are reading or otherwise engaged, just press the Esc button on your keyboard. I like to see my VM in full screen on my auxiliary screen, leaving one monitor dedicated to Windows and one dedicated to Kali Linux, like you see in Figure 14.14 .

    

    Figure 14.14 : Kali Linux desktop

---