Virtual Machines for the Security Labs

By Drs. Anthony Vance and Dave Eargle

This page documents virtual machines that I have prepared for students in my class to use to complete the labs.

Setting up your virtual lab

I have created a Kali virtual machine image on Google Cloud Platform which is using nested virtualization to host within it several virtual machines: a Windows instance, a Metasploitable2 instance, and a security onion instance. They are hosted using kvm and libvirt and accessed using virt-manager.

Read these instructions to get oriented to and set up on Google Cloud Platform, and to get access to the Kali virtual machine. Anyone should be able to see and use the custom class kali image if they join this Google Group (public access):

infosec-net Network Map

The network map is as follows:

IP Address Machine Login Password Kali (the host) root toor Windows 19 Labuser Passw0rd! Metasploitable2 msfadmin msfadmin Security Onion securityonion Password1

IPv4 network block in CIDR block notation:

Using the virtual machines within Kali

  1. The virtual machines are accessed using virt-manager. First, you should make sure that your user account is a member of the libvirt group.

    sudo usermod -a -G libvirt $(whoami)
    Heads up! This will need to be run each time you create a new Kali instance.

    Alternatively, log in as root (password toor):

    su root
  2. Then, from a terminal, run virt-manager to get an interface such as the following:

    This shows that three virtual machines are available, but that none are running.

    Virt Manager interface shows no vms?

    In the virt-manager interface, try running:

    • File
    • Add Connection...
    • Connect (accept defaults)

Starting and accessing virtual machines

  1. Start a virtual machine by selecting it, and pressing the “play” icon. The virtual machine should then update to show that it is running.

  2. To view the running virtual machine, highlight it and click “Open”. A new window will appear.

    You can click into this window and interact with it via keyboard, and mouse if it has a GUI.

  3. Details of a virtual machine can be viewed and edited from the “details” pane.

  4. A network is set up to enable the host (Kali) and the guests (e.g., Metasploitable2, Windows 7) to network with one another. Try pinging metasploitable2 from Kali, and Kali from metasploitable2, using the network map ip addresses above.

Updating the virtual machines

The following scripts will update the respective lab virtual machines installed on the kali pentest lab image.

Update SecurityOnion

To update Security Onion, run the following:

wget -O - | sudo bash

Update Windows Server 2019

To update Windows Server 2019, run the following:

wget -O - | sudo bash

Update Metasploitable2

To update Metasploitable2, run the following:

wget -O - | sudo bash

Using snapshots

Virtual machines in virt-manager can be “snapshotted”, which lets you restore the virtual machine to a previous state if you mess it up by doing something such as deploying malware to it.

To create a snapshot, first, shut down the virtual machine. Then, click the “snapshot” button on the virtual machine pane, then +, then set a name, and “Finish.”

To restore to a snapshot, select your snapshot, and then “play” it. You do not need to shut down the virtual machine before restoring a snapshot.

How I created the virtual machines

If you are curious how the lab was set up, then browse this github repository.