Thursday, August 31, 2017
Setting up a Windows Guest on VirtualBox
Setting up a Windows Guest on VirtualBox
I recently installed VirtualBox on Ubuntu LTS as described in my previous post. Now I am going to install a Windows XP Guest on it, so it can later be used as a platform to run malware for automatic analysis with Cuckoo sandbox.
In this case, instead of using Phpvirtualbox web interface, I will choose to use the command line so it will be easier in the future to automate the virtual machine creation process by using a bash script.
These are the specs I am going to use for the Windows XP:
- 1GB RAM memory
- 20GB of Hard Disk space
- VDI format for the virtual disk
- Dynamically allocated storage
1.- Creating the virtual machine
The command vboxmanage can be used to create the virtual machine, using settings above, and to attach a DVD drive with the ISO image of the Windows XP. In my case I decided to name it WindowsXPVM1. $ vboxmanage createvm --name "WindowsXPVM1" --ostype WindowsXP --register
$ vboxmanage modifyvm "WindowsXPVM1" --memory 1000 --acpi on --boot1 dvd --nic1 nat
$ vboxmanage createhd --filename "WinXP.vdi" --size 20000
$ vboxmanage storagectl "WindowsXPVM1" --name "IDE Controller" --add ide --controller PIIX4
$ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium "WinXP.vdi"
$ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 1 --type dvddrive --medium /pathtoyouriso/windowsxp.iso $ VBoxHeadless --startvm "WindowsXPVM1" 2.- Installing guest additions in our virtual machine
$ wget http://dlc.sun.com.edgesuite.net/virtualbox/4.1.12/VBoxGuestAdditions_4.1.12.iso 3.- Adding a shared folder and recording the network traffic
$ vboxmanage controlvm "WindowsXPVM1" poweroff
$ mkdir -p /home/santiago/cuckoo/shares/WindowsXPVM1
$ vboxmanage sharedfolder add "WindowsXPVM1" --name "WindowsXPVM1" --hostpath /home/santiago/cuckoo/shares/WindowsXPVM1 --automount
$ vboxmanage sharedfolder add "WindowsXPVM1" --name setup --hostpath /home/santiago/cuckoo/shares/setup --automount --readonly
$ vboxmanage modifyvm "WindowsXPVM1" --nictrace1 on --nictracefile1 /home/santiago/cuckoo/shares/WindowsXPVM1/dump.pcap
$ vboxheadless --startvm "WindowsXPVM1" 4.- Configuring virtual machine to use a host-only adapter
$ lsmod | grep vboxnetadp # module needed to add a new host-only interface at the host
$ vboxmanage list hostonlyifs # checks host-only interfaces at the host
$ vboxmanage hostonlyif create # leaving default IP 192.168.56.1/24
$ vboxmanage list dhcpservers # checks dhcp servers
$ vboxmanage list vms # checks virtual machines
$ vboxmanage showvminfo "WindowsXPVM1" # checks NICs information
$ vboxmanage controlvm "WindowsXPVM1" poweroff
$ vboxmanage modifyvm "WindowsXPVM1" --nic1 hostonly
$ vboxmanage modifyvm "WindowsXPVM1" --hostonlyadapter1 vboxnet0
$ vboxheadless --startvm WindowsXPVM1
5.- Configuring the Host IP forwarding and firewall filters
$ iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT
$ iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
$ iptables -A POSTROUTING -t nat -j MASQUERADE
$ sysctl -w net.ipv4.ip_forward=1
6.- Starting and stopping the virtual machine
To start VirtualBox web service and the virtual machine we need to run the following commands: $ vboxwebsrv -b
$ vboxmanage list vms # Optional to list virtual machines
$ vboxheadless --startvm "WindowsXPVM1"
$ vboxmanage controlvm "WindowsXPVM1" poweroff References
http://www.virtualbox.org/manual/http://blog.michaelboman.org/
download file now
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.