Nmap scan with kali guest and Win10 quests in Win10 Host

Discussions related to using VirtualBox on Windows hosts.
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

Hi all. i am new in this forum.
I have tried everything with every search and googling before posting here.

I am trying to nmap scan with my kali guest, as the same time i have a windows 10 guest in my windows 10 Host.
But until now, with no luck. i have tried putting both guest machines in bridged adapter. it doesnt work.
when i scan with my android device they all show up. but i am currently trying to use my own guest windows as a labOs to try out things. with my kali guest.

Any solutions would be much appreciated
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by scottgus1 »

Please try tuning on Promiscuous Mode in each Bridged adapter's settings (probably under the Advanced dropdown).
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

scottgus1 wrote:Please try tuning on Promiscuous Mode in each Bridged adapter's settings (probably under the Advanced dropdown).
Thank you for replying.
I tried with different Promiscuous Mode on both guests , no luck.
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by scottgus1 »

Clawsman wrote:i have tried putting both guest machines in bridged adapter. it doesnt work.
"It doesn't work" needs to be pinned down more. Do the VMs actually have network and internet access? Do they get IP addresses?

Right-click each VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Zip the VM's .vbox file (not the .vbox-prev file), and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file.)

In both host and VM Windows OS, open a Command Prompt and run ipconfig /all. Post the command output. Label which is which.

In the Linux OS, open a Terminal and run ifconfig or ip address. Post the command output.

In both host and VM Windows OS's, ping 8.8.8.8. Post the command output. Label which is which.
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

scottgus1 wrote:
Clawsman wrote:i have tried putting both guest machines in bridged adapter. it doesnt work.
"It doesn't work" needs to be pinned down more. Do the VMs actually have network and internet access? Do they get IP addresses?

Right-click each VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Zip the VM's .vbox file (not the .vbox-prev file), and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file.)

In both host and VM Windows OS, open a Command Prompt and run ipconfig /all. Post the command output. Label which is which.

In the Linux OS, open a Terminal and run ifconfig or ip address. Post the command output.

In both host and VM Windows OS's, ping 8.8.8.8. Post the command output. Label which is which.
Thank you for taking time to guide me on this matter.

Ipconfig /all on windows result:

Windows IP Configuration

Host Name . . . . . . . . . . . . : DESKTOP-NNAUQL7
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
Physical Address. . . . . . . . . : 08-00-27-35-6A-3F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f584:a33d:95ed:f2c6%6(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.18.29(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 24 May 2022 14:22:46
Lease Expires . . . . . . . . . . : 24 May 2022 15:22:46
Default Gateway . . . . . . . . . : 192.168.18.1
DHCP Server . . . . . . . . . . . : 192.168.18.1
DHCPv6 IAID . . . . . . . . . . . : 101187623
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-19-BE-81-08-00-27-35-6A-3F
DNS Servers . . . . . . . . . . . : 192.168.18.1
NetBIOS over Tcpip. . . . . . . . : Enabled


ifconfig on kali result:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.18.28 netmask 255.255.255.0 broadcast 192.168.18.255
inet6 fe80::a00:27ff:fef3:74a prefixlen 64 scopeid 0x20<link>
ether 08:00:27:f3:07:4a txqueuelen 1000 (Ethernet)
RX packets 327 bytes 34420 (33.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 257 bytes 25620 (25.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


Windows ping result:

Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=448ms TTL=115
Reply from 8.8.8.8: bytes=32 time=28ms TTL=115
Reply from 8.8.8.8: bytes=32 time=48ms TTL=115
Reply from 8.8.8.8: bytes=32 time=34ms TTL=115

Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 28ms, Maximum = 448ms, Average = 139ms


Kali ping result:

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=24.9 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=115 time=13.8 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=115 time=27.6 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=115 time=19.8 ms
64 bytes from 8.8.8.8: icmp_seq=5 ttl=115 time=18.1 ms
64 bytes from 8.8.8.8: icmp_seq=6 ttl=115 time=20.0 ms
64 bytes from 8.8.8.8: icmp_seq=7 ttl=115 time=28.7 ms
64 bytes from 8.8.8.8: icmp_seq=8 ttl=115 time=52.2 ms
64 bytes from 8.8.8.8: icmp_seq=9 ttl=115 time=54.2 ms
64 bytes from 8.8.8.8: icmp_seq=10 ttl=115 time=37.8 ms
^C
--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9011ms
rtt min/avg/max/mdev = 13.794/29.691/54.230/13.355 ms


And zip files are uploaded
Attachments
windows 10.zip
(2.69 KiB) Downloaded 5 times
Kali 2.zip
(2.28 KiB) Downloaded 7 times
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by scottgus1 »

OK, thanks for the information!
Kali shows this for network:
<Machine uuid="{bcc3a180-c300-4945-8663-0a7af6395d92}" name="Kali 2" OSType="Ubuntu_64" currentSnapshot="{7a00658c-17e5-48f5-aeff-db90d3a6da58}"....
<Snapshot uuid="{7a00658c-17e5-48f5-aeff-db90d3a6da58}" name="all installed" ....
<Network>
<Adapter slot="0" enabled="true" MACAddress="080027F3074A" type="82540EM">
<NAT/>
</Adapter>
</Network>
</Snapshot>
<Network>
<Adapter slot="0" enabled="true" MACAddress="080027F3074A" promiscuousModePolicy="AllowAll" type="82540EM">
<DisabledModes>
<InternalNetwork name="intnet"/>
<NATNetwork name="NatNetwork"/>
</DisabledModes>
<BridgedInterface name="Intel(R) Dual Band Wireless-AC 7260"/>
</Adapter>
</Network>
The Kali VM was on Bridged, to the same network as the Windows 10 VM. However, the snapshot is now active, and the VM is set to NAT in the snapshot block.

Yet strangely, The Kali VM "ifconfig" is not showing the default 10.0.2.15 IP address that NAT provides, and there is no indication of an attempt to change NAT's IP range to match the host LAN IP range. Did you set a static IP in Kali?

Kali needs to be Bridged to read out on the LAN.

So far this looks like misconfiguration. Set Kali back to Bridged, remove its static IP so the VM shows the same IP range as the host and the Windows 10 VM. Check that you can ping each OS from both of the others (Windows defaults to blocking Ping in its firewall: enable ICMP Echo Request). Set Promiscuous on both Bridged's to "Allow All", then see what happens.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by fth0 »

scottgus1 wrote:However, the snapshot is now active
You're misinterpreting the configuration file IMHO. The current/active state (read-write) is never a snapshot (read-only) and always the last part in the configuration file. The currentSnapshot attribute shows from what snapshot the current state is derived, because it doesn't have to be the latest snapshot.

The OP took the snapshot "all installed" at "2022-05-20T11:52:07Z", while the virtual network adapter was configured in NAT mode. Afterwards, they changed the virtual network adapter to Bridged mode and started the VM.
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

fth0 wrote:
scottgus1 wrote:However, the snapshot is now active
You're misinterpreting the configuration file IMHO. The current/active state (read-write) is never a snapshot (read-only) and always the last part in the configuration file. The currentSnapshot attribute shows from what snapshot the current state is derived, because it doesn't have to be the latest snapshot.

The OP took the snapshot "all installed" at "2022-05-20T11:52:07Z", while the virtual network adapter was configured in NAT mode. Afterwards, they changed the virtual network adapter to Bridged mode and started the VM.
Yes that is correct, my snapshot is in NAT state. but changed currently to bridged.
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

scottgus1 wrote:OK, thanks for the information!
Kali shows this for network:
<Machine uuid="{bcc3a180-c300-4945-8663-0a7af6395d92}" name="Kali 2" OSType="Ubuntu_64" currentSnapshot="{7a00658c-17e5-48f5-aeff-db90d3a6da58}"....
<Snapshot uuid="{7a00658c-17e5-48f5-aeff-db90d3a6da58}" name="all installed" ....
<Network>
<Adapter slot="0" enabled="true" MACAddress="080027F3074A" type="82540EM">
<NAT/>
</Adapter>
</Network>
</Snapshot>
<Network>
<Adapter slot="0" enabled="true" MACAddress="080027F3074A" promiscuousModePolicy="AllowAll" type="82540EM">
<DisabledModes>
<InternalNetwork name="intnet"/>
<NATNetwork name="NatNetwork"/>
</DisabledModes>
<BridgedInterface name="Intel(R) Dual Band Wireless-AC 7260"/>
</Adapter>
</Network>
The Kali VM was on Bridged, to the same network as the Windows 10 VM. However, the snapshot is now active, and the VM is set to NAT in the snapshot block.

Yet strangely, The Kali VM "ifconfig" is not showing the default 10.0.2.15 IP address that NAT provides, and there is no indication of an attempt to change NAT's IP range to match the host LAN IP range. Did you set a static IP in Kali?

Kali needs to be Bridged to read out on the LAN.

So far this looks like misconfiguration. Set Kali back to Bridged, remove its static IP so the VM shows the same IP range as the host and the Windows 10 VM. Check that you can ping each OS from both of the others (Windows defaults to blocking Ping in its firewall: enable ICMP Echo Request). Set Promiscuous on both Bridged's to "Allow All", then see what happens.
When i change to NAT and do a ifconfig, the result is:

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::a00:27ff:fef3:74a prefixlen 64 scopeid 0x20<link>
ether 08:00:27:f3:07:4a txqueuelen 1000 (Ethernet)
RX packets 3 bytes 1770 (1.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 23 bytes 3650 (3.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0


and i havent set static ip. its set to "Automatic DHCP"
Attachments
kali_network_settings.png
kali_network_settings.png (48.14 KiB) Viewed 4614 times
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by scottgus1 »

fth0 wrote:You're misinterpreting the configuration file IMHO.
Intriguing. So I've been looking at the .vbox file wrong all this time? Eeek... :oops:

I'll have to do some experiments, then. The final hardware config in the XML is the current state? Will see what I can see about that. Thanks!

Clawsman, please disregard what I posted above. You'd need to stay on Bridged. In addition, I just noticed that your Kali VM has a USB Wi-Fi adapter. Since Kali is for pentesting, you might want to see about getting the Wi-Fi adapter to be the primary adapter in the VM OS. Will have to ponder this one more. We'll need a forum guru to weigh in on this one. Maybe fth0 has a thought? (He quite often does... :D )
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

scottgus1 wrote:
fth0 wrote:You're misinterpreting the configuration file IMHO.
Intriguing. So I've been looking at the .vbox file wrong all this time? Eeek... :oops:

I'll have to do some experiments, then. The final hardware config in the XML is the current state? Will see what I can see about that. Thanks!

Clawsman, please disregard what I posted above. You'd need to stay on Bridged. In addition, I just noticed that your Kali VM has a USB Wi-Fi adapter. Since Kali is for pentesting, you might want to see about getting the Wi-Fi adapter to be the primary adapter in the VM OS. Will have to ponder this one more. We'll need a forum guru to weigh in on this one. Maybe fth0 has a thought? (He quite often does... :D )
I thought you where the guru :)

well..yes i have an external adapter, suited for use with kali. i have tried connecting with it from windows guest, to see if kali can find it that way and scan it. but no luck.
I will try the opposite as you suggested. using the adapter with kali and see if it will work:)
scottgus1
Site Moderator
Posts: 20965
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by scottgus1 »

Sounds like a good idea. I understand Kali is a hacking OS that wants to use a Wi-Fi setup. If you can get the Wi-Fi adapter going in Kali instead of the Virtualbox Bridged (try shutting off the Virtualbox adapter) then Kali might operate the way it's supposed to (maybe).

The Windows VM would remain Bridged, so it is on the LAN with the host, see Virtualbox Networks: In Pictures. Promiscuous mode might help Kali to see into the Windows VM's traffic through the Wi-Fi router and onto the LAN.
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by fth0 »

scottgus1 wrote:The final hardware config in the XML is the current state?
Yes. You could remember it as follows: In the Snapshots view of the VirtualBox Manager, you can have an arbitrarily complex tree of <n=0,1,...> snapshots, and exactly 1 Current State. You also know that you have (at least) one (read-only) virtual hard disk image for each of the <n> snapshots and one (writable) virtual hard disk image for the current state, the latter being 2 MB right after taking a snapshot. For each of the <n> snapshots and for the current state, you also must have a separate configuration, because they can all be different from each other.
scottgus1 wrote:Maybe fth0 has a thought?
I just tried to bring you back on track again. But I didn't notice anything wrong so far in the OP's information, so I didn't comment on the issue itself. Additionally, I think you already asked for the obvious next step:
scottgus1 wrote:Set Kali back to Bridged, [...] so the VM shows the same IP range as the host and the Windows 10 VM. Check that you can ping each OS from both of the others (Windows defaults to blocking Ping in its firewall: enable ICMP Echo Request). Set Promiscuous on both Bridged's to "Allow All", then see what happens.
If the ping is successful and the Nmap scan still doesn't work, then I'd chime in and ask for the nmap command line, which can be a really complex beast. ;)
Clawsman
Posts: 16
Joined: 22. May 2022, 18:44

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by Clawsman »

fth0 wrote:
scottgus1 wrote:The final hardware config in the XML is the current state?
Yes. You could remember it as follows: In the Snapshots view of the VirtualBox Manager, you can have an arbitrarily complex tree of <n=0,1,...> snapshots, and exactly 1 Current State. You also know that you have (at least) one (read-only) virtual hard disk image for each of the <n> snapshots and one (writable) virtual hard disk image for the current state, the latter being 2 MB right after taking a snapshot. For each of the <n> snapshots and for the current state, you also must have a separate configuration, because they can all be different from each other.
scottgus1 wrote:Maybe fth0 has a thought?
I just tried to bring you back on track again. But I didn't notice anything wrong so far in the OP's information, so I didn't comment on the issue itself. Additionally, I think you already asked for the obvious next step:
scottgus1 wrote:Set Kali back to Bridged, [...] so the VM shows the same IP range as the host and the Windows 10 VM. Check that you can ping each OS from both of the others (Windows defaults to blocking Ping in its firewall: enable ICMP Echo Request). Set Promiscuous on both Bridged's to "Allow All", then see what happens.
If the ping is successful and the Nmap scan still doesn't work, then I'd chime in and ask for the nmap command line, which can be a really complex beast. ;)
i have now tried with enable ICMP Echo Request in windows guest, with my usb wifi adapter connected in kali. but still doesnt find my windows guest. it finds every other unit besides my windows guest. :(
the nmap command i use is :

nmap -sP 192.168.18.0-100
Starting Nmap 7.92 ( https://nmap.org ) at 2022-05-24 21:29 CEST
Nmap scan report for 192.168.18.1
Host is up (0.064s latency).
Nmap scan report for 192.168.18.4
Host is up (0.15s latency).
Nmap scan report for 192.168.18.11
Host is up (0.052s latency).
Nmap scan report for 192.168.18.26
Host is up (0.00042s latency).
Nmap done: 101 IP addresses (4 hosts up) scanned in 6.63 seconds


my windows guest local ip is 192.168.18.29

My android phone find it (using fing). But not my kali guest
fth0
Volunteer
Posts: 5668
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: Nmap scan with kali guest and Win10 quests in Win10 Host

Post by fth0 »

You're not trying what scottgus1 (and me) wanted you to try, which would have been using ping 192.168.18.29.

Using nmap -sP is already more sophisticated and consequently can fall into more complex traps. Therefore, I wouldn't start with nmap before the simple ping above doesn't work.
Post Reply