VMs are unable to connect with each other on Internal networks

Discussions related to using VirtualBox on Linux hosts.
Post Reply
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

So I wanted to emulate Wizard Spider in adversary_emulation_library github, and I setup 3 VMs with one having Kali and the other 2 having Windows in virtualbox.

With my Kali VM and one of my Windows VMs I want to make sure that both my VMs are connected with each other and I can actually transfer files from one VM to the other (Not needed for the first step since I can access the file in any other way but I need the connection between the VMs if I want the attack to work in the later stages). However, even after trying Bridged Adapter (which for whatever reason wouldn't allow either of my VMs to access the internet) and NAT Network, I've been unable to establish a connection between the two.

I then tried internal network between both of my Windows VMs. However, even after downloading all the necessary ssh software such as OpenSSH, I'm unable to ping one VM from the other. I found the ip address using ipconfig within powershell, and ping just returnes Destination Host Unreachable

Any help would be really appreciated :)
scottgus1
Site Moderator
Posts: 19778
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VMs are unable to connect with each other on Internal networks

Post by scottgus1 »

For each VM, please provide the following:
  1. Start the VM from full normal shutdown, not save-state. Run the pings and ipconfig/ifconfig/ip-address's requested below, then shut down the VM from within the VM's OS if possible. If not possible, close the Virtualbox window for the VM with the Power Off option set.

    Right-click the VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. In the "Logs" subfolder, zip the VM's "vbox.log", and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions so you can find the "vbox.log", not "vbox.log.1", etc.)
  2. In the Windows OS, open a Command Prompt and run ipconfig /all. Post the command output.

    In the Linux OS, open a Terminal and run ifconfig or ip address. Post the command output.

    On the host OS, run the appropriate of these commands, and post the output.

    Please label which output comes from which OS.
  3. Ping 8.8.8.8 from each OS. Post the command output. Label which is which.
  4. Right-click each VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Copy the VM's .vbox file (not the .vbox-prev file) to the desktop (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file). Zip all the .vbox files and post the zip file, using the forum's Upload Attachment tab.
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

Re: VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

For Kali Linux:

The ifconfig results in:
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::24b5:ae79:4905:24b8 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:c7:e1:36 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 5503 (5.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 280 bytes 22896 (22.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 280 bytes 22896 (22.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Pinging 8.8.8.8 gives me
ping: connect: Network is unreachable
------------------------------------------------

For Windows VM (my apologies if the message looks horrible, I've to write everything out manually, since shared clipboard isn't working for whatever reason)

Windows IP Configuration:

Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No

Ethernet Cable Ethernet:

Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%11
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled

Pinging 8.8.8.8 gives me the error
PING: transmit failed. General failure
(This is the case for both my VMs)

For my second VM, ipconfig /all gives:

Windows IP Configuration:

Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No

Ethernet Cable Ethernet:

Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%5(Preferred)
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.19(Preferred)
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled

(Basically the same except for the IP difference)

Pinging 8.8.8.8 gives me the same issue as the above one.

Do I need to run this for my host OS too, and then give the results?

Pinging 8.8.8.8 from my host OS gives:
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=4.36 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=4.18 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=59 time=4.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=59 time=5.02 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 4.184/4.511/5.022/0.313 ms
Finally, when I try to attach the necessary files, I get the error "The extension vbox is not allowed."
mpack
Site Moderator
Posts: 38802
Joined: 4. Sep 2008, 17:09
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Mostly XP

Re: VMs are unable to connect with each other on Internal networks

Post by mpack »

ChrisxSaurav wrote: Finally, when I try to attach the necessary files, I get the error "The extension vbox is not allowed."
The instructions were to zip the log and vbox files, then attach the zip(s).
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

Re: VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

Ahh, my apologies, I've attached my vbox files in this reply
Attachments
vbox.zip
(4.66 KiB) Downloaded 3 times
scottgus1
Site Moderator
Posts: 19778
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VMs are unable to connect with each other on Internal networks

Post by scottgus1 »

Thanks for the info so far, and thanks too for typing out the Windows ipconfig's! We also needed a vbox.log from each VM, but if you ensure that each VM network adapter's "cable" is connected, then that is what the log would have shown.

Both of the Windows VMs are connected to Virtualbox's Internal network "intnet". However, Kali is connected to NAT, which does not connect to "intnet". See Virtualbox Networks: In Pictures.

Further, Kali's ipconfig does not show the default 10.0.2.15 IPv4 IP address that NAT hands out. So either the Kali "cable" is not connected, or enough manual adjustment and experimentation has been done to mess up Kali's network configuration. This also explains why Kali cannot ping 8.8.8.8 (Google's DNS). NAT should get internet into the VM, so pinging 8.8.8.8 should work, but there's something wrong with the connection.

The Windows VMs appear to have correct static IPs that should let those two VMs communicate with and ping each other
(note that the Windows firewall defaults to block ping; enable ICMP Echo Request in Windows Firewall). Not being able to ping 8.8.8.8 is expected in the Windows VMs, since Internal doesn't connect to the Internet.

Bridged may not work if your host was using Wi-Fi, or if sufficient manual misconfiguration has occurred.

If you put all VMs in the same NAT Network and set all the VM's adapters to receive DHCP-served IP addresses, you should get internet in the VMs, and all the adapters will be in the same IP range. Set Windows VMs to allow ping, and take Kali's network adapter DOWN then UP (or make a new Kali VM).

One last thing, both Windows VMs have the same network name "dorothy". This will cause trouble. Change one of the Windows VM's network name to something else.
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

Re: VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

Thank you so much for your help thusfar.

Thank you for the Kali VM, I changed it now to Internal, and ticked the cable connected box.

However, the big problem is that my Windows VMs are unable to ping each other, which I'm very confused about. Few things I'll not, I changed one of the names of the hosts from dorothy to toto (yes, based on Wizards of Oz), second of all, I have disabled firewalls for both VMs, so I don't think that the rule you mentioned to be disabled should affect me.

However, when I try to do
ping 192.168.1.19
, I get the following message
Reply from 192.168.1.10: Destination host unreachable
(And the vice versa when I try to ping 192.168.1.10 from the other VM).

I also want to note that I don't mind how and to whom my Windows VMs are connected to as long as I am able to communicate between them (and between them and the Kali VM), I only used the Internal Network because Bridged didn't work, and this was another network type I saw wherein the VMs could actually communicate with each other.
Finally, just a minor thing but could you let me know why the Bridged connection won't work when you're connected to WiFi, just curious.

Wanted to thank you for your help again
scottgus1
Site Moderator
Posts: 19778
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VMs are unable to connect with each other on Internal networks

Post by scottgus1 »

ChrisxSaurav wrote:I changed one of the names of the hosts from dorothy to toto (yes, based on Wizards of Oz)
I was going to suggest Toto, too. :lol:
ChrisxSaurav wrote:I have disabled firewalls for both VMs, so I don't think that the rule you mentioned to be disabled should affect me.
It shouldn't, with the firewalls disabled, as best I know. 'Tis a puzzle why your VMs cannot ping now. Can either of the Windows VMs ping the Kali VM?
ChrisxSaurav wrote:why the Bridged connection won't work when you're connected to WiFi,
Some Wi-Fi access points or adapter drivers prevent it, see the Bridged post in the Pictures tutorial.

I'd suggest the paragraph above about using NAT Network and the associated resets to the network adapters.
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

Re: VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

I was able to perform some tests and I'm fairly confused about the results.

So the most surprising one was that I was able to ping the VMs from each other, only if I used the IPv6 address instead of the IPv4 address. I would get the "Destination host unreachable" message when I used the IPv4 address, however in the Ping Statistics (this is between 2 Windows VMs) that
Packets: Sent = 4, Received = 4, Lost = 0
which means that the ping worked.

Similarly from the Linux Machine to the Windows Machine would give me
64 packets transmitted, 53 received, +53 duplicates, 17.1875% packet loss, time 64165ms
which is ofcourse significantly worse and I'm not fully sure why that is happening, however, it atleast means that ping is able to send and receive packets for the most part.

As a final test, I tried to ssh from one machine to the other using putty for Windows and regular ssh for Kali, and I'm not sure why none of the ssh attempts worked, it basically mentions that the connection timed out, so I'm confused about the fact that I can ping the VMs but not ssh.
fth0
Volunteer
Posts: 5102
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VMs are unable to connect with each other on Internal networks

Post by fth0 »

I'd suggest to capture the network traffic for further analysis:

While the VMs are not running, configure them to capture the network traffic with VBoxManage modifyvm --nictrace<1-N> on --nictracefile<1-N> <filename>. Do some tests, explain what you did and provide a zip file with the captured files.

Regarding SSH, ssh -vvv is your friend. ;)
ChrisxSaurav
Posts: 12
Joined: 25. May 2023, 14:36

Re: VMs are unable to connect with each other on Internal networks

Post by ChrisxSaurav »

Hi,

Uhh, sorry for being late (I've been travelling)

So, I'm even more confused about my tests.

I didn't realise that the IPv6 address for both the VMs were the same (well same upto the %10/%11 part) and basically, the machine would ping itself it seems when I tried the IPv6 address (atleast that's what I think is the reason I can't ping the IPv4 Address but I can ping the IPv6 once). (I get destination unreachable when all the VMs should be on the same network).

I will try to attach the network trace files below. I just wanted to know if they were supposed to binaries.

Finally, I wanted to know if re installing virtualbox would be able to fix my issues.
Attachments
win.zip
(39.75 KiB) Downloaded 1 time
scottgus1
Site Moderator
Posts: 19778
Joined: 30. Dec 2009, 20:14
Primary OS: MS Windows 10
VBox Version: PUEL
Guest OSses: Windows, Linux

Re: VMs are unable to connect with each other on Internal networks

Post by scottgus1 »

ChrisxSaurav wrote: 4. Jun 2023, 17:03 if re installing virtualbox would be able to fix my issues.
No. The VMs seem to be running, and there may have been enough misconfiguration in the manual network settings within the VMs that it may be best to start over with fresh VMs.
scottgus1 wrote: 28. May 2023, 22:58 If you put all VMs in the same NAT Network and set all the VM's adapters to receive DHCP-served IP addresses, you should get internet in the VMs, and all the adapters will be in the same IP range. Set Windows VMs to allow ping, and ... make a new Kali VM.
fth0
Volunteer
Posts: 5102
Joined: 14. Feb 2019, 03:06
Primary OS: Mac OS X other
VBox Version: PUEL
Guest OSses: Linux, Windows 10, ...
Location: Germany

Re: VMs are unable to connect with each other on Internal networks

Post by fth0 »

ChrisxSaurav wrote: 4. Jun 2023, 17:03 Uhh, sorry for being late (I've been travelling)
No problem! And sorry for being blind (see below)! ;)
ChrisxSaurav wrote: 4. Jun 2023, 17:03 I will try to attach the network trace files below. I just wanted to know if they were supposed to binaries.
Yes, the network capture files are using the Wireshark PCAP format.
ChrisxSaurav wrote: 28. May 2023, 14:52 Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
You've provided both Windows VMs with the same MAC address, and now both VMs use both IP addresses 192.168.1.10+19. You can change the MAC addresses in the VM configuration, and I'd suggest to change them to different values in both VMs.
Post Reply