VMs are unable to connect with each other on Internal networks
-
- Posts: 12
- Joined: 25. May 2023, 14:36
VMs are unable to connect with each other on Internal networks
So I wanted to emulate Wizard Spider in adversary_emulation_library github, and I setup 3 VMs with one having Kali and the other 2 having Windows in virtualbox.
With my Kali VM and one of my Windows VMs I want to make sure that both my VMs are connected with each other and I can actually transfer files from one VM to the other (Not needed for the first step since I can access the file in any other way but I need the connection between the VMs if I want the attack to work in the later stages). However, even after trying Bridged Adapter (which for whatever reason wouldn't allow either of my VMs to access the internet) and NAT Network, I've been unable to establish a connection between the two.
I then tried internal network between both of my Windows VMs. However, even after downloading all the necessary ssh software such as OpenSSH, I'm unable to ping one VM from the other. I found the ip address using ipconfig within powershell, and ping just returnes Destination Host Unreachable
Any help would be really appreciated
With my Kali VM and one of my Windows VMs I want to make sure that both my VMs are connected with each other and I can actually transfer files from one VM to the other (Not needed for the first step since I can access the file in any other way but I need the connection between the VMs if I want the attack to work in the later stages). However, even after trying Bridged Adapter (which for whatever reason wouldn't allow either of my VMs to access the internet) and NAT Network, I've been unable to establish a connection between the two.
I then tried internal network between both of my Windows VMs. However, even after downloading all the necessary ssh software such as OpenSSH, I'm unable to ping one VM from the other. I found the ip address using ipconfig within powershell, and ping just returnes Destination Host Unreachable
Any help would be really appreciated
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VMs are unable to connect with each other on Internal networks
For each VM, please provide the following:
- Start the VM from full normal shutdown, not save-state. Run the pings and ipconfig/ifconfig/ip-address's requested below, then shut down the VM from within the VM's OS if possible. If not possible, close the Virtualbox window for the VM with the Power Off option set.
Right-click the VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. In the "Logs" subfolder, zip the VM's "vbox.log", and post the zip file, using the forum's Upload Attachment tab. (Configure your host OS to show all extensions so you can find the "vbox.log", not "vbox.log.1", etc.) - In the Windows OS, open a Command Prompt and run ipconfig /all. Post the command output.
In the Linux OS, open a Terminal and run ifconfig or ip address. Post the command output.
On the host OS, run the appropriate of these commands, and post the output.
Please label which output comes from which OS. - Ping 8.8.8.8 from each OS. Post the command output. Label which is which.
- Right-click each VM in the main Virtualbox window's VM list, choose Show in Explorer/Finder/File Manager. Copy the VM's .vbox file (not the .vbox-prev file) to the desktop (Configure your host OS to show all extensions if the folder that opens does not show a .vbox file). Zip all the .vbox files and post the zip file, using the forum's Upload Attachment tab.
-
- Posts: 12
- Joined: 25. May 2023, 14:36
Re: VMs are unable to connect with each other on Internal networks
For Kali Linux:
The ifconfig results in:
For Windows VM (my apologies if the message looks horrible, I've to write everything out manually, since shared clipboard isn't working for whatever reason)
Windows IP Configuration:
Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No
Ethernet Cable Ethernet:
Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%11
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled
Pinging 8.8.8.8 gives me the error
For my second VM, ipconfig /all gives:
Windows IP Configuration:
Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No
Ethernet Cable Ethernet:
Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%5(Preferred)
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.19(Preferred)
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled
(Basically the same except for the IP difference)
Pinging 8.8.8.8 gives me the same issue as the above one.
Do I need to run this for my host OS too, and then give the results?
Pinging 8.8.8.8 from my host OS gives:
The ifconfig results in:
Pinging 8.8.8.8 gives meeth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::24b5:ae79:4905:24b8 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:c7:e1:36 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 5503 (5.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 280 bytes 22896 (22.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 280 bytes 22896 (22.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
------------------------------------------------ping: connect: Network is unreachable
For Windows VM (my apologies if the message looks horrible, I've to write everything out manually, since shared clipboard isn't working for whatever reason)
Windows IP Configuration:
Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No
Ethernet Cable Ethernet:
Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%11
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.10
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled
Pinging 8.8.8.8 gives me the error
(This is the case for both my VMs)PING: transmit failed. General failure
For my second VM, ipconfig /all gives:
Windows IP Configuration:
Host Name . . . . . . . .: dorothy
Primary DNS Suffix .:
Node Type . . . . . . . : hybrid
IP Routing Enables. . . . . . . . . . : No
WINS Proxy Enabled . . . . . . . . : No
Ethernet Cable Ethernet:
Connection-Specific DNS Suffix .:
Description . . . . . . . . . . . . . . . . . .: Intel(R) PRO/1000 MT Desktop Adapter
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
DHCP Enabled . . . . . . . . . . . . . . .: No
Autoconfiguration Enabled . . . . . .: Yes
Link-Local IPv6 Address . . . . . . . : fe80::dc4c:43d5:a370:c61f%5(Preferred)
IPv4 Address . . . . . . . . . . . . . . . : 192.168.1.19(Preferred)
Subnet Mask . . . . . . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . . . . . : 101187623
DHCPv6 Client DUID . . . . . . . . . .: 00-01-00-01-2B-FF-1F-1C-08-00-27-56-4D-9F
DNS Servers . . . . . . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
Netbios over tcpip . . . . . . . . . . . . : Enabled
(Basically the same except for the IP difference)
Pinging 8.8.8.8 gives me the same issue as the above one.
Do I need to run this for my host OS too, and then give the results?
Pinging 8.8.8.8 from my host OS gives:
Finally, when I try to attach the necessary files, I get the error "The extension vbox is not allowed."PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=59 time=4.36 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=59 time=4.18 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=59 time=4.48 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=59 time=5.02 ms
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 4.184/4.511/5.022/0.313 ms
-
- Site Moderator
- Posts: 39134
- Joined: 4. Sep 2008, 17:09
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Mostly XP
Re: VMs are unable to connect with each other on Internal networks
The instructions were to zip the log and vbox files, then attach the zip(s).ChrisxSaurav wrote: Finally, when I try to attach the necessary files, I get the error "The extension vbox is not allowed."
-
- Posts: 12
- Joined: 25. May 2023, 14:36
Re: VMs are unable to connect with each other on Internal networks
Ahh, my apologies, I've attached my vbox files in this reply
- Attachments
-
- vbox.zip
- (4.66 KiB) Downloaded 5 times
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VMs are unable to connect with each other on Internal networks
Thanks for the info so far, and thanks too for typing out the Windows ipconfig's! We also needed a vbox.log from each VM, but if you ensure that each VM network adapter's "cable" is connected, then that is what the log would have shown.
Both of the Windows VMs are connected to Virtualbox's Internal network "intnet". However, Kali is connected to NAT, which does not connect to "intnet". See Virtualbox Networks: In Pictures.
Further, Kali's ipconfig does not show the default 10.0.2.15 IPv4 IP address that NAT hands out. So either the Kali "cable" is not connected, or enough manual adjustment and experimentation has been done to mess up Kali's network configuration. This also explains why Kali cannot ping 8.8.8.8 (Google's DNS). NAT should get internet into the VM, so pinging 8.8.8.8 should work, but there's something wrong with the connection.
The Windows VMs appear to have correct static IPs that should let those two VMs communicate with and ping each other
(note that the Windows firewall defaults to block ping; enable ICMP Echo Request in Windows Firewall). Not being able to ping 8.8.8.8 is expected in the Windows VMs, since Internal doesn't connect to the Internet.
Bridged may not work if your host was using Wi-Fi, or if sufficient manual misconfiguration has occurred.
If you put all VMs in the same NAT Network and set all the VM's adapters to receive DHCP-served IP addresses, you should get internet in the VMs, and all the adapters will be in the same IP range. Set Windows VMs to allow ping, and take Kali's network adapter DOWN then UP (or make a new Kali VM).
One last thing, both Windows VMs have the same network name "dorothy". This will cause trouble. Change one of the Windows VM's network name to something else.
Both of the Windows VMs are connected to Virtualbox's Internal network "intnet". However, Kali is connected to NAT, which does not connect to "intnet". See Virtualbox Networks: In Pictures.
Further, Kali's ipconfig does not show the default 10.0.2.15 IPv4 IP address that NAT hands out. So either the Kali "cable" is not connected, or enough manual adjustment and experimentation has been done to mess up Kali's network configuration. This also explains why Kali cannot ping 8.8.8.8 (Google's DNS). NAT should get internet into the VM, so pinging 8.8.8.8 should work, but there's something wrong with the connection.
The Windows VMs appear to have correct static IPs that should let those two VMs communicate with and ping each other
(note that the Windows firewall defaults to block ping; enable ICMP Echo Request in Windows Firewall). Not being able to ping 8.8.8.8 is expected in the Windows VMs, since Internal doesn't connect to the Internet.
Bridged may not work if your host was using Wi-Fi, or if sufficient manual misconfiguration has occurred.
If you put all VMs in the same NAT Network and set all the VM's adapters to receive DHCP-served IP addresses, you should get internet in the VMs, and all the adapters will be in the same IP range. Set Windows VMs to allow ping, and take Kali's network adapter DOWN then UP (or make a new Kali VM).
One last thing, both Windows VMs have the same network name "dorothy". This will cause trouble. Change one of the Windows VM's network name to something else.
-
- Posts: 12
- Joined: 25. May 2023, 14:36
Re: VMs are unable to connect with each other on Internal networks
Thank you so much for your help thusfar.
Thank you for the Kali VM, I changed it now to Internal, and ticked the cable connected box.
However, the big problem is that my Windows VMs are unable to ping each other, which I'm very confused about. Few things I'll not, I changed one of the names of the hosts from dorothy to toto (yes, based on Wizards of Oz), second of all, I have disabled firewalls for both VMs, so I don't think that the rule you mentioned to be disabled should affect me.
However, when I try to do
I also want to note that I don't mind how and to whom my Windows VMs are connected to as long as I am able to communicate between them (and between them and the Kali VM), I only used the Internal Network because Bridged didn't work, and this was another network type I saw wherein the VMs could actually communicate with each other.
Finally, just a minor thing but could you let me know why the Bridged connection won't work when you're connected to WiFi, just curious.
Wanted to thank you for your help again
Thank you for the Kali VM, I changed it now to Internal, and ticked the cable connected box.
However, the big problem is that my Windows VMs are unable to ping each other, which I'm very confused about. Few things I'll not, I changed one of the names of the hosts from dorothy to toto (yes, based on Wizards of Oz), second of all, I have disabled firewalls for both VMs, so I don't think that the rule you mentioned to be disabled should affect me.
However, when I try to do
, I get the following messageping 192.168.1.19
(And the vice versa when I try to ping 192.168.1.10 from the other VM).Reply from 192.168.1.10: Destination host unreachable
I also want to note that I don't mind how and to whom my Windows VMs are connected to as long as I am able to communicate between them (and between them and the Kali VM), I only used the Internal Network because Bridged didn't work, and this was another network type I saw wherein the VMs could actually communicate with each other.
Finally, just a minor thing but could you let me know why the Bridged connection won't work when you're connected to WiFi, just curious.
Wanted to thank you for your help again
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VMs are unable to connect with each other on Internal networks
I was going to suggest Toto, too.ChrisxSaurav wrote:I changed one of the names of the hosts from dorothy to toto (yes, based on Wizards of Oz)
It shouldn't, with the firewalls disabled, as best I know. 'Tis a puzzle why your VMs cannot ping now. Can either of the Windows VMs ping the Kali VM?ChrisxSaurav wrote:I have disabled firewalls for both VMs, so I don't think that the rule you mentioned to be disabled should affect me.
Some Wi-Fi access points or adapter drivers prevent it, see the Bridged post in the Pictures tutorial.ChrisxSaurav wrote:why the Bridged connection won't work when you're connected to WiFi,
I'd suggest the paragraph above about using NAT Network and the associated resets to the network adapters.
-
- Posts: 12
- Joined: 25. May 2023, 14:36
Re: VMs are unable to connect with each other on Internal networks
I was able to perform some tests and I'm fairly confused about the results.
So the most surprising one was that I was able to ping the VMs from each other, only if I used the IPv6 address instead of the IPv4 address. I would get the "Destination host unreachable" message when I used the IPv4 address, however in the Ping Statistics (this is between 2 Windows VMs) that
Similarly from the Linux Machine to the Windows Machine would give me
As a final test, I tried to ssh from one machine to the other using putty for Windows and regular ssh for Kali, and I'm not sure why none of the ssh attempts worked, it basically mentions that the connection timed out, so I'm confused about the fact that I can ping the VMs but not ssh.
So the most surprising one was that I was able to ping the VMs from each other, only if I used the IPv6 address instead of the IPv4 address. I would get the "Destination host unreachable" message when I used the IPv4 address, however in the Ping Statistics (this is between 2 Windows VMs) that
which means that the ping worked.Packets: Sent = 4, Received = 4, Lost = 0
Similarly from the Linux Machine to the Windows Machine would give me
which is ofcourse significantly worse and I'm not fully sure why that is happening, however, it atleast means that ping is able to send and receive packets for the most part.64 packets transmitted, 53 received, +53 duplicates, 17.1875% packet loss, time 64165ms
As a final test, I tried to ssh from one machine to the other using putty for Windows and regular ssh for Kali, and I'm not sure why none of the ssh attempts worked, it basically mentions that the connection timed out, so I'm confused about the fact that I can ping the VMs but not ssh.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: VMs are unable to connect with each other on Internal networks
I'd suggest to capture the network traffic for further analysis:
While the VMs are not running, configure them to capture the network traffic with VBoxManage modifyvm --nictrace<1-N> on --nictracefile<1-N> <filename>. Do some tests, explain what you did and provide a zip file with the captured files.
Regarding SSH, ssh -vvv is your friend.
While the VMs are not running, configure them to capture the network traffic with VBoxManage modifyvm --nictrace<1-N> on --nictracefile<1-N> <filename>. Do some tests, explain what you did and provide a zip file with the captured files.
Regarding SSH, ssh -vvv is your friend.
-
- Posts: 12
- Joined: 25. May 2023, 14:36
Re: VMs are unable to connect with each other on Internal networks
Hi,
Uhh, sorry for being late (I've been travelling)
So, I'm even more confused about my tests.
I didn't realise that the IPv6 address for both the VMs were the same (well same upto the %10/%11 part) and basically, the machine would ping itself it seems when I tried the IPv6 address (atleast that's what I think is the reason I can't ping the IPv4 Address but I can ping the IPv6 once). (I get destination unreachable when all the VMs should be on the same network).
I will try to attach the network trace files below. I just wanted to know if they were supposed to binaries.
Finally, I wanted to know if re installing virtualbox would be able to fix my issues.
Uhh, sorry for being late (I've been travelling)
So, I'm even more confused about my tests.
I didn't realise that the IPv6 address for both the VMs were the same (well same upto the %10/%11 part) and basically, the machine would ping itself it seems when I tried the IPv6 address (atleast that's what I think is the reason I can't ping the IPv4 Address but I can ping the IPv6 once). (I get destination unreachable when all the VMs should be on the same network).
I will try to attach the network trace files below. I just wanted to know if they were supposed to binaries.
Finally, I wanted to know if re installing virtualbox would be able to fix my issues.
- Attachments
-
- win.zip
- (39.75 KiB) Downloaded 1 time
-
- Site Moderator
- Posts: 20945
- Joined: 30. Dec 2009, 20:14
- Primary OS: MS Windows 10
- VBox Version: PUEL
- Guest OSses: Windows, Linux
Re: VMs are unable to connect with each other on Internal networks
No. The VMs seem to be running, and there may have been enough misconfiguration in the manual network settings within the VMs that it may be best to start over with fresh VMs.
-
- Volunteer
- Posts: 5677
- Joined: 14. Feb 2019, 03:06
- Primary OS: Mac OS X other
- VBox Version: PUEL
- Guest OSses: Linux, Windows 10, ...
- Location: Germany
Re: VMs are unable to connect with each other on Internal networks
No problem! And sorry for being blind (see below)!
Yes, the network capture files are using the Wireshark PCAP format.ChrisxSaurav wrote: ↑4. Jun 2023, 17:03 I will try to attach the network trace files below. I just wanted to know if they were supposed to binaries.
You've provided both Windows VMs with the same MAC address, and now both VMs use both IP addresses 192.168.1.10+19. You can change the MAC addresses in the VM configuration, and I'd suggest to change them to different values in both VMs.ChrisxSaurav wrote: ↑28. May 2023, 14:52 Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F
Physical Address . . . . . . . . . . . . . : 08-00-27-56-4D-9F