Page 1 of 2

VRDE RDP Confusion - host or guest

Posted: 15. Sep 2021, 22:29
by SkylarB
I am running VirtualBox host on Centos 8, the guest VM is Kali-Linux.
After I start the guest VM and do showvminfo it appears that the VRDE port for RDP is open.

VRDE: enabled (Address 0.0.0.0, Ports 3389, MultiConn: off, ReuseSingleConn: off, Authentication type: null)
VRDE property : TCP/Ports = "3389"
VRDE property : TCP/Address = <not set>

If i run nmap from a Windows host on the same subnet it does not show port 3389 open.
Discovered open port 22/tcp on 192.168.1.112
Discovered open port 9090/tcp on 192.168.1.112

PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 8.0 (protocol 2.0)
9090/tcp open ssl/zeus-admin?

The VirtualBox host is on the same subnet as the host running nmap
VirtualBox host: 192.168.1.112/24
nmap host: 192.168.1.113/24

Am I correct the mstsc.exe 192.168.1.112 should connect from the Windows host 192.168.1.113 to the VirtualBox host 192.168.1.112?

if this is incorrect how do I assign a IP address to the guest VM Kali-Linux?

thanks........

Re: VRDE RDP Confusion - host or guest

Posted: 15. Sep 2021, 23:42
by scottgus1
A Windows host also uses port 3389 for MS RDP, and that port is closed by default in the Windows firewall.

1. Use a different port number for the VM's Virtualbox RDP than the one the host OS wants to use. Each instance of a service should use a unique port number.

2. Open the Windows host firewall for the port number you chose for the Virtualbox RDP.

Re: VRDE RDP Confusion - host or guest

Posted: 16. Sep 2021, 02:27
by SkylarB
I am on a private network (i.e. lab).
I have turn off the Windows firewall temporarily to test the connection.
I have modifyvm to allow VRDE on port 5000.

I still cannot get a connection to VirtualBox host.

workstation on the same subnet -- C:\Windows\System32>mstsc /v:192.169.1.112:5000
Error message "Remote access to server is not enable."

VirtualBox host -- showvminfo
$ vboxmanage showvminfo Kali --details | grep TCP/
VRDE property : TCP/Ports = "5000"
VRDE property : TCP/Address = <not set>

nmap from workstation to VirtualBox host
C:\Windows\System32>nmap 192.168.1.112 -p 5000
Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-15 19:08 Central Daylight Time
Nmap scan report for 192.168.1.112
Host is up (0.00s latency).
PORT STATE SERVICE
5000/tcp filtered upnp
Nmap done: 1 IP address (1 host up) scanned in 0.45 seconds

nmap from VirtualBox to workstation
nmap 192.168.1.113 -p 5000
Starting Nmap 7.70 ( https://nmap.org ) at 2021-09-15 19:18 CDT
Nmap scan report for 192.168.1.112
Host is up (0.00015s latency).
PORT STATE SERVICE
5000/tcp open upnp
Nmap done: 1 IP address (1 host up) scanned in 0.53 seconds

Any ideas or feedback on where I should look next?

thanks................

Re: VRDE RDP Confusion - host or guest

Posted: 16. Sep 2021, 03:35
by scottgus1
On the VM's host, can you successfully connect using 127.0.0.1:5000?

Re: VRDE RDP Confusion - host or guest

Posted: 16. Sep 2021, 13:36
by fth0
Please post a (zipped) VBox.log file from a VM run, so that we can verify the installation of the VirtualBox Extension Pack (EP) and the VRDP configuration of the VM.

Re: VRDE RDP Confusion - host or guest

Posted: 17. Sep 2021, 01:22
by SkylarB
rdesktop test at VirtualBox host

$ rdesktop -a 16 -N 127.0.0.1:5000
Autoselected keyboard map en-us
ERROR: Failed to open display:

rdesktop -a 16 -N 127.0.0.2:5000
Autoselected keyboard map en-us
ERROR: Failed to open display:

Vbox.log uploaded.

Re: VRDE RDP Confusion - host or guest

Posted: 17. Sep 2021, 10:08
by fth0
The vbox_log_upload.txt file shows that VirtualBox is listening on port 5000, so far so good. It doesn't show any connection attempt, though, but that could be because the VM is still running and the log file wasn't necessarily up-to-date.

On the host, you can probably use netstat -an to verify if the port is really open. Try rdesktop without any optional parameters (e.g. rdesktop 127.0.0.1:5000 or rdesktop 192.168.1.112:5000).

Re: VRDE RDP Confusion - host or guest

Posted: 17. Sep 2021, 10:21
by Martin
"Failed to open display:" is typically an error message, that the application cannot open the the local X11 window.
Is the DISPLAY variable correct in this environment?

Re: VRDE RDP Confusion - host or guest

Posted: 17. Sep 2021, 22:27
by SkylarB
response to Environment & Netstat

Environment:
$ printenv | grep vmbox
DISPLAY=vmbox:0
HOSTNAME=vmbox.garrison.local

netstat:
$ netstat -an | grep 5000
tcp 0 0 0.0.0.0:5000 0.0.0.0:* LISTEN
tcp6 0 0 :::5000 :::* LISTEN
$
$ rdesktop 127.0.0.1:5000
Autoselected keyboard map en-us
ERROR: Failed to open display: vmbox:0

$ rpm -qa |grep xorg-x11*
xorg-x11-apps-7.7-21.el8.x86_64
xorg-x11-fonts-misc-7.5-19.el8.noarch
xorg-x11-drv-libinput-0.29.0-1.el8.x86_64
xorg-x11-server-common-1.20.10-1.el8.x86_64
xorg-x11-xbitmaps-1.1.1-13.el8.noarch
xorg-x11-drv-vesa-2.4.0-3.el8.x86_64
xorg-x11-server-Xorg-1.20.10-1.el8.x86_64
xorg-x11-font-utils-7.5-40.el8.x86_64
xorg-x11-drv-fbdev-0.5.0-2.el8.x86_64
xorg-x11-proto-devel-2020.1-3.el8.noarch
xorg-x11-xkb-utils-7.7-28.el8.x86_64
xorg-x11-xauth-1.0.9-12.el8.x86_64

Re: VRDE RDP Confusion - host or guest

Posted: 18. Sep 2021, 00:17
by fth0
Ok, the listening socket is there, and $DISPLAY also matches the error message. What happens when you try xeyes -display vmbox:0? If it doesn't work, solve that problem first. ;)

Did you check for errors with dmesg? Does your Linux host OS has additional security software like AppArmor?

Re: VRDE RDP Confusion - host or guest

Posted: 23. Sep 2021, 22:21
by SkylarB
I can get xeyes to display on the VirtualBox host with the command line on the host --> xeyes -display :1

After exporting the DISPLAY on the client (export DISPLAY=:1)
I can get xeyes to display on the VirtualBox host executing the command line from the client using --> xeyes -display :1

I am not sure what to look for with the 'dmesg' command from the client.
Running dmesg from the client with '| grep VBox' I get:
$ dmesg | grep VBox
[ 51.869842] VBoxNetFlt: Successfully started.
[ 51.871727] VBoxNetAdp: Successfully started.
[ 572.635956] vboxdrv: 0000000000000000 VBoxDDR0.r0
[ 572.744735] vboxdrv: 0000000000000000 VBoxEhciR0.r0
[hbackus@vmbox ~]$
[hbackus@vmbox ~]$ dmesg | grep vbox
[ 51.643350] vboxdrv: loading out-of-tree module taints kernel.
[ 51.643503] vboxdrv: module verification failed: signature and/or required key missing - tainting kernel
[ 51.649054] vboxdrv: Found 8 processor cores
[ 51.665336] vboxdrv: TSC mode is Invariant, tentative frequency 3392142975 Hz
[ 51.665336] vboxdrv: Successfully loaded version 6.1.26 r145957 (interface 0x00300000)
[ 572.482338] vboxdrv: 0000000000000000 VMMR0.r0
[ 572.635956] vboxdrv: 0000000000000000 VBoxDDR0.r0
[ 572.744735] vboxdrv: 0000000000000000 VBoxEhciR0.r0
$

I still am not able to open a RDP session from the client to the VirtualBox host using port 5000

Re: VRDE RDP Confusion - host or guest

Posted: 24. Sep 2021, 00:42
by fth0
In your previous post, you stated that $DISPLAY was set to vmbox:0, and rdesktop complained that it wasn't able to use that display. Consequently, I asked you to try xeyes with this same $DISPLAY value to see if it fails just like rdesktop. Why did you try xeyes -display :1 now?

Regarding dmesg, the idea was to look for errors corresponding to the rdesktop command, which probably wouldn't contain the string "vbox". You can also use tail -f /var/log/syslog to monitor if the rdesktop command adds any syslog messages.

Re: VRDE RDP Confusion - host or guest

Posted: 24. Sep 2021, 02:40
by SkylarB
echo $DISPLAY on the VirtualBox host now returns :1.
This happened after I loaded some dependencies.
printenv shows the same as well.
DISPLAY=:1
HOSTNAME=vmbox.garrison.local

Not sure why it changed, but it was the only DISPLAY setting that I could get xeyes to display on both host and guest.

I did not find anything referencing rdesktop in dmesg or the syslog file while executed rdesktop.
I do get this error when I run rdesktop from the client to the host.
$ rdesktop 192.168.1.112:5000
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.
NOT IMPLEMENTED: PDU 9
ERROR: rdp.c:128: rdp_recv(), unexpected stream overrun0000 03 00 01 41 02 f0 80 68 00 01 03 eb 70 81 32 08 ...A...h....p.2.

I get the same error if I change the to IP to the loopback
$rdesktop 127.0.0.1:5000
Autoselected keyboard map en-us
Failed to negotiate protocol, retrying with plain RDP.

Re: VRDE RDP Confusion - host or guest

Posted: 24. Sep 2021, 09:17
by fth0
Ok. So you solved your original $DISPLAY related problem somehow, and now you've got a new one. AFAIU, the message regarding plain RDP is expected, it has to do with VirtualBox only using Null authentication, which is the only authentication method known to work.

Perhaps you can describe your current setup in some more details, so that others can develop further ideas what to do. Questions that do arise from my POV: Why is $DISPLAY set to :1 and not :0? Does your CentOS 8 host have a GUI, and it is based on X11 or Wayland?

Other than that, you could try rdesktop with the original arguments again, and also experiment with other arguments.

A new VBox.log file could also show new information.

Re: VRDE RDP Confusion - host or guest

Posted: 30. Sep 2021, 01:17
by SkylarB
Hardware Setup:
Intel Xeon E3-1240 V3 3.4GHz - 8GB RAM
Software Setup:
CentOS 8.4.2105
VirtualBox-6.1-6.1.26_145957_el8-1.x86_64
Extension Pack 6.1.18-142142

CentOS is a minimum install, dependencies installed as needed.
Packages installed attached.
X11 is installed.

My goals was to keep the OS as clean and minimal as possible with only the packages needed for the VirtualBox loaded.
I can change the display variable to anything I want or speculate that might be correct for what I am trying to achieve, but no luck so far.

I have attached the latest VBox.log as well.