1
00:00:00,430 --> 00:00:08,200
So now we have two virtual machines called Lennix, the attack machine or a client, and B box Linux

2
00:00:08,200 --> 00:00:11,290
server, which will be the victim or server.

3
00:00:12,750 --> 00:00:16,130
So naturally, we should get them to communicate with each other.

4
00:00:17,170 --> 00:00:23,680
So that means that we need to put them on the same network, otherwise they're just separate dummy machines,

5
00:00:23,680 --> 00:00:23,940
right?

6
00:00:25,090 --> 00:00:25,810
Couldn't resist.

7
00:00:26,080 --> 00:00:26,440
So.

8
00:00:27,740 --> 00:00:35,060
Putting these machines in our local network directly, was that going to do expose our own network and

9
00:00:35,060 --> 00:00:37,550
our host to adversaries?

10
00:00:38,620 --> 00:00:41,800
This is a vital and very important security risk.

11
00:00:43,250 --> 00:00:47,780
And it's going to cause some major headaches, so for this reason.

12
00:00:48,730 --> 00:00:56,620
We can use the Internet working system of VMware workstation player, so this will do is it will help

13
00:00:56,620 --> 00:01:02,630
us to eliminate risk, but we don't necessarily have to expose our own network and all the headaches

14
00:01:02,630 --> 00:01:04,810
that that may cause sound good.

15
00:01:05,810 --> 00:01:06,980
It does to me.

16
00:01:09,260 --> 00:01:14,090
Now, let me briefly tell you about the VMware workstation player networking.

17
00:01:14,990 --> 00:01:22,760
Now, because there are a few options that could make it confusing, I want to point out the three most

18
00:01:22,760 --> 00:01:28,820
popular configurations, which are Bridgid Nat'l and host only network.

19
00:01:29,560 --> 00:01:35,560
So the first one is a Bridgid network, the Bridgid architecture will let your virtual machine connect

20
00:01:35,560 --> 00:01:43,330
directly to your network or what I mean is your land and then the VM will get an automatic IP address

21
00:01:43,330 --> 00:01:44,680
from your home router.

22
00:01:45,700 --> 00:01:49,780
Now, this option obviously does not eliminate the risk of exposure.

23
00:01:51,220 --> 00:01:58,150
But it opens the pvm to the land, so I don't recommend this configuration in a production or a business

24
00:01:58,150 --> 00:02:02,320
environment, especially when you're busy with many vulnerable machines.

25
00:02:03,230 --> 00:02:10,970
So the second one is not in this architecture can actually solve our problem because it creates a virtual

26
00:02:10,970 --> 00:02:15,170
network and then it assigns an IP address to your VM.

27
00:02:15,820 --> 00:02:22,760
So if you make this like we're going to do on our demo, your VM can only communicate with your host

28
00:02:22,760 --> 00:02:25,010
and the machines in this network.

29
00:02:26,100 --> 00:02:32,250
The third option, in case you're curious, host only network provides more isolation with the host

30
00:02:32,250 --> 00:02:38,160
only network, you can completely isolate your VM from land as well as when.

31
00:02:39,300 --> 00:02:42,270
This architecture is very useful when you need sandboxing.

32
00:02:43,180 --> 00:02:50,620
For example, when you analyze malware, you really only want to use the host only network and you can

33
00:02:50,620 --> 00:02:54,610
also observe if the malware tries to communicate to a remote control server.

34
00:02:55,510 --> 00:03:02,260
So in our lab, what we're going to do is use the net network and I'll just quickly show you how it's

35
00:03:02,260 --> 00:03:02,560
done.

36
00:03:04,630 --> 00:03:06,220
Start your workstation player.

37
00:03:08,240 --> 00:03:11,750
And your virtual machines are going to be listed on this left pane.

38
00:03:13,460 --> 00:03:20,240
I'm going to first start calling, so choose Kelly Lennox by clicking on it, and a new view will be

39
00:03:20,240 --> 00:03:22,070
opened in the right pane.

40
00:03:23,470 --> 00:03:27,940
So from that view, by clicking in here, the settings window will open.

41
00:03:29,610 --> 00:03:32,530
Now, you can change many configuration settings from this window.

42
00:03:33,420 --> 00:03:36,960
We're only going to change the network adapter settings.

43
00:03:38,630 --> 00:03:44,060
So when you click on Network Adapter, right, pain, you're going to see the network option that we

44
00:03:44,060 --> 00:03:45,550
mentioned a little while ago, right?

45
00:03:46,830 --> 00:03:50,060
And I'm going to check Nat and click, OK?

46
00:03:51,760 --> 00:03:56,350
And then I will quickly do the same thing for our vulnerable virtual machine box.

47
00:03:58,140 --> 00:04:04,180
OK, so now both machines are in the network and let's check to see if they're connected.

48
00:04:04,860 --> 00:04:07,650
So let's start up Kelly Linux by double clicking.

49
00:04:11,590 --> 00:04:18,720
And click on Shortcode again to open the workstation main window and we'll start at beatboxes as well.

50
00:04:22,990 --> 00:04:24,400
And I'm going to log in to Kalli.

51
00:04:28,440 --> 00:04:34,680
Now, let's open up the terminal and check the I.P. address by typing the IP config command.

52
00:04:36,360 --> 00:04:43,020
And we get that the IP address is one nine two one six eight two two seven eight one two eight.

53
00:04:45,010 --> 00:04:47,790
So I'm going to do the same thing for Beatbox as well.

54
00:04:49,700 --> 00:04:50,720
I config.

55
00:04:51,680 --> 00:04:57,980
And there's the IP address of Beatbox, 192000 one six eight two two seven dot one three zero.

56
00:04:59,490 --> 00:05:04,830
OK, so now it's Taiping, one nine two, about one six eight 227000 one two eight.

57
00:05:05,690 --> 00:05:07,970
And B box can reach Kaui.

58
00:05:09,050 --> 00:05:13,760
So it's a return to Cali and Ping, the IP address of Xbox.

59
00:05:14,770 --> 00:05:18,160
And perfect buybacks will also allow the connection.

60
00:05:19,150 --> 00:05:25,340
So that means our attacking machine and vulnerable machine will be able to communicate with each other.

61
00:05:25,360 --> 00:05:26,680
In fact, they're doing it right now.

62
00:05:27,340 --> 00:05:33,880
Oh, and one more thing to say is, after recording this video, I needed to change something with my

63
00:05:33,880 --> 00:05:34,270
system.

64
00:05:35,400 --> 00:05:42,960
So the IP address of the machines are also changed for me, so for Linux, I will be using one nine

65
00:05:42,960 --> 00:05:46,230
two two one six eight to zero for about one to eight.

66
00:05:46,500 --> 00:05:51,810
And for beatboxer, I will be using one nine to about one six eight two zero four eight one three zero.

67
00:05:53,920 --> 00:06:02,460
OK, so congratulations, your virtual machines are now ready to run and communicate, they are operational,

68
00:06:03,280 --> 00:06:07,810
so now we include all machines into the same network.

69
00:06:08,810 --> 00:06:10,080
Now they can communicate.

70
00:06:10,760 --> 00:06:17,660
So there's one last task to do when you work in a lab, you can pretty much mess everything up pretty

71
00:06:17,660 --> 00:06:18,110
easily.

72
00:06:19,260 --> 00:06:25,470
You can change the configuration of server, upload malicious files, delete or change data and more

73
00:06:25,740 --> 00:06:27,990
so after a while.

74
00:06:29,040 --> 00:06:33,710
You are going to have so much in here that you could very easily lose your way.

75
00:06:34,350 --> 00:06:41,790
So at that point, don't despair, just return to the first clean installation of the virtual machine.

76
00:06:42,740 --> 00:06:51,290
So unfortunately, VMware workstation player does not support snapshots, if you have VMware workstation

77
00:06:51,290 --> 00:06:53,880
pro, you can certainly use that feature.

78
00:06:54,770 --> 00:07:01,510
So what you need to do then is copy the clean installation of the virtual machines, that's all.

79
00:07:01,790 --> 00:07:04,820
If you're going to need clean ones later, you can always import them again.

80
00:07:04,820 --> 00:07:07,310
And VMware player is always options.

81
00:07:08,090 --> 00:07:12,740
And of course, you could always choose to run the whole lab on virtual box.

82
00:07:13,140 --> 00:07:16,040
That way you'll have these kinds of features for free.

83
00:07:16,430 --> 00:07:17,690
Always good to have options.