Adding HackMyVm Boxes to Our Proxmox Cyber Range

In this module, we will look at how to import VMs from HackMyVM into our Proxmox home lab
In: Proxmox, Attack, CTF, Home Lab
ℹ️
This page is part of the larger series of converting an old laptop into a bare metal home lab server. Click here to be taken back to the project home page.

Previous Step

Adding Vulnhub VMs to Our Proxmox Cyber Range
In this module, we will look at how to import VMs from Vulnhub into our Proxmox home lab





Why this Post?

This post was added to guide much later after the original publication, because as of this writing, Vulnhub is more or less out of commission. Since OffSec acquired Vulnhub, they have been steering people over to their OffSec Proving Grounds platform, but you still have access to past-published Vulnhub VMs.



Proxmox and HackMyVM Boxes

ℹ️
The process with HackMyVM boxes and Vulnhub VMs is nearly identical with respect to Proxmox. So, I'll be condensing the information here and referring you back to the Vulnhub step for more clarification, so that I don't need to repeat myself.

Again, as is the case with Vulnhub, with HackMyVM boxes, in most cases, we are looking for a .vmdk file. The .vmdk file is a format used for a VM’s virtual hard disk



Using HackMyVM Responsibly

The VMs you find on HackMyVM are developed by the community, and we thank them for their efforts, but your network and the security of said network are paramount.

The steps can be condensed to the following:

  • Downloading the VM from HackMyVM
  • Extracting the contents
  • Locating the .vmdk file
  • Creating a VM in Proxmox
  • Importing the .vmdk disk to the VM in Proxmox
  • And changing the boot order to boot off the imported disk

Before you turn on the VM, double check your settings.
Double check your network settings, double check your boot settings

Always put untrusted hosts on a secure, segmented network behind your pfSense firewall, preferably your ISOLATED network.



Troubleshooting DHCP Issues

Please note that you might get some Ubuntu or Debian boxes where the DHCP client doesn't pull an IP address from pfSense. I've written an article on troubleshooting that issue here:

Troubleshooting Vulnhub VM Network Interface Issues in Proxmox
In this post, I show you how to troubleshoot when a VM you’ve imported from Vulnhub won’t receive an IP address from the DHCP server.

Even though this is for Vulnhub VMs, the issue will be resolved the same way



Importing a HackMyVM Box

Two Ways to Use HackMyVM

  1. Anonymously — you can use the platform without creating an account, but you need to use the RSS feed to see the full list of VMs
  2. Registered — you can register for an account on the platform and have access to more features, either way the platform costs nothing



Example Import Process

Download Source: https://downloads.hackmyvm.eu/atom.zip

Downloading and Transferring the Archive

ℹ️
I've downloaded this on my Windows host and now, need to transfer it to my Proxmox node. For this, we can use scp on Windows (also available on Linux and Mac OS).
# Syntax: scp <source_file> user@proxmox_node:<destination_path>
scp ~/Downloads/atom.zip root@172.16.1.6:/tmp/atom.zip
File transfer is in progress



Importing via the PVE Shell

File transfer is successful
# This is a comment. Just to add some comments about commands.
# If you see this, you do not need to type this in your shell.
# Install the unzip tool
apt install unzip
# Enter the /tmp directory
cd /tmp
# Unzip to the hackmyvm_atom directory
unzip -d hackmyvm_atom atom.zip
Unzipping the archive reveals an .ova file (which is yet another archive)
tar -xvf atom.ova
And, there's the .vmdk file we're after
grep --color -iE 'disk|ram|cpu|size|quantity|ostype' Atom.ovf
We can use the .ovf file to get more info about the VM requirements: 64-bit Debian, 1 hard disk (40 GiB) which we'll be importing later, 1 CPU (1 core), 3048 MiB RAM, 16 MiB VMSVGA Video RAM
# Let's create a VM and put in on the pfSense Isolated VLAN
# --name "<name of the VM>"
# --net0 model=virtio,bridge=vmbr1,firewall=0,tag=999
    # net0 is the first network adapter
    # model=virtio is the driver to use
    # bridge=vmbr1 is the pfSense switch
    # firewall=0 means no Proxmox firewall
    # tag=999 is the VLAN tag
# --memory 3048 means 3048 MiB of RAM
# --cores 2 means give the VM 2 coress
# --vga type=std,memory=16 means use the default display adapter with 16 MiB
# --ostype l26 means Linux kernel 2.6 (older systems like Metasploitable)
# --storage local-lvm is VM disk storage

VM_ID='401'
qm create "$VM_ID" --name "HackMyVM-Atom" \
--net0 model=virtio,bridge=vmbr1,firewall=0,tag=999 \
--memory 3048 --cores 2 --vga type=std,memory=16 \
--ostype l26 --storage local-lvm

Create the VM using the parameters identifies in the .ovf file, adapted for Proxmox

# Let's import the disk to the new VM
# Importing Atom.vmdk to VM 401 on local-lvm as QCOW2 format
# This is just the disk import we have to attach it next
# We use --format qcow2 to allow for snapshots
qm importdisk "$VM_ID" Atom-disk001.vmdk local-lvm --format qcow2

Importing the disk to the VM (this will take a while depending the size of the disk)

# Attach the disk to the VM
# --sata0 is the first SATA disk
# local-lvm:vm-401-disk-0
   # In the step above we imported the disk to local-lvm
   # The imported disk is stored in local-lvm:vm-401-disk-0
   # We are attaching it to sata0
qm set "$VM_ID" --sata0 "local-lvm:vm-${VM_ID}-disk-0"

Attach the disk to the VM on the SATA storage controller

# Set the disk as the primary boot
   # --boot is setting the boot order settings
   # We attached sata0 in the step above. Now, we want to boot from it.
qm set "$VM_ID" --boot="order=sata0"

Set the VM to boot first from the attached hard disk

qm start "$VM_ID"

Test booting up the VM

VM is running smoothly
It has also pulled a DHCP address from pfSense as well
cd /tmp
rm atom.zip
rm -r ./hackmyvm_atom

Clean up the files

Import successful! Take a snapshot of your VM in its current state before starting the pentest and roll back in case of issues. Then, go and do your nmap scans and have fun!



Next Step

Set up Remote Access to Our Proxmox Home Lab
In this module, we will look at using dynamic DNS, OpenVPN, and WireGuard to setup remote access to our Proxmox home lab
More from 0xBEN
Table of Contents
Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to 0xBEN.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.