This module is a part of a larger series of building a security lab in VirtualBox. Click here to be taken back to the series landing page.
Example 1: Metasploitable 2
With this method, we are going to download a VM from Vulnhub and import it using the
.vmdk file from an archive.
https://vulnhub.com. Search for
Use the official Vulnhub mirror
Once finished downloading, unzip this file to extract the virtual disk.
.vmdk file is what we're after here.
Open VirtualBox and click New
Right-click the Metasploitable2 VM and choose Settings
You can now start the VM.
If you wish, you can login with
msfadmin:msfadmin to check that the system grabbed an IP from the DHCP server. I got the IP address
10.6.6.11 which is right what we want.
Ping Kali from Metasploitable2
Ping google.com from Metasploitable2
Ping Metasploitable2 from Kali
Example 2: Mr. Robot
With this method, we are going to download VM from Vulnhub and import it using the
This is an Open Virtual Appliance file and is an open standard for packaging virtual machines for reuse with other hypervisors. The
.ova format is directly compatible with VirtualBox.
You will notice in the directory where you downloaded the file, the file type is automatically associated with VirtualBox.
Import the VM
Set the name to
Set the MAC address policy
Adjust the VM Settings
Right click the Mr. Robot VM and choose Settings
Turn on the VM, it should get an IP address from pfSense in the Isolated LAN. If you configured your firewall correctly, Kali can route to this LAN.
Continued Practice: OSCP-Like Boxes
Now, that I've shown you two examples of importing Vulnhub boxes into your cyber range, don't stop there. TJ Null and the folks at NetSecFocus have curated a list of OSCP-like boxes.
Among these boxes is a long list of Vulnhub targets. Follow along with the steps shown above and continue your Vulnhub adventures. You can find a list of any write-ups I've done from the list of targets linked above.