Lab–Setup a Multi-VM Environment

In this lab, you will set up a virtual network environment by connecting multiple virtual machines in
VirtualBox.
Note: If you have typed the username incorrectly for the Kali VM, click Cancel to input the correct
username.

Step 1. Import appliance virtual machines into VirtualBox.
VirtualBox is able to host and run multiple virtual machines. Along with the CyberOps
Workstation VM that has already been installed, you will import additional virtual machines
into VirtualBox to create a virtual network.
Note: The screen may look different depending on your version of VirtualBox.
a. Use the file menu in VirtualBox to install Kali Linux: File > Import Appliance, then

navigate to the kali_linux.ova file and click Next.
b. A new window will appear presenting the settings suggested in the OVA archive. Check
the Reinitialize the MAC address of all network cards box at bottom of the window.
Leave all other settings as default. Click Import.
c. After the import is complete, VirtualBox will show the new Kali VM. Your Kali Linux

VM file name might be different than the graphic shown below.
d. Now import the Metasploitable and the Security Onion VMs using the same method.
e. All four VMs are now shown in VirtualBox.
Step 2. Network the Virtual Machines to create a virtual lab.
In this part, you will ensure that networking is configured between the VMs. In VirtualBox,

a VM’s network adapter can be in bridged mode (visible on the network like any other physi-
cal device), NAT mode (visible on the network but in a separate IP address space), or internal

mode (only visible to other virtual machines with the same internal name or virtual local area
network [VLAN]).
Examine the network settings for each virtual machine and take note of how the network
adapter modes and names place the VMs in different VLANs.
a. Kali has one network adapter using internal network mode in the internet VLAN.

Notice how this corresponds to the network diagram on page 1.
d. CyberOps Workstation VM is in bridged mode. It is not in an internal network with

the other VMs. You will need to change the network adapter next.
f. Now that the network adapter is in the right internal network or VLAN, log in to the
CyberOps Workstation VM to change the IP address settings to communicate on the
virtual network.

g. Open a command prompt and examine the contents of the scripts folder inside the lab.

support.files/scripts folder.
```
[analyst@secOs~]$ ls lab.support.files/scripts
configure_as_dhcp.sh cyops.mn start_ELK.sh
configure_as_static.sh fw_rules start_miniedit.sh
cyberops_extended_topo_no_fw.py mal_server_start.sh start_pox.sh
cyberops_extended_topo.py net_configuration_files start_snort.sh
cyberops_topo.py reg_server_start.sh start_tftpd.sh
[analyst@secOps ~]$
```
h. The script configure_as_dhcp.sh is used to configure the network interface to request
an IP address from a DHCP server. This is the default setting for the CyberOps
Workstation VM. To configure it for a multi-VM environment, you will need to run the
configure_as_static.sh script. This will configure the network interface with the static
IP address 192.168.0.11 and a default gateway of 192.168.0.1, which is the Security
Onion VM. The Security Onion VM is responsible for routing between the Inside,

DMZ, and Internet networks. Run the configure_as_static.sh script and enter the pass-
word (if prompted) to set the IP address to 192.168.0.11 in the virtual network.
```
[analyst@secOs~]$ sudo ./lab.support.files/scripts/configure_as_static.sh
[sudo] pa ssword for analyst:
Configuring the NIC as:
IP: 192.168.0.11/24
GW: 192.168.0.1
IP Configuration successful.
[analyst@secOps ~]$
```
Note: If you need to use CyberOps Workstation VM as a stand-alone environment with access to the
Internet, change the network adapter back to bridged mode and run the configure_as_dhcp.sh script.
i. Return to VirtualBox and power on the other VMs: Kali Linux, Metasploitable,
and Security Onion. Refer to the VM Settings table for username and password
information.
Note: If necessary, use the right control key to unlock the cursor to navigate between windows.
j. When all of the VMs are running, ping from the CyberOps Workstation VM to the

Metasploitable and Kali Linux VMs. Use Ctrl+C to stop the ping.
```
[analyst@secOps ~]$ ping 209.165.200.235
PING 209.165.200.235 (209.165.200.235) 56(84) bytes of data.
64 bytes from 209.165.200.235: icmp_seq=1 ttl=63 time=1.16 ms
64 bytes from 209.165.200.235: icmp_seq=2 ttl=63 time=0.399 ms
64 bytes from 209.165.200.235: icmp_seq=3 ttl=63 time=0.379 ms
^C
--- 209.165.200.235 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.379/0.646/1.162/0.365 ms
[analyst@secOps ~]$ ping 209.165.201.17
PING 209.165.201.17 (209.165.201.17) 56(84) bytes of data.
64 bytes from 209.165.201.17: icmp_seq=1 ttl=63 time=0.539 ms
64 bytes from 209.165.201.17: icmp_seq=2 ttl=63 time=0.531 ms
64 bytes from 209.165.201.17: icmp_seq=3 ttl=63 time=0.567 ms
64 bytes from 209.165.201.17: icmp_seq=4 ttl=63 time=0.408 ms
64 bytes from 209.165.201.17: icmp_seq=5 ttl=63 time=0.431 ms
^C
--- 209.165.201.17 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4065ms
rtt min/avg/max/mdev = 0.408/0.495/0.567/0.064 ms
[analyst@secOps ~]$
```
k. Close the terminal window when finished.
Step 3. Shut down the VMs.
a. For each VM, click File > Close.
b. Click the Save the machine state radio button and click OK. The next time you start
the virtual machine, you will be able to resume working in the operating system in its
current state.
The other two options are:
Send the shutdown signal: simulates pressing the power button on a physical computer
Power off the machine: simulates pulling the plug on a physical computer