Virtual Machines for the Security Labs
This page documents virtual machines that I have prepared for students in my class to use to complete the labs.
Setting up your virtual lab
I have created a Kali virtual machine image on Google Cloud Platform which is using nested virtualization to host within it several virtual machines:
a Windows instance, a Metasploitable2 instance, and a security onion instance. They are hosted using
libvirt and accessed using
Read these instructions to get oriented to and set up on Google Cloud Platform, and to get access to the Kali virtual machine. Anyone should be able to see and use the custom class kali image if they join this Google Group (public access):
infosec-net Network Map
The network map is as follows:
|192.168.56.101||Kali (the host)||
||This VM is memory-intensive! Will probably freeze and not launch if your GCP instance doesn't have at least 8 GB memory.|
|192.168.56.103||Security Onion VM||
||This VM is memory-intensive!|
IPv4 network block in CIDR block notation:
Using the virtual machines within Kali
The virtual machines are accessed using
virt-manager. First, you should make sure that your user account is a member of the
sudo usermod -a -G libvirt $(whoami)Heads up! This will need to be run each time you create a new Kali instance.
Alternatively, log in as root (password
Then, from a terminal, run
virt-managerto get an interface such as the following:
This shows that three virtual machines are available, but that none are running.Virt Manager interface shows no vms?
virt-managerinterface, try running:
Connect (accept defaults)
Starting and accessing virtual machines
Start a virtual machine by selecting it, and pressing the “play” icon. The virtual machine should then update to show that it is running.
To view the running virtual machine, highlight it and click “Open”. A new window will appear.
You can click into this window and interact with it via keyboard, and mouse if it has a GUI.
Details of a virtual machine can be viewed and edited from the “details” pane.
A network is set up to enable the host (Kali) and the guests (e.g., Metasploitable2, Windows 7) to network with one another. Try
pinging metasploitable2 from Kali, and Kali from metasploitable2, using the network map ip addresses above.
Updating the virtual machines
The following scripts will update the respective lab virtual machines installed on the kali pentest lab image.
To update Security Onion, run the following:
wget -O - https://raw.githubusercontent.com/deargle/kali-xfce-gcp-qemu-packer/master/kali-pentest-lab/update-securityonion.sh | sudo bash
Update Windows Server 2019
To update Windows Server 2019, run the following:
wget -O - https://raw.githubusercontent.com/deargle/kali-xfce-gcp-qemu-packer/master/kali-pentest-lab/update-server2019.sh | sudo bash
To update Metasploitable2, run the following:
wget -O - https://raw.githubusercontent.com/deargle/kali-xfce-gcp-qemu-packer/master/kali-pentest-lab/update-metasploitable2.sh | sudo bash
Virtual machines in
virt-manager can be “snapshotted”, which lets you restore the virtual machine to a previous state if you mess it up by doing something such as deploying malware to it.
Creating a snapshot
To create a snapshot, first, shut down the virtual machine. Then, click the “snapshot” button on the virtual machine pane, then
+, then set a name, and “Finish.”
Restoring a snapshot
To restore to a snapshot, select your snapshot, and then “play” it. You do not need to shut down the virtual machine before restoring a snapshot.
How I created the virtual machines
If you are curious how the lab was set up, then browse this github repository.