Saturday, January 26, 2013

Setting up a Windows Guest on VirtualBox

I recently installed VirtualBox on Ubuntu LTS as described in my previous post. Now I am going to install a Windows XP Guest on it, so it can later be used as a platform to run malware for automatic analysis with Cuckoo sandbox.

In this case, instead of using Phpvirtualbox web interface, I will choose to use the command line so it will be easier in the future to automate the virtual machine creation process by using a bash script.

These are the specs I am going to use for the Windows XP:
  • 1GB RAM memory
  • 20GB of Hard Disk space
  • VDI format for the virtual disk
  • Dynamically allocated storage

1.- Creating the virtual machine

The command vboxmanage can be used to create the virtual machine, using settings above, and to attach a DVD drive with the ISO image of the Windows XP. In my case I decided to name it WindowsXPVM1.
 $ vboxmanage createvm --name "WindowsXPVM1" --ostype WindowsXP --register  
 $ vboxmanage modifyvm "WindowsXPVM1" --memory 1000 --acpi on --boot1 dvd --nic1 nat  
 $ vboxmanage createhd --filename "WinXP.vdi" --size 20000  
 $ vboxmanage storagectl "WindowsXPVM1" --name "IDE Controller" --add ide --controller PIIX4  
 $ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium "WinXP.vdi"  
 $ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 1 --type dvddrive --medium /pathtoyouriso/windowsxp.iso  
At this point we can start the virtual machine to start the Windows installation procedure.
 $ VBoxHeadless --startvm "WindowsXPVM1"  
In order to connect to the system we can both use Phpvirtualbox console or directly connect through Remote Desktop Protocol (RDP) to the host.

2.- Installing guest additions in our virtual machine

 $ wget  
Once downloaded we need to mount the ISO file at the Windows XP and follow the installation wizard.

3.- Adding a shared folder and recording the network traffic

 $ vboxmanage controlvm "WindowsXPVM1" poweroff  
 $ mkdir -p /home/santiago/cuckoo/shares/WindowsXPVM1  
 $ vboxmanage sharedfolder add "WindowsXPVM1" --name "WindowsXPVM1" --hostpath /home/santiago/cuckoo/shares/WindowsXPVM1 --automount  
 $ vboxmanage sharedfolder add "WindowsXPVM1" --name setup --hostpath /home/santiago/cuckoo/shares/setup --automount --readonly  
 $ vboxmanage modifyvm "WindowsXPVM1" --nictrace1 on --nictracefile1 /home/santiago/cuckoo/shares/WindowsXPVM1/dump.pcap  
 $ vboxheadless --startvm "WindowsXPVM1"  

4.- Configuring virtual machine to use a host-only adapter

 $ lsmod | grep vboxnetadp # module needed to add a new host-only interface at the host  
 $ vboxmanage list hostonlyifs # checks host-only interfaces at the host  
 $ vboxmanage hostonlyif create # leaving default IP  
 $ vboxmanage list dhcpservers # checks dhcp servers  
 $ vboxmanage list vms # checks virtual machines  
 $ vboxmanage showvminfo "WindowsXPVM1" # checks NICs information  
 $ vboxmanage controlvm "WindowsXPVM1" poweroff   
 $ vboxmanage modifyvm "WindowsXPVM1" --nic1 hostonly  
 $ vboxmanage modifyvm "WindowsXPVM1" --hostonlyadapter1 vboxnet0  
 $ vboxheadless --startvm WindowsXPVM1  
The gateway ( and DNS Server (in this case I will use Google's need to be configured manually at the Guest using Windows settings.

5.- Configuring the Host IP forwarding and firewall filters

 $ iptables -A FORWARD -o eth0 -i vboxnet0 -s -m conntrack --ctstate NEW -j ACCEPT  
 $ iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT  
 $ iptables -A POSTROUTING -t nat -j MASQUERADE  
 $ sysctl -w net.ipv4.ip_forward=1  
We can add these commands to our /etc/rc.local file if we want those to be executed every time the server wakes up or restarts.

6.- Starting and stopping the virtual machine

To start VirtualBox web service and the virtual machine we need to run the following commands:
 $ vboxwebsrv -b  
 $ vboxmanage list vms # Optional to list virtual machines  
 $ vboxheadless --startvm "WindowsXPVM1"  
And this is how we can stop it:
 $ vboxmanage controlvm "WindowsXPVM1" poweroff  
And we are done. We should now be able to use our fresh installation of our virtual Windows XP.



  1. This comment has been removed by the author.

  2. hi, when i start virtual machine, i've got warning in guest.

    the shared folder 'setup' could not be set up : shared folder path '/pathto/cuckoo/shares/setup' does not exist on the host.

    is it normal?