Saturday, January 26, 2013

Setting up a Windows Guest on VirtualBox

I recently installed VirtualBox on Ubuntu LTS as described in my previous post. Now I am going to install a Windows XP Guest on it, so it can later be used as a platform to run malware for automatic analysis with Cuckoo sandbox.

In this case, instead of using Phpvirtualbox web interface, I will choose to use the command line so it will be easier in the future to automate the virtual machine creation process by using a bash script.

These are the specs I am going to use for the Windows XP:
  • 1GB RAM memory
  • 20GB of Hard Disk space
  • VDI format for the virtual disk
  • Dynamically allocated storage

1.- Creating the virtual machine

The command vboxmanage can be used to create the virtual machine, using settings above, and to attach a DVD drive with the ISO image of the Windows XP. In my case I decided to name it WindowsXPVM1.
 $ vboxmanage createvm --name "WindowsXPVM1" --ostype WindowsXP --register  
 $ vboxmanage modifyvm "WindowsXPVM1" --memory 1000 --acpi on --boot1 dvd --nic1 nat  
 $ vboxmanage createhd --filename "WinXP.vdi" --size 20000  
 $ vboxmanage storagectl "WindowsXPVM1" --name "IDE Controller" --add ide --controller PIIX4  
 $ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 0 --type hdd --medium "WinXP.vdi"  
 $ vboxmanage storageattach "WindowsXPVM1" --storagectl "IDE Controller" --port 0 --device 1 --type dvddrive --medium /pathtoyouriso/windowsxp.iso  
At this point we can start the virtual machine to start the Windows installation procedure.
 $ VBoxHeadless --startvm "WindowsXPVM1"  
In order to connect to the system we can both use Phpvirtualbox console or directly connect through Remote Desktop Protocol (RDP) to the host.

2.- Installing guest additions in our virtual machine

 $ wget http://dlc.sun.com.edgesuite.net/virtualbox/4.1.12/VBoxGuestAdditions_4.1.12.iso  
Once downloaded we need to mount the ISO file at the Windows XP and follow the installation wizard.

3.- Adding a shared folder and recording the network traffic

 $ vboxmanage controlvm "WindowsXPVM1" poweroff  
 $ mkdir -p /home/santiago/cuckoo/shares/WindowsXPVM1  
 $ vboxmanage sharedfolder add "WindowsXPVM1" --name "WindowsXPVM1" --hostpath /home/santiago/cuckoo/shares/WindowsXPVM1 --automount  
 $ vboxmanage sharedfolder add "WindowsXPVM1" --name setup --hostpath /home/santiago/cuckoo/shares/setup --automount --readonly  
 $ vboxmanage modifyvm "WindowsXPVM1" --nictrace1 on --nictracefile1 /home/santiago/cuckoo/shares/WindowsXPVM1/dump.pcap  
 $ vboxheadless --startvm "WindowsXPVM1"  

4.- Configuring virtual machine to use a host-only adapter

 $ lsmod | grep vboxnetadp # module needed to add a new host-only interface at the host  
 $ vboxmanage list hostonlyifs # checks host-only interfaces at the host  
 $ vboxmanage hostonlyif create # leaving default IP 192.168.56.1/24  
 $ vboxmanage list dhcpservers # checks dhcp servers  
 $ vboxmanage list vms # checks virtual machines  
 $ vboxmanage showvminfo "WindowsXPVM1" # checks NICs information  
 $ vboxmanage controlvm "WindowsXPVM1" poweroff   
 $ vboxmanage modifyvm "WindowsXPVM1" --nic1 hostonly  
 $ vboxmanage modifyvm "WindowsXPVM1" --hostonlyadapter1 vboxnet0  
 $ vboxheadless --startvm WindowsXPVM1  
The gateway (192.168.56.1) and DNS Server (in this case I will use Google's 8.8.8.8) need to be configured manually at the Guest using Windows settings.

5.- Configuring the Host IP forwarding and firewall filters

 $ iptables -A FORWARD -o eth0 -i vboxnet0 -s 192.168.56.0/24 -m conntrack --ctstate NEW -j ACCEPT  
 $ iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT  
 $ iptables -A POSTROUTING -t nat -j MASQUERADE  
 $ sysctl -w net.ipv4.ip_forward=1  
We can add these commands to our /etc/rc.local file if we want those to be executed every time the server wakes up or restarts.

6.- Starting and stopping the virtual machine

To start VirtualBox web service and the virtual machine we need to run the following commands:
 $ vboxwebsrv -b  
 $ vboxmanage list vms # Optional to list virtual machines  
 $ vboxheadless --startvm "WindowsXPVM1"  
And this is how we can stop it:
 $ vboxmanage controlvm "WindowsXPVM1" poweroff  
And we are done. We should now be able to use our fresh installation of our virtual Windows XP.

References

http://www.virtualbox.org/manual/
http://blog.michaelboman.org/

16 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. hi, when i start virtual machine, i've got warning in guest.

    the shared folder 'setup' could not be set up : shared folder path '/pathto/cuckoo/shares/setup' does not exist on the host.

    is it normal?
    thanks...

    ReplyDelete