Practical Remote Access – Running VMware VMs on the Enterprise Pentesting Appliance

The EPA can handle booting & forwarding the screen of VMs in a remote environment, and it’s relatively easy to get a Backtrack instance on the EPA via the LiveCD ISO, but let’s say you have an existing VMWare image that you want to run in a remote environment – how do you do it? Using the Backtrack VM as an example, here’s the dirt:

1) Download the VM from the fine folks at Offensive Security

2) You’ll need to modify the .vmdk to consolidate it into a single file. (This step requires a utility bundled with VMWare Workstation, so run it on a machine where you have Workstation installed):

# vmware-vdiskmanager -r BT5R3-GNOME-VM-32.vmdk -t 0 BT5R3-GNOME-VM-32-SINGLE-FILE.vmdk

NOTE: Case sensitivity of the file name and extension is important

3) Copy the newly-created single .vmdk and the corresponding .vmx file to the EPA using scp from your workstation:

# scp BT5R3-GNOME-VM-32.vmx pwnie@[epa]:/opt/pwnix/virtual-machines/

# scp BT5R3-GNOME-VM-32-SINGLE-FILE.vmdk pwnie@[epa]:/opt/pwnix/virtual-machines/

4) Now, on the EPA, convert the vmx settings to xml using ‘vmware2libvirt’ and remove the now-defunct vmx file

# apt-get install virt-goodies

# cd /opt/pwnix/virtual-machines

# vmware2libvirt -f BT5R3-GNOME-VM-32.vmx > BT5R3-GNOME-VM-32.xml

# rm BT5R3-GNOME-VM-32.vmx

5) In order for virsh / KVM to read the file, you’ll need to convert the single .vmdk into a raw image using qemu-img and remove the now-defunct vmdk:

# qemu-img convert -f vmdk BT5R3-GNOME-VM-32.vmdk -O BT5R3-GNOME-VM-32.img

# rm BT5R3-GNOME-VM-32.vmdk

6) Use your editor of choice (nano / vim / vi) to edit the name of the newly-converted raw disk – change the <source-file> directive to point to the new raw .img disk :

# nano target.xml

<source file='/opt/pwnix/virtual-machines/BT5R3-GNOME-VM-32.img'/>

7) Import the xml to virsh now that it points to the .img file:

# virsh -c qemu:///system define BT5R3-GNOME-VM-32.xml

8) List the current VMs to ensure it was imported correctly:

# virsh list --all

9) Delegate the proper permissions on the directory:

# chown libvirt-qemu:kvm /opt/pwnix/virtual-machines/BT5R3-GNOME-VM-32*

# chmod 775 /opt/pwnix/virtual-machines/BT5R3-GNOME-VM-32*

10) Start the VM

# virsh start BT5R3-GNOME-VM-32

11) Connect to the VM from a Linux host with virt-viewer (or VNC) installed

$ virt-viewer -c qemu+ssh://pwnie@[epa]/system BT5R3-GNOME-VM-32

… And you’re good to go. Happy hunting! Check out the Enterprise Pentesting Appliance documentation if you’re interested in more detailed documentation like this!

NOTE: To stop the VM, run:

# virsh destroy BT5R3-GNOME-VM-32

NOTE: To unregister / remove the VM, run:

# virsh undefine BT5R3-GNOME-VM-32


0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *