Introduction

After completing construction of HackerLab 9000, I decided to populate it with some OSCP-like VulnHub VMs. While some of these are designed for VirtualBox, many were created for VMware. In order to use these systems in hal9k, I’ll need to convert them for use in VirtualBox.

While some systems might require some additional configuration, the following steps are enough to get most VMware VMs running in VirtualBox.

For this example, I’ll use Kioptrix Level 1. I used the BitTorrent magnet link to download the image.

Extract the Files

Once my download was complete, I extracted the Kioptrix_Level_1.rar file into its own directory:

haxys@straylight:/path/to/Kioptrix$ unrar x ./Kioptrix_Level_1.rar

UNRAR 5.61 beta 1 freeware      Copyright (c) 1993-2018 Alexander Roshal


Extracting from ./Kioptrix_Level_1.rar

Creating    Kioptix Level 1                                           OK
Extracting  Kioptix Level 1/Kioptix Level 1.nvram                     OK
Extracting  Kioptix Level 1/Kioptix Level 1.vmdk                      OK
Extracting  Kioptix Level 1/Kioptix Level 1.vmsd                      OK
Extracting  Kioptix Level 1/Kioptix Level 1.vmx                       OK
Extracting  Kioptix Level 1/Kioptix Level 1.vmxf                      OK
All OK

Import into VirtualBox

Before we can import this machine into VirtualBox, we need to know a bit about the machine and its OS. For example, we need to know the processor architecture, how much RAM is required, etc. The majority of the information we need can be found in the Kioptix Level 1.vmx file:

haxys@straylight:/path/to/Kioptrix/Kioptix Level 1$ cat Kioptix\ Level\ 1.vmx
[...]
floppy0.present = "FALSE"
[...]
displayName = "Kioptrix Level 1"
extendedConfigFile = "Kioptix Level 1.vmxf"
[...]
memsize = "64"
[...]
ide1:1.fileName = "Kioptix Level 1.vmdk"
[...]
ethernet0.networkName = "Bridged"
ethernet0.addressType = "generated"
guestOS = "other24xlinux"
[...]
ethernet0.generatedAddress = "00:0c:29:7c:3a:16"
[...]

We can see that this system has no floppy drive, is named “Kioptrix Level 1,” that it’s got 64 MB RAM, that it’s got one ethernet port with a set MAC address, and that the guest OS is other24xlinux, which means the OS is a 32-bit Linux distribution running kernel 2.4. (If the OS was 64-bit, this value would be other24xlinux-64.) This is enough information to assemble our VirtualBox image.

To begin, open VirtualBox, then click the “Add” button to create a new VM. Enter the appropriate values in the form:

Name and Operating System

Next, select the appropriate amount of RAM for the system, based on the value provided in the vmx file:

Memory Size

Now we need to configure the virtual hard disk file. Select Use an existing hard disk file, then click the folder icon to open the Hard Disk Selector. Click Add, then locate the Kioptix Level 1.vmdk file, in the same directory as the Kioptix Level 1.vmx file. Select this disk and click Choose to set it as the attached device:

Hard Disk

Then click Create. Once complete, you’ll see the VM in the VirtualBox machine list:

Machine List

Click Settings to open the machine’s settings. We’ve still got a bit more work to do here before the system is ready to boot.

In System > Motherboard, disable the floppy drive and move it to the bottom of the boot order:

Disable Floppy

In Audio, un-check Enable Audio. We don’t need sounds on this target system.

Disable Audio

In Network, I ensure Adapter 1 is enabled, attached to a Host-only Adapter called vboxnet0, which is configured with the same IP settings that are used in my hal9k lab. I also manually set the system’s MAC to the value specified in the vmx file:

Configure Network

I leave the remainder of the settings alone and save my changes.

Exporting an OVA

Now that I’ve finished configuring the settings for this VM, I can create a clean snapshot in the machine’s Snapshots menu:

Snapshot

Once this is complete, we can export the system as an OVA file. Click Machine > Export to OCI…:

Export to OCI

In Appliance Settings, Select Open Virtualization Format 2.0, then change the MAC Address Policy to Include all network adapter MAC addresses:

Export Settings

In the following menu, enter some useful information about the VM:

VM Info

With this complete, you can finish exporting the file. Once it’s exported, you’ll find the OVA in the directory you specified:

haxys@straylight:~/Documents$ ls Kioptrix*
'Kioptrix Level 1.ova'

This OVA file contains a clean installation of the Kioptrix Level 1 image, post-configuration, but pre-boot. This is important to remember! Some VMs require additional configuration post-boot in order to get them to work. This initial OVA back-up is useful to ensure that if we mess up the VM, we can restore it from this back-up.

Booting the VM

At this point, we’ve got a clean snapshot and we’ve exported the machine to OVA. We’re ready to boot the VM and test whether it works! If the system boots and operates as expected, then we’re done! The OVA can be distributed to anyone else who uses VirtualBox, and they should be able to get it installed and set up quite easily.

If, on the other hand, additional work is required to prepare the VM for use in our lab environment, we can begin that work now. Once the system is properly configured and set-up for VirtualBox use, we can create another snapshot and export another OVA.

In the case of Kioptrix Level 1, however, additional configuration is unnecessary. Our system is ready to go!

To test this, I start the Kioptrix machine, as well as my Kali attack VM, then use Kali to find the Kioptrix machine on the network:

kali@kali:~$ sudo arp-scan -I eth1 10.1.1.1/24
Interface: eth1, type: EN10MB, MAC: 08:00:27:7f:fb:64, IPv4: 10.1.1.101
WARNING: host part of 10.1.1.1/24 is non-zero
Starting arp-scan 1.9.7 with 256 hosts (https://github.com/royhills/arp-scan)
10.1.1.1        0a:00:27:00:00:00       (Unknown: locally administered)
10.1.1.1        08:00:27:1c:b3:3d       PCS Systemtechnik GmbH (DUP: 2)
10.1.1.100      00:0c:29:7c:3a:16       VMware, Inc.

3 packets received by filter, 0 packets dropped by kernel
Ending arp-scan 1.9.7: 256 hosts scanned in 2.288 seconds (111.89 hosts/sec). 3 responded

The Kioptrix machine is on IP 10.1.1.100. We can tell this is the correct machine because the MAC address is the same as the one we supplied during the setup of the VM. (This is also why it reports itself as a VMware device – this MAC address is associated with VMware.)

It’s important to remember that the Kioptrix Level 1 VM we originally created is still linked to the vmdk file in the VMware folder we extracted. At this point, I like to delete the Kioptrix Level 1 VM from VirtualBox, erase the VMware files from the disk, then re-import the VM from the OVA file created earlier, to ensure all of the files are being saved in the correct folders.

Conclusion

Now that we’ve successfully converted Kioptrix Level 1 from VMware to VirtualBox, we can send it over to hal9k and use it in the hacker lab! Excellent.