I’m testing out BackTrack Linux and Metasploit to bone up a bit on my security skills. As part of this learning, I’m setting up a suite of VMs on a couple of PCs on my internal network, so I can attack from my laptop. There is a free version of VMware, which allows you to set up virtual machines and also get pre-built appliances so you don’t need to do quite as much setup work.
In the Virtual Machine Settings screen (Ctrl-D), you can select one or more Network Adapters. Each adapter has the ability to be Bridged, use an internal NAT, or use Host-only. With Host-only and NAT, there is no direct way to access a VM from another PC on your internal network, although VMs on the same PC will be able to interact (though note that there is a way to expose the VM through the host using port forwarding if you are in NAT mode). NAT was the easiest for me to set up, but didn’t really work for what I wanted—that’s Bridge mode.
Unfortunately, I had some troubles out of the box getting Bridged mode to work properly. To fix it, I needed to use vmnetcfg.exe, which is a tool included with VMware Player. Also unfortunately, it is not extracted when you install the player. You can do it yourself, though, as long as you have the player EXE.
My version of VMware Player was 4.0.0-471780, though this has been updated since. The command is:
VMware-player-4.0.0-471780.exe /e .\VMTools
This extracts the VMware Player packages to a subfolder called VMTools. Go into VMTools and you can see network.cab. Copy vmnetcfg.exe out from the network.cab file, and paste it in %programfiles%\VMware\VMware Player\ for a 32-bit installation of Windows, and %programfiles(x86)%\VMware\VMWare Player\ for a 64-bit installation.
The tool itself is very simple. All I had to do to get Bridge networking functional on my machine was to specify on VMnet0 that it should bridge to my specific network device. I have a wireless card and a wired card, but I actually only use the wireless card, so one I told VMware to use that for bridging, it started assigning IP addresses to the rest of my computers and all was well. Now I can run exploits from my own bed…