How to Change the Virtual Network Adapter Configuration in Kioptrix

How to Change the Virtual Network Adapter Configuration in Kioptrix

What is Kioptrix?

Kioptrix is a series of intentionally vulnerable virtual machines which were built specifically for aspiring hackers to attempt to break them. The Kioptrix line of VMs is often recommended for beginners to penetration testing. In fact, the Kioptrix machines are the first VulnHub virtual machines listed on the NetSecFocus Trophy Room, a list of boxes intended to serve as a path for someone to learn while on the path to an OSCP certification.

This article focuses on the first Kioptrix machine, Kioptrix: Level 1, but the process should work as well for any VM with the same problem.

The first Kioptrix machine was released in 2010. Due to its age, users who are trying to work with Kioptrix today will run into a few headaches. In particular, getting networking to work correctly can be troublesome.

Kioptrix Defaults to Bridged Networking

By default, Kioptrix uses bridged networking. This means the Kioptrix VM will run as if it is connected directly to its host’s LAN. While bridged networking can be ideal for some virtual machines, it is generally not advisable to expose a vulnerable VM to your network. A better option is to use a virtualized network behind a NAT.

I like to use a custom virtual network for my attack boxes and any target virtual machines. This is a simple way to segregate my hacking-related virtualization from any other VMs I may be running. Unfortunately, modifying the Kioptrix network adapter is not as simple as a typical virtual machine.

Attempting to Modify the Network Adapter in Settings

Modifying a virtual machine’s network adapter is normally as easy as making a few selections in the VM’s settings GUI. Unfortunately, it’s not so simple with Kioptrix. While you can modify the virtual network adapter the same as any other VM, the machine will simply revert back to its default bridged setup on startup.

We can see this if we attempt to switch the adapter to our virtual network and run an nmap ping scan from another box on the same network:

Kioptrix is not visible on our network even after changing its virtual network adapter configuration

Indeed, if we look back at the network settings for the Kioptrix machine, we can see it has somehow reverted itself back to its default bridged configuration:

Editing the VMX File By Hand

A simple workaround for this issue is to manually remove all settings relating to the virtual network adapter from the VM’s VMX file by hand. This is easy to do as VMWare stores its virtual machine configurations in a plain-text format. After removing all traces of the virtual adapter from the configuration file, we can add a new adapter from the VMWare settings GUI.

There are of course many ways to do this. In this example, I will use Sublime Text’s Replace All feature.

If the virtual machine is running, power it off before continuing.

Now, if we load the Kioptrix Level 1.vmx file in a text editor, we can find numerous lines referencing ethernet0. Remove every line with the string ethernet0 to remove the adapter completely.

Adding the New Adapter

Now that we have removed the old default network adapter by hand, we can return to VMWare and add a new adapter using the settings GUI. To do this, open the Kioptrix virtual machine settings from within VMWare. The old bridged adapter has been removed successfully. Now click the Add... button in the lower right corner.

Next, select Network Adapter from the Hardware Types list of the Add Hardware Wizard dialog, then click Finish.

Finally, select the appropriate connection from the Network connection group. I will use a custom virtual network.

Finally, select OK and power on the Kioptrix virtual machine.

Discovering the Kioptrix VM

To ensure that our new networking configuration is working correctly, we can hop over to another machine on the same virtual network and run an nmap ping scan.

Kioptrix is now discoverable on the virtual network

We see that the Kioptrix machine is now visible on the virtual network, and we’re ready to get to work!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.