WingNews logo WingNews
top | item 39301295

(no title)

NanoCoaster | 2 years ago

If you don't mind, I have a specific question regarding this setup. I've been looking into getting into pentesting, mostly for fun. I decided on messing around with HackTheBox as a starting point. Seeing as you need to connect to their VPN, it seems like a good idea to me to separate this activity from my personal network.

Which networking setup do you use for your pentesting VM? Ideally, I'd want a setup where the VM can access the internet (and therefore the HTB VPN), but not anything inside my local network. But I don't quite know how I could achieve that, at least in a way where I'd trust it to be reliable. Maybe the whole idea's a bit too paranoid to be practical in general, I don't know, so I'd love an expert opinion on this :)

Usually, I'd be using QEMU, but I'd be fine with using VirtualBox for this case if it includes something that makes this easier.

discuss

order

Manouchehri|2 years ago

You can probably do this for VirtualBox (and any Linux program) by using tun2socks to create a network interface that routes through a proxy (SOCKS5 if you want UDP support), and then moving that network interface to a new namespace. You can run VirtualBox or any other programs in that new namespace, they don't have to be aware of the proxy at all (since they just see a regular gateway).

https://github.com/xjasonlyu/tun2socks

NanoCoaster|2 years ago

Fancy. Think I'm gonna go with a traditional bridge for my usecase, but this looks pretty cool. Maybe I have some other uses for it for other applications.

Thank you :)

mrAssHat|2 years ago

Which namespace are you taking about? cgroups_namespaces(7)?

3np|2 years ago

You could take a look at Whonix and Qubes - even if you don't use them you can roll your own setup with a similar approach: Have a dedicated "netvm"/"proxyvm" which only acts as a network bridge. "Minimal Whonix" consists of one workstation VM and one gateway VM (forcing everything over tor). Qubes integrates this approach into the UI of the hypervisor.

Then you can be more confident that (barring something escaping the VM), you have control of what a particular VM may or may not access. Also allows you to have a couple of different netvms (maybe one does give some access to your internal network, one connects only over tor, one via some VPN...) that you can switch between without needing to change anything on the actual VM of concern.

bongodongobob|2 years ago

That's just a simple rule on your firewall. I don't understand why you think you need to do this though.

NanoCoaster|2 years ago

I always assumed that the VPN connection is shared by many HTB users, so it seemed like a good idea to be a bit paranoid about the trustworthyness of a VM that is reachable by lots of users that may want to mess around. Maybe I was wrong about that assumption :D

Anyway, apart from this possibly impractical usecase, it just seems like an interesting problem.

I'll just go with a standard bridge + ip/nftables setup then. Thanks for the input.