Why forward a virtual machine with SSH to Putty

Question

I have watched a tutorial from Udemy where a guy is show how to crack wireless network.

The person in the video set up a virtual machine Oracle VM VirtualBox
network type NAT

then he forward the Port for the Virtual machine with settings:
Name:SSH
Protocol:TCP
Host Port:2222
Guest Port:22

For Putty he have set for the Session:

IP Adress: localhost
Port: 2222

Also in Kali Linux he have updated rc.d

update-rc.d ssh defaults

service ssh start

though he doesn't explains why to do this.

I Googled a lots of why to do this and also I am interested to know the advantages.

Could pleae someone clarify for me why you want to have this kind of setup? cause I found it hard to summarize why.

Thank you in advance

Regards

Answer 1

First of all, none of the steps you described are necessary to crack a wireless network. It is the way of working with the Kali Linux VM that the author in the tutorial has chosen. You could also open a terminal in Kali to execute the commands he is running via Putty. If he is using Putty for accessing other Linux machines in his daily work, it is probably the usual way of working with a Linux machine for him.

As you described, he does access the Kali Linux via SSH with Putty in his setup. There are several ways to access a network port of a VirtualBox virtual machine on your host machine.

The way he is using is NAT port forwarding. It is pretty easy to configure if you have already set up a NAT networking interface for your VM.

He is using the port 2222 because it is not possible to bind to ports below 1024 from applications that are not run by root on UNIX systems [1]. (If he is using Windows as his the host system, he could also use port 22.) But connecting to localhost on port 22 with Putty cannot work because the SSH server is forwarded to port 2222.

There other ways, too, such as using the host-only networking [2] or bridged networking feature [3]. Bridging your Kali VM is a thing you may want to avoid, as it exposes the VM to your local network. As a Kali VM has no firewall configured in the default configuration, this could be a security issue. Configuring a host-only network has no disadvantage in comparison to the port forwarding. A reason he may not do it is the higher complexity in the configuration: you need an additional adapter in your VM and on the host, and you need to find the IP address of the guest after booting.

In the updated rc.d part, he does configure the SSH server to start on boot and service ssh start to start it now.

[1] https://www.virtualbox.org/manual/ch06.html#nat-limitations
[2] https://www.virtualbox.org/manual/ch06.html#network_hostonly
[3] https://www.virtualbox.org/manual/ch06.html#network_bridged

Answer 2

The demo uses virtualbox in order to run the Kali Linux as a guest on a Windows host. To use a shell on linux we connect using the ssh protocol, and Putty is a client that you can use on windows. In this particular setup Putty connects to a tcp port that Virtualbox listens to and Virtualbox forwards traffic on that socket to the port that is set up on the Kali guest.

The ssh server needs to run as root to allow the login of several users, and the use of ports below 1024. Root can choose an arbitrary port. Better use ports below 32000 to avoid race conditions with client sockets.

It is only by convention to use port 2222 for forwarding. Make sure all ports match!

Answer 3

Based on your description, it doesn't sound like the setup has anything to do with Cracking Wireless.

Everything you describe simply allows the user to SSH into the Guest machine from his Host.

There are numerous reasons why someone would set up this way though including:

1. Keeping your attack machine off the network and showing all traffic coming from a legitimate host
2. Limiting resource consumption in the VM perhaps by disabling the desktop and SSHing into it

The only benefit I can guess at to the situation you describe is that all traffic will seem to come from the Host machine rather than the Guest (Kali) machine and the user can SSH into the Guest directly.

I wrote a quick blog post last month on how I use this exact setup to test environments over a VPN here. The reason I use this is because its the easiest way for my Guest machine to use my VPN connection.

Answer 4

Why does he run these commands:

update-rc.d ssh defaults
service ssh start

These commands do the following:

1. Make the SSH server start by default from now on
2. Start the SSH server start now

Why doesn't SSH start by default

Kali does not start any unnecessary services so SSH doesn't start by default

Why does he use the networking settings he does

• Network Type NAT

  This allows the VM to access the internet via the host machine, with all traffic appearing to come from the host itself.

• Port Forward

  Name: SSH
  Protocol: TCP
  Host Port: 2222
  Guest Port: 22

  This means that any connections on port 2222 to the host will connect to port 22 on the VM. 22 is the port SSH listens on by default.

Why doesn't he forward port 22

There are many reasons it could be, but the main options are:

• If the machine has port 22 open to the internet it is likely to be scanned

  This matters more for servers with ports open to the internet, as mass scanning of the internet is common, and sites like Shodan make finding open servers easier

• The host may be running an SSH server

  If the host is already running SSH then port 22 will not be available

• Port 22 is privileged, port 2222 is not

  As [this] explains, ports below 1024 need admin rights to listen on

Why doesn't he use the console within VirtualBox

There are again many reasons, some of which are:

• It makes copying commands simpler using Putty
• You can use the same setup to connect to a remote system
• If a UI is not running then the VM can use less resources

Answer 5

If you are asking why he connects with ssh instead of just using the machine directly in VirtualBox, there may be a simple answer. When you use a machine directly in VirtualBox you cannot scroll up and see output that has moved above the top of the window. In putty connecting with ssh you can.

For example if you want to look at the help output for a command and it is too large to fit on the screen you won't be able to see all of it and you can't scroll up.