Hi Guys,
how to share virtual box VPN to host os?. I have connected HTB vpn in my virtual box (Only using the CLI), I want to share the VirtualBox VPN to Host OS (because have to browse the IP or any other GUI things).
Okay, let me try that.
Here was my solution which I liked, but then it inexplicably prevented some exploits from working so I abandoned it. I ran NordVPN and VMWare Workstation on my host. I ran a kali box (guest) inside VMWare and set its networking to “NAT” which “shares the host’s IP address”. This means that (prior to starting the HTB OpenVpn on kali guest) all network traffic on the kali box was going through the IP address assigned to my host by NordVPN. I verified this with “curl ifconfig.co”. Then I’d start the HTB OpenVPN on kali guest. This meant that kali guest traffic to the HTB “10.10.14” and “10.129” addresses would be routed to the HTB network (verified via the “route” command) over the OpenVPN tunnel inside of the host’s NordVPN tunnel. NordVPN would have no way of viewing/firewalling traffic to HTB.
This appeared to work fine - ping times were still low, and nmap worked great. But then a couple basic exploits (or maybe payloads) failed to work on the legacy devel box. Specifically they would appear to complete but I’d never get a meterpreter shell. After a few hours of testing, I determined that turning off NordVPN on my host allowed the exploits to complete with a shell. Turning NordVPN on again prevented the exploits from working again. Verified this multiple times.
For now I’ve just changed my kali guest’s networking type to “Bridged” so that it’s straight on my network and ignores the host’s VPN. I’d prefer all the kali guest traffic to go through some sort of VPN though. Neither NordVPN nor the HTB traffic should “know” about the other’s presence so I don’t understand why NordVPN causes exploits to fail, unless it’s a timing issue.
Explanations/workarounds appreciated. Otherwise, hopefully this is a useful datapoint for people with the same issue.
TL;DR Just use an SSH tunnel.
I’d recommend to proxy traffic through your VM so you can use GUIs on your Host for HTTP/S, FTP, SSH and so on. No install or server config needed, SSH got your back. Just add a dynamic tunnel in PuTTY, use localhost:localport as SOCKSv5 Proxy in your GUIs.
Or…
HTB VPN only assigns 1 IPv4 to you and AFAIK you can only connect once. To route packets from 2 sources through the same IP (and back) you need NAT/Masquerading, which requires port forwarding through your NAT so incoming connections are routed to the appropriate endpoint. You’d need to set up NAT rules so, for example, ports 9000:9009 incoming are DNAT’ed to your VM and 9010:9019 are DNAT’ed to your Host for reverse shells.
Connections from your clients to HTB would work fine with masquerading (SNAT on your end) but some protocols don’t like that and it makes for a “fun” experience when debugging connections… “Server sent traffic back to 34567/tcp, but that’s not even open on my machine?!”
You’d need to set a static route for the HTB VPN subnet on your Host to your (local) VM IP as gateway (10.0.0.0/8 via 172.17.0.2), and configure Masquerading on your VM using IPtables (SRC 172.17.0.1/32 IN eth0 TO 10.0.0.0/8 OUT tun0 -j MASQ). Just start the VPN and your Host will be able to access HTB, no tunnels or proxies to configure. Some port scanning might even work with additional ICMP rules(?), but I still wouldn’t use that connection for anything but web browsing.
I can recommend trying that set-up for the learning experience, if you get it right it’ll mostly work and you’ll learn invaluable stuff, especially if you have or aim for a career in IT. IF you get it right, that is. Because “that” is basically a complete router config. But there are plenty of tutorials out there. I learned from TLDP which explains all concepts in great detail. I still use that knowledge from 10 years ago in my dayjob.
But then again, setting up a dynamic tunnel in PuTTY takes less time than reading this post. Thank me later.