Static IP? DHCP Server?
When the author created the virtual machine, they may have chosen for the machine to have a static IP address, or for it to be assigned one via a Dynamic Host Configuration Protocol (DHCP) server.
If there is a README file to go along side the machine, it might be mentioned there. It may also be discussed on the author's download page. However, there are certain cases when this hasn't been disclosed.
If you're new to setting up a lab, you might be unsure if the target machine is working correctly or not, or, if you have over looked something. This is why on the entry page on VulnHub; we have listed the networking status of each machine.
If it is using a static IP address it will have a pre-assigned IP address. As IP addresses are unique and shouldn't have duplicates on the same network, you will need to check that there isn't already a device using the machine's static IP address. Usually this shouldn't be a problem as these machines should be placed in an isolated network.
However, if the virtual machine requires a DHCP server to assign an IP address, there needs to be a DHCP service running within the environment. Both Virtualbox and VMware products offer a DHCP service, which, when using the right 'network type', will isolate the machine from the current network.
It is highly recommended that you DO NOT run these machines on a: production network, home network, a network with Internet access and/or a network containing sensitive information (VulnHub will not be responsible for any loss or damage caused)
. These virtual machines will work in isolated networks.
IPv4 network addresses can be broken down into various classes:
Class - Start-End Subnet Mask (Dotted)-CIDR notation - Common Ranges
Class A - 0.0.0.0-127.255.255.255 255.0.0.0 /8 - 10.xxx.xxx.xxx
Class B - 126.96.36.199-188.8.131.52 255.255.0.0 /16 - 172.16.xxx.xxx
Class C - 192.0.0.0-184.108.40.206 255.255.255.0 /24 - 192.168.xxx.xxx
If the machine is using a DHCP to get an IP address, it will be placed into the same subnet as the DHCP configuration.
But, if the machine is using a static IP address, the machine could lie outside the subnet. Common ranges for a class C network are 192.168.0.0/24, 192.168.1.0/24. However, if the virtual machine uses '192.168.2.50/24', or '10.10.10.100/16' as examples, the attacker will need to adjust their virtual environment so they are in the same subnet.
Being the attacker, you will need to learn techniques to locate machines on a network.
A common way to see if the machine is 'alive' on a network is to send a ping packet (Internet Control Message Protocol (ICMP) echo request) and see if there is a reply.
However, if the machine has a firewall installed, it could be designed to drop the packet. This would result in no response to the ping request, thus failing the test to see if the machine is 'alive'.
Being the attacker, you would have to discover/research other methods to see if the machine is actually online & functioning correctly.