Comments (8)
Ok. Thanks for raising this. Yeah, I think the problem arises when your VM networks have been setup differently to what SecGen assumes about your host system config. I think we had a write up of how to get this working, @thomashaw? Maybe we need to automate something further?
from secgen.
But SecGen set those vboxnets as far as I know so that would be weird? Also why it would set different vmboxnet from the webserver?
from secgen.
I tested again and it setup correctly so it looks like it's a bit flaky.
from secgen.
from secgen.
The write-up @cliffe mentioned was in regards to an issue we had when exporting/importing sets of VMs through virtualbox as .ova files, where the host machine receiving the import has existing host-only networks using the same name (with different configurations).
I've tried to reproduce the issue by re-running your scenario file, removing all host-only networks from VirtualBox, and creating new ones with different configurations but have been unable to break it.
SecGen creates the new host-only networks in VirtualBox through Vagrant. Do you still happen to have the projects/SecGen_2017XXXX/Vagrantfile by any chance?
from secgen.
I do, it looks correct
Vagrantfile.zip
from secgen.
Just to clarify, that scenario is intended to have two separate networks, one representing the DMZ and one representing the Intranet. The DMZ has the web server and this is also the one you should attach your attacker VM, such as Kali. The second network, has the intranet server, and desktop. The Web server is attached two both networks. So any attacks on the Intranet have to pivoted through the Web server.
from secgen.
Yep that was clear to me, but the problem was nothing was pingable from inside the web server because it assigned diffrent vboxnet number for second adapter of web server and intranet server/desktop.
from secgen.
Related Issues (20)
- Kali web metapackage fails to build: unable to locate the 'kali-tools-web' dependency HOT 4
- Commando: login sometimes fails even when using correct credentials HOT 12
- Commando: show database errors in login form HOT 3
- Commando: implement insecure cookie vulnerability HOT 3
- Commando: there is an additional flag generated which is nowhere to be found in the application
- How you merge the CTFd_importable.zip into an existing CTFd instance?
- Issue setting up SecGen HOT 2
- Issues finding the Kali Repo when building CTF Scenario
- The following SSH command responded with a non-zero exit status. HOT 2
- Distcc Error HOT 2
- Base box root password HOT 1
- secgen's VM build process fails with "hostonlyif" message HOT 16
- Stderr: VBoxManage: error: VT-x is not available (VERR_VMX_NO_VMX) HOT 1
- ESXi fail to build, Vagrantfile error HOT 4
- Builder conflicting requirements HOT 5
- Bundler unable to install digest-whirpool [Windows, Ruby 2.7.6, Bundler 2.1.4] HOT 4
- syntax error: "rescue StandardError" HOT 16
- gitlist_040--1-/home/git/repositories/secret_files/-append HOT 1
- unable to build vm(Solved) HOT 1
- Module modules/generators/content/password_file missing required puppet module manifests folder HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secgen.