Practical Remote Access – Running VMware VMs on the Enterprise Pentesting Appliance

The EPA can handle booting & forwarding the screen of VMs in a remote environment, and it’s relatively easy to get a Backtrack instance on the EPA via the LiveCD ISO, but lets say you have an existing VMWare image that you want to run in a remote environment – how do you do it? Using the Backtrack VM as an example, here’s the dirt:

1) Download the VM from the fine folks at Offensive Security

2) You’ll need to modify the .vmdk to consolidate it into a single file. (This step requires a utility bundled with VMWare Workstation, so run it on a machine where you have Workstation installed):

NOTE: Case sensitivity of the file name and extension is important

3) Copy the newly-created single .vmdk and the corresponding .vmx file to the EPA using scp from your workstation:

4) Now, on the EPA, convert the vmx settings to xml using ‘vmware2libvirt’ and remove the now-defunct vmx file

5) In order for virsh / KVM to read the file, you’ll need to convert the single .vmdk into a raw image using qemu-img and remove the now-defunct vmdk:

6) Use your editor of choice (nano / vim / vi) to edit the name of the newly-converted raw disk – change the <source-file> directive to point to the new raw .img disk :

7) Import the xml to virsh now that it points to the .img file:

8) List the current VMs to ensure it was imported correctly:

9) Delegate the proper permissions on the directory:

10) Start the VM

11) Connect to the VM from a Linux host with virt-viewer (or VNC) installed

… And you’re good to go. Happy hunting! Check out the Enterprise Pentesting Appliance documentation if you’re interested in more detailed documentation like this!


Here you can see Armitage running on Backtrack on the EPA

NOTE: To stop the VM, run:

NOTE: To unregister / remove the VM, run: