Practical Remote Access – Running VMware VMs on the Enterprise Pentesting Appliance

The EPA can handle booting & forwarding the screen of VMs in a remote environment, and it’s relatively easy to get a Backtrack instance on the EPA via the LiveCD ISO, but lets say you have an existing VMWare image that you want to run in a remote environment – how do you do it? Using the Backtrack VM as an example, here’s the dirt:

1) Download the VM from the fine folks at Offensive Security

2) You’ll need to modify the .vmdk to consolidate it into a single file. (This step requires a utility bundled with VMWare Workstation, so run it on a machine where you have Workstation installed):

NOTE: Case sensitivity of the file name and extension is important

3) Copy the newly-created single .vmdk and the corresponding .vmx file to the EPA using scp from your workstation:

4) Now, on the EPA, convert the vmx settings to xml using ‘vmware2libvirt’ and remove the now-defunct vmx file

5) In order for virsh / KVM to read the file, you’ll need to convert the single .vmdk into a raw image using qemu-img and remove the now-defunct vmdk:

6) Use your editor of choice (nano / vim / vi) to edit the name of the newly-converted raw disk – change the <source-file> directive to point to the new raw .img disk :

7) Import the xml to virsh now that it points to the .img file:

8) List the current VMs to ensure it was imported correctly:

9) Delegate the proper permissions on the directory:

10) Start the VM

11) Connect to the VM from a Linux host with virt-viewer (or VNC) installed

… And you’re good to go. Happy hunting! Check out the Enterprise Pentesting Appliance documentation if you’re interested in more detailed documentation like this!

armitage_on_backtrack_on_epa_large

Here you can see Armitage running on Backtrack on the EPA

NOTE: To stop the VM, run:

NOTE: To unregister / remove the VM, run: