Skip to content

Instantly share code, notes, and snippets.

@HeliosLHC

HeliosLHC/archiveteam-warrior.md Secret

Last active December 17, 2019 03:13
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save HeliosLHC/cf3264c8d65b4680474ac13bcc6d0384 to your computer and use it in GitHub Desktop.
Save HeliosLHC/cf3264c8d65b4680474ac13bcc6d0384 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
archiveteam-warrior.md

How does Warrior VM's networking work in VirtualBox?

By default, ArchiveTeam Warrior runnig on VirtualBox uses NAT networking. This means the Warrior VM is isolated from the rest of your LAN with your VirtualBox host acts as the router. A router like the one you use for the internet (which generally performs NAT routing), separates two networks and facilitates cross-network communication of devices. Only devices on the same network can communicate with one another without a router, otherwise it is required. In the case of your home internet, it routes between the WAN (the internet) and your LAN (your home network).

With VirtualBox's default NAT networking enabled, a separate network is created between the host and the VM. Lets call this network your VMLAN (Virtual Machine LAN). This turns your host into a NAT router between the LAN and the VMLAN. This allows the VM to talk to your LAN and in turn, to the WAN (the internet) via your Internet NAT Router (this lets the Warrior send out requests). However, hosts and other devices cannot talk to the VM directly as the host router is not setup to do so and therefore the Warrior cannot receive requests by default.

So far this setup would look like this.

WAN <-Internet NAT Router-> LAN <-Host's NAT Router-> VMLAN.

So how are we able to view the Warrior interface at http://localhost:8001 when NAT networking is enabled?

The answer is Port Forwarding. This allows us to forward a port on the host to a port on the VM. By default, the Warrior VM is setup with a port forward rule "localhost:8001 -> VM:8001". This rule means forward all network traffic going to port 8001 of the host machine to port 8001 of the VM where the Warrior interface is running. So when we send a HTTP request to the host's port 8001, VirtualBox will magically forward the request to the VM which will return you the response (Warrior interface) without caring about what the VM's IP address is on the VMLAN network and setting up more router configuration.

How to Expose Warrior to LAN

Method 1 - NAT Networking (VirtualBox)

These instructions have been tested using VirtualBox on Linux with Warrior V3 20171013

We can use port forwarding mentioned above to enable other devices on your LAN to access the Warrior interface on the Warrior VM.

  1. Ensure your Warrior VM is powered off
  2. Open Settings for the Warrior VM
  3. Go to Networking and navigate to Adapter 1
  4. Check Enable Network Adapter
  5. In the Attached to: dropdown select NAT
  6. Click Advanced to expand the menu and click Port Forwarding
  7. For the rule Web interface, change the Host IP to "0.0.0.0". This will enable all devices that can connect to the host to access port 8001 of the Warrior VM. "Guest IP" should be left blank and "Guest Port" should be 8001.
  8. Start your VM, and you should be able to now access your warrior interface from any device on your LAN at http://HOST_IP:HOST_PORT using the parameters you have specified.

Your forward rule should now look something like this. "Host Port" can be changed you to preferences.

Name Protocol Host IP Host Port Guest IP Guest Port
Web Interface TCP 0.0.0.0 8001 8001

These steps assume your host either has no firewall or has firewall rules to allow incoming connections to your chosen host port. If this is not the case, updating your firewall rules is necessary.

Method 2 - Bridge Networking (VirtualBox)

Please note, using bridge networking with wireless network interfaces with VirtualBox is not recommended and may cause issues.

The instructions outlined for this method here will make the Warrior no longer accessible via http://localhost:8001 and will require access via the VM's ip address instead.

Bridged networking disables the Host NAT and allows the VM direct access to the LAN. This will also bypass any host firewalls making this method ideal for those who don't desire to tinker with their firewall rules. This allows devices (including the host) to directly communicate with the Warrior VM without needing to port forward.

The Warrior VM will appear just like any other device on your LAN with its own LAN ip address. If your LAN subnet is 192.168.1.X and your host has IP 192.168.1.200, then the VM will also get an available IP in the range of 192.168.1.[1-254] with which you can use to directly communicate to the VM.

  1. Ensure your Warrior VM is powered off
  2. Open Settings for the Warrior VM
  3. Go to Networking and navigate to Adapter 1
  4. Check Enable Network Adapter
  5. In the Attached to: dropdown select Bridged Adapter
  6. In the Name: dropdown select the network interface your host is using for networking (this will vary by device and operating system)
  7. Start your VM. You'll now need to find your VM's ip address. There are 4 options.
    1. VM startup output
      1. The VM startup will display the IP address during startup in the lines containing udhcpc
    2. Login to VM
      1. Wait for the VM to fully bootup
      2. Click on the VM terminal. On the popup asking for "Capture Output", select Capture
      3. Press Right-Control + F3
      4. Login with username: root and password: archiveteam
      5. Enter ip addr in the shell
      6. Your VM's IP will be in the eth0 section of the command output.
      7. Press Right-Control again to exit capture mode
    3. Scan your LAN using a scanning tool
    4. Check your router's DHCP IP address assignment table
  8. You should be able to now access your warrior interface from any device on your LAN at http://VM_IP:8001 using the parameters you have specified.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment