REMNUX authentication error as the super user
Im getting this error when I try to insert the guest additions CD
163 Replies
@Stebe
ummmm what was the command you ran that popped this open?
the only codes that video showed
the media stuff
and the mounnt
but the mount one was an error
and nothing else
I also have the option to upgrade the guest additions
try the password
malware
i mightve been wrong about thatyes
its malware
lol
my bad i thought it was remnux/remnux lol
tysm
we can keep this open while youre going through setup in case you have any other issues feel free to ping me in here
and ofc! excited for you and your journey!!
alright
my remnux and windows are both work like 20 fps
is that normal
but the same doesnt happen on kali linux
its smooth
do you use the same hypervisor for kali as youre using for remnux and flare?
I deleted windows 10 gotta do everything back
I tried most of the stuff and didnt really work
I also didnt give 60gb so I coujldnt download flarevm
gotta start most of the stuff from the beginning
:skull_sob:
probably, since I'm installing windows 10 again Im going to check everything neatly
so you have your kali vm in virtualbox as well? (where i’m assuming your flare and remnux vms are?)
yep
are you using the same graphics controller for it? should be under settings>expert>display
I'll check it in a moment
lemme take care of the windows 10
then I'll check it out
okay sounds good, and having the VBoxGuestAdditions installed might be part of it but not sure if you were alr able to do that with the other ones
my system crashes while downloading flarevm after a while
tried restarting it with saving
but worked only once
then didnt work
and it keeps doing that
when I click to the vm tab, my mouse gets kicked out of it and it becomes a loop each time I try it
did you disable defender/edr?
I didnt . . .
that'll do it lol
there should be a link to a post about disabling it
in github?
i think it might be in the flare github repo
i think
Ensure the requirements above are satisfied, including:
Disable Windows Updates (at least until installation is finished)
https://www.windowscentral.com/how-stop-updates-installing-automatically-windows-10
Disable Tamper Protection and any Anti-Malware solution (e.g., Windows Defender), preferably via Group Policy.
GPO: https://stackoverflow.com/questions/62174426/how-to-permanently-disable-windows-defender-real-time-protection-with-gpo
Non-GPO - Manual: https://www.maketecheasier.com/permanently-disable-windows-defender-windows-10/
Non-GPO - Automated: https://github.com/ionuttbara/windows-defender-remover
Non-GPO - Semi-Automated (User needs to toggle off Tamper Protection): [https://github.com/AveYo/LeanAndMean/blob/main/ToggleDefender.ps1] (https://github.com/AveYo/LeanAndMean/blob/main/ToggleDefender.ps1)
Windows Central
How to stop automatic updates on Windows 10
Yes, it's possible to disable automatic updates on Windows 10, and in this guide, we'll show you how.
Crystal Crowder
Make Tech Easier
How to Permanently Disable Microsoft Defender - Make Tech Easier
Don't want to be bothered by Microsoft Defender, aka Windows Defender? Learn how to permanently disable it.
GitHub
GitHub - ionuttbara/windows-defender-remover: A tool which is uses ...
A tool which is uses to remove Windows Defender in Windows 8.x, Windows 10 (every version) and Windows 11. - ionuttbara/windows-defender-remover
so, what to do now
should I just close the vm fully
then restart it
and close the antivirus
then continue
uhhh if you took a snapshot before attempting to install flare i would revert back to that
alright
it was progressing for an hour now :skull_sob:
yeah the flare install takes a hot minute
so, do I just disable everything in windows defnder
:AngryCry:
yeah if you follow the steps in those articles it should take care of everything that would cause the flare install to bug out
tysm!
ofc!
is it ok for it to be like this
uhhhhhh i think? iirc it doesnt need to be in any particular directory as long as you can run it
its been an hour and 10 minutes. I don't even know how long this is gonna take :blue_screen:
mine took a few hours ngl
its literally 1 am and I have an exam today
:AngryCry:
i’m sorry!! gl on the exam tho 😅
So, I waited overnight and I think not everything went right. My internet connection was gone and my pc was in sleep mode..
were you able to check in on the vm? there should be a log.txt or something similar either at the same path that the install.ps1 script was ran from or in a folder on the desktop called Flare
Yes but I closed it I hope its saved
you should be good, when you get a chance to check on it lmk, hoping the best for your sake lol
so, I am continuing on the video and Im making a shield to my physical host and letting the other 2 vm interract with each other. But the ips are reverse for me. They are the custom ip that isn't my main ip. But they are reversed. Like one of them is 11.6.5.3 and the other must be 11.6.5.4 but instead the one I set 11.6.5.3 is the other one. Could that get my main host in trouble?
youre talking about setting up the Host-only adapter right? and the two IP addresses are for your Flare and Remnux vms?
yes
the video is 6 hours and the first hour is just creating an experimental lab for ourselves :Bruh:
this is the setup i have for my adapter, and then i believe the two local ip addresses for my vms are 10.0.0.3 and 10.0.0.4. you can always apply that adapter and then try to ping outside of that network to your local or host machine and it should give you a network unreachable message
safety is rule number 1 when playing with malware lol last thing you want is it going where you didnt want it to
yeah it does give an error
okay you should be good as long as your local network isnt reachable from either two machines, i would just say to make sure to watch and follow those safety guidelines very carefully
also make sure shared clipboard and drag and drop are turned off in your virtualbox settings
alright, but I cant reach to internet on my flarevm rn, what to do?
he should go over it in the video, iirc you just make sure youre on a snapshot that hasn't had any detonations on it and temporarily switch it over to the regular network adapter, get the tools or whatever you need downloaded and then switch it back over to the host only adapter
but in general unless youre downloading a new tool or something youll want to keep the flare and remnux machines offline or if youre using inetsim or something similar then you can put them on the host-only adapter network
I have already done that I suppose
good work! the fun stuff comes soon lol
uh it says this
could this be the cause
what are you trying to use OpenVPN for?
no idea
it downloaded anyway
I think it was a bad idea to mark everything 💀
also now I can ping 8.8.8.8
so I think I reversed something from flarevm. . .
check your network adapter and make sure its the one that you created that should look like this one
it looks like that rn
I have done stuff back
let's see if it sgonna work now
then Im going to check if I can pig 8.8.8.8 again
if I can ping it I think I have missed something
theres no internet rn
unidentified network
for me
youre able to ping 8.8.8.8 from your flare VM?
I was able to, now I have done the steps again
but now, I just dont have internet connection in flare vm
so I cant basically open inetsim on flarevm
or download google chrome
do you have the right adapter selected here?
yes
yalnızca : only
host : anamakine
bağdaştırıcı : adapter
and I have only checked adapter 1
okay so you have it set to use your host only adapter right now correct?
yes
youll have to switch it to NAT or bridged to be able to access the internet iirc
wouldnt that let it access to my pc too?
yeah thats why i said this
only switch it to that temporarily if you need to download a tool or something
otherwise keep it offline
I need to inetsim rn
oh
as long as you havent detonated anything on it you should be fine
you also have to do the same too? Or is it just a problem that is caused by my mistake somewhere
switching adapters?
yep
yeah thats just how it works, im not an expert in vm networking by any means but the whole purpose for that host only adapter with the separate local IP space is to prevent it from talking to anything else (your local network which you need to get to the internet)
its never a bad idea if youre about to detonate something to double check by pinging your local network and out to the internet just to be sure
tysm bro, you have saved me. I would've been confused for hours 💀
no problem lol it can be confusing
alright, I will make sure to check it!
I can't make my connection to make it only access to the ip address of my remnux
I have tried it but it doesnt work
what do I do
you switched back to the default adapter and set the adapter type to NAT or bridged right?
i got timed out trying to explain im trying to figure out why then i will try again lol
yup
did you change any settings in "View network connections" > "<adapter_name" > "Properties"?
yes
made it the same as inetsim
10.0.0.4
if you changed your DNS server there or turned off "Internet Protocol Version 4 (TCP/IPv4) it may be the cause
(for me)
yeahhhhh you gotta change that back otherwise its looking on the wrong network for a DNS server
so the video is wrong?
but then when you go to use inetsim youll need to change your DNS server back to 10.0.0.4
not necessarily, just when you want to connect to your local network or the internet, youll need to change that back (set DNS server to default/obtain automatically)
@˚₊‧꒰ა tenshi♡ ୭ৎ you know we see the people that only chat here? :wideskull:
they tried to hide we saw you 🤣
I changed it to 10.0.0.4 but now but it doesnt work. It just tells me to check my internet connection and doesnt direct me into 10.0.04
and I think in the video he means we will need it somewhere
yes so if you want to connect to the internet, youll have to change your adapter and adapter type and that setting to obtain automatically or whatever DNS server you prefer, but when you go to use INetSim, youll want to change back to your host-only adapter and change your DNS server to 10.0.0.4
ok
I understand that but when I go to use INetSim, I change it to host-only adapter and change my dns server to 10.0.0.4, it doesnt work like in the video
how so?
no idea :skull_sob:
INetSim should just return a default response/IP address for all requests, it doesnt actually let you access the internet
so if when youre on the host-only adapter network, both the remnux and flare machines, and perhaps you do
ping google.com
it should return a response from 10.0.0.4yes
it does
and youre running that from the flarevm?
yes
okay was there anything else that wasnt working? iirc there is a setting that you have to change in inetsim config file but i think the video goes over that
nope, everything works fine except the redirection to 10.0.0.4
what do you mean sorry?
so, do I just go on?
when I go to a random website
like asdasdasd.com
it redirects me into 10.0.0.4 at least thats wha the ssaid in the video
but for me, that doesnt work
and tells me "this site can't be reached"
1 sec let me start mine up
okay i think i found the issue, i completely forgot having it when i was getting mine set up. run 2 commands for me:
ifconfig
and
ip link show
theres probably one interface similar to enp0s17 that will show up in the ip link show output that you wont see in ifconfig
whatever the name of that other interface is, you'll want to do
sudo dhclient <interface_name>
and then start inetsim againits enp0s3
okay so youll want to do
sudo dhclient enp0s3
and then restart INetSimits done
site cant be reached you can check your cinternet connection or check the proxy and firewall
it says that
do I need an internet connection just to reach to that ip?
no you should be on the same network as long as both adapters are on
hold up doing some more testing on my end
Im already on the same network and its the #2 one
both are only host adapter stuff
when you run inetsim are you getting this in the output?
Couldn't create UDP socket: Address already in use at /usr/share/perl5/INetSim/DNS.pm line 36 ?
any update? just fixed it on my end but thats the issue i was havingNope, is that really important for me to not continue and fix it?
Ima sleep... I will make sure to update after school! Thank you so much for your helps, have a nice day:OwO:
no problem, sorry it can be a pain to get set up but hope we can get it working for you!
You've tried your best, I'm thankful for your helps, I hope we find a way to achieve that
bros are still trying to get remnux to work
just use flare atp
:Meow_blub:
trying to use flare + remnux to run internet simulation to capture outbound calls
inetsim can kinda be a pain in the ass, i dont use it much day to day but the coursework uses it
went to go start it again and mine was broke too lmao had to fix but seems like theyre having another issue
insert "its always DNS" joke here
Im using a vpn on my physical computer, could that be the cause?
My country banned discord btw:AngryCry:
dang that’s rough, i don’t think so though it shouldn’t affect your local network just public
are you able to
wget http://10.0.0.4
from your flare vm? it should give you the HTML of the default INetSim pageIma check it when Im home
Gotta take a while
I think I'll skip my class today, this looks way better
If I fix that, I'll finally have a place to cook and start the main course
i have a feeling its a dns issue, if you were able to ping the remnux machine directly then that would be my first guess
I can't wget it
could it be something
from remnux
you can ping the ip of remnux from flare though right?
yup
just tried it
use cmder instead of powershell and try
wget http://10.0.0.4it doesnt see it as a command
in cmder?
yes
wget isnt a batch file or an internal command
does curl work?
or iwr in powershell
curl works btw
okay so its giving you the content of the default inetsim html page with curl?
yes
but when you go into a browser and try looking up any site it tells you site cant be reached
yes
nice ok
you changed your IPv4 properties in windows back to use 10.0.0.4 as DNS right?
yes
can you try
nslookup google.com
on flare?
the nameserver should be 10.0.0.4 but im really thinking something is wrong with DNS on inetsim
it's like that
youre using chrome as your browser in flare right?
yes
google chrome
try going to
chrome://settings/security
and look for "Secure DNS", "DoH", or "DNS over HTTPS" and make sure its turned off
im using firefox so im not sure if thats why but regular dns seems to be working so its prolly a browser issueI might just use firefox and try it
uh
I cant use google
like
even with internet
everything becomes cant reached
did you change DNS server?
fixed it to auto
and changed adapter and adapter type back to main adapter and bridged/NAT?
yes
bruh
what happens if you try to ping google now
works
but browser doesn't?
yes
try edge maybe?
firefox doesnt work
edge doesnt work either
what do I do
when youre pinging google youre not getting response from 10.0.0.4 right
just want to make sure youre actually connected to internet
yes
I am
Im truly sorry for the late response
harsh day
studied at home
no problem, do you have a snapshot of your base flare install? might be easier to just revert back to that if you were able to get that connected to the internet and the inetsim network
I don't probably
lemme check
I actually do
flarevm - base
I might just revert it
yeah thats probably your best bet to be honest, not sure if something got messed up in the interim but if you can just revert back to one you know works i would start there
then just whenever youre switching between make sure you change you adapter, adapter settings, IPv4 settings in flare and then double check your inetsim.conf file in flare and make sure its the same as he has in the video
I know I'm asking this way too late but, what will be the advantages of learning malware analysis?
Tbh, I might just download flare again
Could be something about the downloading
Bc I remember I saw smth about inetsim in logs
there should be an install log either on the desktop or in tools or flare folder wherever you ran install script from
at larger orgs, it could be your sole responsibility to do this, otherwise it can be a really good skill as a blue/purple teamer when you come across it in the wild or for adversary emulation
at larger orgs, it could be your sole responsibility to do this, otherwise it can be a really good skill as a blue/purple teamer when you come across it in the wild or for adversary emulation