Summary
While studying for my OSCP I used various platforms to help me prepare for the exam such as Hack the Box and Pentester Labs. The only issue is that they all costed money for the features I was wanting to access. One of the free and open services I used to help me study was Vulnhub. I wanted a way to take the VMs from VulnHub and practice my pentesting skills and methodology with ease of setup on Proxmox. So I created a tool called ProxKube that will setup the VMs that I downloaded from from VulnHub and set it up automatically on Proxmox. The reason I named it ProxKube was because its similarity to Kubernetes in the sense that you can orchestrate the automation deployment and scaling VMs.
Info
If you aren’t already familiar with VulnHub its a site where people can upload vulnerable VM images to host using VirtualBox, VMware, or some kind of other hypervisor.
Issue
The issue was that many of the VMs on VulnHub are built only for VMware and in my case I use Proxmox in my home lab which doesn’t allow you to easily import .ova files. Now many of you may say “why don’t you just use Virtualbox on your personal desktop or laptop”. Well the reason I didn’t just use Virtualbox or a similar solution is because at the time I didn’t have a strong PC with a ton of storage to download a lot of VMs. So instead I used a spare computer to host a bunch of VulnHub VMs.
After doing some research on the Proxmox forums I figured out with some command line magic you can make .ova files work in Proxmox. This issue with this is that I wanted a “one click” way of setting up the VM for me. I also wanted a way to take a bunch of VMs from VulnHub and have it all configured on Proxmox for me so I can focus on studying. The reason I decided to host a bunch of VulnHub VMs was because I could use these VMs to setup a mock OSCP exam with the VulnHub machines and time myself.
The only way you can make VulnHub VMs to work on Proxmox is to untar the .ova file then read through the configuration file (.vmx, .ovf, ect.) in order to figure out how to setup the virtual machine. You would also need to have a good understanding of where the VM files are stored on Proxmox so you can replace the proper files
Solution
It was such a hassle to download each VM from VulnHub and take the time to configure each of the machines individually. So I created a python script that can be used on the Proxmox host machine that will take each of the VulnHub VM images and extract, rename, and parse the appropriate files to convert and create the VMs in a matter of a couple minutes to give your self a quick and easy pentest lab.
You can find a copy of this project on my Github here: ProxKube