I've read some tutorials which tell you to create your Kali VM using a host-only for one adapter and then either bridged or NAT mode for the other. What's the benefit/downside of bridged vs NAT in this scenario?
I'll take the question from a penetration testing angle.
The biggest downside of running NAT (in its standard configuration) is that you cannot get connections back from other systems and are on a different network(broadcast traffic). In my normal workflow this would stop me using reverse shells or launching spoofing attacks (thing smbrelay/responder).
Kali, like most pen testing distros are not built with security in mind. I would often setup a host only network with SSH enabled and use that to connect to the kali box to perform any testing that required Kali, minimizing the likelihood of attacks against my box and allowing me to use rubbish passwords.
My normal configuration was 1 host-only network and 1 bridged network, just be sure to bind your services to the right ones.
If I'm understanding wizzy correctly, he's saying that he setups a ssh connection/proxy from his 'main' box to his 'kali' box. He is then able to use tools inside of kali and point them towards the ssh proxy, to have them come out through his 'main' box connection. This prevents individuals from directly attacking his 'kali' instance, as they would have to either compromise his 'main' box, or be able to send back packets across the same connections he initiates from within kali, to successfully traverse the NAT 'firewall' to directly attack his 'kali' box.
For verification in VMware Workstation, select the target VM, then from the menu, click: VM -> Settings -> Network Adapter.
Almost, i have 1 adapter connected in bridged mode but am very selective about what services I bind to it. This is so I can perform attacks like LLMNR poisoning or collect reverse_shells. This prevents them from attacking anything i am using to control the Kali box (like ssh).
You could selectively forward ports from the host and run the VM in host-only or NAT, but this just adds to complexity with little gains.
Anything i use to connect to the Kali box that isn't part of an "attack tool" I will bind to a host only interface. This includes ssh, which i enable because i don't like working in the kali gui. This stops anyone being able to attack these interfaces, particularly important if you use a pre-installed image where ssh keys etc are default (you could regenerate them?).
With metasploit you set the LHOST, with responder you set the interface. Most tools will allow you to choose the interface to bind to. SSH etc can be configured in the settings.
wizzy
I'll take the question from a penetration testing angle.
The biggest downside of running NAT (in its standard configuration) is that you cannot get connections back from other systems and are on a different network(broadcast traffic). In my normal workflow this would stop me using reverse shells or launching spoofing attacks (thing smbrelay/responder).
Kali, like most pen testing distros are not built with security in mind. I would often setup a host only network with SSH enabled and use that to connect to the kali box to perform any testing that required Kali, minimizing the likelihood of attacks against my box and allowing me to use rubbish passwords.
My normal configuration was 1 host-only network and 1 bridged network, just be sure to bind your services to the right ones.