Disclosure: None of the products mentioned in this post were provided gratis or at a discount, and I receive no compensation for anything I’ve written here.
For part 1 of this little adventure, click here.
With my Raspberry Pi booting successfully into ESXi, it was time to start setting up VMs. Part of my original motivation for this experiment was to make the Workstation VMs I’m using for The Cyber Mentor’s Practical Ethical Hacking course available on my network, rather than being trapped on my laptop. As well, I’ve been looking at a few different blue-team training resources, and having a system where I can isolate some VMs would be super handy.
The two VMs on my machine are the Kali Linux configuration recommended by TCM, and Kioptrix Level 1. For those unfamiliar with either, Kali Linux is a distribution designed for various kinds of penetration testing work, while Kioptrix is a series of intentionally-vulnerable machines to practice against.
I decided to start with the Kioptrix VM, since its resource requirement are quite low; after all, this is going on a Pi, not a big bare-metal server. I knew that there would be some changes required, since Workstation is a Level 2 hypervisor, whereas ESXi is a Level 1 (for more on the difference, see this post). I cloned the VM, reconfigured the clone to be compatible with a recent version of ESX, connected to the server, and sent it on its merry way.
Then, I hit this:
After trying a few different configurations, and even re-downloading the VM, I decided to shift gears to my Kali VM. This time, the VM seemed to transfer over just fine, but when I tried to boot it up, it was stuck in a loop at the bootloader.
Eventually, the problem dawned on me – different architectures!
Both of these VMs were pre-built, and worked on my Windows laptop, which means that they were built using a system using an x86 CPU. The Raspberry Pi, on the other hand, uses an ARM-based CPU (for more on the difference, see this post). Neither of these VMs would ever work on my Pi!
In the end, I was able to manually create a Kali VM on the Raspberry Pi, using the Mac M1 ISO image. The GUI is a bit slow to respond, but considering the relative lack of resources, plus the fact that I access it via a browser session, overall I consider this experiment a qualified success.
Originally, I had expected that this would be the last post in this series. However, this experience helped me realize that there is a distinct lack of vulnerable VMs pre-built on the ARM architecture. I have some other projects that need to be attended to, and building an ARM-based vulnerable VM is going to be near the top of my backlog. Stay tuned!