Art of Exploitation

Introduction

VMware Fusion Pro stands out as one of the top virtualization software options for both Intel and Silicon-based Macs. It allows users to create virtual machines tailored to their specific needs. Often, users may require their virtual machines to utilize a custom DNS nameserver IP address automatically, without the need to manually edit the /etc/resolv.conf file within each VM.

This guide will walk you through the process of setting up a DNS server using a Fedora 40 VM on ARM architecture and modifying VMware Fusion’s DHCP configuration to point to the Fedora VM’s IP address as the primary DNS nameserver.

Prerequisites

• VMware Fusion Pro Installation: Ensure VMware Fusion Pro is installed on your Mac. You can refer to the previous post titled VMware Fusion Pro for Apple Silicon for Free for detailed installation steps.
• Fedora 40 Workstation ARM ISO: Download the Fedora 40 Workstation ARM ISO file.

Let’s Start the Process

Video Tutorial for Better Understanding

For those who prefer visual learning, a comprehensive video tutorial is available on YouTube. The video walks you through each step of setting up the custom DNS nameserver in VMware Fusion Pro. By watching the tutorial, you can follow along and ensure you’re correctly configuring your environment.

Creating the DNS Server

• Start by downloading the Fedora Workstation 40 ARM ISO.

$ wget -c wget -c https://mirrors.xtom.hk/fedora/releases/40/Workstation/aarch64/iso/Fedora-Workstation-Live-osb-40-1.14.aarch64.iso

• Create a new virtual machine using this ISO. After booting the VM, proceed with the Fedora installation using the default configurations.
• Once Fedora is installed, follow these steps to disable the systemd-resolved service to avoid it from managing the /etc/resolv.conf file.

// Stop and disbale the systemd-resolved service as it listens on port 53 and manages the /etc/resolv.conf file.
$ sudo systemctl stop systemd-resolved
$ sudo systemctl disable systemd-resolved
// Remove the soft link for /etc/resolv.conf file created by the systemd-resolved service.
$ sudo unlink /etc/resolv.conf
// Manually create /etc/resolv.conf file and specify Google DNS IP for the time being to resolve the URLs
$ sudo vi /etc/resolv.conf
nameserver 8.8.8.8

• Configure dnsmasq to answer DNS queries related to “example.com” domain.

// Install the dnsmasq package and start the service.
$ sudo yum install dnsmasq -y
$ sudo systemctl start dnsmasq
$ sudo systemctl enable dnsmasq
$ sudo systemctl status dnsmasq

• Before making changes, back up the original /etc/dnsmasq.conf file and create a new configuration file from scratch to handle DNS queries.

$ sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig
// The below configuration make sures that dnsmasq service is using the VM's primary NIC ens160 and it's IP address 192.168.117.129. Also, the "address" line indicates that any DNS queries ending with "example.com" will be answered with 192.168.117.130 IP address and "server" paramater ensures that any other queries will be forwarded to Google DNS i.e. 8.8.8.8 and 8.8.4.4 nameservers.
$ sudo vi /etc/dnsmasq.conf
user=dnsmasq
group=dnsmasq
interface=ens160
listen-address=::1,127.0.0.1,192.168.117.129
local-service=host
expand-hosts
domain=example.com
server=8.8.8.8
server=8.8.4.4
address=/example.com/192.168.117.130
conf-dir=/etc/dnsmasq.d,.rpmnew,.rpmsave,.rpmorig

• Update the /etc/resolv.conf file to use nameserver 127.0.0.1. Then, allow DNS traffic through the firewall using the firewall-cmd command.

$ sudo dnsmasq --test
dnsmasq: syntax check OK.
$ sudo vi /etc/resolv.conf
nameserver 127.0.0.1
$ sudo chattr +i /etc/resolv.conf
$ sudo lsattr /etc/resolv.conf
----i----------------m /etc/resolv.conf
$ sudo systemctl restart dnsmasq
$ sudo firewall-cmd --add-service=dns --permanent
$ sudo firewall-cmd --add-service=dhcp --permanent
$ sudo firewall-cmd --reload
$ nslookup api.ayush.example.com 192.168.117.129
Server:		192.168.117.129
Address:	192.168.117.129#53
Name:	api.ayush.example.com
Address: 192.168.117.130

Modifying VMware Fusion DHCP for Custom DNS

• Open the Terminal on your Mac and navigate to the /Library/Preferences/VMware\ Fusion/vmnet8/ directory and edit the dhcpd.conf file, specify the Fedora VM’s IP address for the following lines:
  • option domain-name-servers
  • option netbios-name-servers

$ cd /Library/Preferences/VMware\ Fusion/vmnet8/
$ vi dhcpd.conf
# Configuration file for ISC 2.0 vmnet-dhcpd operating on vmnet8.
#
# This file was automatically generated by the VMware configuration program.
# See Instructions below if you want to modify it.
#
# We set domain-name-servers to make some DHCP clients happy
# (dhclient as configured in SuSE, TurboLinux, etc.).
# We also supply a domain name to make pump (Red Hat 6.x) happy.
#
###### VMNET DHCP Configuration. Start of "DO NOT MODIFY SECTION" #####
# Modification Instructions: This section of the configuration file contains
# information generated by the configuration program. Do not modify this
# section.
# You are free to modify everything else. Also, this section must start
# on a new line
# This file will get backed up with a different name in the same directory
# if this section is edited and you try to configure DHCP again.
# Written at: 08/21/2024 22:21:16
allow unknown-clients;
default-lease-time 1800;                # default is 30 minutes
max-lease-time 7200;                    # default is 2 hours
subnet 192.168.117.0 netmask 255.255.255.0 {
	range 192.168.117.128 192.168.117.254;
	option broadcast-address 192.168.117.255;
	option domain-name-servers 192.168.117.129;
	option domain-name localdomain;
	default-lease-time 1800;                # default is 30 minutes
	max-lease-time 7200;                    # default is 2 hours
	option netbios-name-servers 192.168.117.129;
	option routers 192.168.117.2;
}
host vmnet8 {
	hardware ethernet 00:50:56:C0:00:08;
	fixed-address 192.168.117.1;
	option domain-name-servers 0.0.0.0;
	option domain-name "";
	option routers 0.0.0.0;
}
####### VMNET DHCP Configuration. End of "DO NOT MODIFY SECTION" #######

• To apply the changes, restart the network-related services for VMware Fusion.

$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --stop
$ sudo /Applications/VMware\ Fusion.app/Contents/Library/vmnet-cli --start

Conclusion

By following these steps, any new virtual machines created in VMware Fusion will automatically route their DNS queries to the custom DNS server you configured on the Fedora VM. This setup eliminates the need to manually adjust DNS settings for each virtual machine, streamlining the process and ensuring consistency across your network.