Pen-Test Lab PART 2 - Installing a Windows VM on QEMU/KVM

This guide will walk you through installing a Windows virtual machine with QEMU/KVM and setting up the necessary drivers for enhanced functionality like copy/paste, shared folders, and better performance.

Prerequisites

Before starting, make sure you have:
- A Windows ISO file (Windows 10 or 11)
- You can download Windows 10 ISO from the official Microsoft website:
https://www.microsoft.com/en-ca/software-download/windows10ISO
- The VirtIO drivers ISO (essential for optimal performance)

Step 1: Download VirtIO Drivers

Windows guests need special drivers for optimal performance with KVM. The VirtIO drivers provide this functionality:

# Create the directory structure if it doesn't exist
mkdir -p ~/ISO/Windows

# Download the latest stable VirtIO drivers
wget https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso -O ~/ISO/Windows/virtio-win.iso

Alternatively, if you already have the VirtIO drivers ISO in your Downloads folder, you can move it to your organized location:

# Move the ISO files if needed
mv ~/Downloads/virtio-win.iso ~/ISO/Windows/
mv ~/Downloads/Win10_22H2_English_x64v1.iso ~/ISO/Windows/

Step 2: Create the Windows VM

sudo virt-install \
  --name windows-vm \
  --memory 4096 \
  --vcpus 2 \
  --cpu host \
  --disk size=50 \
  --disk ~/ISO/Windows/virtio-win.iso,device=cdrom,bus=sata \
  --cdrom ~/ISO/Windows/Win10_22H2_English_x64v1.iso \
  --os-variant win10 \
  --graphics spice \
  --channel spicevmc \
  --video qxl \
  --features hyperv_relaxed=on,hyperv_vapic=on,hyperv_spinlocks=on,hyperv_spinlocks_retries=8191

If you're not sure about the correct --os-variant parameter, install libosinfo-bin and check available options:

sudo apt install libosinfo-bin
osinfo-query os | grep -i windows

Connecting to Your Windows VM

After starting the VM, you can connect to it in several ways:

Using virt-viewer (Recommended)

virt-viewer --connect qemu:///system windows-vm

Using Cockpit's Web Interface

1. Access Cockpit at https://localhost:9090
2. Navigate to Virtual Machines
3. Click on your Windows VM
4. Click "Console" to connect

If Cockpit downloads a file instead of opening the console directly:

1. Make sure you have virt-viewer installed:

sudo apt install virt-viewer

1. Open the downloaded file (usually named "download" or with a .vv extension) using:

remote-viewer ~/Downloads/download

Or simply double-click the file in your file manager.

Step 3: Install Windows

1. Connect to your VM using one of the methods described above.

2. Proceed with the Windows installation normally until you reach the disk selection screen.

3. At the disk selection screen, you won't see any disks because Windows doesn't have the VirtIO drivers by default. Click "Load driver" and navigate to the VirtIO ISO:

4. Browse to the VirtIO CD-ROM drive
5. Navigate to viostor\w10\amd64 (for Windows 10/11 64-bit)

6. Select and install the disk driver

7. After the driver installs, you should see your virtual disk. Continue the Windows installation normally.

Step 4: Install VirtIO Drivers in Windows

After Windows is installed:

1. Open File Explorer in your Windows VM
2. Navigate to the VirtIO CD-ROM drive (usually the second CD drive)
3. Find and run the virtio-win-guest-tools.exe installer
4. Follow the installation wizard
5. Restart your VM when prompted

This single installer package will install all the necessary drivers:
- Storage drivers (viostor)
- Network drivers (NetKVM)
- Memory balloon driver
- Serial drivers
- Input drivers
- SPICE guest agent (for clipboard sharing and mouse integration)
- QXL display driver

After restarting, you should have:
- Properly functioning hardware with all drivers installed
- Working clipboard sharing between host and guest
- Seamless mouse integration
- Better overall VM performance

Step 5: Enable Enhanced Session Mode (Optional)

For an "RDP-like" experience with redirection of local resources:

sudo apt install -y ovmf

Then edit the VM configuration:

sudo virsh edit windows-vm

Add or modify these sections:

<features>
  ...
  <hyperv>
    <relaxed state='on'/>
    <vapic state='on'/>
    <spinlocks state='on' retries='8191'/>
    <vendor_id state='on' value='1234567890ab'/>
  </hyperv>
  ...
</features>

Step 6: Set Up Shared Folders (Optional)

For sharing files between your host and Windows VM:

1. Install Samba on your host:

sudo apt install -y samba

1. Create a directory to share:

mkdir ~/vm-shared

1. Configure Samba by editing /etc/samba/smb.conf:

sudo nano /etc/samba/smb.conf

1. Add this at the end:

[vm-shared]
path = /home/yourusername/vm-shared
browseable = yes
read only = no
guest ok = yes
create mask = 0755

1. Set a Samba password for your user:

sudo smbpasswd -a yourusername

1. Restart Samba:

sudo systemctl restart smbd

1. In the Windows VM, open File Explorer, right-click on "This PC" and select "Map network drive"
2. Enter \\your-host-ip\vm-shared and check "Reconnect at sign-in"

Managing VM Disk Locations

If you need to move your ISO files to a different location after creating the VM:

Option 1: Using Cockpit

1. Access Cockpit at https://localhost:9090
2. Go to Virtual Machines
3. Select your Windows VM
4. Go to the "Disks" tab
5. Click "Edit" next to each CD-ROM
6. Update the file path and click "Save"

Option 2: Using the Command Line

# Shutdown the VM first
sudo virsh shutdown windows-vm

# Edit the VM configuration
sudo virsh edit windows-vm

Find the <disk> sections with device='cdrom' and update the paths in the <source file='...'/> elements to match your new locations.

For example, change:

<source file='/home/<USER>/Downloads/Win10_22H2_English_x64v1.iso'/>

To:

<source file='/home/<USER>/ISO/Windows/Win10_22H2_English_x64v1.iso'/>

Save the file and start the VM:

sudo virsh start windows-vm

Performance Optimization Tips

1. Make sure you're using virtio disk drivers for best disk performance
2. Use the QXL video driver for best graphics performance with SPICE
3. Add the following to your VM configuration for better CPU performance:

sudo virsh edit windows-vm

Look for the <cpu> section and ensure it includes:

<cpu mode='host-passthrough'>
  <topology sockets='1' cores='2' threads='1'/>
</cpu>

1. For better 3D performance, consider using VirtGL/SPICE GL passthrough

sudo apt install -y virtgl

1. Add more memory and CPU cores if your host has the resources:

sudo virsh setmaxmem windows-vm 8G --config
sudo virsh setmem windows-vm 8G --config
sudo virsh setvcpus windows-vm 4 --maximum --config
sudo virsh setvcpus windows-vm 4 --config

Troubleshooting

Copy/Paste Not Working

1. Make sure the VirtIO guest tools are completely installed
2. Verify the spice-vdagentd service is running in Windows
3. Try restarting the VM

Poor Performance

1. Ensure all VirtIO drivers are installed in Windows
2. Check your VM configuration to ensure you're using virtio disks and networking
3. Consider adding more resources (RAM, CPU) to the VM

Mouse Integration Problems

1. Make sure VirtIO guest tools are properly installed
2. Try toggling the mouse grab with Ctrl+Alt

Remember to use the VM service script from the main tutorial to start all necessary services before launching your Windows VM:

vm-start