How To Build A Vulnerable Machine: Planning
4 min read
What's Up? In this series of articles, I will be documenting the basics of building vulnerable machines. Machines you can submit to HTB, THM, Offsec UGC, etc. As the series gets deeper, we will start configuring more complex services and vulnerabilities.
With our first machine, we learn how to configure and exploit the following technologies and services:
FTP, SSH, Apache2
32 Bit LSB Binary Exploitation
Misconfigured SUID Binary
We will be building our machines with VirtualBox and Vagrant. So for whatever operating system you are currently using, get both of those installed and follow along.
Getting Started With Vagrant
The video related to this part can be found here
This lab build will be done using vagrant and virtualbox on a windows host. You can download vagrant here and virtualbox here. The installation is pretty simple so get that done.
Make the directory you would like to work in and initialize it with vagrant. You can pick whichever version of Ubuntu you would like to use, but in this case we will be using Ubuntu 18 which is Bionic64.
To initialize the working directory you can run
vagrant init ubuntu/bionic64. Here is a list of a couple of vagrant commands that may come in handy.
vagrant init: initialize the directory and generate vagrant files vagrant up: spin up the virtual machine vagrant ssh: ssh into the new created virtual machine as the vagrant user vagrant halt: shut down the machine vagrant destroy: destroy the virtual machine
Open the entire directory using the desired text editor of choice. The
Vagrantfile is the main configuration file that we will be working with. It is initially full of a lot of random things which I remove and use the following template:
# -*- mode: ruby -*- # vi: set ft=ruby : Vagrant.configure("2") do |config| # Box Settigs config.vm.box = "ubuntu/bionic64" # machine image config.vm.hostname = "naruto" # hostname # Provider settings config.vm.provider "virtualbox" do |vb| # vb.memory = 3048 # vb.cpus = 2 end # Network Settings # config.vm.network "forwarded_port", guest: 80, host: 8080 # config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1" config.vm.network "private_network", ip: "192.168.56.10" # this gives it a static IP to work with #config.vm.network "public_network" # Folder settings config.vm.synced_folder "./data", "/root/data", :mount_options => ["dmode=777", "fmode=666"] # Provision settings # config.vm.provision "shell", inline: <<-SHELL # apt-get update # apt-get install -y apache2 # SHELL config.vm.provision "shell", path: "./data/install.sh" end
Create a directory and name it
data. This is the directory we will be using to house our installation script and any other scripts or binaries we may want to move to our newly created VM. It will be mounted to
/root/data of the newly created VM, and the contents copied to their respective places and
root/data will be deleted. All this will take place at a later stage.
config.vm.provision "shell", path: "./data/install.sh" specifies our installation script in which we will put all our installation commands. So create the file
install.sh in the
/data directory you created.
All of these files and directories we are creating are on your local machine
After creating the
install.sh file, enter the following contents into it.
# installation commands for the vulnerable machine naruto # do not run this machine in your local network without monitoring it echo -e "\e[1;31m updating repos \e[0m" apt update echo -e "\e[1;31m installing apache \e[0m" apt install -y apache2
Save the file and run the command
vagrant up to spin up a new VM and it will have
Apache2 running on it. This can be confirmed by visiting the given IP address
192.168.56.10 in the browser.
The trick with the installation script is to first ssh into the created VM and run whatever command you want to add to the script on the machine first. If it works without any problems then we add it to the script. This will save time when spinning up the machine each time you destroy it.
Take note that this article will continually be updated as the YouTube playlist gets longer