Skip to content

Latest commit

 

History

History
182 lines (152 loc) · 6.85 KB

File metadata and controls

182 lines (152 loc) · 6.85 KB

Setting Up the Environment

We will be using vagrant to standardise the environment so following the lesson plan is easy. The Vagrantfile will provision the appropriate pre-requisites but please go through this document to get an understanding of the steps required to prepare the testing environment.

Mandatory Steps

First, install vagrant and virtualbox. Vagrant can be downloaded from this link. Virtualbox can be downloaded from here.

Next, clone the repository onto your host machine. If you have messed up somewhere along the course and want to revert the state of the repository, just delete the entire directory and perform this step again.

amon@bethany:~$ git clone https://github.com/nnamon/linux-exploitation-course.git
Cloning into 'linux-exploitation-course'...
remote: Counting objects: 19, done.
remote: Compressing objects: 100% (14/14), done.
remote: Total 19 (delta 2), reused 15 (delta 1), pack-reused 0
Unpacking objects: 100% (19/19), done.
Checking connectivity... done.
amon@bethany:~$

Now, bring the vagrant box up.

amon@bethany:~/sproink/linux-exploitation-course$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'ubuntu/xenial64'...
==> default: Matching MAC address for NAT networking...
==> default: Checking if box 'ubuntu/xenial64' is up to date...
==> default: Setting the name of the VM: linux-exploitation-course_default_1483872823092_95278
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: ubuntu
    default: SSH auth method: password
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
... snip ...

Once the provisioning finishes, you can ssh into the vagrant box.

amon@bethany:~/linux-exploitation-course$ vagrant ssh
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-57-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.


ubuntu@ubuntu-xenial:~$ ls -la
total 28
drwxr-xr-x 4 ubuntu ubuntu 4096 Jan  8 10:54 .
drwxr-xr-x 3 root   root   4096 Jan  8 10:54 ..
-rw-r--r-- 1 ubuntu ubuntu  220 Aug 31  2015 .bash_logout
-rw-r--r-- 1 ubuntu ubuntu 3771 Aug 31  2015 .bashrc
drwx------ 2 ubuntu ubuntu 4096 Jan  8 10:54 .cache
-rw-r--r-- 1 ubuntu ubuntu  655 Jun 24  2016 .profile
drwx------ 2 ubuntu ubuntu 4096 Jan  8 10:54 .ssh
-rw-r--r-- 1 ubuntu ubuntu    0 Jan  8 10:54 .sudo_as_admin_successful
ubuntu@ubuntu-xenial:~$

The course repository directory you clone previously will be mounted at /vagrant so you can use your preferred text editor.

Now, we need to start the docker containers for the exercises you will be working on. To do this, perform the following steps:

ubuntu@ubuntu-xenial:/vagrant$ ./builddocker.sh
Building lessons/3_intro_to_tools/services/gdbreversing
Sending build context to Docker daemon 16.38 kB
Step 1 : FROM ubuntu:latest
 ---> 104bec311bcd
 ... snip ...
Step 17 : CMD /usr/sbin/xinetd -d
 ---> Using cache
 ---> 257fc44d2439
Successfully built 257fc44d2439
ubuntu@ubuntu-xenial:/vagrant$ ./deploydocker.sh
Stopping all docker containers.
b70d9d49b7b9
... snip ...
432be332c15e037a3b0c2bc7465db673e8777bce0b0fe823cfbc8161eeeaf066
ubuntu@ubuntu-xenial:/vagrant$

You do not need to rebuild the docker containers after you have built them once but you may need to redeploy the docker containers if you restart the machine.

Windows Users

For Windows users there are two options:

  1. Start a virtual machine containing Ubuntu 16.04 and run the provisioning script found below. Next, manually clone the course repository into the machine. Note that directory locations may be different from the code listings in the course if you go down this route. The choice of virtualisation software you choose is up to you.
  2. Install Vagrant and Virtualbox for Windows. This allows you to follow the instructions above almost identically.

One caveat with Option 2 is that your Windows Installation might not have SSH installed previously. When you invoke vagrant ssh, you might receive a message as follows:

D:\linux-exploitation-course>vagrant ssh
`ssh` executable not found in any directories in the %PATH% variable. Is an
SSH client installed? Try installing Cygwin, MinGW or Git, all of which
contain an SSH client. Or use your favorite SSH client with the following
authentication information shown below:

Host: 127.0.0.1
Port: 2222
Username: ubuntu
Private key:
D:/linux-exploitation-course/.vagrant/machines/default/virtualbox/private_key

In that case, simply follow the instructions to SSH into the newly provisioned system with an SSH client of your choice such as Putty or SmarTTY.

What Was Installed?

This is the entire provisioning script:

#!/bin/bash
dpkg --add-architecture i386
cp /etc/apt/sources.list /etc/apt/sources.list.old
sed -i -e 's/archive\.ubuntu\.com/mirror\.0x\.sg/g' /etc/apt/sources.list
apt-get update
apt-get install -y libc6:i386 libncurses5:i386 libstdc++6:i386 gdb python python-pip libssl-dev gcc git binutils socat apt-transport-https ca-certificates libc6-dev-i386 python-capstone libffi-dev
hash -r
pip install --upgrade pip
pip install ropgadget
pip install pwntools
pip install ipython
pip install ropper
git clone https://github.com/longld/peda.git /home/ubuntu/peda
echo "source ~/peda/peda.py" >> /home/ubuntu/.gdbinit
git clone https://github.com/niklasb/libc-database.git /home/ubuntu/libc-database
cd /home/ubuntu/libc-database
/home/ubuntu/libc-database/add /lib/i386-linux-gnu/libc.so.6
/home/ubuntu/libc-database/add /lib/x86_64-linux-gnu/libc.so.6
apt-key adv --keyserver hkp://ha.pool.sks-keyservers.net:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D
echo "deb https://apt.dockerproject.org/repo ubuntu-xenial main" | tee /etc/apt/sources.list.d/docker.list
apt-get update
apt-get install -y linux-image-extra-$(uname -r) linux-image-extra-virtual
apt-get install -y docker-engine
groupadd docker
usermod -aG docker ubuntu
service docker start

If you used vagrant to bring the machine up, this should have been done for you.