Vagrant Hack Box
For about a year I’ve been using Vagrant for web development and was thinking if it was possible to weaponize a Vagrant box. Below is my attempt to explain my process of building this “Vagrant Hack Box”.
My host OS is Fedora 26, a Linux distribution. I have used Vagrant before on Windows and it works, this guide is however focused on a Linux host.
After installing all the required tools we can start by setting up the “vagrant hacker box”. First thing to do is add the
debian/jessie64 vagrant box. I will use this as base for the hack box.
[[email protected] ~]$ vagrant box add debian/jessie64 ==> box: Loading metadata for box 'debian/jessie64' box: URL: https://vagrantcloud.com/debian/jessie64 ==> box: Adding box 'debian/jessie64' (v8.10.0) for provider: virtualbox box: Downloading: https://vagrantcloud.com/debian/boxes/jessie64/versions/8.10.0/providers/virtualbox.box ==> box: Successfully added box 'debian/jessie64' (v8.10.0) for 'virtualbox'!
It might take a while depending on your internet connection, this is a one time process. When this is done create a new directory to host the files needed.
[[email protected] ~]$ mkdir -p debian-jessie [[email protected] ~]$ cd debian-jessie/
Run the following vagrant command in the directory we created:
[[email protected] debian-jessie]$ vagrant init debian/jessie64 A `Vagrantfile` has been placed in this directory. You are now ready to `vagrant up` your first virtual environment! Please read the comments in the Vagrantfile as well as documentation on `vagrantup.com` for more information on using Vagrant.
This will create the Vagrantfile, containing configuration information for the VM. This includes the type of VM software used and the amount of RAM assigned to this machine.
When this file is created you can bring the machine to life with the command
[[email protected] debian-jessie]$ vagrant up Bringing machine 'default' up with 'virtualbox' provider... ==> default: Importing base box 'debian/jessie64'... ==> default: Matching MAC address for NAT networking... ==> default: Checking if box 'debian/jessie64' is up to date... ==> default: Setting the name of the VM: debian-jessie_default_1520693574644_70052 ==> default: Clearing any previously set network interfaces... ==> default: Preparing network interfaces based on configuration... default: Adapter 1: nat ==> default: Forwarding ports... default: 22 (guest) => 2222 (host) (adapter 1) ==> default: Running 'pre-boot' VM customizations... ==> default: Booting VM... ==> default: Waiting for machine to boot. This may take a few minutes... default: SSH address: 127.0.0.1:2222 default: SSH username: vagrant default: SSH auth method: private key default: default: Vagrant insecure key detected. Vagrant will automatically replace default: this with a newly generated keypair for better security. default: default: Inserting generated public key within guest... default: Removing insecure key from the guest if it's present... default: Key inserted! Disconnecting and reconnecting using new SSH key... ==> default: Machine booted and ready! ==> default: Checking for guest additions in VM... default: No guest additions were detected on the base box for this VM! Guest default: additions are required for forwarded ports, shared folders, host only default: networking, and more. If SSH fails on this machine, please install default: the guest additions and repackage the box to continue. default: default: This is not an error message; everything may continue to work properly, default: in which case you may ignore this message. ==> default: Installing rsync to the VM... ==> default: Rsyncing folder: /home/x1m/debian-jessie/ => /vagrant ==> default: Machine 'default' has a post `vagrant up` message. This is a message ==> default: from the creator of the Vagrantfile, and not from Vagrant itself: ==> default: ==> default: Vanilla Debian box. See https://app.vagrantup.com/debian for help and bug reports [[email protected] debian-jessie]$
The VM is up and running, now it’s time to login using the
vagrant ssh command.
[[email protected] debian-jessie]$ vagrant ssh The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. [email protected]:~$ ls [email protected]:~$ id uid=1000(vagrant) gid=1000(vagrant) groups=1000(vagrant),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video),46(plugdev),108(netdev) [email protected]:~$ whoami vagrant [email protected]:~$ uname -a Linux jessie 3.16.0-4-amd64 #1 SMP Debian 3.16.51-2 (2017-12-03) x86_64 GNU/Linux
Change the user password (optional)
[email protected]:~$ passwd Changing password for vagrant. (current) UNIX password: Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully [email protected]:~$
Enable root account by setting
sudo passwd root
[email protected]:~$ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
sudo passwd -u root
[email protected]:~$ sudo passwd -u root passwd: password expiry information changed.
Now we have acccess to the root account.
[email protected]:~$ sudo su [email protected]:/home/vagrant# cd ~ [email protected]:~# id uid=0(root) gid=0(root) groups=0(root) [email protected]:~#
The root account is ready, let’s get some tools.
I’m using the git version of his one-liner (install git first:
apt install git):
git clone https://github.com/ZephrFish/AttackDeploy.git && cd AttackDeploy && chmod +x AttackDeploy.sh && ./AttackDeploy.sh
This is a long process and every now and then it requires some user interaction. My advice is to check in every few minutes to see if all is still running.
When all the updates are done and tools are installed we can use this box just like you would use a headless Kali machine.
It’s fairly easy to use and everything can be done from the command line.
A few commands to make life easier:
cdinside the debian-jessie directory and execute
vagrant upto start up the hack box.
vagrant halt: Gracefully shuts down the hack box and saves it’s state.
sshinto the hack box to use it.
The tools are installed in: