Today we will be looking at a neat little command line tool called Vagrant. This tool allows us to deploy virtual machines seamlessly and we are going to show you how to set up a pen testing lab at home without hassles. We will be doing this on a Windows10 machine and deploying an Ubuntu container as well as a Kali Linux container, simply because we love Linux.
Firstly you will need to download Virtual box from here and Vagrant from here. Install doing the usual Windows Wizard method. Once you have both installed start up your Virtualbox GUI. Our one currently looks like this:
As will yours when we get set up. Next you will need to create a folder where you deploy the containers from. So lets open up a command prompt (Click Windows Icon / type cmd).
Once the command prompt is open you need to type mkdir <name of folder>. In our case it’s: mkdir vagrant
Next move into the vagrant folder we just created: cd vagrant
Then we need to start the instance, this is simply done by typing: vagrant init v1. We just named it V1.
This will initialize the Vagrant ‘Box’ and create a vagrantfile where the you can configure the box.
Once the box is initialized, we need to give the command: vagrant up to start the virtual machine.
When you do this you will see the virtual machine appear in the VirtualBox GUI start up (as we’ve seen in the first image of the post).
Once start up has finished all we need to do now is SSH into the box.
As the image shows the command is: vagrant ssh v1, this will give us a command line to the Ubuntu box.
Voila! we have a running VM. Okay, let’s check what the IP of the machine is. This will be a static IP assigned automatically by DHCP. Type: ifconfig
Perfect, our VM has an IP in our local network on interface eth1. So when we set up the attacking machine we will know the target IP.
Next, we need to set up a server on the virtual machine so that we can see it from our, soon to be spawned, attacking machine: sudo apt install apache2 will go ahead and do that for you. Once it is installed we just need to wake the server:
service apache2 start
That was not too much trouble, we have a web server running Apache on our virtual machine in minutes. This means we now have a /var/www/html directory where we can start to build our application (more to come on that front).
Next we’ll set up the target machine, we will go for Kali Linux. We can do all this on the command line so open another terminal (cmd as before) and move to the vagrant file we created earlier. cd vagrant
Now lets create a new directory and call it Kali: mkdir kali
Move into the directory: cd kali
Now let’s spawn the Kali machine, there are 2 simple commands:
Let Vagrant do it’s thing. be patient.
This step will take a few minutes but you will see the Kali box start in the VirtualBox GUI. Once the virtual machine is powered on we get a new instance of Kali Linux. Login root, password toor. This will log you in as root user and it’s probably best to change the root password after installation, also add users so you are not always root.
We won’t go down that rabbit hole today and concentrate on the task at hand. We have a full Kali GUI.
Perfect, next we will see if we can connect to the target Ubuntu machine. Open up a command prompt and type: ping 192.168.1.4
We have contact. We know there’s a web server on the IP so lets see if we can see it in a browser on the Kali box.
The Apache default web page tells us we can reach it through the browser.
Well done, you have successfully set up an attacking and defending machine, what you do next is up to you.
Us, we will be building a web app on the Ubuntu box, we will post about the creation of that in later blog posts.
After that we plan to pen test it and again blog post that experience.
So stay tuned to linuxsecurityblog for future posts. Ciao for now!