Forked from topalovic/hacking-the-art-of-exploitation-vagrantfile.md
Created
September 22, 2018 23:55
-
-
Save cryptosecdev/3766cc2cef798c014d947eab2b7f3b1d to your computer and use it in GitHub Desktop.
Revisions
-
topalovic revised this gist
Sep 17, 2016 . 1 changed file with 54 additions and 31 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,8 +7,8 @@ LiveCD. ## Prep the box Create a new blank 32-bit Linux machine via VirtualBox UI (or console) and name it however you like. Insert the ISO file as a Live CD and boot. Once up, install the OS via desktop icon. When prompted for user/pass, use "vagrant" for both. "Eject" the virtual CD and reboot. @@ -40,14 +40,25 @@ install `ncurses-term` which provides `/usr/share/terminfo/x/xterm-256color`: $ sudo apt-get install ncurses-term ``` Follow the procedure described [here](https://www.vagrantup.com/docs/boxes/base.html) to provide an insecure SSH key pair. Run `visudo` and allow passwordless sudo for the "vagrant" user. This can be done with the following line in the configuration file: ``` vagrant ALL=(ALL) NOPASSWD: ALL ``` Set this option for `root` and the `admin` group as well. Set root's password to "vagrant" too: ```sh $ sudo su $ passwd ``` ### Update sudo @@ -71,67 +82,79 @@ $ sudo -V ``` returns 1.8.16. You might need to start a new shell session. ## Host setup Vagrant init a folder on host and set the machine id like described [here](http://stackoverflow.com/a/25516777). Try booting the guest and connecting to it: ```sh $ vagrant up $ vagrant ssh ``` ### Enable folder sharing On the guest, install VBoxGuestAdditions. You'll need to mount the iso, then ```sh $ cd /cdrom $ sh VBoxLinuxAdditions.run ``` It's expected to fail, due to warning flags unsupported by the old version of gcc. Instead of upgrading the toolchain, which may affect disassembling later, drop the warning flags. On the guest machine, grep for the offending switches: ``` $ cd /opt/VBoxGuestAdditions-x.y.z $ grep -nri no-declaration-after-statement . $ grep -nri no-pie . ``` and remove them from the Makefiles. Now run: ``` $ sudo init/vboxadd setup ``` Reload the machine and try to share a folder. In your `Vagrantfile`: ```ruby config.vm.synced_folder "src", "/home/vagrant/src" ``` ```sh host$ mkdir src guest$ cp booksrc src ``` ## Package the box The box is usable right now, but you can package it from the host if you want to: ``` $ vagrant package --output hacking.box $ vagrant box add hacking-box hacking.box ``` Then, to use it: ```sh $ vagrant init hacking-box $ vagrant up $ vagrant ssh ``` ## Useful links * https://github.com/intere/hacking * https://www.vagrantup.com/docs/boxes/base.html * https://www.vagrantup.com/docs/virtualbox/boxes.html -
Jun 4, 2016 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,137 @@ # Hacking2 Vagrant box A short guide on building a Vagrant box from the [Hacking: The Art of Exploitation, 2nd Edition](https://www.nostarch.com/hacking2.htm) LiveCD. ## Prep the box Create a new blank 32-bit Linux machine via VirtualBox UI (or console) and name it "Hacking" (or however you like, but note the name for later). Insert the ISO file as a Live CD and boot. Once up, install the OS via desktop icon. When prompted for user/pass, use "vagrant" for both. "Eject" the virtual CD and reboot. The supplied `/etc/apt/sources.list` is stale, so update it to contain the following: ``` # Required deb http://old-releases.ubuntu.com/ubuntu/ feisty main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/ feisty-updates main restricted universe multiverse deb http://old-releases.ubuntu.com/ubuntu/ feisty-security main restricted universe multiverse # Optional deb http://old-releases.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse ``` Now install `openssh`: ```sh $ sudo apt-get update $ sudo apt-get install openssh-server ``` To prevent `Error opening terminal: xterm-256color` when ssh-ing, install `ncurses-term` which provides `/usr/share/terminfo/x/xterm-256color`: ```sh $ sudo apt-get install ncurses-term ``` Run `visudo` and allow passwordless sudo for the "vagrant" user. This can be done with the following line in the configuration file: ``` vagrant ALL=(ALL) NOPASSWD: ALL ``` Set root's password to "vagrant" too. ### Update sudo The `sudo` binary itself is ancient and might present problems since it doesn't support the `-E` switch which Vagrant depends on by default. We can build a newer one while we're at it: ```sh $ wget ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.16.tar.gz $ tar xzvf sudo-1.8.16.tar.gz && cd sudo-1.8.16 $ ./configure && make $ sudo make install $ cd - && rm -rf sudo* ``` Confirm that ```sh $ sudo -V ``` returns 1.8.16. You might need to start a new shell session. ## VirtualBox Guest Additions On the host, install the guest plugin: ``` $ vagrant plugin install vagrant-vbguest ``` It's expected to fail, due to warning flags unsupported by the old version of gcc. Instead of upgrading the toolchain, which may affect disassembling later, let's drop the warning flags. On the guest machine: ``` $ cd /opt $ grep -nri no-declaration-after-statement . ./src/vboxguest-5.0.20/vboxguest/Makefile:132: MOD_CFLAGS = -Wno-declaration-after-statement -include $(MANGLING) ./src/vboxguest-5.0.20/vboxsf/Makefile:68: MOD_CFLAGS = -Wno-declaration-after-statement -fshort-wchar -include $(MANGLING) ./src/vboxguest-5.0.20/vboxvideo/Makefile:40:MOD_CFLAGS = -Wno-declaration-after-statement -fshort-wchar -include $(MANGLING) ``` Remove these warning flags (`-Wno-declaration-after-statement`) and run: ``` $ sudo init/vboxadd setup ``` Done. ## Package the box With the box ready, we can package it from the host: ``` $ vagrant package --base Hacking --output hacking.box $ vagrant box add hacking-box hacking.box ``` To use it: ```sh $ vagrant init hacking-box $ vagrant up $ vagrant ssh ``` In your `Vagrantfile` you can set the following: ```ruby config.vm.synced_folder ".", "/home/vagrant/hacking" ``` ## Misc Useful commands while building the box: ```sh $ vagrant box list $ vagrant box remove hacking-box ``` Useful links: * https://www.vagrantup.com/docs/boxes/base.html * https://www.vagrantup.com/docs/virtualbox/boxes.html