Recently I completed the OSCP lab training and got an idea. The OSCP Lab or (Offensive Security Certified Professional) lab is a collection of virtual machines that are exploitable in many ways. There are tons a virtual machine’s in the lab and multiple networks that you can to break in to. For anyone that wants to learn the offensive side of security, the lab and certification are well worth the money. I am not going to go in to the ends in outs of this certification and lab as many other have done this in the past. They all can be found HERE is your interested.
What got me thinking about in the lab was how I could create the same vulnerable machines to play with my self or to share with others. The simple answer would be to build a virtual machine install and configure it with the right vulnerable software and then try to attack it or share it with others. Though this approach would work I wanted to a way to automate the process of building these machines so that I could change one aspect on the fly and rebuild the machine.
Enter Vagrant and Puppet. Vagrant is a program written In ruby for DEV OPS. For those that have not used Vagrant it allows you to script the install of a virtual machine. The simple flow would be to clone a git repository and type “vagrant up” and automagically a virtual machine is built and running the everything you need without any user interaction. Puppet is a software automation tool used to install software or run scripts inside the virtual machine. Vagrant is designed to work with Puppet and they can be scripted together.
Building a vulnerable Linux machines with Vagrant is pretty easy. Linux being command line and most distro’s having a repository package management system sure does help. Windows on the other hand is not that easy. More then just that, I had a real hard time even finding windows machines that where prebuilt. It mainly has to do with windows licensing which for the project I wanted to overcome. I found a solution via the git repository call boxcutter. https://github.com/boxcutter This repository is managed by the same people that make Vagrant. How Vagrant works is that to install the virtual machine Vagrant needs what is called .box file. All the .box file is a compress version of whatever OS is called from the Vagrant configuration file. Boxcutter is a repository that will create the .box file for many different operating systems. Even more you can customize the OS how every want. Did I also machine that box cutter does the OS .box file crating automatically. What does this have to do with windows you ask? Well box cutter has a bunch of scripts to build windows 7 VM’s all the way to windows 10. Even more you can use evaluation ISO to install windows without needing key.
So now we are in business with all these tools we can build and script both the building and creation of windows and Linux VM’s. Throw in some vulnerable software and or configuration’s and you got a great way to build vulnerable machines that you can change anything about at anytime.
In the next part I am going to walk though installing Virutalbox, Vagrant and setting up box cutter to build your .box files. The end result will be deploying vulnerable machines that can be modified without having to hand rebuild the machine just to change the windows patch level.Read more →