Skip to content

Instantly share code, notes, and snippets.

@tesuji

tesuji/hacking-the-art-of-exploitation-vagrantfile.md

Forked from topalovic/hacking-the-art-of-exploitation-vagrantfile.md
Created August 20, 2017 02:07
Show Gist options
  • Save tesuji/ba8c571e369c2a1a011140f441cb3902 to your computer and use it in GitHub Desktop.
Save tesuji/ba8c571e369c2a1a011140f441cb3902 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
hacking-the-art-of-exploitation-vagrantfile.md

Hacking2 Vagrant box

A short guide on building a Vagrant box from the Hacking: The Art of Exploitation, 2nd Edition LiveCD.

Prep the box

Create a new blank 32-bit Linux machine via VirtualBox UI (or console) and name it however you like. Insert the ISO file as a Live CD and boot.

Once up, install the OS via desktop icon. When prompted for user/pass, use "vagrant" for both. "Eject" the virtual CD and reboot.

The supplied /etc/apt/sources.list is stale, so update it to contain the following:

# Required
deb http://old-releases.ubuntu.com/ubuntu/ feisty main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ feisty-updates main restricted universe multiverse
deb http://old-releases.ubuntu.com/ubuntu/ feisty-security main restricted universe multiverse

# Optional
deb http://old-releases.ubuntu.com/ubuntu/ feisty-backports main restricted universe multiverse

Now install openssh:

$ sudo apt-get update
$ sudo apt-get install openssh-server

To prevent Error opening terminal: xterm-256color when ssh-ing, install ncurses-term which provides /usr/share/terminfo/x/xterm-256color:

$ sudo apt-get install ncurses-term

Follow the procedure described here to provide an insecure SSH key pair.

Run visudo and allow passwordless sudo for the "vagrant" user. This can be done with the following line in the configuration file:

vagrant ALL=(ALL) NOPASSWD: ALL

Set this option for root and the admin group as well.

Set root's password to "vagrant" too:

$ sudo su
$ passwd

Update sudo

The sudo binary itself is ancient and might present problems since it doesn't support the -E switch which Vagrant depends on by default.

We can build a newer one while we're at it:

$ wget ftp://ftp.sudo.ws/pub/sudo/sudo-1.8.16.tar.gz
$ tar xzvf sudo-1.8.16.tar.gz && cd sudo-1.8.16
$ ./configure && make
$ sudo make install
$ cd - && rm -rf sudo*

Confirm that

$ sudo -V

returns 1.8.16. You might need to start a new shell session.

Host setup

Vagrant init a folder on host and set the machine id like described here.

Try booting the guest and connecting to it:

$ vagrant up
$ vagrant ssh

Enable folder sharing

On the guest, install VBoxGuestAdditions. You'll need to mount the iso, then

$ cd /cdrom
$ sh VBoxLinuxAdditions.run

It's expected to fail, due to warning flags unsupported by the old version of gcc. Instead of upgrading the toolchain, which may affect disassembling later, drop the warning flags.

On the guest machine, grep for the offending switches:

$ cd /opt/VBoxGuestAdditions-x.y.z
$ grep -nri no-declaration-after-statement .
$ grep -nri no-pie .

and remove them from the Makefiles. Now run:

$ sudo init/vboxadd setup

Reload the machine and try to share a folder.

In your Vagrantfile:

config.vm.synced_folder "src", "/home/vagrant/src"
host$ mkdir src
guest$ cp booksrc src

Package the box

The box is usable right now, but you can package it from the host if you want to:

$ vagrant package --output hacking.box
$ vagrant box add hacking-box hacking.box

Then, to use it:

$ vagrant init hacking-box
$ vagrant up
$ vagrant ssh

Useful links

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment