Skip to content

Instantly share code, notes, and snippets.

@tgfrerer

tgfrerer/breadcrumbs.md Secret

Last active Feb 22, 2021
Embed
What would you like to do?
Installation breadcrumbs for setting up a self-contained CTF virtual machine environment

How to set up a Kali linux VM with any extra software we might need:

All the software we're going to use is free and openly available. While it will work to install the software below on your main linux system (should you run linux), it is probably a good idea to do any kind of security research inside of a virtual machine; better safe than sorry ;)

I recommend to skim through the intro pages in Nightmare that's pages (1.0 to 1.5.) in the online version, where they explain some of the tools.


Some of the most useful sofware packages we're going to use:

  • Kali Linux (for keeping our main operating system separate)
  • Ghidra (for reverse-engineering)
  • GDB + GEF (for debugging, and reverse-engineering)
  • Python3 + pip:pwntools (for crafting and running exploits)
  • Nightmare CTF (a collection of CTF challenges with tutorials and write-ups)

Install VirtualBox

Install the latest version of Virtualbox for your host operating system:

<https://www.virtualbox.org/wiki/Downloads>

Run Kali inside VirtualBox

Download the latest version of kali linux as a virtual box OVA (open virtual applicance) file on your host operating system:

<https://images.kali.org/virtual-images/kali-linux-2020.4-vbox-amd64.ova> 

or via torrent: 

<https://images.kali.org/virtual-images/kali-linux-2020.4-vbox-amd64.ova.torrent>

Run Kali linux

  1. Start Virtualbox on your host operating system

  2. File -> Import Appliance ...

  3. Select the ".ova" file we downloaded in the previous step

  4. check number of CPUs (give it about half the number of cores on your host system)

  5. check available RAM (give it about 8GB - 16GB if possible)

  6. boot up your new kali machine

  7. at the login prompt use:

    user: kali (without quotes) pass: kali (without quotes)

This is also the password you can use when prompted after typing sudo

Everything below this line happens inside your Kali Linux image


install missing packages on kali

sudo apt-get update
sudo apt-get install gdb python3-pip default-jdk

If prompted for a password, type kali (without quotes).

Change default Python version to Python3 in Kali Linux

Check current python version :

python --version

Login as root user

sudo su

Execute:

update-alternatives --install /usr/bin/python python /usr/bin/python3 1

Check python version again:

python --version

It should say something like:

Python 3.8.6

Exit Root User

exit

install python pip :

sudo apt-get install python3-pip

test your pip installation:

> pip --version
pip 20.1.1 from /usr/lib/python3/dist-packages/pip (python 3.8)

install pwntools

sudo pip install pwntools

install gef - "Gdb Enhanced Funtionality"

# or manually
wget -O ~/.gdbinit-gef.py -q http://gef.blah.cat/py
echo source ~/.gdbinit-gef.py >> ~/.gdbinit 

Run gdb to test gef:

gdb

If all went well, you should see a red prompt saying gef with a red arrow. type quit to exit.

install ghidra

install openjdk (ghidra dependency)

sudo apt-get install default-jdk

download Ghidra archive

cd Downloads 
curl -O https://www.ghidra-sre.org/ghidra_9.2.2_PUBLIC_20201229.zip

extract Ghidra archive

unzip ghidra_*_PUBLIC_*.zip

move the archive to where you want to keep ghidra on your VM:

mv ghidra_9.2.2_PUBLIC ~/Documents/ghidra

navigate to your ghidra installation directory, and check whether ghidra will run:

cd ~/Documents/ghidra
./ghidraRun

there will be a couple of dialogs to click through. the main window is the window which says "NO ACTIVE PROJECT"

File -> New Project -> Non-Shared Project -> Next

then choose

Project Directory: "/home/kali/Documents"
Project Name: ""

-> Finish

Great, Ghidra is ready. We're all set.

Download a local copy of Nightmare CTF

Move to your user's Documents folder:

cd ~/Documents

clone nightmare from github:

git clone https://github.com/guyinatuxedo/nightmare.git

navigate to the nightmare directory:

cd nightmare

If you're new to all this, you'll might find chapters 00 to chapters 02 really helpful to get you started. There is a nicely layouted web version of nightmare CTF available too, which I find a bit easier to read...

Note that each of the chapters contains directories with challenges, and each directory has a readme.md with a write-up (solution) for the challenge. You don't want to accidentally spoiler the challenges by reading the readme.md for a challenge first, or by reading too many chapters ahead on the online version ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment