How-to: Hacking Lab Environment
Introduction
I recently asked what tutorials I should do, and the first response that made sense to do was to write a how-to for making a lab environment. Because this is a tech blog, I think it's safe to assume this meant tech lab, or even hacking lab, not like science lab or something too crazy like that, though those are also things that probably could use a how-to these days. Generally, labs like this would be made to test new ideas, technologies, or techniques. When used for hacking labs, its usually the same with a gearing towards exploitation, with malware analysis, the same geared towards understanding the malware. So, lets go through some basic setups, the requirements for them, then follow that up with a dive into ways we can expand on that as well for different variations.
To do this, we're going to be using virtualization and containers, as this will provide us the widest range of capabilities for what we want to do. I'm going to try to limit this to tools available for all major operating systems, so you don't need one or the other to run this. The gist of these two is that virtualizing creates an emulated state for the environment, and containers are sub-sectioned resources. In some cases, like using pentesting focused linux distributions, the result winds up largely the same either way, just depends on the level of controls desired, but tinking with that is part of that learning of making a lab.
requirements
Some minimal requirements for the tools we're gonna need:
- parrot linux vm: 1gb ram, 16gb storage
- 2gb of ram for virtualbox
- probably more depending on needs, but this is "minimum"
Steps:
1. Download virtualbox from https://virtualbox.org/Wiki/Downloads/
2. Go ahead and accept & download the extension pack too. This will be extremely helpful and is worth having.
3. Install Virtualbox. Which is pretty straight forward. In windows a pop-up appears with a walk through installation process, I just clicked through it, but if you need by all means take your time and review what it's saying. At the end, it will have a check box that says "start oracle virtualbox..." be sure that's checked and clicked finish, or open it afterword for the next step.
4. Now with this current version, the extensions section is on the left hand side for me when I started it up, so lets go to that. Click install. Then point to the downloaded extensions file from step 2. It will repeat the eula that you've gotta accept before setup, but once its setup we can move on to the next step.
5. Now, every good environment has a structure that becomes the base for the rest of it. Due to it's flexibility and design towards both privacy and security testing, I'm going to choose parrot linux for my lab's operating system. I'm going to go to https://parrotsec.org/download/ then click virtual, then security (home would work but have different things installed by default), then choose my system type. My computer is a normal windows 64 bit pc, which is part of the x64/amd64 format. So the choice for me is amd64. If you have specific things like a phone or raspberry pi the arm64 might be more towards what you need. When clicking download, it asked me if I wanted this for virtualbox or vmware, since we're using virtualbox I'm selecting that which downloads the file for the virtualmachine.
6. I personally had some issues downloading this without my network failing mid way, so I wound up using curl to download this instead. Download may depend on a number of factors for time it takes to complete. The one thing that's always true, is the time that's listed is wrong.
7. Once downloaded, go to "import appliance", with source set to local file system click the folder button find the file you downloaded and click open.
8. Once imported, go back to the "machines" section and click the parrot vm. Right-click the machine and go to settings. We need to make a few changes first. Start by changing the available memory if you have the ran for it. Then go check the acceleration tab under the system section, and ensure a paravirtualization technology is enabled.
9. Then over on the left-hand side, go down to storage. We're going to need to configure a new storage device so we can add the virtualbox client software (guest additions) by choosing add optical drive, then in the menu that pops up, chosing the vboxguestadditions.iso so the machine can get copy-paste information and drag and drop stuff. Really you can skip this if you want, but i find it's extremely helpful down the road.
10. Once loaded, we have some maintenance stuff and a few additional setup steps. Lets start by waiting for it to show an updater tool pop up. It will ask for a password, which is just parrot by default. Then lets go to the command line terminal, which is up in the left corner next to the firefox icon, but you can also find it in the applications menu.
11. First, lets go ahead and get those guest additions up and running. Pretty straight forward, we're going to run a command called sudo, to become the super user (sudo su), then we're going to "mount" that new drive we setup so we can access its data. finally we're going to run the installer program from there.
12. when I did this, it actually shrank my window size, so I rebooted with the command "reboot". This should allow the newly added modules to be fully functional afterword. After reboot I still wound up having to push auto-resize, but now it's working with all the functionality that came with it.
13. Unfortunately, as of writing this, parrot comes with an old version of podman and a wrapper for using podman in place of docker. So I had to remove both podman and docker.io packages (apt remove podman docker.io). Then I went over to the docker setup via apt repo https://docs.docker.com/engine/install/debian/#install-using-the-repository. Since docker doesn't officially support parrot, I just went to the download.docker.com/linux/debian site and found the most recent one (bookworm). So I went with that in the command for the package repo (see image).
14. Then proceeding with the install of docker:
15. Now that docker is installed, I tried to start making some attacker tools run with it, but apparently there was a conflict with apparmor. I tried a lot of troubleshooting and manually editing files to fix this, but the solution I went with and i'm going to suggest here, ONLY because it's a test lab, is running `apt remove apparmor` and rebooting the system. After reboot, it clears this right up.
16. To go a step further and showcase the usefulness of this, lets spin up blackarch (another parrot competitor, and trufflehog as well). This is just to showcase the range of tools you can have at your disposal. As well as locally runable tools like ghidra.
17. Now that we we've reached this point, lets go ahead and make a snapshot, a sort of save point to revert our virtual machine to
18. If we then go to close the virtual machine, you can see an option to restore to our saved state. Checking this when exiting will allow the next time it boots to load into that version same state.
Comments
Post a Comment