main.tex

% Tex file used to generate the booklet: Build a Pentest Lab with Vagrant
\documentclass[[a4paper,12pt]{article}
\usepackage[left=35mm,top=26mm,right=26mm,bottom=15mm]{geometry}
\usepackage[utf8]{inputenc}

\title{Building A Pentest Lab With Vagrant \\
Intro Sec Con 2020}
\author{\href{https://www.hmwawuda.com}{\faUserSecret \enspace Hammerton Mwawuda}}
\date{April 2020}

\usepackage{minted}
\usepackage{tcolorbox}
\usepackage{natbib}
\usepackage{graphicx}
\usepackage{fontawesome}
\usepackage{hyperref}
%Links Formating
\hypersetup{
    colorlinks=true,
    linkcolor=blue,
    filecolor=magenta,      
    urlcolor=cyan,
}
\urlstyle{same}

% Defining code listings
\usepackage{listings}
\usepackage{xcolor}

\definecolor{codegreen}{rgb}{0,0.6,0}
\definecolor{codegray}{rgb}{0.5,0.5,0.5}
\definecolor{codepurple}{rgb}{0.58,0,0.82}
\definecolor{backcolour}{rgb}{0.95,0.95,0.92}

\lstdefinestyle{mystyle}{
    backgroundcolor=\color{backcolour},   
    commentstyle=\color{codegreen},
    keywordstyle=\color{magenta},
    numberstyle=\tiny\color{codegray},
    stringstyle=\color{codepurple},
    basicstyle=\ttfamily\footnotesize,
    breakatwhitespace=false,         
    breaklines=true,                 
    captionpos=b,                    
    keepspaces=true,                 
    numbers=left,                    
    numbersep=5pt,                  
    showspaces=false,                
    showstringspaces=false,
    showtabs=false,                  
    tabsize=4
}

\lstset{style=mystyle}

\begin{document}

\begin{tcolorbox}
\begin{center}
% \includegraphics[scale=0.055]{hm_logo.png}
\maketitle
\href{https://github.com/Hammy25}{\faGithub \enspace hammy25} \qquad
\href{https://www.twitter.com}{\faTwitter  \enspace h\_mwawuda} \qquad
\href{https://www.linkedin.com/in/hammerton-mwawuda-b63ba912b/}{\faLinkedin \enspace Hammerton Mwawuda}
\end{center}
\end{tcolorbox}
\pagebreak[4]

\tableofcontents
\newpage

\section{Introduction}

\subsection{Definitions}

\subsubsection{What are virtual machines?}

\paragraph{A virtual machine is a computer file, an image, that through the use of a virtualization software can be used to emulate an operating system within another operating system.}


\paragraph{A virtual machine allows users to run an operating system in an app window and behaves like a full, separate computer.}

\subsubsection{What is Vagrant?}

\paragraph{Vagrant is an open-source software that enables users to create and configure virtual environments.}

\paragraph{For more information visit: \href{https://www.vagrantup.com}{https://www.vagrantup.com}}

\subsection{Why Vagrant?}

\paragraph{With Vagrant you can easily configure and run virtual machines. Your only requirements are Vagrant and a virtualization software such as VMware, VirtualBox, Parallels or Hyper-V.}

\paragraph{Compared to the tedious process of actively setting up different virtual machines, Vagrant allows you to set up machines by specifying configurations in a file called a Vagrantfile and starting the machine with a single command.}
\newpage
\section{Installing Vagrant and Oracle VirtualBox}

\subsection{Installing VirtualBox}

\paragraph{Install the latest VirtualBox (We are using VirtualBox because it is readily available). Installing VirtualBox is beyond the scope of this tutorial. \href{https://www.virtualbox.org/wiki/Downloads}{Download virtualbox here.}}

\paragraph{Also download Oracle VM VirtualBox Extension Pack from the same page you downloaded VirtualBox. This is to support USB 2.0 and USB 3.0. Lack of this can cause your Kali Linux not to start.}

\subsection{Installing Vagrant}

\textbf{Windows:} Download installer package from \href{https://www.vagrantup.com/downloads.html}{here} and install it.
\newline
\\
\textbf{Linux:} Download the correct package file from \href{https://www.vagrantup.com/downloads.html}{here} depending on your Linux distribution and install with a package manager or the following commands.
\newline
\begin{minted}{bash}
 $ sudo dpkg -i vagrant_2.2.X.deb #Debian based using dpkg
 $ sudo apt install vagrant_2.2.X.deb #Debian based using apt

 $ sudo rpm -iv vagrant_2.2.X.rpm #Redhat based using rpm
 $ sudo yum install vagrant_2.2.X.rpm #Redhat based using yum
\end{minted}
\newpage
\section{Setting Up the Virtual Machines}
\paragraph{After installing Vagrant and VirtualBox we have achieved all our requirements and we are ready to start setting up our machines.}

\paragraph{If you open VirtualBox, you'll notice that there are no machines set up yet. As it should be if it is a fresh install. However, you should check if there are any virtual networks set. Some VirtualBox installations come with pre-configured network adapters. }

\paragraph{Check that by going to File $>$ Host Network Manager}

\paragraph{If you see a VirtualBox Host-Only Adapter with the IPv4 Address\/Mask value of 172.128.28.1\/24 delete it. This may interfere with Vagrant as it tries to set up a virtual network.}

\begin{center}
\includegraphics[width=\textwidth]{IPv4Value.png}
\end{center}
\paragraph{Delete it with the \textit{Remove} button.}
\begin{center}
\includegraphics[width=\textwidth]{Remove Adapter.png}
\end{center}

\paragraph{Now we can proceed to creating our virtual pentesting lab.}
\newpage

\section{Creating Virtual Pentesting Lab}
\subsection{Getting Vagrant file}

\paragraph{I have provided a Vagrant file at \href{https://raw.githubusercontent.com/hammy25/pentest_lab_with_vagrant/master/Vagrantfile}{\textbf{\textit{link}}}. It is a slight modification from the one provided by Rapid7 at \href{https://raw.githubusercontent.com/rapid7/metasploitable3/master/Vagrantfile}{\textbf{\textit{link}}}. The additions I've made involve the following changes:}

\begin{itemize}
    \item The Ubuntu 14.04 machine to use 512 MB of RAM
    \item The Windows server 2008 to use 1024 MB of RAM
    \item Include a Kali2020.1 machine using 2048 MB of RAM in the multi-machine environment
\end{itemize}

\subsection{Understanding the Vagrantfile}

You don't have to necessarily understand the Vagrantfile to complete the set up but understanding it might help you in future if you want to add machines or change the specifications of the machines.
\\
\newline
The Vagrant file:

\begin{lstlisting}[language=ruby]
# -*- mode: ruby -*-
# vi: set ft=ruby :

Vagrant.configure("2") do |config|
  config.vm.synced_folder '.', '/vagrant', disabled: true
  config.vm.define "ub1404" do |ub1404|
    ub1404.vm.box = "rapid7/metasploitable3-ub1404"
    ub1404.vm.hostname = "metasploitable3-ub1404"
    config.ssh.username = 'vagrant'
    config.ssh.password = 'vagrant'

    ub1404.vm.network "private_network", ip: "172.128.28.3"

    ub1404.vm.provider "virtualbox" do |v|
      v.name = "Metasploitable3-ub1404"
      v.memory = 512
    end
  end

  config.vm.define "win2k8" do |win2k8|
    # Base configuration for the VM and provisioner
    win2k8.vm.box = "rapid7/metasploitable3-win2k8"
    win2k8.vm.hostname = "metasploitable3-win2k8"
    win2k8.vm.communicator = "winrm"
    win2k8.winrm.retry_limit = 60
    win2k8.winrm.retry_delay = 10

    win2k8.vm.network "private_network", ip: "172.128.28.4"

    win2k8.vm.provider "virtualbox" do |w|
      w.name = "Metasploitable3-win2k8"
      w.memory = 1024
    end

    # Configure Firewall to open up vulnerable services
    case ENV['MS3_DIFFICULTY']
      when 'easy'
        win2k8.vm.provision :shell, inline: "C:\\startup\\disable_firewall.bat"
      else
        win2k8.vm.provision :shell, inline: "C:\\startup\\enable_firewall.bat"
        win2k8.vm.provision :shell, inline: "C:\\startup\\configure_firewall.bat"
    end

    # Insecure share from the Linux machine
    win2k8.vm.provision :shell, inline: "C:\\startup\\install_share_autorun.bat"
    win2k8.vm.provision :shell, inline: "C:\\startup\\setup_linux_share.bat"
    win2k8.vm.provision :shell, inline: "rm C:\\startup\\*" # Cleanup startup scripts
  end

  # Comment the kali Linux Setup if you are running this from a Kali Linux machine
  config.vm.define "kali20201" do |kali|
    kali.vm.box = "kalilinux/rolling"
    kali.vm.hostname = "kali"

    kali.vm.network "private_network", ip: "172.128.28.5"

    kali.vm.provider "virtualbox" do |k|
      k.name = "Kali20201"
      k.memory = 2048
    end
    kali.vm.provision "shell", inline: <<-SHELL
      apt-get update
    SHELL
  end
end

\end{lstlisting}

\paragraph{Let's approach it line by line:}
\begin{enumerate}
    \item Line 1 - 2 : These are comments. Comments in the Vagrant file begin with the pound \(\#\) sign. The comments here are just informing you that rest of the file is in Ruby syntax. 
    \item Line 4: This is where the configuration of our virtual machines begins. We are simply telling Vagrant to  use version 2 of configuration and create an object called config to be used to configure the machines. At the time of writing, there are only two versions and two is the latest and most used.
    \item Line 5 : Disables the creation of shared folders. Shared folders are meant to help you change some files inside the virtual machine from the host machine. We are disabling it here because we don't want to use that feature. Enabling it will also cause an error while running our $vagrant up$ command since many machines are being configured. There will be a conflict.
    \item Line 6 : Begins the configuration of our Ubuntu 14.04 machine. 
    \item Line 7 - 16 : We specify the settings of our Ubuntu 14.04 machine. 
    \begin{itemize}
        \item Line 7 : Defines the base box being used to set up the Ubuntu 14.04 box. This is defined in the \href{https://app.vagrantup.com/boxes/search}{Vagrant cloud}.
        \item Line 8 : Gives the machine a host name.
        \item Lines 9 & 10 : Configure the ssh credentials of all the machines.
        \item Line 12: Sets up the IP address of the Ubuntu 14.04 box. It creates a virtual network.
        \item Line 14 - 16 : Instruct VirtualBox, which is our provider (Virtualization software) to create the box with the name "MetaSploitable3-ub14.0.4" and to set up the box with RAM of 512MB.
    \end{itemize}
    \item Line 20 - 48: Configure our Windows 2008 Server. Similar to the setup of our Ubuntu 14.04 box above. The only differences are that it sets the Windows machine to communicate with the host machine through Windows Remote Management (winrm) at line 24 and winrm settings on line 25 \& 26.
    \newline
    \newline
    Lines 35 through 48 are also new. These are commands that will be executed when the Windows Server 2008 machine is set up for the first time i.e. when the command $vagrant up$ is ran for the first time.
    \item line 51 - 64 : Set-up the Kali Linux box. Line 61 through 64 tell the Kali Linux box to update the first time it loads.
    \item Line 65 : Ends the configuration of the machines
\subsection{Starting the Virtual Machines}

\paragraph{To start the virtual machines (our lab) we run vagrant up! }

\begin{minted}{bash}
$ vagrant up
\end{minted}

\begin{center}
\includegraphics[width=\textwidth]{Vagrant Up.png}  
\end{center}

When the command completes execution. A Kali Linux box should pop up! \textbf{The credentials are \textcolor{green}{username : vagrant} and \textcolor{green}{password : vagrant}.} \textbf{Those are also the credentials of the other machines.}

\paragraph{You can access the other machines through the Kali Linux now and practise your pentesting!}
\newpage
\section{What Next?}

\paragraph{Now you have a whole lab to practise your skills on. Let the hacking commence!}

\paragraph{I have included some commands to help you manage the Vagrant boxes:}

\subsection{Useful Vagrant commands to manage the machines.}
\begin{enumerate}

\item\paragraph{If you want to ssh into the machines}
\begin{minted}{bash}
$ vagrant ssh ub1404 #ssh into the Ubuntu 14.04 virtual machine
$ vagrant ssh win2K8 #ssh into the Windows 2008 Server virtual machine
$ vagrant ssh kali20201 #ssh into the Kali Linux virtual machine
\end{minted}

\item\paragraph{If you want to shutdown the machines. This can be in situations where you are using too many resources and don't need all machines to be operating. You can switch off one and continue to hack with two.}

\begin{minted}{bash}
$ vagrant halt ub1404 #shutdown the Ubuntu 14.04 virtual machine
$ vagrant halt win2K8 #shutdown the Windows 2008 Server virtual machine
$ vagrant halt kali20201 #shutdown the Kali Linux virtual machine
$ vagrant halt #shutdown all virtual machines
\end{minted}

\item\paragraph{If you want to suspend the machines}
\begin{minted}{bash}
$ vagrant suspend ub1404 #suspend the Ubuntu 14.04 virtual machine
$ vagrant suspend win2K8 #suspend the Windows 2008 Server virtual machine
$ vagrant suspend kali20201 #suspend the Kali Linux virtual machine
$ vagrant suspend #suspend all virtual machines
\end{minted}

\item\paragraph{If you want to reload the machines}
\begin{minted}{bash}
$ vagrant reload ub1404 #reload the Ubuntu 14.04 virtual machine
$ vagrant reload win2K8 #reload the Windows 2008 Server virtual machine
$ vagrant reload kali20201 #reload the Kali Linux virtual machine
$ vagrant reload #reload all virtual machines
\end{minted}

\item\paragraph{If you want to delete the machines}
\begin{minted}{bash}
$ vagrant destroy ub1404 #delete the Ubuntu 14.04 virtual machine
$ vagrant destroy win2K8 #delete the Windows 2008 Server virtual machine
$ vagrant destroy kali20201 #delete the Kali Linux virtual machine
$ vagrant destroy #delete all virtual machines
\end{minted}

\end{enumerate}


\subsection{Useful Resources:}

\paragraph{There are a lot of hacking resources online but here are a few useful ones.}

\begin{itemize}
\item Cyber Security basics - \href{https://cybering.cc/}{https://cybering.cc/}
\item Metasploitable3 Vulnerabilities wiki - \href{https://github.com/rapid7/metasploitable3/wiki/Vulnerabilities}{Wiki}
\item A YouTube playlist on Metasploitable3 hacking - \href{https://www.youtube.com/playlist?list=PLZOToVAK85MpnjpcVtNMwmCxMZRFaY6mT}{YouTube Playlist}
\item Awesome hacking GitHub repositoty - \href{https://github.com/Hack-with-Github/Awesome-Hacking}{Repo}
\end{itemize}

\end{enumerate}
\end{document}