Paranoia and a Terminal - Part 0x00 - Vagrant

vm
vagrant
terminal
paranoia
linux

(Command-Line Ninja) #1

Hello, my 0x00’ers! You may have noticed @0x00pf’s awesome reverse engineering content, and you may have noticed he has posted raw binaries (without source), now, of course, it’s reverse engineering, the challenge is about not knowing the source.

But how do you and I know that @0x00pf is not a mad 1337 h4x0r waiting to launch shells and 'sploit us? We don’t; unless we are a 1337 reverse engineering badass. Of course, we can be sure Pico is real, and not trying to take over our machine. But once again the Hacker Spirit prevails, and Paranoia takes over. This leads me into this series; where I will cover “Paranoia and a Terminal”, things we can do to stay safe, anonymous, and otherwise make ourselves sleep better at night.

So what can we do about it?

As @oaktree has elegantly pointed out, we shouldn’t run unknown binaries regardless of who it is, because we don’t know what they could be doing.

What we need to do, is run our binary in a VM. But that takes a lot of effort right? I got to figure out what OS I wanna virtualise, I gotta go find the downloads, sift through them till I get the version + edition I want; then eventually I have to download it; which on my 9600 baud dial-up connection is gonna take forever! Once I’ve done that, I gotta run through the installation, and then eventually sort out folder mounting, and ssh, it’s just a pain. Fear not! There is light! Say hello to Vagrant.

Vagrant is a really cool virtualization package that uses the virtualbox backend. It allows me to

  • Download a prebuilt ready-made VM image
  • Initialise it
  • Mount the current working directory
  • SSH into it

All in 3 commands. It’s super slick for this kind of quick paranoia investigations.

Installation

If you’re running Windows, OS X, Centos, or Debian, you can download the download files here, otherwise if you’re running some other distro (like me), You’ll also need to install virtualbox, I’m sure your OS’s package manager has it, for me, I just ran

sudo pacman -S virtualbox
sudo pacman -S vagrant

If you are on Ubuntu run:

sudo apt-get install virtualbox
sudo apt-get install vagrant

Usage

Now you are up and running, usage is super simple. Navigate to a folder you want to access the files in, and run

vagrant init hashicorp/precise32

This will make a file called “Vagrantfile” in the current directory, these files are sharable to other people, (another thing which makes vagrant rock).

You can open this file up, and notice its just a config file for setting up the VM, since you haven’t actually initialized it yet, you’ve just configured it.

Now you need to get your VM up and running! This is again, super simple, just run:

vagrant up

This will set up your VM using the config, and download the image if you do not already have it. If this is your first time using vagrant, you will not have the image already; but vagrant rocks, it will download it for you, this shouldn’t take too long, as its fairly small.

Now your VM is running; man, that was simple ay? This command has configured networking, configured SSH, configured private key auth, and mounted the current directory to it. To access your newfound VM run:

vagrant ssh

Now you have access to your VM, in your terminal, no hassle. To access your files in your current directory:

cd /vagrant/

You’ll see the file “scaryfile.txt”, is in there; this is your current working directory mounted, if you delete scaryfile.txt, it will also delete on the real machine, make note of this. Any commands run however in this prompt will only execute on the VM, you could run sudo rm -rf / and of course, it would break the VM, but it wouldn’t touch your real machine.

Keep in mind that vagrant will use your existing network stack, so if you were to run a malicious script that would send your IP to the attacker, this would not protect against that, you’d need to configure a proxy, all of which is entirely possible with vagrant.

Exiting + Destroying

So, you’ve examed the big scary files, you’ve determined they are dirty as (@0x00pf, I’m looking at you) and you’ve decided to rid your machine of the now borked VM.

You can exit your VM SSH connection with exit, however, that will only kill the connection, it’s still running in the background, to see a list of the currently running machines and their states, run:

vagrant status

In our example, we have our current machine running. To stop it, run

vagrant halt

Since we are in our current working directory, it knows what VM we are talking about, and thus is able to stop it with no specification.

Now we have completed that, we can either start it up again by running vagrant up, or we can destroy it completely, since we know the file is dirty, and ridden with malware, we can destroy the box with

vagrant destroy

This will leave our files intact, however, but our virtual machine is gone.

Conclusion

We have seen that sometimes we need to just check something out, but don’t want to have the headache of setting up yet another VM. Vagrant makes that easy; and once a software used entirely by developers and sysadmins for transportation of software, and a powerful precursor to Docker, it is still relevant in the security world; and continues to make my life a lot easier

  • pry0cc

(Valentine) #2

Nice job man. I love the cheery attitude in it. Cheers. :smiley:


(oaktree) #3

Still getting mad issues on Ubuntu 15.10. Going to try to resolve at some point…


(Command-Line Ninja) #4

Cheers! Glad you liked it :wink:


(Command-Line Ninja) #5

I’ll be on IRC tonight. Let’s try and figure this out.


(oaktree) #6

My issues were resolved by:

  • reinstall virtualbox
  • $ sudo dpkg-reconfigure virtualbox-dkms
  • $ sudo dpkg-reconfigure virtualbox

Paranoia and a Terminal - Part 0x02 - URL Forensics
#7

Great tutorials, I’ll keep reading this series. I’m sad that I didn’t notice them before…


#8

@pry0cc good tutorial for the folks who didn’t know vagrant yet. Already using it for all my virtual shenanigans.


(oaktree) #9

Are you able to virtualize alternate dimensions of computation in vagrant?


(Command-Line Ninja) #10

This topic was automatically closed after 30 days. New replies are no longer allowed.