How to create a Vulnerable Box

With this blog, I will teach you how to make an easy vulnerable box from 0

First Step

First, we need to decide to install any iso file image. We can install both debian and ubuntu. As you prefer. You can install this image in VirtualBox and boot your machine.

Second Step

The second step is installing the MobaXterm: It is a Windows application that allows you to manage network connections to remote servers through an easy-to-use UI. Once you have installed your machine on virtualbox, you will find yourself in a situation like this:

Click on session → SSH and add remote address. If you cannot find the static IP address of your VM you can find it with this command: `arp-scan -l`

If you don’t have arp-scan just install it. (-l flag stand for local network). You just arrived here? You’re going in a right way!

Now login in you mobaXterm with your credentials like:

Nice you are IN NOW FOR BUILD YOU FIRST BOX!

Installing

First at all you need to install apache2 or nginx (as you prefer) i’m going to install apache2. But first :) `apt-get update; apt-get upgrade -y`

Now you can install nginx. (For example)

After that go in `/var/www/html`

And choose your template for your website, as you want :) You can choose too much template here: https://github.com/learning-zone/website-templates.git. You can choose the template you want, and in /var/www/html you can pull you template. Example: git clone https://github.com/learning-zone/website-templates.git

Now choose your template and move it on /var/www/html and delete the folder with all templates.

Now you will have the website page in bestro-restaurant blabla and you can rename it as “website” folder for example.

Our website :)

Note: I just added a template, because i want that the people find vulnerabilities in my template. But you can choose an exploit for example on exploitDB and build your exploit with his website and his template :)

Now for example a want that the people find the bug in source code, so i can edit the index.html with a password inside “hidden” or encoded with base64 or hex. So the player can use this password for login to ssh. (Simple box and super easy but funny for start).

Once they are in. We need to create the privilege escalation! Now is more easy. For example we can use env from https://gtfobins.github.io/ . So install env with your terminal, and give to env super user permission. `chmod +s /usr/bin/env`

Now we have super user permission on env so they need to find env that run as super user and they can escalate to root.

TIPS: Play so much with create vulnerable box! You will able to create a very difficult box .

Important think!

When you finish the box and create the flag.txt with permission example `chown -R user:user /home/user/flag.txt`

And remove all the traces:

rm -rf /root/.cache || true
rm -rf /root/.viminfo || true
rm -rf /home/user/.sudo_as_admin_successful || true
rm -rf /home/user/.cache || true
rm -rf /home/user/.viminfo || true

ln -sf /dev/null /root/.bash_history
ln -sf /dev/null /home/user/.bash_history
cat /dev/null > /home/user/.bash_history && history -c && exit
cat /dev/null > /root/.bash_history && history -c && init 0

NOW export your VM

Go in:

File — -> export virtual application — -> next — ->next again — -> export and you will get the file.ova vulnerable :)

Thanks a lot for follow me on Twitter and Medium You are becoming very many.

Please support me and buy me a coffee :)

  • 0xJin

--

--

--

| eCPTX | C|EH Master | CompTIA Security + | eJPT |

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Create Beautiful Tracebacks with Python’s Exception Hooks

How can I pass Amazon interviews? I got rejected even though I answered all questions …

Git Squash without rebase

YouTube As A Learning Source — How To Find The Right Source + Recommended Channels

Apache Kafka VS Apache Kinesis

Top 10 Podcasts for Software Developers

Is Ruby On Rails Still Relevant?

How to Use Multiple GNU/Linux at the Same Time — Bedrock Linux

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
0xJin

0xJin

| eCPTX | C|EH Master | CompTIA Security + | eJPT |

More from Medium

CyberDefenders Qradar101 Write-up

Bypassing Cloudflare’s WAF!

SQL injection UNION attack, determining the number of columns returned by the query (Walkthrough)

UART- Shell Access to Router