How to create a CTF VM?
Hey, guys today I taught of creating a guide on how to create a simple CTF VM. Let’s get right into it.
1. Create your game plan 🤔
Planning is important. Say you’re constructing a house you got to have a plan. The same applies when you create your own CTF challenge.
Here are some points you might want to consider when planning your CTF:
- What do I want the player to learn?
- What are the attack paths? or what is the flow of my CTF challenge?
To stay organized with your planning, it’s a good idea to create a map. You can use draw.io to map out your CTF. Personally, I use my whiteboard 😆. As always you can stick to your own methods as well. Here’s an example sketch I’ve sketched out for my next post (Implementing the CTF):
According to figure 1.0: The CTF I’m planning has two services running namely HTTP web server, FTP. The webserver is hosting a static website while I’m using an older version of FTP which has a RCE vulnerability. This leads to the player having low privileged access to the system. There are two users namely root, sam. Doing some enumeration the player will find the sudo privileges are misconfigured. This results in a vertical privilege escalation of the root user. Now the player has owned the system.
2. Start by creating a VM 🖥
Now that you have a rough idea on the flow of your CTF. You will need a VM. This is where your CTF lives. I’d recommend using the Ubuntu server (no GUI) or Ubuntu desktop (With GUI). You will also need a hypervisor to create a VM. For this, I would recommend VirtualBox. I hope you already know how to create a VM with VirtualBox.
If you don’t, there are plenty of blog posts and videos on youtube that does a great job showing you how to set up a VM 👍.
3. Install the software 👨💻
Now you have a newly installed VM which has all the basic and essential software needed. It’s a good idea to keep your software package repository up to date:
[email protected]:~$ sudo apt-get update
Now we are going to be installing the software we need. This really depends according to the plan that you’ve sketched before. According to my plan (Figure 1.0), the challenge has two services running (HTTP & FTP). So, I need to install these services.
Setting up the HTTP web server:
To install the webserver I’m going to be installing apache2.
[email protected]:~$ sudo apt-get install apache2 ... ... [email protected]:~# cd /var/www/html [email protected]:/var/www/html$ ls index.html [email protected]:/var/www/html$
Alright, we can see the apache web server default webpage (index.html). Now, let’s start the webserver
[email protected]:~$ sudo service apache2 start [email protected]:~$ sudo service apache2 status ● apache2.service - The Apache HTTP Server Loaded: loaded (/lib/systemd/system/apache2.service; disabled; vendor preset: > Active: active (running) since Thu 2021-11-18 12:40:22 EST; 1s ago Docs: https://httpd.apache.org/docs/2.4/ ...
Browse the HTTP web server IP
Now I need to find a static website to host on my webserver. I’m using this free-to-use template from free-css.com. Download the template and extract the source code to the web server root directory (/var/www/html).
If you are facing a 403 error when your website is loading resources checkout the file permissions of resources (images, docs, scripts, and stuff). This answer might help you in this case.
Setting up the FTP server
I’m planning to install proFTPd 1.3.5 which has an RCE vulnerability. I found the docker version of this application in a GitHub repo by t0kx. It also had all the details on how to set up the application so it made life easier. You can also use exploit-db to find vulnerable applications too.
Post exploitation stuff
Well in my case I need to misconfigure sudo in a way the player can escalate to the root user. Here’s a resource that I found useful to me after doing some quick googling.
4. Make services automatically startup on boot 🤖
Alright, so now you set up all the services that your CTF is going to have. But there’s a slight problem.
Problem: When you deploy your CTF VM these services will not launch automatically by themself. You got to start each service manually. This prevents the whole plug and play feature of your CTF.
This is where starting up services automatically comes in handy. In my case, I got to start the HTTP web server and the FTP server automatically. You can use the systemctl utility to achieve this. Syntax:
sudo systemctl enable YOUR_SERVICE_NAME
For example, to start the HTTP web server on startup:
[email protected]:~$ sudo systemctl enable apache2
5. Exporting your CTF 🚀
Now the only thing left is to export your VM and share it with your fellow hacker mates to try out. If your using VirtualBox your can export your VM like so:
Wait for the exporting process to complete and it’s done. Congratulations you’ve made it 👏. Now you will have a .ova file you can share with your hacker mates, also upload to tryhackme.
I hope you have learned something valuable. If you like this post please share it with your fellow hackermates and if you have any questions & suggestions please feel free to post them down in the comments. I’d love to hear and learn from you.
Have a great day guys 👋. See you in the next post.