How to create your Vulnerable VM?
I know the Tittle seems too big but ill try to keep this short.
I will be using Vagrant to create a virtual machine. I know we can use ansible or other tools but I’m not that smart.
For vulnerable applications, I’m here using ThreadsApp created by enciphers. You can use other vulnerable applications as well such as juice shops or Dvwa. I’m Using ThreadsApp as it is new and the application mimics a real web application.
Let's get started
First thing first you need to download vagrant and Virtual box. You can download and install vagrant from this link and virtual box from this link
Once Vagrant is up in running then you have to run few simple commands.
vagrant init
this will initialize Vagrant and will create a Vagrant file in the directory. You have to open that file in any text editor and change config.vm.box.
Change the config.vm.box = “base” to config.vm.box = “ubuntu/xenial64”
Here I’m Using ubuntu 16.04 you can use whatever version or whatever os you want. You can search for your box from here.
After ubuntu 16.04 is configured you have to do the initial boot of the machine for that use this command.
vagrant up
Now you have to enter the machine that you just created. I know a lot of people will be thinking why is he entering the machine is he stupid and he can create a setup file run everything using a script. But as I have told I’m not that smart.
we will ssh into the machine by using the ssh command
vagrant ssh
Good News the major setup is done.
Now we have to install Threadsapp but before that, we need to install npm and MongoDB
To install npm follow these steps
$ sudo apt-get update
$ sudo apt-get install nodejs
$ sudo apt-get install npm
To check the version
$ nodejs -v
$ npm -v
To install MongoDB follow these steps
wget -qO — https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -
echo “deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.4 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list
sudo apt-get update
sudo apt-get install -y mongodb-org
sudo systemctl start mongod
sudo systemctl status mongod
sudo systemctl enable mongod
Now Inorder to install Threadsapp follow
git clone https://github.com/enciphers/ThreadsApp.git
cd ThreadsApp
npm install
Enter ‘yes’ if you want to add dummy users to the application.
npm run client_install
npm start
and the application will start on the local host
Now you can simply export your box into an ova file and share it with your friends and start practicing your skills.
How Export Virtual Machine to OVA File in Oracle VM VirtualBox.
Its very simple
Open Virtual box
Then click on the Files option→ Export application then choose your virtual machine which you have to convert into ova and click on export
And it's done
Hope you liked the blog please.