How to create your Vulnerable VM?

I know the Tittle seems too big but ill try to keep this short.

I will be using Vagrant to create a virtual machine. I know we can use ansible or other tools but I’m not that smart.

For vulnerable applications, I’m here using ThreadsApp created by enciphers. You can use other vulnerable applications as well such as juice shops or Dvwa. I’m Using ThreadsApp as it is new and the application mimics a real web application.

Let's get started

First thing first you need to download vagrant and Virtual box. You can download and install vagrant from this link and virtual box from this link

Once Vagrant is up in running then you have to run few simple commands.

vagrant init

this will initialize Vagrant and will create a Vagrant file in the directory. You have to open that file in any text editor and change config.vm.box.

Change the config.vm.box = “base” to config.vm.box = “ubuntu/xenial64”

Here I’m Using ubuntu 16.04 you can use whatever version or whatever os you want. You can search for your box from here.

After ubuntu 16.04 is configured you have to do the initial boot of the machine for that use this command.

vagrant up

Now you have to enter the machine that you just created. I know a lot of people will be thinking why is he entering the machine is he stupid and he can create a setup file run everything using a script. But as I have told I’m not that smart.

we will ssh into the machine by using the ssh command

vagrant ssh

Good News the major setup is done.

Now we have to install Threadsapp but before that, we need to install npm and MongoDB

To install npm follow these steps

$ sudo apt-get update

$ sudo apt-get install nodejs

$ sudo apt-get install npm

To check the version

$ nodejs -v

$ npm -v

To install MongoDB follow these steps

wget -qO — https://www.mongodb.org/static/pgp/server-4.4.asc | sudo apt-key add -

echo “deb [ arch=amd64,arm64 ] https://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/4.4 multiverse” | sudo tee /etc/apt/sources.list.d/mongodb-org-4.4.list

sudo apt-get update

sudo apt-get install -y mongodb-org

sudo systemctl start mongod

sudo systemctl status mongod

sudo systemctl enable mongod

Now Inorder to install Threadsapp follow

git clone https://github.com/enciphers/ThreadsApp.git

cd ThreadsApp

npm install

Enter ‘yes’ if you want to add dummy users to the application.

npm run client_install

npm start

and the application will start on the local host

Now you can simply export your box into an ova file and share it with your friends and start practicing your skills.

How Export Virtual Machine to OVA File in Oracle VM VirtualBox.

Its very simple

Open Virtual box

Then click on the Files option→ Export application then choose your virtual machine which you have to convert into ova and click on export

And it's done

Hope you liked the blog please.