Friday, September 14, 2012

How to Create a SamuraiWTF 2.0 Virtual Machine in VMware Player

The SamuraiWTF (Web Testing Framework) can be run as a live CD/DVD, although when performing web application penetration tests, I like to run it inside a virtual machine. SamuraiWTF 2.0 is based on Ubuntu 12.04 LTS and uses KDE (by default) - Why there was no SamuraiWTF 1.0 version? The steps below detail how to create a SamuraiWTF 2.0 virtual machine in VMware Player 5 (5.0.0) over Windows 7 (64-bits) and Windows XP (32-bits). The steps required for VMware Player over Linux would be very similar.

Creating a New Virtual Machine

Open VMware Player and create a new virtual machine (VM): [Player] Menu - File - New Virtual Machine... This will launch the "New Virtual Machine Wizard". In the welcome screen select "I will install the operating system later.", and click "Next >". In the "Select a Guest Operating System" select Linux as the "Guest operating system" and Ubuntu as the "Version", and click "Next >".

The "Name the Virtual Machine" window allows you to select the virtual machine name (eg. "SamuraiWTF-2.0"), and indicate where you want to save the new VM (directory, such as "C:\VMWARES\SamuraiWTF-2.0"). Click "Next >". In the "Specify Disk Capacity" screen define the maximum hard disk size (by default, 20 GB). All the other disk capacity options can be left with the default values. Click "Next >".

Finally, the "Ready to Create Virtual Machine" screen details all the VM settings selected, and allows you to modify other settings through the "Customize Hardware..." button. Click this button and access the "Memory" section. Change the amount of RAM to 2048 MB or more from the default of 1024 MB.   Access the "New CD/DVD (IDE)" section, select "Use ISO image file:", and browse to the ISO file for SamuraiWTF 2.0 ("SamuraiWTF-2.0-i386.iso") from the "Browse..." button. Once the amount of RAM and the CD/DVD location have been changed, click "Close".Optionally, you can also adjust other settings, such as the network interface type (by default, NAT). From the "Ready to Create Virtual Machine" screen, as the VM is ready to boot, click the "Finish" button.

You need to click the "Power On" button (or "Play virtual machine" link) to power on the VM after creation.

Booting SamuraiWTF 2.0

The recently created VM will start up, using the default Linux boot option, "Start SamuraiWTF". Wait till the SamuraiWTF desktop shows up.

Installing SamuraiWTF 2.0 to the hard disk

NOTE: The screenshots below correspond to VMware Workstation as they are the same exact ones for VMware Player, so I tried not to duplicate work from the previous blog post :o)

Double click the "Install SamuraiWTF 2.0" icon from the desktop and follow the installation wizard. From the "Language" screen select the language for the installation process and click "Continue".

The "Prepare" step recommends to have more than 15GB of free disk space and Internet connectivity. Select the "Download updates while installing" option to get the latest software, and optionally the "Install this third-party software", and click "Continue".

On the "Disk Setup" window leave the default guided disk layout and click on "Install Now".

On the "Timezone" screen select your timezone and, while the installation process starts copying files (a significant time optimization improvement over previous versions, but take into account that it can consume lots of your computer's resources while following the next installation steps), and click "Continue".

On the "Keyboard" screen select your keyboard layout and click "Continue".

On the "User Info" screen select your username and password, plus the hostname. It is highly recommended to change the default SamuraiWTF password (samurai - and use a long passphrase instead. It is preferable to select a custom hostname that does not include references to SamuraiWTF (by default "samurai-virtual-machine" is pre-filled). Leave the "Require my password to log in" option, although it won't be applied in version 2.0 due to recent changes to fix a very old bug. Click "Continue".

NOTE: A race condition has been identified (sometimes) depending on the time it takes to reach from the "Disk Setup" screen till the "User Info" screen, where the "Keyboard" step will directly jump into the "Install" step, bypassing the "User Info" screen. Quickly moving through the timezone and keyboard setup seems to help to avoid this unexpected behavior. If you suffer this behavior it is recommended to repeat the setup by booting the VM again from the ISO image.

The process will remain on the "Install" screen while all the files are copied and the different system elements are configured.

Once the installation finishes you will get an "Installation Complete" popup. It is recommended to click the "Restart Now" button to start using the SamuraiWTF instance installed on the hard disk, instead of the live instance from the ISO image.

There is a bug in the reboot/shutdown process of the live CD/DVD version, where the message that suggests the user to eject the CD/DVD and press any key to restart/shutdown does not show up. Once you get the following background SamuraiWTF image, press any key to reboot/shutdown the VM.

After rebooting, the VM CD/DVD is not connected, so the system directly boots from the recently installed hard disk. You can unplug the SamuraiWTF ISO image from the CD/DVD by going to the "[Player] Menu - Removable Devices - CD/DVD (IDE) - Settings..." option and selecting "Use physical drive".

Once the new SamuraiWTF VM boots up you will be directly presented with the desktop, where the installation icon is not available anymore, but access to the README and CHANGELOG files, the latest version of the official SamuraiWTF training material in PDF format (as of today, v13 - see more details about upcoming training sessions below) and folders with the output of tools, a few wordlists, and exploit/payloads from several tools.

If you do not see the desktop icons, simply resize the VM window (this seems to be a bug in VMware Player).

Updating VMware Tools

VMware Tools are already installed in SamuraiWTF 2.0, thus you can directly copy & paste between the host and the guest operating systems. However, depending on the VMware version you are using you might want to update VMware Tools.

Go to the "[Player] Menu - Manage - Update VMware Tools..." menu in VMware. Depending on your setup, or if this is the first time you install/update VMware Tools on a Linux VM, VMware might need to download them first. If this is the case, click the "Download and Install" button.

The CD is not automatically mounted on Ubuntu 12.04 if there is no password set for the root user (see related VMware doc), as in SamuraiWTF 2.0, so you need to manually mount the CD and launch the VMware Tools installation process:

$ sudo mount /dev/cdrom /media/cdrom
$ cd /tmp
$ tar xvzf /media/cdrom/VMwareTools-9.0.2-799703.tar.gz
$ cd vmware-tools-distrib/
$ sudo ./

Follow the installation process and reply with the default answer to all the questions:
- You have a version of VMware Tools installed. Continuing this install will first uninstall the currently installed version. Do you wish to continue? (yes/no) [yes]
- In which directory do you want to install the binary files? [/usr/bin]
- Would you like to enable VMware automatic kernel modules? [yes]
- Thinprint provides driver-free printing. Do you wish to enable this feature? [yes]

Post installation steps

You can clean up the bash command line history by closing all terminals, launching a new one, and running a couple of commands:
$ > $HOME/.bash_history
$ exit

You can manually remove VMware Tools from /tmp or wait till the next boot for automatic removal.

Your new SamuraiWTF 2.0 VM is ready to run and assist you in your web-app penetration tests! The main constraint in VMware Player (hey... it is free :-) is that you cannot take a VMware snapshot in case you need to restore back to this clean state.

The instructions to create a SamuraiWTF 2.0 virtual machine in VMware Fusion or in VMware Workstation are available on previous blog posts.

Shameless Training Plug

This is an introductory guide to the official "Assessing and Exploiting Web Applications with Samurai-WTF" 2-day training I will be running at the BruCON 2012 conference during September 24-25 in Ghent (Belgium). This training session will be based on the latest SamuraiWTF 2.0 version and its new target web-apps and tools. If you are an OWASP member, you can take advantage of a 10% discount on the training fee.

No comments:

Post a Comment