Hello everyone I hope you guys doing well. Recently I created a tryhackme room quirk and previously almost a year ago a vulnhub machine was pwned (also available in offsec playground right now) which is a kinda skiddy level machine but after creating I shared them with my friends and pubic groups that I’m in. After releasing pwned a few hours later some of my friends asked me (how did you create this machine) and I guided them theoretically but most of them don’t understand so I thought to create a video about it but unfortunately, I still didn’t make that video. Later I created a room quirk so I thought to release it in tryhackme I submitted to made my room public & tryhackme mentioned public room must be evaluated by tryhackme staffs before making it public (until the machine will be private with room private link anyone can join) at the time of writing this article my machine is still processing and crossed almost a week still didn’t make public so I shared the private room link to my friends and public groups that I’m in most of them excited to solve my machine and again some asked the same question (How to create machines like this write a blog about it) as expected I already planned to write this blog after my room made public but I realized my room take a long time to make public so I started writing about it.
If you want to try out my room use this link to join https://tryhackme.com/jr/quirk
As the title suggests I’m still new to creating machines like this, there are lots of ways to create but here I’m doing the easiest one. It’s solely not my own research before I started creating CTF VM. 2 of my friends
prem Kumar and
sivanesh created a vulnerable VM vegeta published in vulnhub at the time I asked the same legacy question (how did you create this VM😂) later I realized it’s super simple if we have system administration skills and pen-testing skills. Until that time I have a rough idea of how to create one but don’t know to publish it on vulnhub. After their guidance, I’m able to create one and published one that was my 1’st machine pwned. In this blog, I can’t guide you to set up a vulnerable service or to set up services cause lots of videos are available online PS:- At the time of creating I watched youtube to understand setting up services.
This blog focuses mainly on Linux machines I’m not good at windows administration so maybe one day I will publish windows also (Active directory maybe).
- First thing is we need a Linux ISO file, not our regular desktop ISO file we need a server ISO file like ubuntu 18.04,20.04 server ISO don’t go older than this. You may use Ubuntu server, Debian server, centos, or FreeBSD images but I recommend using Debian or Ubuntu if you don’t do kinds of stuff in cent os and BSD kinds of stuff. These ISO files are freely available online google the name of the server ISO you want then download it. I Downloaded ubuntu server both 18.04 and 20.04
![[Pasted image 20210826135226.png]]
- Second thing we need is a hypervisor to create our vulnerable VM, Hypervisor is the technical name for virtualization software’s (VirtualBox, VMWare, qemu, Hyper-V, bhyve, etc..) here I’d suggest using Virtualbox reason it’s free also we can use VMware pro if we want but we can’t take snapshot or export in VMware free version. I have both Vmware pro and Virtualbox but I use VirtualBox most of the time.
When creating pwned I used Debian 10 and ubuntu 18.04 for quirk once I checked the tryhackme developer section they mentioned support only versions less than ubuntu 18.04 and Debian 8 now 20.04 and Debian 10 also supports.
Install your desired server ISO in your desired hypervisor. Lots and lots of videos are available online to set up server images follow them up and install them. Next plan what kinda vulnerable you want to implement, like when creating pwned I thought to use 3 services
FTP, SSH & HTTP FTP requires authentication to connect and version is up-to-date. HTTP port 80 serves an HTML page after brute forcing directory there is a custom webpage when looking through source code it leaks FTP creds with that creds we can authenticate to FTP and In FTP there is a public key to a user. with that public key can login to a user in the machine and also a note.txt file that has a username. privilege escalation also simple command injection in a bash script to elevate to 2nd user and for root 2nd user in docker group with GTFO, we can root it. As I said it skiddy-level machine tho. These are the plans I have. So i googled like how to setup vsftpd in Linux and follow the tutorials to setup same goes to SSH and HTTP. Then I created a custom bash script at least I’m a bit good at googling and bash I created that script is vulnerable to command injection installing docker and reading some Linux articles and videos I added 2nd user to the docker group, That’s it I simply created a Vulnerable VM also a little bit of HTML programming to display lame webpage which doesn’t have CSS or js only pure HTML programming.
So when you are going to create a vulnerable VM plan the vulnerability before creating it from initial access to rooting the box then start working on it. Also, don’t make machines too guessy. Drop few rabbit holes 😆if possible. Think creatively chain the steps you learned from any writeups, CTF or Blogs, etc..
I don’t want to spoil much on quirk, so I discuss it a little bit. I’m a hardcore anime watcher, I watched lot’s of amazing anime’s so I thought to create a machine theme based on anime I have plans what to do but I’m confused to create based on which anime (really hard to choose) finally I decided 2 anime AOT and my hero academia. At the time of creating the machine, I just completed My hero academia so I thought this would be good to start. sorry AOT fans It’s really hard to choose 😥. Now you may get it why I named the machine quirk. Also, I created the machine which was also able to complete by those who didn’t watch the anime. So I put only a few easer-eggs of the anime like the USJ incident, and usernames from the anime. I didn’t want to complicate things much so I’d thought this would be enough with this info. So you don’t need to watch anime to solve this machine. As I planned initial foothold must be web exploitation tho I’m not good at web application stuffs as mentioned lots of time I’d like custom exploitation stuffs. But I forced myself to avoid exploit dev in this machine and learned a bit of PHP, IPPSEC created awesome videos about Introduction to PHP Deserialization and Advanced PHP Deserialization which I highly recommend watching. spoilers: With this knowledge, I created a simple PHP file of fewer than 10 lines that led to RCE which is pretty straightforward if you understand the source code. From the there little bit of hash cracking to the user then the root is tricky need a bit of Linux internals exploiting a custom SUID binary I created. No need to develop an exploit but it’s simple. These are the plans I had for quirk and I created the machine. Tested 3 times in my local network then submitted to THM.
After creating vulnerable VM export VM to ova or vmdk file which you may see when downloading vulnhub VM’s. OVA file generated by VirtualBox and VMDK generated by VMware. tryhackme supports both, To export, a Virtual machine right-click the machine you want to export, select export to
OCI (Open Cloud Infrastructure)
Then select a directory where you want to store your virtual machine then click
next -> export.
Within 10 mins it will export the vulnerable machine to the directory we selected. Also, make sure don’t install Any desktop environment for ease of use & allocate 2GB ram if you’re machine needs more resource you need to mail them with creds they will make changes. After exporting you may see a file like this
To publish on vulnhub
Now, all set, to publish them in vulnhub you need to upload your VM to drive and the file publicly accessible by a link. Then go to vulnhub.com and visit submit machine
There you’ll see the institution’s and terms and conditions if you agree then contact them send a mail to them along with your drive link. Then they made your machine public. on their site.
To publish on tryhackme
You must need tryhackme account, log in to your account, and go to develop rooms [https://tryhackme.com/develop-rooms] and enable room developer options. So that you can upload your VM’s
Now click Develop -> upload there you can upload your VM then it will convert automatically you don’t need to edit anything it will take approximately 30mins more or less based on your machine size and internet connection.
Once uploading and conversion are done navigate to Develop -> manage rooms you don’t see anything like mine cause you need to create that so click create new room there.
Fill in the required info and in the browse, it shows you’r uploaded VM’s there select your VM and create room now everything is done after that you’ll see your machine name on manage rooms.
There you can do additional changes like adding tasks, submitting official creator writeups, etc.. I’m not going to dig deeper inside it. I leave it to you to explore them. Where you can see how many users in machine and more My machine still evaluating hope it’s soon became public.
Hackthebox is different from this, I didn’t submit any machine to hack the box also I don’t understand some of the machine requirements.
Hope you guys like it. These are the things I followed and my research to create a room mostly. Follow me on Twitter if you want 0xAnnLynn
Hacklido just landed onto the top 15 cybersecurity communities list by FeedSpot - https://blog.feedspot.com/cyber_security_forums/