What is SamuraiWTF ?

Samurai Web Testing Framework is a debian-based live linux environment designed for web penetration testing purposes. It comes with a lot of tools installed, and a set of pre-configured vulnerable web applications like OWASP Mutillidae II, Damn Vulnerable Web App, Samurai Dojo, and so on.

To get Samurai up and running, you’ll first need to install VirtualBox (plus its extension pack), and Vagrant.

After Vagrant is successfully installed, open up a terminal, and run:

vagrant version

You should see something like this:

MacBook-Pro:Desktop kavish$ vagrant version
Installed Version: 2.2.3
Latest Version: 2.2.3

You're running an up-to-date version of Vagrant!

Next, you need to install the vagrant-vbguest plugin which will automatically install the VirtualBox Guest Additions into Samurai for better performance and usability. To achieve this, run:

vagrant plugin update && vagrant plugin install vagrant-vbguest

After the plugin is installed, clone the SamuraiWTF repo by running:

git clone https://github.com/SamuraiWTF/samuraiwtf

Now, cd into the samuraiwtf directory, and you should see a file named Vagrantfile. This particular file is to describe the configuration of the machine. Since we won’t be using VirtualBox to configure the VM, you’ll have to modify Vagrantfile according to your needs.

By default SamuraiWTF is configured to run with 4GB of RAM. For example, to change the Base Memory to 2GB, you’ll have change the value of the vb.memory parameter to 2048. Let’s take a look (a partial list):

# Single Machine #
# Primary build  #
  config.vm.define "samuraiwtf", primary: true do |samuraiwtf|
    samuraiwtf.vm.host_name = "SamuraiWTF"
    samuraiwtf.vm.provider "virtualbox" do |vb|
    # Display the VirtualBox GUI when booting the machine
      vb.gui = true
      vb.name = "SamuraiWTF-4.0RC2"
    # Customize the amount of memory on the VM:
      vb.memory = "2048"
      vb.customize ["modifyvm", :id, "--vram", "48"]

There’s 3 vb.memory parameters in the Vagrantfile. Edit only the one that is specified in the Primary build section. The other ones is up to you(if you know what you’re doing). The syntax is Ruby, and it’s very readable. Just don’t mess with it (make a copy just in case).

If you’ve edited this file, run (or else skip this):

vagrant validate

The command vagrant validate will verify if all the syntax are indented properly. Now everything is set in place. All you need to do is execute the command:

vagrant up

vagrant up will create and configures the virtual machine according to the Vagrantfile.

The output will look like this:

MacBook-Pro:samuraiwtf kavish$ vagrant up
Bringing machine 'samuraiwtf' up with 'virtualbox' provider...
==> samuraiwtf: Importing base box 'bento/debian-9'...
==> samuraiwtf: Matching MAC address for NAT networking...
==> samuraiwtf: Checking if box 'bento/debian-9' version '201812.27.0' is up to date...
==> samuraiwtf: Setting the name of the VM: SamuraiWTF-4.0RC2
==> samuraiwtf: Clearing any previously set network interfaces...
==> samuraiwtf: Preparing network interfaces based on configuration...
    samuraiwtf: Adapter 1: nat
==> samuraiwtf: Forwarding ports...
    samuraiwtf: 22 (guest) => 2222 (host) (adapter 1)
==> samuraiwtf: Running 'pre-boot' VM customizations...
==> samuraiwtf: Booting VM...
==> samuraiwtf: Waiting for machine to boot. This may take a few minutes...

Vagrant downloads the debian-minimal box the first time you runvagrant up. After downloading it unpacks the box and imports it into VirtualBox. During this process, VirtualBox will open a new window while vagrant is still doing its thing. Don’t close the terminal or even try to login into Samurai, till vagrant completes the setup.

After vagrant up is done doing its thing, run:

vagrant reload

If you see an error like this:

samuraiwtf] GuestAdditions seems to be installed (6.0.2) correctly, but not running.

This basically means that SamuraiWTF is not using the new version of VirtualBox GuestAdditions. To solve this, halt the machine by running:

vagrant halt

Then execute:

vagrant vbguest 

After that, run:

vagrant reload 

Now you should see something like this in the output:

GuestAdditions 6.0.2 running --- OK.

Great. Both Username and Password == samurai

That’s pretty much it. Hope this post help anyone else who has to implement something similar. Take Care.