What is SamuraiWTF ?
Samurai Web Testing Framework is a debian-based live linux environment designed for web penetration testing purposes. It comes with a lot of tools installed, and a set of pre-configured vulnerable web applications like OWASP Mutillidae II, Damn Vulnerable Web App, Samurai Dojo, and so on.
After Vagrant is successfully installed, open up a terminal, and run:
You should see something like this:
MacBook-Pro:Desktop kavish$ vagrant version Installed Version: 2.2.3 Latest Version: 2.2.3 You're running an up-to-date version of Vagrant!
Next, you need to install the vagrant-vbguest plugin which will automatically install the VirtualBox Guest Additions into Samurai for better performance and usability. To achieve this, run:
vagrant plugin update && vagrant plugin install vagrant-vbguest
After the plugin is installed, clone the SamuraiWTF repo by running:
git clone https://github.com/SamuraiWTF/samuraiwtf
cd into the
samuraiwtf directory, and you should see a file named
Vagrantfile. This particular file is to describe the configuration of the machine. Since we won’t be using VirtualBox to configure the VM, you’ll have to modify Vagrantfile according to your needs.
By default SamuraiWTF is configured to run with 4GB of RAM. For example, to change the Base Memory to 2GB, you’ll have change the value of the
vb.memory parameter to 2048. Let’s take a look (a partial list):
# Single Machine # # Primary build # config.vm.define "samuraiwtf", primary: true do |samuraiwtf| samuraiwtf.vm.host_name = "SamuraiWTF" samuraiwtf.vm.provider "virtualbox" do |vb| # Display the VirtualBox GUI when booting the machine vb.gui = true vb.name = "SamuraiWTF-4.0RC2" # Customize the amount of memory on the VM: vb.memory = "2048" vb.customize ["modifyvm", :id, "--vram", "48"]
vb.memory parameters in the Vagrantfile. Edit only the one that is specified in the Primary build section. The other ones is up to you(if you know what you’re doing). The syntax is Ruby, and it’s very readable. Just don’t mess with it (make a copy just in case).
If you’ve edited this file, run (or else skip this):
vagrant validate will verify if all the syntax are indented properly. Now everything is set in place. All you need to do is execute the command:
vagrant up will create and configures the virtual machine according to the Vagrantfile.
The output will look like this:
MacBook-Pro:samuraiwtf kavish$ vagrant up Bringing machine 'samuraiwtf' up with 'virtualbox' provider... ==> samuraiwtf: Importing base box 'bento/debian-9'... ==> samuraiwtf: Matching MAC address for NAT networking... ==> samuraiwtf: Checking if box 'bento/debian-9' version '201812.27.0' is up to date... ==> samuraiwtf: Setting the name of the VM: SamuraiWTF-4.0RC2 ==> samuraiwtf: Clearing any previously set network interfaces... ==> samuraiwtf: Preparing network interfaces based on configuration... samuraiwtf: Adapter 1: nat ==> samuraiwtf: Forwarding ports... samuraiwtf: 22 (guest) => 2222 (host) (adapter 1) ==> samuraiwtf: Running 'pre-boot' VM customizations... ==> samuraiwtf: Booting VM... ==> samuraiwtf: Waiting for machine to boot. This may take a few minutes...
Vagrant downloads the debian-minimal box the first time you run
vagrant up. After downloading it unpacks the box and imports it into VirtualBox. During this process, VirtualBox will open a new window while vagrant is still doing its thing. Don’t close the terminal or even try to login into Samurai, till vagrant completes the setup.
vagrant up is done doing its thing, run:
If you see an error like this:
samuraiwtf] GuestAdditions seems to be installed (6.0.2) correctly, but not running.
This basically means that SamuraiWTF is not using the new version of VirtualBox GuestAdditions. To solve this, halt the machine by running:
After that, run:
Now you should see something like this in the output:
GuestAdditions 6.0.2 running --- OK.
Great. Both Username and Password ==
That’s pretty much it. Hope this post help anyone else who has to implement something similar. Take Care.
2019-01-19 00:00 +0000