Creating Boxes for Vulnhub

Introduction

If you’re viewing this you’re most likely interested in developing your first box for Vulnhub.

Pseudocode

Target Audience

For our box, we need to determine how difficult we are going to make this box. If we want to target a person that’s never done a penetration test before or wants to break into the field we may want to include plenty of hints and tips. We may also want to consider making things extremely easy for them in terms of exploits or ways to get in.

Intended Foothold

This is the part where determine how the person whose downloaded our box is going to break into it to get their shell access.

  • A Local File Inclusion (LFI) or Remote File Inclusion (RFI)
  • Weak NFS permissions (NFS path has write access)
  • Private SSH Key stored somewhere by accident
  • SQL Injection

Intended Privilege Escalation

This is the part where you determine how the user is going to get root on your box to print out your root.txt file or whatever you call your flag file.

Rabbit Holes

These are intended to be red heirings. They are to steer the attacker of your box down the wrong path so they spend minutes, hours, or even some days banging their head to get shell access or root.

Building the Box

For this section, I will only be providing general concepts and things you should consider doing for your box once it’s booted up.

Hardware Requirements

You should try to give the VM as little resources as required. Basically, give the VM enough resources to perform the tasks it needs.

Selecting OS

Pick your flavor of Linux OS whether it be CentOS, Ubuntu, Arch, etc. This is what your targets will be attacking. You can pick an old kernel version / old OS version if you wish. I prefer to use the latest and greatest to limit the unintended privilege escalation methods.

Networking

When creating a box there are two preferred network connection types to use in VMWare, Virtualbox, etc. These two preferred network types are: Internal and Host-Only.

Creating Intended Foothold & Privilege Escalation

Once you’ve got the OS setup & networking setup, this is the part where you would start to deploy the intended paths for initial foothold and privilege escalation.

Outro

In closing, when creating a box for Vulnhub, consider your intended audience and tailor the box towards them. This will hopefully provide the most optimal experience for those of your intended audience.