Presentation is loading. Please wait.

Presentation is loading. Please wait.

Using Vagrant to Build a Manageable and Sharable Lab Environment

Published byGeorgia Clark Modified over 6 years ago

Similar presentations

Presentation on theme: "Using Vagrant to Build a Manageable and Sharable Lab Environment"— Presentation transcript:

1 Using Vagrant to Build a Manageable and Sharable Lab Environment
Shaun McCullough December 2016 GIAC GSE, GSEC, GCIA, GCFE, GXPN, GCIH, GREM, GCFA Paper found at

2 Objective Security researchers need a better way for others to quickly implement, test and learn from the research. I will demonstrate how Vagrant can be used to develop easy to manage, and easy to share, complete environments. This presentation will introduce the Vagrant software application and will discuss how it can be used by Information Security (InfoSec) professionals to provide their audience with an infrastructure environment to accompany their research. InfoSec professionals conducting research or publishing write-ups can provide opportunities for their audience to replicate and walk through the research themselves in their own environment. Vagrant is a popular DevOps tool for providing portable and repeatable production environments for application developers, and can be used to provide richer research environments for InfoSec professionals. The presentation will investigate how Vagrant works, the pros and cons of the technology and how it is typically used. The presentation will demonstrate how it can be used to create repeatable environments highlighting different features of Vagrant.

3 How I Got Here In Studying for GSE, I needed to:
Practice web exploitation techniques Minimize setup time. Use temporary infrastructure Found the Damn Vulnerable Web Application When needing to practice some Web Exploitation Techniques, I discovered the Damn Vulnerable Web Application at However, the installation of the software would take more time than I had. Since I had worked with Vagrant before, I searched for a Vagrant implementation. I found one and got it working quickly.

4 Vagrant Made It Easier Installing DVWA requires 15 Steps:
Install MySQL, Apache, php5, unzip Download/Configure DVWA software Configure webapp password Configure php Configure mysql Configure apache Finally, start the server Installing DVWA requires 2 Steps: User nightmare-rg has a Vagrant instance in GitHub. Because nightmare-rg went through the work of building the installation file, and hosting the source code for the DVMA application, it only required two commands to get everything running. git clone This will clone all the software from nightmare-rg’s repository on GitHub called dwva-vagrant This includes a Vagrant file, the installation bootstrap file, and all the source code. Then, change into the new dwva-vagrant directory. vagrant up This tells Vagrant to start the Vagrant image based on the VagrantFile. Vagrant knows the image has not been ”provisioned”, so it will start the installation process. The new Virtual Machine image is all ready and available.

5 Why Vagrant is Great Vagrant was built as a DevOps tool. It’s main purpose is to improve collaboration by providing Developers and IT Operations with consistent, repeatable, sharable infrastructure. We can use that to support sharing between researchers and their audience Definition of DevOps from The Science of DevOps Decoded from Gartner: DevOps is “…focusing on rapid IT service delivery through the adoption of agile, lean practices in the context of a system-oriented approach. DevOps emphasizes people and seeks to improve collaboration between organizations and development teams.” DevOps is the use of tools and processes to sync and automate the infrastructure used by Developers and IT Operations. This tool becomes a great option to create repeatable and shareable Virtual Machines that will run everywhere reliably.

6 Vagrant and Docker Vagrant provisions repeatable, sharable VM’s:
Supports VirtualBox, VMWare, AWS, etc. Provisioning from Chef, Puppet, Ansible, shell, etc Vagrant == Virtual Machine Docker provisions repeatable, sharable, containers: Docker spins “containers” running on most cloud infrastructure Container <> Virtual Machine Containers not realistic operating environments Vagrant is found at . Vagrant is a tool to create descriptions of a virtual environment that can be setup, torn down, and rebuilt by everyone on the team, and it will ensure everyone has the same environment. The company that creates Vagrant also provides a whole suite of tools to support infrastructure from dev through operations management. Docker is found at Docker attempts the same thing, but without requiring an entire virtual machine. Docker creates containers, each container having only the software needed to run an application in a wholly controlled environment. Docker supports application building, Vagrant supports VM building.

7 How Vagrant Works Vagrantfile is a file, orchestrates the provisioning
Vagrant uses a “box” file, includes the VM image and metadata Vagrantfile and box file are sharable Once VM is spun up, Vagrant can be used to start, halt, destroy…rinse repeat Vagrant also provides file sharing, ssh access, and deployment to Altas (VagrantHub) Vagrant uses VagrantFile as the main orchestrator for the base image, provisions, networking setups, and other configurations. It is the main configuration file. All Vagrant images need to start with a VagrantFile. Vagrant then creates, or downloads from Atlas, the Vagrant image, called a box file. The box file is basically an image of the VM, with Vagrant specific metadata embedded. You are able to use Vagrant on the command line to manage the status of the new VirtualBox image. Vagrant can start, stop, destroy, reload, or reprovision with easy commands. Vagrant also manipulates the image to setup ssh access, file sharing between the host and the virtual machine, and uploading to Vagrant’s online repository. Command line is described here:

8 Anatomy of VagrantFile
config.vm.box = “ubunt/trusty” config.vm.network: forwarded_port, guest: 80, host: 8080 config.vm.provider: virtualbox do |vb| vb.gui = false end config.vm.provision: shell, :path => ”bootstrap.sh” This is a generic Vagrantfile. config.vm.box – Set the base box file. If the local Vagrant doesn’t have the box file, it will go to atlas to find and pull it down. config.vm.network – Set networking type, port forwarding, ip address, and other networking configuration information. Vagrant will interact with the host image to change the local networking, or will change the VirtualBox settings. Config.vm.provider -- Its possible to set certain values depending on the provider (virtualbox, AWS, DigitalOcean, etc). Config.vm.provision -- Many types of provisiong method can be used. Shell scripts, docker, Chef, ansible, etc

9 DMVA and Network Monitoring
Download the Vagrantfile and DMVA code ”vagrant up” starts the VM (halt, reload, resume, provision, suspend, destroy, ssh, share, package) Use VirtualBox modifyvm to turn on NIC Tracing for pcap <- Could be used in Vagrant…but did not always work Networking is not as robust on Virtualbox as it is in enterprise VM providers or VM Ware. However, we are able to use a VirtualBox command “modifyvm” to turn on NIC tracing, and store all network traffic to a pcap file. In the VagrantFile, it is possible to make modifyvm commands. However, I never could get it working consistently.

10 DMVA and Network Monitoring
SHAREABLE Was able to easily find and download BUILDABLE DMVA up and running in 3 commands. REPEATABLE Able to destroy when not in use, bring up when writing paper and presentation Sharable: The Vagrant instance of DMVA was easy to find. A quick google search “damn vulnerable web app vagrant” turned it up. Buildable: 2 commands and the image was up and running. This assumes a valid version of Vagrant and VirtualBox is running on the host system. Repeatable: Vagrant can support static data if necessary. But in the case of Researchers using Vagrant to distribute test environments, it isn’t necessary. Thus, its easy to completely shut down, destroy, and rebuild later the Vagrant image. Its made for constant destruction.

11 Making Infrastructure Sharable
Share with Github Vagrantfile + code can live on Github Easily fork and participate Provisioning is visible Atlas is Hashicorps Infrastructure Manager Store/share box files. No provisioning Deploy to cloud environments ($) Provisioning is NOT visible There are two popular methods for sharing: On GitHub, the Vagrantfile, provisioning scripts, and any necessary files can be kept. A simple “git clone ….” and then “vagrant up” will build the environment completely. This is good for researchers, because the audience can see how the Vagrant environment is built, can comment, can fork, can make better. HashiCorp also provides the Atlas cloud service that will host a completed .box file. A simple ”vagrant init frank/cool_vagrant_image” will find and pull down the entire box file, which is the complete environment all ready to go. Atlas lets users control versioning, document, and make Vagrant environments searchable. Upgraded accounts will even perform deployment to cloud environments for you. Or…..do both.

12 Making Infrastructure Sharable
Vagrant package will build a box file for upload Vagrant package --output lab2.box --vagrantfile Vagrantfile Vagrant push will load to Atlas based on Vagrantfile details GitHub has web hooks for continuous integration Atlas promotes discovery Discover by providers Discover by key terms Discover by creator Vagrant’s “package” command can use a VagrantFile and associated files, to wrap up a new box file. Vagrant can also push the box file to Vagrant’s cloud system, Atlas. Atlas improves discoverability of Vagrant images and provides an easy way to pull new images. Instead of cloning code from GitHub, a simple initialize command will pull it from Atlas.

13 Windows is Tricky You CAN NOT distribute Windows VM’s:
Prebuilt box files are not allowed Have to start with legal image Microsoft provides Vagrant images, but… Not setup properly for provisioning Must make a network change Must install WinRM Windows images are not legally redistributable. Although Microsoft provides a Vagrant image for Windows testing, it is not properly configured to support provisioning. Windows does provide Vagrant images, but they are not configured correctly for Vagrant to interact with them, thus not able to provision them The Vagrant Windows images must have WinRM installed on them The networking needs to be changed to “Home” or “Work”, rather than “Public” provides a large number of Windows images in different formats, for testing purposes.

14 Windows In Practice While booting, change network location to Home or Work Run “Setup Modern.ie Vagrant Box” Once setup, Vagrant can provision like other systems. Follow the detailed instructions at These instructions will show how to take a modern.ie or other Microsoft provided Vagrant image and prepare it for provisioning by the Vagrant system.

15 Summary InfoSec researchers can better engage the community by sharing research. Vagrant makes it easier to share infrastructure setups with the audience Atlas can support discovery of research environments NOTE: VirtualBox does have limitations in complicated, multi VM infrastructures. The Vagrant software will provide an easily sharable and repeatable infrastructure that researchers can use to share with their readers. Vagrant is not perfect, there is some limitations in complicated, multi host systems that require specific networking. However, many researchers will not run into these problems. Paper found at

Download ppt "Using Vagrant to Build a Manageable and Sharable Lab Environment"

Similar presentations

Windows Azure Conference 2014 Running Docker on Windows Azure.

Windows Azure Conference 2014 Running Docker on Windows Azure.
VMware + Chef A VMworld Workshop.

VMware + Chef A VMworld Workshop.
Model a Container Runtime environment on Your Mac with VMware AppCatalyst DevOps @ VMworld Fabio Rapposelli - @fabiorapposelli.

Model a Container Runtime environment on Your Mac with VMware AppCatalyst VMworld Fabio Rapposelli
Puppet with vSphere Workshop Install, configure and use Puppet on your laptop for vSphere DevOps Billy Lieberman August 1, 2015.

Puppet with vSphere Workshop Install, configure and use Puppet on your laptop for vSphere DevOps Billy Lieberman August 1, 2015.
Vagrant workflow Jul. 15, 2014.

Vagrant workflow Jul. 15, 2014.
GAAIN Virtual Appliances: Virtual Machine Technology for Scientific Data Analysis Arihant Patawari USC Stevens Neuroimaging and Informatics Institute July.

GAAIN Virtual Appliances: Virtual Machine Technology for Scientific Data Analysis Arihant Patawari USC Stevens Neuroimaging and Informatics Institute July.
Docker and Container Technology

Docker and Container Technology
CERN IT Department CH-1211 Genève 23 Switzerland t Migration from ELFMs to Agile Infrastructure CERN, IT Department.

CERN IT Department CH-1211 Genève 23 Switzerland t Migration from ELFMs to Agile Infrastructure CERN, IT Department.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.

INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.

Cloud Installation & Configuration Management. Outline  Definitions  Tools, “Comparison”  References.
ICS Software Development Environment Blaž Zupanc and Leandro Fernandez www.europeanspallationsource.se 19 February 2016.

ICS Software Development Environment Blaž Zupanc and Leandro Fernandez 19 February 2016.
Canadian Bioinformatics Workshops

Canadian Bioinformatics Workshops
Alfresco Software Provisioning Kit

Alfresco Software Provisioning Kit
Unit 3 Virtualization.

Unit 3 Virtualization.
bitcurator-access-webtools Quick Start Guide

bitcurator-access-webtools Quick Start Guide
ONAP on Vagrant for ONAPers

ONAP on Vagrant for ONAPers
Building ARM IaaS Application Environment

Building ARM IaaS Application Environment
Joonas Sirén, Technology Architect, Emerging Technologies Accenture

Joonas Sirén, Technology Architect, Emerging Technologies Accenture
Let's talk about Linux and Virtualization in 'vLAMP'

Let's talk about Linux and Virtualization in 'vLAMP'
Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.

Agenda:- DevOps Tools Chef Jenkins Puppet Apache Ant Apache Maven Logstash Docker New Relic Gradle Git.

Similar presentations

Ads by Google