The warzone VM from RPISEC's awesome Modern Binary Exploitation course, updated with modern tools
I am still working through the MBE course myself, and while I will fix as many labs that may have been broken with this build as I can, I have not gotten to the later exercises yet to verify they still work. If any experienced pwners want to help test the labs and make sure they still work as intended I would really appreciate it!
Clone this repository and build the warzone VM with vagrant up. Supported hypervisors include VirtualBox and libvirt.
After deploying the warzone, you can connect to the VM using SSH on 10.10.10.10. The administrator credentials are gameadmin:gameadmin. Alternatively you can connect as the vagrant user with vagrant ssh and manage everything with that account since it has passwordless sudo.
See Modern Binary Exploitation for more information on how to use the VM with the course.
Major differences between this version and the original warzone:
- Ubuntu has been upgraded from 14.04 to 18.04
- The python packages and tooling have been moved to python 3 versions (pwntools, capstone, ropper, ropgadget, xortool). This means you should now write python 3 scripts and run them with
python3instead ofpython gefis installed and is now the default gdb plugin. You can change this back topedaby editing/etc/cfg/.gdbinitand commenting out the line withsource .../gef.pyand uncommenting the line that sourcespeda.py- All
gefoptional dependencies have been installed, includingcapstone,keystone,unicorn, andropper. They are also all available in the python 3 environment - The immutable bit has been removed from lab user home directories, so you no longer have to work in
/tmp. This restriction made sense in a shared environment, but I decided to remove it since most people are working on this solo and working from /tmp was annoying - Removed some further restrictions on common programs like
tmux,ps,kill, etc. since there is no reason for them in single-user environments - Core dumps are now written for all users to
/var/crash. You will need tosudo chownthem because apport makes them owned by root and as far as I can tell there is no way to change that behavior - The VM is now 64 bit, so if you need to compile any native code you should pass the
-m32flag to compile it in 32-bit mode - All other tools should be updated to current versions
The tools and platform in the original warzone VM are starting to become dated and I wanted to continue working through the course with modern tools I use in CTFs and real life pwning.