Link Search Menu Expand Document

Getting Started

There are two options to set up the vulnerable server for the project. All functionality is the same between the two options, and you can switch between the two options without losing your progress as long as you manually copy any files over.


Option 1: Local Setup

You may choose to run the virtual machine on your local computer. The vulnerable server will be run as a virtual machine on your local device, and you can access the machine via SSH. This is the recommended setup for most students.

Windows Installation (VirtualBox)

Note: Students with x86-64 Macs may also use the VirtualBox setup, but students with M1 Macs can only use the QEMU setup in the next section.

For Windows, we recommend using VirtualBox to run the virtual machine. You can download the installer from the website and run the installer to install VirtualBox.

You will also need a client that supports SSH. The Windows Command Prompt or PowerShell may already have an SSH client installed, in which case you do not need to install anything else. Many students also already have Git Bash installed from previous classes, which will also work for this project.

After that, follow these instructions to set up the virtual machine:

  1. Download the VirtualBox VM image pwnable-sp23.ova.
  2. Open VirtualBox and import the downloaded VM image via File -> Import Applicance....
  3. Start the virtual machine you just imported. It should be pre-configured with the correct networking settings needed to access the machine.

We do not recommend interacting with the virtual machine using the virtual terminal that appears when you start the machine, because it does not support features such as copy-paste and mouse interaction. See the Accessing the Machine section below to find SSH access instructions.

If you run into VirtualBox issues, try locating your error in the VM debugging page and following the instructions to resolve it.

macOS and Linux Installation (QEMU)

On macOS and Linux, we recommend using QEMU to run the virtual machine.

On macOS, if you have the Homebrew package manager installed, you can install QEMU using brew install qemu. On Linux, you can install qemu-system through your distribution’s package manager (usually apt, yum, or pacman).

After that, follow these instructions to set up the virtual machine:

  1. Download the QEMU VM image pwnable-sp23.qcow2.
  2. cd to the folder containing the downloaded image and run the following command in your terminal:

    $ qemu-system-x86_64 -accel kvm -accel hvf -accel tcg -m 512M -drive if=virtio,format=qcow2,file=pwnable-sp23.qcow2 -nic user,model=virtio,hostfwd=tcp:127.0.0.1:16122-:22,hostfwd=tcp:127.0.0.1:16161-:16161
    

We do not recommend interacting with the virtual machine using the virtual terminal that appears when you start the machine, because it does not support features such as copy-paste and mouse interaction. See the Accessing the Machine section below to find SSH access instructions.

If you run into QEMU issues, try locating your error in the VM debugging page and following the instructions to resolve it.

Note: You may safely ignore any messages of the form qemu-system-x86_64: -accel XXX: invalid accelerator XXX, qemu-system-x86_64: falling back to XXX, or qemu-system-x86_64: warning: host doesn't support requested feature: XXX. As long as the virtual machine is started (the terminal appears, and the QEMU command doesn’t immediately exit), you should be fine.

Accessing the Machine

You will be accessing the machine via SSH. Each question (and the customization step) will provide a USERNAME for accessing the machine. You can SSH into the virtual machine with the following command, replacing USERNAME with the username for the question:

$ ssh -p 16122 USERNAME@127.0.0.1

It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$. You are now ready to begin the project!


Option 2: Hive Setup

Alternatively, you may choose to run the vulnerable server on the Hive machines. This option is only recommended if you are unable to use the local setup, since it requires a stable Internet connection and usage of the bSecure Remote Access VPN.

Following the following steps to access the bSecure VPN and create an instructional account to access the Hive machines.

  1. EECS requires usage of the bSecure Remote Access VPN in order to access the Hive machines over SSH. Download and install the VPN software from the download page.
  2. Open the newly installed “GlobalProtect” app and enter vpn.berkeley.edu as the portal address. You will be prompted to log into CalNet, and then you will be connected to the VPN.
  3. Next, create an EECS instructional class account for CS 161. To do so, visit the EECS web account page, click “Login using your Berkeley CalNet ID,” then find the cs161 row and click “Get a new account.” Be sure to take note of the account login and password.

To use the Hive setup, SSH into any one of the Hive machines using your class account credentials. You can use Hivemind to select a Hive machine with a low load. The SSH command should be as follows:

$ ssh cs161-XXX@hiveY.cs.berkeley.edu

Replace XXX with the letters of your instructional account, and Y with the number of your Hive machine.

Once you are on the Hive machine, start the virtual machine. We will indicate commands that should be run on the Hive machines with the prefix hiveY$ (instead of just $).

hiveY$ ~cs161/proj1-sp23/start

You will be accessing the machine via SSH. Each question (and the customization step) will provide a USERNAME for accessing the machine. You can SSH into the virtual machine with the following command, replacing USERNAME with the username for the question:

hiveY$ ~cs161/proj1-sp23/ssh USERNAME@pwnable

It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$. You are now ready to begin the project!


Table of contents