The Dasak VM

Downloading and running the VM

The environment to carry out labs F, W and O is contained in the Dasak VM. It uses Oracle VirtualBox which is available in the lab room but you can also install it on your own computer. However, running this software requires at least 2 GB of RAM and 10 GB of disk space.

On the lab computers, the required software Oracle VirtualBox is already installed but on your own computer, you need to download and install it from https://www.virtualbox.org Links to an external site.. The prepared virtual machine, which we simply call VM from now on, can be downloaded from a lab computer or an online mirror we provide. 

On your own computer, once you have installed the Oracle VirtualBox and downloaded the VM image, you can install the image by following the instructions provided in this link https://docs.oracle.com/cd/E26217_01/E26796/html/qs-import-vm.html Links to an external site. 

On the lab computer, we will work in the temporary directory available for and accessible to all users. Note that this means that you cannot count on keeping state over working sessions, the VM will be gone when the computer restarts and others may have access once you log out. This is not a problem if you do and complete the work during the lab help session. If you work in the computer rooms outside of the lab session, you'll need to keep track of your changes yourselves, so that you can easily recreate what you did when you continue the work at another time.

Once you are logged in using your KTH credentials, do the following to download and import the VM while using the temporary file system location instead of the home directory because of the space requirements. The same steps can be done using the GUI.

 

Steps to import the VM on a Ubuntu lab computer

1. Open a terminal.
2. Execute cd /tmp
3. Execute mkdir /tmp/vboxvmdasak
4. On the computers in the lab, try to execute cp /NOBACKUP/DD2395/Dasak_VM.ova /tmp/ (fastest option). If it succeeds, proceed to the next step. Otherwise, 
   
   • try to download from a mirror (see links below), but download directly to /tmp. (this will be slow)
   • to download from the terminal you can execute wget https://dasak-vm-lab-server.eecs.kth.se/vmdasak/Dasak_VM.ova
5. Execute sha256sum Dasak_VM.ova The output must be  391c2f36b4b1a82c839466badd6c87ddbef5ce521a5b6c190f4dd84e8740b640! If it is not correct, download the file again until it matches.
6. Execute vboxmanage setproperty machinefolder /tmp/vboxvmdasak
7. Execute vboxmanage import Dasak_VM.ova
8. Wait for the import to complete.
9. Execute vboxmanage setproperty machinefolder default
10. Execute vboxmanage modifyvm 'Dasak VM' --usbehci off
11. Execute vboxmanage startvm 'Dasak VM'
12. At this point, you should see the login screen of Ubuntu in the VirtualBox window. 
13. Execute rm /tmp/Dasak_VM.ova
14. Work with the VM.
15. Don't forget to delete the VM, and all the files from the disk, after the lab to clean up your user profile.

 

Checking the Hash

To check the hash of a file, you simply execute the corresponding command for your operating system on a terminal and compare the output on the terminal with the intended hash value. The commands are the following:

• Linux: sha256sum {filename}
• Windows: certutil -hashfile {filename} SHA256
• macOS: shasum -a 256 {filename}

 

Usage of the VM for the labs

The following login credentials work throughout the labs and this user has sudo rights on the VM system.

• Username: student
• Password: time2work

In essence, the VM is prepared for running terminal utilities and web tools. A set of "virtual hosts" can be run inside the VM implemented as Linux containers (LXC) for lab F and W. Additionally, an old version of a web browser and an http proxy are available from the Desktop for carrying out the web attacks. For lab O, you will mainly use terminal utilities which are preinstalled and execute target programs on the VM. The usage of the virtual hosts, utilities and tools is detailed in the respective lab instructions.

 

Turn off screen lock

In order to avoid entering the password after a time of discussion, thinking or research, you might want to disable the automatic screen locking in the VM. Make sure to do the following in your VM window and not on the lab computer itself. First, you click on the Ubuntu logo in the top left corner of the VM. Then you type "screen lock" and click on "Brightness & Lock" when it appears as search result. A corresponding window opens now and there you can simply turn the "Lock" off. Now you won't see the lock screen and need to type the password after 5 minutes of inactivity.

 

Mirrors to all VMs

• Firewall, Webattack, and Overflow labs
  • Mirror: KTH OneDrive Links to an external site.,
    • VirtualBox: Dasak_VM.ova
    • UTM (Mac M1): Dasak_VM.qcow2.gz (untested)
  • Mirror (Virtualbox): https://dasak-vm-lab-server.eecs.kth.se/vmdasak/Dasak_VM.ova
    SHA256: 391c2f36b4b1a82c839466badd6c87ddbef5ce521a5b6c190f4dd84e8740b640

 

• Different VM for self-study, optional, in case you want to play with network forensics
  
  • SHA256: 054de815304d60f272f3dc00daae14a93ae99832d7500d33417c0d76a1739c0b
  • AFS Location: /afs/nada.kth.se/misc/info/DD2395/www-csc/dasak/DASAK_NetworkForensics_VM.ova
  • Mirror: https://people.kth.se/~lindnera/dasak/DASAK_NetworkForensics_VM.ova
  • Mirror: KTH box Links to an external site.
  • Slides - Forsvarsmakten Network Forensics KTH 2017-12-05.pdf