Link Search Menu Expand Document

Getting Started

There are two options to set up the vulnerable server for the project. All functionality is the same between the two options, and you can switch between the two options without losing your progress as long as you manually copy any files over.


Option 1: Local Setup

You may choose to run the virtual machine on your local computer. The vulnerable server will be run as a virtual machine on your local device, and you can access the machine via SSH.

Windows Installation (VirtualBox)

Note: Students with x86-64 Macs may also use the VirtualBox setup, but students with M1 Macs can only use the QEMU setup in the next section.

For Windows, we recommend using VirtualBox to run the virtual machine. You can download the installer from the website and run the installer to install VirtualBox.

You will also need a client that supports SSH. The Windows Command Prompt or PowerShell may already have an SSH client installed, in which case you do not need to install anything else. Many students also already have Git Bash installed from previous classes, which will also work for this project.

After that, follow these instructions to set up the virtual machine:

  1. Download the VirtualBox VM image pwnable-sp22.ova.
  2. Open VirtualBox and import the downloaded VM image via File -> Import Applicance....
  3. Start the virtual machine you just imported. It should be pre-configured with the correct networking settings needed to access the machine.

macOS and Linux Installation (QEMU)

On macOS and Linux, we recommend using QEMU to run the virtual machine.

On macOS, if you have the Homebrew package manager installed, you can install QEMU using brew install qemu. On Linux, you can install qemu-system through your distribution’s package manager (usually apt, yum, or pacman).

After that, follow these instructions to set up the virtual machine:

  1. Download the QEMU VM image pwnable-sp22.qcow2.
  2. cd to the folder containing the downloaded image and run the following command in your terminal:

    $ qemu-system-x86_64 -accel kvm -accel hvf -accel tcg -m 512M -drive if=virtio,format=qcow2,file=pwnable-sp22.qcow2 -nic user,model=virtio,hostfwd=tcp:127.0.0.1:16122-:22,hostfwd=tcp:127.0.0.1:16161-:16161
    

Accessing the Machine

You will be accessing the machine via SSH. Each question (and the customization step) will provide a USERNAME for accessing the machine. You can SSH into the virtual machine with the following command, replacing USERNAME with the username for the question:

$ ssh -p 16122 USERNAME@localhost

It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$. You are now ready to begin the project!

We do not recommend interacting with the virtual machine using the virtual terminal that appears when you start the machine, because it does not support features such as copy-paste and mouse interaction.


Option 2: Hive Setup

This option not is recommended if you do not have a stable Internet connection.

Alternatively, you may choose to run the vulnerable server on the Hive machines. To work with this option, you will need an EECS instructional account (you should have set one up in Homework 1).

First, SSH into any one of the Hive machines. You can use Hivemind to select a Hive machine with a low load. The SSH command should be as follows:

$ ssh cs161-XXX@hiveY.cs.berkeley.edu

Replace XXX with the letters of your instructional account, and Y with the number of your Hive machine.

Once you are on the Hive machine, start the virtual machine. We will indicate commands that should be run on the Hive machines with the prefix hiveY$ (instead of just $).

hiveY$ ~cs161/proj1-sp22/start

You will be accessing the machine via SSH. Each question (and the customization step) will provide a USERNAME for accessing the machine. You can SSH into the virtual machine with the following command, replacing USERNAME with the username for the question:

hiveY$ ~cs161/proj1-sp22/ssh USERNAME@pwnable

It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$. You are now ready to begin the project!