User Manual of The Pre-Built Ubuntu 12.04 Virutal Machine
User Manual of The Pre-Built Ubuntu 12.04 Virutal Machine
User Manual of The Pre-Built Ubuntu 12.04 Virutal Machine
1 Overview
Using VirtualBox, we have created a pre-built virtual machine (VM) image for UbuntuLinux (version
12.04). This VM can be used for all our SEED labs that are based on Linux. In this document, we describe
the configuration of this VM, and give an overview of all the software tools that we have installed. The VM
is available online from our SEED web page.
Updating the VM is quite time-consuming, because not only do we need to udpate the VM image, we
have to make sure that all our labs are consistent with the newly built VM. Therefore, we only plan to update
our VM image once every two years, and of course update all our labs once the VM is changed.
2 VM Configurations
2.1 Configuration of the VM
The main configuration of this VM is summarized in the following. If you are using VirtualBox, you can
adjust the configuration according to the resources of your host machine (e.g., you can assign more memory
to this VM if your host machine has enough memory):
We have created two accounts in the VM. The usernames and passwords are listed in the following:
If you want your VMs to be visible to the outside (e.g., you want to host a HTTP server in a VM,
and you want to access it through the Internet), then, you can refer to the instruction Network Configu-
ration in VirtualBox for SEED Labs under the following link: http://www.cis.syr.edu/wedu/
seed/Documentation/Ubuntu11_04_VM/VirtualBox_MultipleVMs.pdf. The instruction
was written for Ubuntu 11.04, however, it also works for the updated Ubuntu 12.04 Virtual Machine as well.
The libcap 2.21 and libpcap1.2.0 have been compiled and installed from the source down-
loaded from the Internet.
Wireshark. Wireshark is a network protocol analyzer for Unix and Windows. It is located in /usr/bin/.
Wireshark requires the root privilege to run.
Nmap. Nmap is a free security scanner for network exploration and hacking. It is located in /usr/bin/.
Some functions of nmap require root privilege.
Firefox extensions. Firefox is installed by default in Ubuntu 12.04. We have installed some useful
extensions, including LiveHTTPHeaders, Tamper Data, and Firebug. They can be launched in the
Tools menu in Firefox.
Elgg web application. Elgg is a very popular open-source web application for social network, and we
use it as the basis for some of Web security labs. It should be noted that to access Elgg, the apache2 http
server and the MySQL database server must be running.
Collabtive web application. For some labs, especially those related to web security, we need a non-trivial
web application. For that purpose, we have installed the Collabtive web application. Several versions
of Collabtive are installed; most of them were modified from the original version to introduce different
vulnerabilities.
It should be noted that to access Collabtive, the apache2 http server and the MySQL database
server must be running.
SEED Labs 3
Java. We have installed openjdk-6-jdk, the OpenJDK Development Kit (JDK) 6 for Java. The com-
mands javac and java are available to compile and run java source code.
4 Pre-Installed Servers
Some of the SEED labs may need additional services that are not installed or enabled in the standard
Ubuntu distribution. We have included them in our pre-built VM. Note: You need root privilege to start a
server.
1. root : seedubuntu
2. apache : apache (web applications use this account to connect to the mysql server)
You can access the MySQL database server by running the client-side application /usr/bin/mysql.
The following is a simple demo on how to use mysql.
mysql> quit
www.csrflabcollabtive.com /var/www/CSRF/Collabtive/
www.csrflabattacker.com /var/www/CSRF/Attacker/
www.sqllabcollabtive.com /var/www/SQL/Collabtive/
SEED Labs 4
www.xsslabcollabtive.com /var/www/XSS/Collabtive/
www.soplab.com /var/www/SOP/
www.soplabattacker.com /var/www/SOP/attacker/
www.soplabcollabtive.com /var/www/SOP/Collabtive/
www.soplab.com:8080 /var/www/SOP/
Configuring DNS. The above URL is only accessible from inside of the virtual machine, because we
have modified the /etc/hosts file to map each domain name to the virtual machines local IP address
(127.0.0.1). You may map any domain name to a particular IP address using the /etc/hosts. For
example you can map http://www.example.com to the local IP address by appending the following
entry to /etc/hosts file:
127.0.0.1 www.example.com
Therefore, if your web server and browser are running on two different machines, you need to modify the
/etc/hosts file on the browsers machine accordingly to map the target domain name to the web servers
IP address.
Ftp server. The vsftpd (very secure ftp daemon) server is installed. It can be started by running
"service vsftpd start".
Telnet server. The telnetd server is installed. It can be started by running "service openbsd-inetd
start".
SSH server. The openssh server is installed. It can be started by running "service ssh start".
5 Miscellanious Configuration
Time zone Currently the time zone is set to be New York, adjust that to the time zone of your location.
Display resolution In order to adjust the display resolution in VirtualBox, we have installed guest addi-
tions from the terminal (not from the menu in VirtualBox). This is done with the following 3 commands:
After installing the required additions, you can adjust the display resolution at System Settings Dis-
plays Monitor.
SEED Labs 5