Getting Started

There are two options to set up the vulnerable server for the project. All functionality is the same between the two options, and you can switch between the two options without losing your progress as long as you manually copy any files over.

Option 1: Local Setup

You may choose to run the virtual machine on your local computer. The vulnerable server will be run as a virtual machine on your local device, and you can access the machine via SSH. This is the recommended setup for most students.

Windows Installation (VirtualBox)

Note: Students with x86-64 Macs may also use the VirtualBox setup, but students with M1 Macs can only use the QEMU setup in the next section.

For Windows, we recommend using VirtualBox to run the virtual machine. You can download the installer from the website and run the installer to install VirtualBox.

You will also need a client that supports SSH. The Windows Command Prompt or PowerShell may already have an SSH client installed, in which case you do not need to install anything else. Many students also already have Git Bash installed from previous classes, which will also work for this project.

After that, follow these instructions to set up the virtual machine:

  1. Download the VirtualBox VM image pwnable-fa24.ova.
  2. Open VirtualBox and import the downloaded VM image via File -> Import Applicance....
  3. Start the virtual machine you just imported. It should be pre-configured with the correct networking settings needed to access the machine.

We do not recommend interacting with the virtual machine using the virtual terminal that appears when you start the machine, because it does not support features such as copy-paste and mouse interaction. See the Accessing the Machine section below to find SSH access instructions.

If you run into VirtualBox issues, try locating your error in the VM debugging page and following the instructions to resolve it.

macOS and Linux Installation (QEMU)

On macOS and Linux, we recommend using QEMU to run the virtual machine.

On macOS, if you have the Homebrew package manager installed, you can install QEMU using brew install qemu. On Linux, you can install qemu-system through your distribution’s package manager (apt, or yum) (if you use pacman the package is called qemu-base).

After that, follow these instructions to set up the virtual machine:

  1. Download the QEMU VM image pwnable-fa24.qcow2.

  2. cd to the folder containing the downloaded image and run the following command in your terminal:

    qemu-system-x86_64 -accel kvm -accel hvf -accel tcg -m 512M -drive if=virtio,format=qcow2,file=pwnable-fa24.qcow2 -nic user,model=virtio,hostfwd=tcp:127.0.0.1:16122-:22,hostfwd=tcp:127.0.0.1:16161-:16161

We do not recommend interacting with the virtual machine using the virtual terminal that appears when you start the machine, because it does not support features such as copy-paste and mouse interaction. See the Accessing the Machine section below to find SSH access instructions.

If you run into QEMU issues, try locating your error in the VM debugging page and following the instructions to resolve it.

Note: You may safely ignore any messages of the form qemu-system-x86_64: -accel XXX: invalid accelerator XXX, qemu-system-x86_64: falling back to XXX, or qemu-system-x86_64: warning: host doesn't support requested feature: XXX. As long as the virtual machine is started (the terminal appears, and the QEMU command doesn’t immediately exit), you should be fine.

Now, you should have one terminal open that is running the qemu-system-x86_64 command like in the below screenshot.

A Mac terminal running the qemu-system-x86_64 command.

This will open up a QEMU terminal, like shown below.

A QEMU terminal.

You will need to keep both of these open. Feel free to minimize them, but they must be running in order to access the VM.

Accessing the Machine

You will be accessing the machine via SSH. Please open a new terminal (for Windows, we recommend GitBash, and for Mac, we recommend the native Mac terminal). Notably, do not turn off the VM. For Windows, this means making sure that the VM is still running in the Virtual Box window. For Mac, this means that the two terminals you previously opened must remain running.

Each question (and the customization step) will provide a USERNAME for accessing the machine. You can SSH into the virtual machine with the following command, replacing USERNAME with the username for the question:

ssh -p 16122 USERNAME@127.0.0.1

It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$. You are now ready to begin the project!

Option 2: Instructional Machine Setup

You should have already set up an instructional machine account before running the steps in this section.

All steps in this section should be performed on the instructional machine machine. Before starting this section, connect to the instructional machine machine first by running ssh s330-X, replacing X with a number between 1 and 30.

SSH to instructional machine troubleshooting:

  • If you’re getting “Connection refused” or “Connection timeout” or other connection errors, try using a different instructional machine between s330-1 and s330-30 (e.g. run ssh s330-7 instead). Note: The Hivemind website can be used to check which instructional machines are busy or offline. You should only utilize the s330 machines.
  • If you’re getting “Connection timeout” or other connection errors, make sure you’re not on the Berkeley-Visitor Wi-Fi network, which blocks SSH connections. If you’re on Berkeley-Visitor, switch to eduroam or turn on the Berkeley VPN.
  1. On the instructional machine terminal, run this command to start the VM: 
    ~cs161/proj1/start

    This command will take about a minute. If it worked, you should see “The virtual machine has been started.”

  2. Each question (and the customization step) will provide a username and password for logging into the VM. You can SSH into the VM by running the following command on the instructional machine terminal, replacing USERNAME with the username for the question: 
    ~cs161/proj1/ssh USERNAME@pwnable

    It will prompt you for a password to the vulnerable server. If the USERNAME and the password are correct, you should see a prompt starting with pwnable:~$.

You are now ready to begin the project!

Whenever you’re finished with a work session on the project, remember to shut down the VM before logging out of the SSH session by running:

~cs161/proj1/stop

Do not close the terminal window without running the stop command; this could cause setup issues later.