Skip to main content

Shared clipboard virt-manager debian <-> kali

Another short post on virtualization. I wanted to bidirectionally share the clipboard between my Debian host and Kali guest running in virt-manager1. When I briefly used VirtualBox this was very easy to achieve. Using KVM it's slightly less straightforward.

I did a little research and found You need spice-vdagent:

Debian or Kali Linux installed to as KVM guests do not automatically have qemu-guest-agent or spice-vdagent installed. This will prevent seamless movement of the mouse cursor between the guest and host desktop in Virtual Machine Manager (requiring the use of a Ctrl-Alt to release the cursor from the guest window).

To cure this, install both qemu-guest-agent and spice-vdagent on each guest and reboot (the guests).

sudo apt install qemu-guest-agent sudo apt install spice-vdagent

It didn't work but it wasn't obvious to me that you manually had to add a spice channel to the guest machine (thank you @mindofjoe!).

spice

View -> Details -> Add Hardware -> Channel.

In my case:

Device Type: spicevmc

Target Type: virtio

Target Name: com.redhat.spice.0


Now my virtual Kali machine setup is pretty much how I want it, I just need to work a little more on how to integrate it better with i3wm.


  1. Again, I'm not so sure that this is such a good idea from a security perspective. 

Shared directory virt-manager debian <-> kali

I wanted a shared directory between my Debian host and Kali guest running in virt-manager1. Following this very nicely written guide to the letter worked perfectly up until the point where I added

/sharepoint   /share    9p  trans=virtio,version=9p2000.L,rw    0   0

to /etc/fstab.

After rebooting I got some weird errors and was forced into emergency mode. My first thought was that SELinux was causing this trouble (as mentioned in the guide) but I checked and SELinux was disabled by default in Kali Linux.

After some searching, I found this. Apparently the 9p modules needs preloading. This means adding these three lines to /etc/initramfs-tools/modules

9p
9pnet
9pnet_virtio

and then running

sudo update-initramfs -u

There are other solutions mentioned in the superuser.com question libvirt/9p/kvm mount in fstab fails to mount at boot time that I didn't try but this worked like a charm.


  1. Depending on your level of paranoia this might perhaps pose a security risk. 

Fix having to update SSL cert fingerprint in .offlineimaprc

I've had a annoying problem with OfflineIMAP. My .offlineimaprc looks something like this:

[Repository main-remote]
type = IMAP
remotehost = ...
ssl = yes
cert_fingerprint = fe4e3a31666d...

If your email provider happens to use Let's Encrypt, then very 90 days the certificate will get renewed, meaning that cert_fingerprint will be invalid. Since I have offlineimap invoked by a cronjob in the background I would suddenly stop receiving email. I got annoyed and reluctantly manually updated the fingerprint in ~/.offlineimaprc.

Since this only happened every 3 months couldn't motivate myself to do anything about this issue. However I stumbled upon a fix.

Simply replace the cert_fingerprint with

sslcacertfile = /etc/ssl/certs/ca-certificates.crt

A trivial solution to a stupid problem but maybe someone has the same problem and will find this useful.

Pickle Rick Writeup [thm]

TryHackMe.com is a free online platform for learning cyber security, using hands-on exercises and labs, all through your browser!

TryHackMe is extremely addicting and lots of fun even for a n00b like me. You learn a lot of InfoSec stuff and it's a bit gamified. The community is kind and helpful. Some of the more juicy stuff is paywall'd and that sucks but I'm having a great time working my way through all of the free rooms.

What follows is my attempt at a painfully honest writeup of the CTF room Pickle Rick. It's my plan to complete all of the (easy) rooms but I will only publish writeups of the ones I find particularly enjoyable and interesting. Btw, I solve TryHackMe challenges in a plain Kali Linux VM.

Pickle Rick

pickle rick ctf

This Rick and Morty themed challenge requires you to exploit a webserver to find 3 ingredients that will help Rick make his potion to transform himself back into a human from a pickle.

I've never seen an episode of Rick and Morty in my life so I was afraid this room would require you to understand references to the show but let's give it a try.

  • We start with an IP address. By the description of the room we would assume there's a web server running on port 80 and nmap confirms that this is indeed the case.
  • We open the IP address in Firefox to examine the web server.
  • Viewing the source of the page gives us a username right off the bat so this looks promising.
  • nmap also showed that there's a SSH server running. I tried to brute force the SSH server using Hydra with the obtained username but unfortunately the server doesn't allow password authentication. Back to the web server.
  • There is an image on the frontpage. Looking at where the picture is coming from we find a directory named /assets. Inspecting this directory we find some information, including the Ubuntu version. Are there any more exposed directories to examine? Let's find out. Running dirbuster on the web server with /usr/share/dirbuster/wordlists/directory-list-2.3-small.txt let's us find the login page. I guess one should have been able to guess it but I'm lazy.
  • At this point I was stuck for a while. I tried some very basic SQL injections, searched for some relevant Ubuntu exploit on exploit-db.com and tried to brute force the login via Burp Suite using lists of common passwords but no luck.
  • I finally asked for a hint on discord and someone advised me to look in /assets. This yielded nothing but made me rethink my approach to the problem. Back to basics. I had a proper look at the output from dirbuster. There was things I had missed looking into because I assumed they were not relevant. For example /icons and /robots.txt. The latter contains a suspicious string.
  • Logging in with username:suspicious string works, I'M IN!.
  • Upon login we are greeted with a command panel. Trying to click around to other pages we are denied access apparently because "only the real REAL rick can view this page.. ". However looking at the source we find yet another long mysterious string.
  • The command panel is a shell and whoami tells us that we are 'www-data', as expected. By taking a quick look in the current directory we find the first ingredient! But cat is disabled and so is head, tail, more, less and every other command I could think of. Surely there is a way around this. We are in /var/www/html/ and by checking if we have read permissions with ls -a filename we can read it in the web browser. Success!
  • For the second ingredient. I went the extremely lazy route of executing find / in the shell and then doing a ctrl+f search in the browser for Ingred and sure enough we got a match in the home directory of a certain user corresponding to the php login. But how to access it? The first trick will not work in this situation. I assumed the long random string found earlier might be the password of this user on the machine so I tried piping it sudo in different ways but I never got it to work. I also tried creating a link to it. Luckily we have read permissions to the file.
  • I was stuck again so I paused and did some research on print commands and found strings. I've never even heard about it before. strings /home/user/file. BAM!
  • The third ingredient was easy to find. sudo -l gives us the following information:

    Matching Defaults entries for www-data on ip-10-10-X-X.eu-west-1.compute.internal: env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin\:/snap/bin User www-data may run the following commands on ip-10-10-31-147.eu-west-1.compute.internal: (ALL) NOPASSWD: ALL

  • In other words we can sudo all we want without having to provide a password. How convenient! Let's have a look in /root by executing sudo ls /root and yes there is something interesting there. Using the strings command again we find the third ingredient and can help Pickle Rick make his potion so he transform himself back into a human. Mission complete.

Lessions learned.

  • I need to try hard not to overthink things and assume the intended solution is hard. If a challenge is marked as easy, then it probably is easy.
  • I should try to examine everything I find very carefully. Don't assume something is not useful. E.g. robots.txt.
  • Not everything found is useful. I never found a use for that second weird string.
  • Strings ftw!