Hi, I was wondering if you could give me a hand with choosing a linux sandbox
1. I want it to work without recompiling kernel
2. I need it to block all networking and file I/O ( the best option would be if I could name explicitly some files that would be "reachable" )
Thanks for your help
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
2
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
Forum Thread:
How to Run and Install Kali Linux on a Chromebook
18
Replies
Forum Thread:
How to Find Admin Panel Page of a Website?
13
Replies
Forum Thread:
can i run kali lenux in windows 10 without reboting my computer
4
Replies
Forum Thread:
How to Hack School Website
11
Replies
Forum Thread:
Make a Phishing Page for Harvesting Credentials Yourself
8
Replies
Forum Thread:
Creating an Completely Undetectable Executable in Under 15 Minutes!
38
Replies
How To:
Crack Shadow Hashes After Getting Root on a Linux System
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Check if Your Wireless Network Adapter Supports Monitor Mode & Packet Injection
How To:
Find Passwords in Exposed Log Files with Google Dorks
How To:
Crack SSH Private Key Passwords with John the Ripper
How To:
Exploit EternalBlue on Windows Server with Metasploit
How To:
Use Command Injection to Pop a Reverse Shell on a Web Server
Advanced Nmap:
Top 5 Intrusive Nmap Scripts Hackers & Pentesters Should Know
How To:
Build a Portable Pen-Testing Pi Box
How To:
Pop a Reverse Shell with a Video File by Exploiting Popular Linux File Managers
How to Hack Radio Frequencies:
Hijacking FM Radio with a Raspberry Pi & Wire
How to Hack Databases:
Hunting for Microsoft's SQL Server
How To:
Dox Anyone
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Brute-Force FTP Credentials & Get Server Access
BT Recon:
How to Snoop on Bluetooth Devices Using Kali Linux
How To:
Gain SSH Access to Servers by Brute-Forcing Credentials
How To:
Enumerate SMB with Enum4linux & Smbclient
Hack Like a Pro:
How to Find Directories in Websites Using DirBuster
How to Hack Wi-Fi:
Cracking WPA2 Passwords Using the New PMKID Hashcat Attack
13 Responses
I think most "beginner friendly" linux distros work without touching the kernel at all, correct me if I'm mistaken. Also I believe many linux distros come with some sort of firewall protection and permissions commands available to you although they would basically all require manual setup of some kind.. Hopefully that is helpful?
A "beginner friendly" distro I am fond of is Mint.
Thanks for the tip. But I need to run programs which will be created by many different people (I mean anyone) so I would prefer some completely isolated enviroment.
Why not roll a virtual environment. Look into Virtualbox?
Advantages: You end up with a fully funtional OS inside your host OS. Apps inside of it will not be able to reach the host OS, so you can test all you want inside of it. Plus, you get the options of using snapshots so if you end up ruining the hosted OS, you just reroll the snapshot and start afresh.
Thanks for your advice, but in this case it would be "overkill". I wanna use as much performance as possible.
Understandable, but in that case, I will be of no further use to you im afraid.
However, worst case scenario - consider a very low resource consumption distro on a VM. Today's machines should be able to handle heavy loads in vm even for what you want to do.
Create an account on the box you want to use solely used for sandboxing with absolutely no privelages, and then very strictly allow certain things in a beginner friendly version of linux? I think thats about as good as you can do.. Perhaps partition the hard drive to keep spaces totally seperated? I'm not sure, I feel like things are almost getting silly here. If you want something that is a physical space, runs linux… Why do you want this? What is your goal with this? Perhaps these questions will allow for more accurate help.
I want to create a server, where anyone would be able to upload his source code. Then server would run it to see if it's working properly. I want to use it to check programs created by various people.
That's why I want an isolated environment. Because someone might upload some malicious code or use the server for bad purposes, otherwise I would just run uploaded programs as unpriviledged user. But I want it to be as much secure as possible.
That's a strange service you're trying to offer…. How could it possibly know if code worked properly? It could check if it crashed or not, but running the code themselves would tell them that..
As for keeping a handle on potentially malicious code… You will never be secure. If you want to be truly safe, stop using a computer with a connection to the internet, or any other network. If you want to not only use the internet but allow others to put run code on the machine… To do this on your own computer is like asking to get rooted, or at the very least misused somehow.
If you had a physically separate machine the best tradeoff I can imagine is a computer that only allows connections through the ports that send and receive code and nothing else. That way the most they can do is mess with the box itself, but unless you start limiting the functionality of what the programs themselves can do on the machine there is really nothing they can't do. If you do limit the functionality of programs running on the machine somehow, you make the service as I imagine it basically useless.
I guess your answer makes one of my previous questions more prevelant: Why do you want this? (Now that we know what "this" is specifically)
I am assuming you don't know much about *nix(I apologize in advance if I am wrong), and this response may be above your current skill level however my advice to you is to run a BSD box with the linux emulation layer installed. The best thing you could do is install PC-BSD on your target hardware machine, use the warden to create jails for each machine you intend to give users access to, you will then need to link your dev folder inside the jails so every machine has access to the files. I say PC-BSD only because it is much more user friendly and Linux users should feel at home on it(mostly).
Running jails is a form of file based virtualization that can be automated using scripts since everything is really a file. This creates virtual machines that can be accessed through ssh or telnet on a per IP basis and you can give the users root access without fear of destroying you main machine, you can even mount the root partition as RO(jails) and configure how each jail will operate within the host, and set the secure level of the host to 2 to prevent the host machine from modifying its own files for more security. Jails do have downfalls however, you cannot directly access sockets on the host (due to the nature of jails) so some services take extra work/hacking to get started and running properly within the jail. And modifying the secure level of a BSD machine will actually reduce its own ability to write to the filesystem and perform but I believe this will solve your problem. You can read more about BSD jails here and there are numerous scripts on the net to help automate their creation. I hope this helps and happy reading :-)
Carl, thanks for your help. I'll take a look at it to find out more about it. Because you're right I still don't know everything :)
Bird andBear: If you want to know how I'm gonna find out whether the program works correctly or not: I'll simply create a program which will be doing the same task. Then I'll generate some random input and give it to my and user's programs. And finally I'll just compare the outputs of both programs and see if the results are the same.
"I'll simply create a program which will be doing the same task." Manually?
If automatically.. You are a bit beyond me in programming skill for sure, because I can't think of a good way to do that.
Of course manually. I could for example wait for X people to finish their programs and then declare the most common output as the correct one, but I think that coding the task by myself is the best way to go.
That sounds like a lot of work, and a strange service, but at least I get what you're doing now :P
As far as actually doing this, sounds like Carl's idea is probably the most like what you want. Good luck!
Share Your Thoughts