Rolling a custom REMnux VM [QEMU-KVM Compatible] and more!

This is the first installment in a series of articles(threads) where we will take a look at Virtualization, Containerization, Hypervisors, developing your own Distros for use as VM.  Docker images plus related toolchains. We will also take a look at Multipass, QEMU-KVM Virt-Manager, LXC/LXD and software defined networking in relation to running Virtual Datacenters and hosting your own cloud solutions.

I am assuming no fore knowledge with regards to these subjects. I am however assuming that you are proficient with *Nix based operating systems and have some experience installing them as well.


Hello GS. Today i want talk about rolling custom VM images, various virtualization technologies and some of it's benefits. With regards to custom VMs i'd like to focus on REMnux in particular. If you don't know what REMnux is, it's a specialized distro that is designed with the needs of the Reverse Engineer in mind.

I spoke briefly about it in The Malware Mega Thread i'll post an except regarding it below.

(12-08-2017, 08:02 PM)Vector Wrote: When it comes to virtualization i like VMware a lot. They offer a free version of their product called VMware Player. That in my experience is pretty useful for testing malware on different platforms. The paid version called VMware Workstation offers more features that might be useful to you if you can afford to pay the 200$ price tag.

I like to use Windows in VM on occasion to test certain types of malware out. Fortunately there's free images of the OS available from Microsoft's own website directly. Check out the available versions by clicking here.

If you would like to perform some reverse engineering on your virtual Windows machine check out OllyDBG. I particularly enjoyed playing around with this debugger on Windows. A quick start guide can be found by clicking here.

From a platform diversity standpoint you might want to do some of these tasks on Linux as well. In that case, you may be interested in REMnux. Which is a Linux distro that is built with the needs of the reverse engineer in mind, it comes pre-installed with a bunch of tools. Check out the distro at the link below.

As someone with an interest in Malware, both in terms of development and analysis, REMnux and VMs in general can be a powerful tool pursuant to research in those areas of interest.

You'll notice that i mentioned VMWare in the quote above. They offer excellent products and are an industry leader in their field. However their target demographic are enterprises. As such a lot of their more advanced products are rather expensive. Besides, if you, like me, run multiple VMs of several varieties and don't have  a number of physical servers to host a VM Lab on it's nice to have alternatives that are less resource intensive, Open Source, and in some cases like in the case of ProxMox-VE,  just as powerful as any Enterprise Level solution.

With that in mind it may come as no surprise that i use QEMU-KVM for all my virtualization needs. Now you might be wondering what that has to do with REMnux and rolling your own images? Well. Generally speaking when you go to download a pre-built images the formats that are available are VMDK and OVA, both of which are incompatible with QEMU-KVM. Now QEMU has utilities  to convert between various formats but it's far from ideal. Not least because you're stuck having to adhere to the pre-built image's configuration.

For instance in the case of the pre-built REMnux it is configured to run with a 50Gb HDD and 4Gb RAM, which isn't unreasonable, however we can be much more efficient by rolling a custom instance. Which is especially useful for those of us running multiple VMs.

REMnux From Scratch

Now that we've spoken a little bit about the utility of doing so let's get to work setting up our own REMnux and make it so the VM will be less taxing on the overall host resources. There are multiple ways to go about this, but we'll be using Virt-Manager as graphical front-end for our VM. Multipass is also QEMU-KVM based with it's own pros and cons, but i will get into those utilities as we move along in the series

The first thing we're going to need is a base Operating System*. REMnux is Ubuntu based so we will need to download an Ubuntu 18.04 LTS Core ISO.

[ * ] There are toolchains to create these entirely from scratch as well, but for now that's beyond the scope of this thread.

We get the appropriate ISO from Ubuntu's website.

[Image: mini-iso-cleaned.png]

Please click here to start downloading Ubuntu 18.04 Core(amd64). As you can see in the image above all versions from 12.04 to 20.04 are available for download. We won't be using those today but you might want to bookmark the following link for future use.

As an aside, the latest two versions are also the ones available for download and orchestration with Multipass as well.


If you already have Virt-Manager installed you can skip this part, if not. We will be remedying that situation.
Simply run the following and we should be set.

sudo apt install -y qemu-system qemu-utils virt-manager

After everything has been installed go ahead and start virt-manager. Click the button that says "Add New VM" After doing so you will be prompted as seen in the image below.

[Image: B-cleaned.png]

Before making this screenshot i made sure to have the right settings preconfigured. Make sure your input resembles that in the screenshot. When done click 'Forward' to go to the next screen.

[Image: A-cleaned.png]

Make sure to have your ISO file selected and manually set the OS to Ubuntu 18.04 LTS. the next menu will allow you to assign resources. Assign the amount of RAM and number of Cores you think is appropriate. Click through to the next menu where you will be able to create a volume, assign the amount of GB you think is appropriate. I am running my REMnux on just 15GB which is plenty. Before clicking through to finish setting up make sure you select the option that allows you to configure the VM before you start the installation. After doing so you should be seeing the menu in the image below.

[Image: process-cleaned.png]

Double check your settings and add hardware if necessary. Make sure you set your networking type to NAT.
If you're satisfied with your settings you can click 'Begin Installation'.

Nothing special with regards to the installation. Just go about it as you would normally install Ubuntu, but make sure to not install anything extra, not even a Desktop Manager. Please make sure however that when the Ubuntu installer prompts you for user information make sure to enter the following:

Full name: REMnux User
Username: remnux
Password: malware

If this seems not very secure to you, you'd be right. However you can have the installer set up a LUKS/LVM encrypted partition to remedy that. If you wanted to you could also just create the disk img file in a veracrypt volume.
[Image: steps-cleaned.png]

Setting up REMnux

After the installation has run it's course and you're able to run commands we're going to be setting up REMnux. We do that by entering the following commands:

For security purposes we will be checking the SHA-256 checksum, we do that by running the following.
sha256sum remnux-cli

If the result shows the same as below, we know we have the legitimate file.

To finish setting up please enter the following commands.
# Change the name of the cli
mv remnux-cli remnux

# Make it executable
chmod +x remnux

# Move it to the appropriate location
sudo mv remnux /usr/local/bin

# Install gnupg
sudo apt install -y gnupg

# Run the bootstrapping utility
sudo remnux install

After running the bootstrapping utility reboot the VM and if after a reboot you get the the screen as seen in the image below, congratulations. You are now ready to use your REMnux VM.

[Image: remnux-from-scratch-cleaned.png]

In the next installment of this series we will look at customizing and setting up a pentesting distro in VM. I hope you found this article informative and stay tuned for the next installment.

Possibly Related Threads…
Thread Author Replies Views Last Post
  Windows Privilege Escalation (And more...) Insider 1 10,989 08-13-2021, 10:34 PM
Last Post: parzival
  [Links] Resources - Wargames and Hacking Challenges Insider 17 59,374 07-20-2021, 05:57 PM
Last Post: Insider
  eLearnsecurity, offensive security and SANS dangcracker 16 46,275 07-16-2021, 05:43 PM
Last Post: z3r0dwn
  sans,elearnsecuirty,offsec,eccouncil courses and more AltaScientia 11 26,338 07-05-2021, 03:46 PM
Last Post: Insider