AP 110: Installing crAPI (15 pts extra)

What You Need


To make your own crAPI server, for use in security training.

You Must Use Ubuntu

The skimpy install documentation provided with crAPI makes it sound like it can be installed on many operating systems. That is emphatically not true in practice. I tried to install it on Debian, Windows, and a Mac and it failed differently on each platform. The only OS that worked was Ubuntu 18.04.

Install Docker

Execute these commands:
sudo apt update

sudo apt-get install \
    ca-certificates \
    curl \
    gnupg \

curl -fsSL https://download.docker.com/linux/debian/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
This script incorrectly detect the OS as Debian. To fix it, do this:
sudo nano /etc/apt/sources.list.d/docker.list
In nano, change "debian" to "ubuntu" like this:
deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu   bionic stable
Type Ctrl+X, Y, Enter to save the file.

Then execute these commands:

sudo apt update
sudo apt install docker-ce docker-ce-cli containerd.io docker-compose-plugin
The version of docker-compose in the repositories is too old.

Execute these commands to install a newer version:

sudo curl -SL https://github.com/docker/compose/releases/download/v2.4.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose

sudo chmod +x /usr/local/bin/docker-compose
Now start docker, and make it automatically start on reboot:
sudo systemctl start docker
sudo systemctl enable docker.service
sudo systemctl enable containerd.service

Install crAPI

Execute these commands:
git clone https://github.com/OWASP/crAPI.git
cd crAPI
sudo deploy/docker/build-all.sh

Making a Starting Script

Execute this command:
sudo nano /usr/local/bin/start_crapi
Enter this script into nano, replacing "/root" with the directory you used to git crAPI:
/usr/local/bin/docker-compose -f /root/crAPI/deploy/docker/docker-compose.yml --compatibility up -d
Save the file. Then make it executable with this command:
sudo chmod a+x /usr/local/bin/start_crapi

Forwarding Ports

crAPI only listens on localhost. To make the server visible from the outside, we'll need socat. Install it with this command:
sudo apt install socat

Preparing a Crontab

Now we'll make everything start on reboot.

First, move to the root user:

sudo su -
crontab -e
Add these lines to the crontab:
@reboot socat tcp-listen:80,reuseaddr,fork tcp:localhost:8888 &
@reboot socat tcp-listen:18025,reuseaddr,fork tcp:localhost:8025 &
@reboot /usr/local/bin/start_crapi
Save the file and reboot the server.

It takes a few minutes to start crapi.

To test it, open your server's IP address in a Web browser. You should see the crAPI login page, as shown below.

Flag AP 110.1: Netstat (15 pts)

On your server, execute this command:
sudo netstat -pant
The flag is covered by a green rectangle in the image below.



Posted 5-4-22