By Richard Minder — Aug 26, 2024

Automate your Cyber Security Lab with Ludus

As much as I love setting up and installing various VMs, I would also not be upset if I had a dedicated engineer at home doing these tasks for me. Since this exceeds my Homelab budget, I invested countless hours setting up various VMs I used for a couple of weeks, only to destroy them after.

Having worked with Proxmox for a while now, I was wishing for a solution to automate this setup-phase for training environments. I wanted to quickly configure and setup a vulnerable Active Directory environment, for example.

Ludus is just what I have been looking for.

Why I chose Ludus

Ludus is easy to install and spares me the hours it took me in the past to setup all the testing environments I needed. Built on Proxmox, it not only provides me with Infrastructure-as-Code (IaC) capabilities, it also allows me to quickly deploy environments created by other people.

Ludus utilizes Templates, which in it's essence, are configuration files defining VMs, which are built (template-VMs created) and then can be copied as many times as needed. You can use the pre-configured templates, use templates created by others, and even create your very own, customized templates. The builtin templates include:

debian11
debian12
kali
win11-22h2-x64-enterprise
win2022-server-x64

Ranges are pre-configured environments. They are defined by a single configuration file (YAML), which enables you to configure your own environment and re-use as you wish. The comfort of configuring a range, and then being able to deploy it over and over again is absolute luxury. Also, you can use ranges made by other people or create your own. You could exchange ranges with your collegues or share them over the internet. Some of the capabilities offered by the configuration files include:

Setting up VMs
Setting up Network Configurations (including subnetting)
Setting up Users and Groups (using Ansible)
Setting up applications and configurations (using Ansible)

Setup

Now that you decided to start your journey, let me guide you through the installation process.

0 - Choose your Deployment Option

Ludus can be deployed on:

Bare-Metal (Debian 12)
Azure
Google Cloud Platform (GCP)
Hyper-V
Proxmox
VMware Fusion

I chose the Bare-Metal option, so I installed Debian 12 on my Intel NUC (which I use as my little homeserver).

1 - Install Debian 12

The installation of Debian 12 is out-of-scope for this blog post, also there are multiple tutorials available online.

💡

Make sure you enable SSH Server during the installation

2 - Install Ludus

Installing Ludus is pretty simple. Login to your Debian Machine and switch to the root user using the following command:

su -

Enter your root-password which you configured during the installation of Debian 12. After that, run the following command to install Ludus Server:

curl -s https://ludus.cloud/install | bash

You will be prompted to configure the default settings. I did not change any default settings and just hit "Enter" until the end.

The installation will take a while and your device will reboot 2 times. If your SSH Client disconnects, you can reconnect and check the installation status with the following command:

ludus-install-status

💡

You can always display your root API key running ludus-install-status as root, even long after the installation!

3 - Create a User

After the installation has succeeded, you will create a user. This is done mainly for security purposes.

When you work with Ludus Server, you will need your API Key. The key should have shown up when you typed ludus-install-status after the installation finished.

Copy the following command in a text editor and replace the <placeholders> as needed:

LUDUS_API_KEY='<YOUR-ROOT-API-KEY>' \
 ludus user add --name "<NAME-OF-YOUR-USER>" --userid <IDENTIFIER-LETTERS-OR-NUMBERS> --admin --url https://127.0.0.1:8081

Example provided by Ludus Documentation:

LUDUS_API_KEY='ROOT.o>T3BMm!^\As_0Fhve8B\VrD&zqc#kCk&B&?e|aF' \
 ludus user add --name "John Doe" --userid JD --admin --url https://127.0.0.1:8081

 
+--------+------------------+-------+---------------------------------------------+
| USERID | PROXMOX USERNAME | ADMIN |                   API KEY                   |
+--------+------------------+-------+---------------------------------------------+
| JD     | john-doe         | true  | JD._7Gx2T5kTUSD%uTWZ*lFi=Os6MpFR^OrG+yT94Xt |
+--------+------------------+-------+---------------------------------------------+

After the command finished (it can take a while), you will be provided with the configuration for your new user.

💡

If you have lost or forgotten the API key of a user, you can generate a new one using: ludus user apikey --user <USER-ID>

4 - Choose your Management Solution

From here on, you can choose between two paths:

Continue the configuration using SSH/Bash
Continue the configuration using Ludus CLI

I personally chose to stick to my SSH session since I was not in the mood to install the CLI yet. If you also want to go down that path, you need to store your API key inside the environment variable LUDUS_API_KEY in order to be able to communicate with ludus server.

export LUDUS_API_KEY="USERID.KEY"

4 - Access Proxmox

While root-login to Proxmox is possible, it is generally recommended to apply the principle of least privilege. Having created your user, you can display the corresponding credentials using the following command:

ludus user creds get

You can use these credentials to authenticate to the Proxmox Web Portal. The URL should follow the following format:

https://<IP-OF-YOUR-SERVER>:8006

And welcome to Proxmox!

5 - Build the default Templates

While this is technically speaking optional, and you could go straight ahead and just build your own templates, I highly recommend building the default templates. For once, you will see if the template building process actually works and you setup everything correctly, and additionally have a basic arsenal ov VMs.

⚠️

Attention: Do not enable SSH root login on your Ludus Server. This will end in a fatal error when building templates. (I speak from experience)

You can list the builtin templates using the following command:

ludus templates list

You start the building process with the following command (it will take a while):

ludus templates build

You can check on the status using the following command:

ludus templates status

And you can get a live output of the progress using this command:

ludus templates logs -f

You can follow the progress on your Proxmox Web Interface (it is quite satisfying). Once done, access your Proxmox web interface. The created configuration should look something like this:

And voilà, 4 VMs have been built while you were able to do whatever you want!

Fun fact: After the VM has been setup, Ludus connects to the hosts using SSH/WinRM for further configuration.

6 - Deploy a Range

Now that you have a base setup of Ludus, you can either create your own ranges or use some of the pre-built ranges provided online.

For general configuration, see: https://docs.ludus.cloud/docs/quick-start/deploy-range

For environment setup-guides, see: https://docs.ludus.cloud/docs/category/environment-guides

You can see your current configuration using:

ludus range config get

Default Machine Credentials

Kali
- kali:kali (OS)
- kali:password (KasmVNC - https port 8444)
Windows
- localuser:password (local Administrator)
- LUDUS\domainuser:password
- LUDUS\domainadmin:password (Domain Admin)
Debian based boxes
- debian:debian
Others
- localuser:password

Final Words

Having a low-budget, tiny Intel NUC with an Intel Pentium processor as a server was not the best choice. I would highly recommend you to have a stronger setup.

But so far, Ludus has already tremendously simplified the creation and management of my virtual environment. I am currently working with an Active Directory environment which I deployed using Ludus, and I'm planning on making a post on that project in the future.

Thank you very much for reading and have fun!