Welcome to Badstore.net

Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.

DVL 1.0 (Initial Core Release):

The Core Release is a tool release only. It contains the following important tools:

• HT 0.5
• libreadline4_4.2a-5_i386
• gdb_5.2.cvs20020401-6_i386
• binutils_2.12.90.0.1-4_i386 (including objdumps,gas,strings ...)
• nasm-0.98-1.i386
• HLA v1.86
• libelfsh0-dev_0.65rc1-1_i386
• elfsh_0.65rc1-1_i386
• Apache 2.0.5.4
• Php 4.4.0
• ethereal-common_0.9.4-1woody12_i386
• ethereal_0.9.4-1woody12_i386
• libpcap0_0.6.2-2_i386
• tcpdump_3.6.2-2.8_i386
• lsof_4.57-1_i386
• ltrace_0.3.26_i386
• nmap_2.54.31.BETA-1_i386
• strace_4.4-1.2_i386
• ELFkickers-2.0a (including sstrip, rebind, elfls, ebfc, elftoc)
• GCC/G++ 3.3.4
• GNU Make 3.80
• bastard_bin- 0.17.tgz
• Mysql-server 4.4.1
• Ruby 1.8
• Python 2.3
• lida-03.00.00
• DDD 3.3.1

DVL 1.1 (Black Hat Edition):

The following important files have been added (minor tool additions not listed):

• Metsploit 3.0 Framework. The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby. programming language and includes components written in C and assembler.
• Web Exploitation Package 02. Includes 4 real life web targets.
• Crackme Package 01. Includes 61 Linux crackmes for reverse code engineering challenges.
• Debug Contest Package Windows. Includes 11 compiled Windows targets for analysis challenges.
• Binary Exploitation Package 01. Includes 24 compiled targets for binary exploitation.
• Binary Exploitation Package 02. Includes 40 compiled targets by Gera for binary exploitation.
• Binary Exploitation Package 03. Includes 6 compiled targets by Juliano for binary exploitation.
• Binary Exploitation Package 04. Includes 5 compiled targets by IITAC for binary exploitation.
• Pre-Configured vulnerable PHP.ini.
• Adapted .bashrc for HLA Assembly Language integration.
• All collectable sources code examples for HLA Assembly Language programming.
• Wine for Windows target analysis.
• xcalc calculator.
• rar.
• VGUI.
• VIM (VI Improved).
• A comprehensive collection of core utils.
• Outguess Steganography.
• Steghide Steganography.
• Scite Editor for many languages including Assembly.

Damn Vulnerable Linux (DVL) Strychnine (1.2):

Added several tools. Switched to BackTrack 2 Final as core system. DVL Strychnine will contain a Knowledge Base as well!

• 0000072: [Application Development] Add Flawfinder
• 0000071: [Application Development] Add JLint
• 0000025: [Reverse Code Engineering] libdisasm_0.21-pre2 should be added
• 0000068: [Reverse Code Engineering] Add REC 1.6
• 0000051: [Reverse Code Engineering] Add LTRACE
• 0000047: [Reverse Code Engineering] ELF Shell should be added
• 0000007: [Requirements] Firefox Tabs should be cleaned up
• 0000035: [Application Development] KDevelop should be added
• 0000015: [Reverse Code Engineering] Bastard 0.17 should be added
• 0000011: [Requirements] Boot text should be branded for DVL instead for BT
• 0000032: [Application Development] NEdit should be added
• 0000012: [Requirements] A new bootspash has to be designed and included
• 0000048: [Reverse Code Engineering] Add ELF Kickers
• 0000014: [Shellcode / Exploitation] Splint static code analyzer should be added
• 0000045: [Reverse Code Engineering] Add BIEW
• 0000040: [Reverse Code Engineering] LDasm should be added
• 0000063: [Application Development] Add BASIC-256
• 0000028: [Web Exploitation] A vulnerable PHP.ini should be used
• 0000058: [Application Development] PHPmyAdmin should be installed
• 0000065: [Application Development] Add GAS
• 0000064: [Bugs] HLA does not work under Konsole
• 0000059: [Documentation] Define Directory Structure for Documentation
• 0000060: [Tutorials] Define Directory Structure for Tutorials
• 0000004: [Documentation] DVL needs a concept on how to hold documentation
• 0000019: [Reverse Code Engineering] ht-2.0.2 should be added
• 0000020: [Cryptography] stegdetect-0.6 should be added
• 0000022: [Reverse Code Engineering] STAN 0.4.1 Stream Analyzer should be added
• 0000024: [Cryptography] Outguess 0.2 should be added
• 0000038: [Reverse Code Engineering] memgrep should be installed
• 0000039: [Reverse Code Engineering] ALD Assembly Language Debugger should be added
• 0000049: [Reverse Code Engineering] Add REVDump
• 0000061: [Tutorials] Define Directory Structure for exercises
• 0000010: [Shellcode / Exploitation] SudoEdit 1.6.8 should be added (Local Exploit)
• 0000013: [Reverse Code Engineering] LIDA disassembler needs to be installed and linked in menues
• 0000017: [Reverse Code Engineering] GDBINIT colorized by Mammon should be added.
• 0000018: [Application Development] HLA Assembly Language should be added
• 0000023: [Reverse Code Engineering] Sandmark should be added
• 0000031: [Application Development] jEdit should be installed
• 0000041: [Reverse Code Engineering] The Examiner should be added
• 0000050: [Reverse Code Engineering] Add RADARE
• 0000057: [Reverse Code Engineering] Add Sinister
• 0000029: [Application Development] MySQL should be installed
• 0000037: [Application Development] Jed Editor should be added
• 0000030: [Application Development] Wine Windows Emulator needs to be installed
• 0000027: [Requirements] Apache with PHP 4 and 5 included
• 0000054: [Reverse Code Engineering] Add MemFetch
• 0000052: [Reverse Code Engineering] Add STRACE
• 0000056: [Reverse Code Engineering] Add lsof

DVL Strychnine is finally final. The last pre-compilation is running at the moment, then the final compilation of the remaster will follow. Some nasty bugs fixed such as permissions problems of the pre-installed MySQL database containing first vulnerabe web examples. Click on the link below to see the current changelog. This shows you which additions have been added to the “classic” BT 2.0 release to build the base of the new era of Damn Vulnerable Linux. Some more minor unimportant features are left to install, however I believe it is time to go with the release to concentrate finally on the production of the most important: training lessons!

DVL Strychnine will be available via BitTorrent this weekend (never published before using BitTorrent! let's see if I run into problems!) - Later I place it on the mirrors. File size at the moment 822 MB, sorry for that but let the community decide what to kill!

A short intro video will follow soon, maybe I can make it this weekend.

Damn Vulnerable Linux (DVL) E605 (1.3):

Added many many vulnerabilities. Added much exercise material including sources. Now included the HoneyNet Project and WebGoat.

• 0000070: [Reverse Code Engineering] Add Boomerang Decompiler
• 0000082: [Application Development] Free Pascal Compiler
• 0000136: [Tools] Add Valgrind 3.2.0 + Valkyrie
• 0000135: [Application Development] Add SmallBasic 0.9.7
• 0000134: [Application Development] Add Dr. Scheme
• 0000133: [Application Development] Add SWI Prolog
• 0000131: [Application Development] Add GCC-g77
• 0000127: [Web Exploitation] Add Cyphor
• 0000109: [Shellcode / Exploitation] Add atari800 Local Root Exploit
• 0000120: [Shellcode / Exploitation] Add phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit
• 0000125: [Web Exploitation] Add Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
• 0000126: [Web Exploitation] Add Joomla <=1.0.7 (feed) Denial of Service Exploit
• 0000123: [Web Exploitation] Add PHPNuke 7.8
• 0000124: [Application Development] Add PHP-Nuke 7.4 POST Method Admin Variable Privilege Escalation
• 0000122: [Shellcode / Exploitation] Add linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
• 0000110: [Shellcode / Exploitation] Add Aeon 0.2a Local Linux Exploit
• 0000108: [Shellcode / Exploitation] Add SoX Local Buffer Overflow Exploit
• 0000111: [Shellcode / Exploitation] Add sash <= 3.7 Local Buffer Overflow Exploit
• 0000104: [Shellcode / Exploitation] Add splitvt < 1.6.5 Local Exploit
• 0000121: [Web Exploitation] Add e107 <= 0.6172 (resetcore.php) Remote SQL Injection Exploit
• 0000102: [Shellcode / Exploitation] Add ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
• 0000016: [Reverse Code Engineering] Fenris should be added
• 0000067: [Reverse Code Engineering] Add ELFIO
• 0000084: [Application Development] Add FakeAP
• 0000083: [Application Development] Add BestCrypt
• 0000085: [Application Development] Add FindDDOS
• 0000078: [Tools] Add QTParted
• 0000094: [Shellcode / Exploitation] Add Minicom 1.81
• 0000096: [Shellcode / Exploitation] Add Nestea \"Off By One\" attack
• 0000099: [Web Exploitation] Add PhpBB 2.0.12 Session Handling Authentication Bypass
• 0000100: [Web Exploitation] Add WordPress 1.5.1.1 SQL Injection
• 0000101: [Web Exploitation] Add Nabopoll 1.2 Remote File Inclusion, Remote Configuration Disclosure
• 0000093: [Application Development] Add HLA Compiler Construction Kit
• 0000092: [Application Development] Add YASM Assembler
• 0000091: [Application Development] Add FASM
• 0000090: [Application Development] Add SciLab
• 0000081: [Application Development] Add GSL GNU Scientific Library
• 0000080: [Application Development] Add FreeBasic
• 0000079: [Application Development] Add BlueFish Editor
• 0000033: [Application Development] RHIDE should be added
• 0000089: [Application Development] Add C++6 libs
• 0000088: [Application Development] Add LibGC
• 0000087: [Application Development] Add BOOST Library
• 0000076: [Application Development] Remove JRE and add JDK 1.5
• 0000075: [Application Development] Add QEMU
• 0000074: [Application Development] Add Scite Editor
• 0000073: [Peneration Testing] Add OWASP's WebGoat

DVL Strychnine + E605 is final! I just remastered the ISO and we land at 1050 MB size which fits perfectly on a 2 GB USB stick (and gives us more free space to add additional stuff). I will upload the ISO today and inform the mirrors. Finally after all this installation part I can play myself with it :)

Moth is a downloadable VMWare image based on Ubuntu. It was set up to test the functionality of w3af and it includes various web application vulnerabilities. Most howto's use Moth as an example for a web page under test.

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Hi everyone!

Recently I've created my own Live CD and would like to get some feedback from you. This Live CD, codename Loophole, is meant to show you how important it is to keep your software up to date and properly configured. There's more than one way into the system and each one of them will teach you different network/computer security related topics.

Scenario for Loophole Live CD:

We suspect that someone inside Rattus labs is working with known terrorist group. Your mission is to infiltrate into their computer network and obtain encrypted document from one of their servers. Our inside source has told us that the document is saved under the name of Private.doc.enc and is encrypted using OpenSSL encryption utility. Obtain the document and decrypt it to complete the mission.

It's been a while since the last Kioptrix VM challenge. Life keeps getting the way of these things you know.

After the seeing the number of downloads for the last two, and the numerous videos showing ways to beat these challenges. I felt that 1.2 (or just level 3) needed to come out. Thank you to all that downloaded and played the first two. And thank you to the ones that took the time to produce video solutions of them. Greatly appreciated.

As with the other two, this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being the realm of the beginner I must add. The same as the others, there’s more then one way to “pwn” this one. There’s easy and not so easy. Remember… the sense of “easy” or “difficult” is always relative to ones own skill level. I never said these things were exceptionally hard or difficult, but we all need to start somewhere. And let me tell you, making these vulnerable VMs is not as easy as it looks…

Important thing with this challenge. Once you find the IP (DHCP Client) edit your hosts file and point it to kioptrix3.com

Under Windows, you would edit C:\Windows\System32\drivers\etc\hosts to look something like this:

# localhost name resolution is handled within DNS itself.
#   127.0.0.1 localhost
#   ::1 localhost127.0.0.1 static3.cdn.ubi.com
192.168.1.102 kioptrix3.com

Under Linux that would be /etc/hosts

There’s a web application involved, so to have everything nice and properly displayed you really need to this.

Hope you enjoy Kioptrix VM Level 1.2 challenge.

452 Megs

MD5 Hash : d324ffadd8e3efc1f96447eec51901f2

Have fun

About

Protostar introduces the following in a friendly way:

• Network programming
• Byte order
• Handling sockets
• Stack overflows
• Format strings
• Heap overflows The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.

In order to make this as easy as possible to introduce Address Space Layout Randomisation and Non-Executable memory has been disabled.

Getting started

Once the virtual machine has booted, you are able to log in as the "user" account with the password "user" (without the quotes).

The levels to be exploited can be found in the /opt/protostar/bin directory.

For debugging the final levels, you can log in as root with password "godmode" (without the quotes)

Core files

README! The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name.

About

Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at + SUID files + Permissions + Race conditions + Shell meta-variables + $PATH weaknesses + Scripting language weaknesses + Binary compilation failures At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.

Levels

Have a look at the levels available on the side bar, and log into the virtual machine as the username "levelXX" with a password of "levelXX" (without quotes), where XX is the level number.

Some levels can be done purely remotely.

Getting root

In case you need root access to change stuff (such as key mappings, etc), you can do the following:

Log in as the "nebula" user account with the password "nebula" (both without quotes), followed by "sudo -s" with the password "nebula". You'll then have root privileges in order to change whatever needs to be changed.