I always enjoy creating and releasing vulnerable virtual machines so readers can get a first hand feel of attacking these command and control panels without doing anything illegal. The objective of this vulnerable virtual machine is to get a root shell. The root credentials (for network configuration purposes) are root:password. These credentials are not part of a solution and it is intended that the vulnerable virtual machine be attacked remotely. You can download the LoBOTomy vulnerable virtual machine here.

  • Brian Wallace AKA @botnet_hunter

In general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that anyone try to exploit live botnets. For these reasons, I have put together another vulnerable virtual machine, which allows for aspiring botnet hunters and security enthusiasts to try their hand at attacking a Dexter command and control panel. It can be downloaded

  • Brian Wallace AKA @botnet_hunter

This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. This is the second of many to come, please feel free to supply feedback so I can make future ones more enjoyable and fulfilling.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

There are no supplied credentials, and it is intended that the network services on the VM are the attack vectors.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there). You can also ask me on Twitter(@botnet_hunter). You can also email me at bwall(at)ballastsecurity.net

This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there).