Welcome to Badstore.net

Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.

DVL 1.0 (Initial Core Release):

The Core Release is a tool release only. It contains the following important tools:

• HT 0.5
• libreadline4_4.2a-5_i386
• gdb_5.2.cvs20020401-6_i386
• binutils_2.12.90.0.1-4_i386 (including objdumps,gas,strings ...)
• nasm-0.98-1.i386
• HLA v1.86
• libelfsh0-dev_0.65rc1-1_i386
• elfsh_0.65rc1-1_i386
• Apache 2.0.5.4
• Php 4.4.0
• ethereal-common_0.9.4-1woody12_i386
• ethereal_0.9.4-1woody12_i386
• libpcap0_0.6.2-2_i386
• tcpdump_3.6.2-2.8_i386
• lsof_4.57-1_i386
• ltrace_0.3.26_i386
• nmap_2.54.31.BETA-1_i386
• strace_4.4-1.2_i386
• ELFkickers-2.0a (including sstrip, rebind, elfls, ebfc, elftoc)
• GCC/G++ 3.3.4
• GNU Make 3.80
• bastard_bin- 0.17.tgz
• Mysql-server 4.4.1
• Ruby 1.8
• Python 2.3
• lida-03.00.00
• DDD 3.3.1

Damn Vulnerable Linux (DVL) Strychnine (1.2):

Added several tools. Switched to BackTrack 2 Final as core system. DVL Strychnine will contain a Knowledge Base as well!

• 0000072: [Application Development] Add Flawfinder
• 0000071: [Application Development] Add JLint
• 0000025: [Reverse Code Engineering] libdisasm_0.21-pre2 should be added
• 0000068: [Reverse Code Engineering] Add REC 1.6
• 0000051: [Reverse Code Engineering] Add LTRACE
• 0000047: [Reverse Code Engineering] ELF Shell should be added
• 0000007: [Requirements] Firefox Tabs should be cleaned up
• 0000035: [Application Development] KDevelop should be added
• 0000015: [Reverse Code Engineering] Bastard 0.17 should be added
• 0000011: [Requirements] Boot text should be branded for DVL instead for BT
• 0000032: [Application Development] NEdit should be added
• 0000012: [Requirements] A new bootspash has to be designed and included
• 0000048: [Reverse Code Engineering] Add ELF Kickers
• 0000014: [Shellcode / Exploitation] Splint static code analyzer should be added
• 0000045: [Reverse Code Engineering] Add BIEW
• 0000040: [Reverse Code Engineering] LDasm should be added
• 0000063: [Application Development] Add BASIC-256
• 0000028: [Web Exploitation] A vulnerable PHP.ini should be used
• 0000058: [Application Development] PHPmyAdmin should be installed
• 0000065: [Application Development] Add GAS
• 0000064: [Bugs] HLA does not work under Konsole
• 0000059: [Documentation] Define Directory Structure for Documentation
• 0000060: [Tutorials] Define Directory Structure for Tutorials
• 0000004: [Documentation] DVL needs a concept on how to hold documentation
• 0000019: [Reverse Code Engineering] ht-2.0.2 should be added
• 0000020: [Cryptography] stegdetect-0.6 should be added
• 0000022: [Reverse Code Engineering] STAN 0.4.1 Stream Analyzer should be added
• 0000024: [Cryptography] Outguess 0.2 should be added
• 0000038: [Reverse Code Engineering] memgrep should be installed
• 0000039: [Reverse Code Engineering] ALD Assembly Language Debugger should be added
• 0000049: [Reverse Code Engineering] Add REVDump
• 0000061: [Tutorials] Define Directory Structure for exercises
• 0000010: [Shellcode / Exploitation] SudoEdit 1.6.8 should be added (Local Exploit)
• 0000013: [Reverse Code Engineering] LIDA disassembler needs to be installed and linked in menues
• 0000017: [Reverse Code Engineering] GDBINIT colorized by Mammon should be added.
• 0000018: [Application Development] HLA Assembly Language should be added
• 0000023: [Reverse Code Engineering] Sandmark should be added
• 0000031: [Application Development] jEdit should be installed
• 0000041: [Reverse Code Engineering] The Examiner should be added
• 0000050: [Reverse Code Engineering] Add RADARE
• 0000057: [Reverse Code Engineering] Add Sinister
• 0000029: [Application Development] MySQL should be installed
• 0000037: [Application Development] Jed Editor should be added
• 0000030: [Application Development] Wine Windows Emulator needs to be installed
• 0000027: [Requirements] Apache with PHP 4 and 5 included
• 0000054: [Reverse Code Engineering] Add MemFetch
• 0000052: [Reverse Code Engineering] Add STRACE
• 0000056: [Reverse Code Engineering] Add lsof

DVL Strychnine is finally final. The last pre-compilation is running at the moment, then the final compilation of the remaster will follow. Some nasty bugs fixed such as permissions problems of the pre-installed MySQL database containing first vulnerabe web examples. Click on the link below to see the current changelog. This shows you which additions have been added to the “classic” BT 2.0 release to build the base of the new era of Damn Vulnerable Linux. Some more minor unimportant features are left to install, however I believe it is time to go with the release to concentrate finally on the production of the most important: training lessons!

DVL Strychnine will be available via BitTorrent this weekend (never published before using BitTorrent! let's see if I run into problems!) - Later I place it on the mirrors. File size at the moment 822 MB, sorry for that but let the community decide what to kill!

A short intro video will follow soon, maybe I can make it this weekend.

Damn Vulnerable Linux (DVL) E605 (1.3):

Added many many vulnerabilities. Added much exercise material including sources. Now included the HoneyNet Project and WebGoat.

• 0000070: [Reverse Code Engineering] Add Boomerang Decompiler
• 0000082: [Application Development] Free Pascal Compiler
• 0000136: [Tools] Add Valgrind 3.2.0 + Valkyrie
• 0000135: [Application Development] Add SmallBasic 0.9.7
• 0000134: [Application Development] Add Dr. Scheme
• 0000133: [Application Development] Add SWI Prolog
• 0000131: [Application Development] Add GCC-g77
• 0000127: [Web Exploitation] Add Cyphor
• 0000109: [Shellcode / Exploitation] Add atari800 Local Root Exploit
• 0000120: [Shellcode / Exploitation] Add phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit
• 0000125: [Web Exploitation] Add Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
• 0000126: [Web Exploitation] Add Joomla <=1.0.7 (feed) Denial of Service Exploit
• 0000123: [Web Exploitation] Add PHPNuke 7.8
• 0000124: [Application Development] Add PHP-Nuke 7.4 POST Method Admin Variable Privilege Escalation
• 0000122: [Shellcode / Exploitation] Add linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
• 0000110: [Shellcode / Exploitation] Add Aeon 0.2a Local Linux Exploit
• 0000108: [Shellcode / Exploitation] Add SoX Local Buffer Overflow Exploit
• 0000111: [Shellcode / Exploitation] Add sash <= 3.7 Local Buffer Overflow Exploit
• 0000104: [Shellcode / Exploitation] Add splitvt < 1.6.5 Local Exploit
• 0000121: [Web Exploitation] Add e107 <= 0.6172 (resetcore.php) Remote SQL Injection Exploit
• 0000102: [Shellcode / Exploitation] Add ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
• 0000016: [Reverse Code Engineering] Fenris should be added
• 0000067: [Reverse Code Engineering] Add ELFIO
• 0000084: [Application Development] Add FakeAP
• 0000083: [Application Development] Add BestCrypt
• 0000085: [Application Development] Add FindDDOS
• 0000078: [Tools] Add QTParted
• 0000094: [Shellcode / Exploitation] Add Minicom 1.81
• 0000096: [Shellcode / Exploitation] Add Nestea \"Off By One\" attack
• 0000099: [Web Exploitation] Add PhpBB 2.0.12 Session Handling Authentication Bypass
• 0000100: [Web Exploitation] Add WordPress 1.5.1.1 SQL Injection
• 0000101: [Web Exploitation] Add Nabopoll 1.2 Remote File Inclusion, Remote Configuration Disclosure
• 0000093: [Application Development] Add HLA Compiler Construction Kit
• 0000092: [Application Development] Add YASM Assembler
• 0000091: [Application Development] Add FASM
• 0000090: [Application Development] Add SciLab
• 0000081: [Application Development] Add GSL GNU Scientific Library
• 0000080: [Application Development] Add FreeBasic
• 0000079: [Application Development] Add BlueFish Editor
• 0000033: [Application Development] RHIDE should be added
• 0000089: [Application Development] Add C++6 libs
• 0000088: [Application Development] Add LibGC
• 0000087: [Application Development] Add BOOST Library
• 0000076: [Application Development] Remove JRE and add JDK 1.5
• 0000075: [Application Development] Add QEMU
• 0000074: [Application Development] Add Scite Editor
• 0000073: [Peneration Testing] Add OWASP's WebGoat

DVL Strychnine + E605 is final! I just remastered the ISO and we land at 1050 MB size which fits perfectly on a 2 GB USB stick (and gives us more free space to add additional stuff). I will upload the ISO today and inform the mirrors. Finally after all this installation part I can play myself with it :)

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.

One of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.

Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql.

You can use most VMware products to run it, and you'll want to make sure it's configured for Host-only networking unless it's in your lab - no need to throw another vulnerable machine on the corporate network. It's configured in non-persistent-disk mode, so you can simply reset it if you accidentally 'rm -rf' it.

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.

Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.

Again a long delay between VMs, but that cannot be helped. Work, family must come first. Blogs and hobbies are pushed down the list. These things aren’t as easy to make as one may think. Time and some planning must be put into these challenges, to make sure that:

1. It’s possible to get root remotely [ Edit: sorry not what I meant ]

1a. It’s possible to remotely compromise the machine

1. Stays within the target audience of this site

2. Must be “realistic” (well kinda…)

3. Should serve as a refresher for me. Be it PHP or MySQL usage etc. Stuff I haven’t done in a while.

I also had lots of troubles exporting this one. So please take the time to read my comments at the end of this post.

Keeping in the spirit of things, this challenge is a bit different than the others but remains in the realm of the easy. Repeating myself I know, but things must always be made clear: These VMs are for the beginner. It’s a place to start.

I’d would love to code some small custom application for people to exploit. But I’m an administrator not a coder. It would take too much time to learn/code such an application. Not saying I’ll never try doing one, but I wouldn’t hold my breath. If someone wants more difficult challenges, I’m sure the Inter-tubes holds them somewhere. Or you can always enroll in Offsec’s PWB course. *shameless plug

-- A few things I must say. I made this image using a new platform. Hoping everything works but I can’t test for everything. Initially the VM had troubles getting an IP on boot-up. For some reason the NIC wouldn’t go up and the machine was left with the loopback interface. I hope that I fixed the problem. Don’t be surprised if it takes a little moment for this one to boot up. It’s trying to get an IP. Be a bit patient. Someone that tested the image for me also reported the VM hung once powered on. Upon restart all was fine. Just one person reported this, so hoping it’s not a major issue. If you plan on running this on vmFusion, you may need to convert the imagine to suit your fusion version.

-- Also adding the VHD file for download, for those using Hyper-V. You guys may need to change the network adapter to “Legacy Network Adapter”. I’ve test the file and this one seems to run fine for me… If you’re having problems, or it’s not working for any reason email comms[=]kioptrix.com

Thanks to @shai_saint from www.n00bpentesting.com for the much needed testing with various VM solutions.

Thanks to Patrick from Hackfest.ca for also running the VM and reporting a few issues. And Swappage & @Tallenz for doing the same. All help is appreciated guys

So I hope you enjoy this one.

The Kioptrix Team

Name: Game Over Category: Web Pentest Learning Platform File Type: VM image/iso

Author: Jovin Lobo Mentor: Murtuja Bharmal

Download URL: http://sourceforge.net/projects/null-gameover/files

Default Credentials: [username:root / password:gameover]

Description:

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover:

• XSS
• CSRF
• RFI & LFI
• BruteForce Authentication
• Directory/Path traversal
• Command execution
• SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.