Occasionally, I like to build a vulnerable virtual machine demonstating a recently published vulnerability. One of the reasons I do this is because such a small section of the industry is exposed to botnet panels, and the easiest way to get acquianted is by pwning them. It also gives people an opportunity to legally use my exploits without hunting down the source code for the command and control panels themselves. In this vulnerable virtual machine, you get an opportunity to “Murder Dexter”, the point of sale malware.
Much like my other vulnerable virtual machines, there are no supplied credentials. The virtual machine itself uses DHCP to get an IP address, and while it does not need Internet access itself, you may wish to reference the Internet for some portions. If you need to change something in the virtual machine in order to use it, you should be able to edit the shadow file in a live cd without hindering the challenge.
Download locations can be found here as well as other information.
Thanks to everyone who beta tested this virtual machine!
- Andrew Morris (@TheAndrewBalls)
- Bas (@barrebas)
- Brian Wallace (@botnet_hunter)