Kali Linux 2018：Assuring Security by Penetration Testing

上QQ阅读APP看书，第一时间看更新

Setting up BadStore in a VM

The BadStore ISO is ancient compared to today's technology; however, unlike Metasploitable 3, it is incredibly easy to install and use. Readers with very limited knowledge and resources can use this ISO image as a starting point as it contains well-known exploits and is also under 15 MB in size.

The BadStore ISO image is no longer available in the official store as of writing this book, but there are several reputable links that can be used. As stated in a GitHub article at https://github.com/jivoi/junk/blob/master/coursera_software-security/w3/project-2/info, the BadStore ISO can be downloaded from here: https://d396qusza40orc.cloudfront.net/softwaresec/virtual_machine/BadStore_212.iso.

The manual for the BadStore ISO should also be downloaded as it contains essential information about IP connectivity and vulnerabilities in the OS.

Once the file has been downloaded from the preceding link, open VirtualBox and click on File and New. Enter the details shown in the screenshot. Click on Next when finished:

BadStore uses very little RAM. The default allocation can be used, but I've allocated 640 MB of RAM. Click Next to continue:

Complete the following steps:

Click on Create a virtual hard disk now and then click on the Create button
Select VirtualBox Disk Image (VDI) as the hard disk file type and click on Next
Select Dynamically Allocated when prompted to choose the physical storage option and click on Next
For the File Location and Size, leave the default file size of 4 GB as BadStore also requires very little disk space

Before starting your BadStore VM, click on the Settings button in the Oracle VM VirtualBox Manager. Click on the Network category in the left pane and change your adapter setting to Bridged Adapter and click OK. This will enable the VM to receive an IP address via DHCP (if it is enabled on your network) thereby simplifying the connectivity process in later steps:

In the Oracle VM VirtualBox Manager, click on the BadStore entry and click on the Start button:

When prompted to select a startup disk, click on the Open Folder icon and browse to the BadStore.iso file, which you previously downloaded. Click Start to run the VM.

Once BadStore is loaded, press Enter to activate the console:

After pressing Enter, enter the ifconfig command and press Enter to view your interface configurations. Note that in the following screenshot, in the eth0 interface, the IP address (inet addr) is set to 192.168.3.136. On your machine, it should be different, according to the IP scheme you are using. Take note of this IP as it will be required to connect to the BadStore VM via a browser:

Open a browser of your choice and in the address bar, enter the IP address of the BadStore VM followed by this syntax: cgi-bin/badstore.cgi.

In this instance, I have entered the following URL in the address bar of my browser to access the BadStore VM: http://192.168.3.136/cgi-bin/badstore.cgi.

Once you have entered the IP of your BadStore VM and appended the preceding path, press enter and you will be presented with the BadStore frontend, as seen in this screenshot:

As mentioned earlier, the BadStore VM is nothing short of ancient, as reflected by the design of the interface; however, for beginners it contains a variety of common vulnerabilities that can be easily found and exploited with tools from Kali Linux covered in the following chapters.

Another similar and easy to set up VM that you can try is the Damn Vulnerable Linux ( DVL) ISO. It can be downloaded from: https://sourceforge.net/projects/virtualhacking/files/os/dvl/DVL_1.5_Infectious_Disease.iso/download.