webDEViL's wargame

[webdevil]

Test out your skills

VirtualBox Image

7426ecca6beaa1c0310ee00fc1086cc5 http://krash.in/wD-Wargame-new.rar

This includes some common sense, brute forcing, sql injections, writing exploits etc.

Basically you start of with a web page and go about being the owner ;) . Should be good for people at all levels and it based on some live environments that I found, good for experience.

[digininja]

I am in no way implying you would do this but looking at this I've just had a thought, does anyone check these kinds of images for nastyness before starting them up? How easy would it be to create some custom malware and install it in a VM then offer it up as a nice give away. A VM trojan, I see a blog post coming on here!

Sorry to have hijacked your thread, and again, not implying you've done this but asking, do people check?

[webdevil]

You would need to find a vulnerability in the VirtualBox server that handles the images to exploit it. And if you are referring to VM Trojans, they are alot different. They are supposed to build their own Environment, so that AV's fail in scanning it.

No offense taken ;)

Oh, and if you are referring to the image itself as trojan then it wouldn't make a difference as it is powered on for a while until you complete the game.

[digininja]

I was thinking about installing nasty software on the OS of the VM so when you started it up it, for example created a reverse shell home. If the guest was set up so it had full network access then you'd have just opened a hole in your network. Or just have it automatically attack the host through the network (i.e. not jail break) and if it compromises that then pivot and attack other machines or then open the shell.

As you control the guest OS you could easily rootkit it so any AV installed after it is loaded into the VM player wouldn't find anything and the attacks would be hidden from standard tools.

As an extreme example I'm thinking it is similar to allowing an attacker to send you their laptop and ask you to plug it into your network. You could segment it off but who does as they need to give it at least access from their test attack machine and you can bet that that is on the net so the user can do online research while doing the testing.

[webdevil]

yeah, you have a point there. lol.

I would term it Social Engineering at its best! Make 'em download 500MB of a rootkit.

[digininja]

I bet that could be easily done by someone with a good enough reputation or who was a good salesman. "I've invented a great new hacking distro full of really cool tools, just download this VM"

Could also work with a live CD, who unplugs their hdd when using an untrusted live cd?

[ArkNinja]

Live CDs would work really well because no AV to deal with, and you would get full privileges.

[digininja]

I've just written a blog post on this - Blindly Installing VMs and Using Live CDs

[Netshroud]

Cant you just mount the VHD in windows and scan it first?

[digininja]

What if it is a linux guest machine?

What if the attacker writes custom attack scripts? It would be really easy for me to write a shell/batch script to scan networks and call home and as it was custom written then no AV scanner would find it. Throw on top of that a little customised rootkit technology so that even when you'd booted the machine you couldn't see the bad things running. This negates scanning with AV/spyware tools useless either with the disk mounted, installing the tools on the running machine or scanning from an external machine once the VM is started.

[webdevil]

Cant you just mount the VHD in windows and scan it first?

You must understand, that in a wargame you must get access to the machine. It's not that you have the username/password to login and scan.

In another scenario, it could also come to a stage where unkowingly the created VM gets infected by a worm while it was being created. So, basically you have a VM on your network which propogates it... ;)

[digininja]

I almost wish I hadn't thought about this because I'd never been paranoid about this kind of thing before but now I've got a little niggle that will probably never go away.

Along a similar line to this, a friend of mine at college wrote a firmware for a Archimedes hard drive controller card and accidentally infected that with a virus. The firmware was used by a pretty major hardware supplier and Everyone who used the card got automatically infected. It was before user flashable firmware became popular so the only way to fix it was to remove the chip and put in a new one. He wasn't popular for a while!