7MS #235: Pwning Billy Madison

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

Today I'm going to walk you through pwning the Billy Madison VM hosted at VulnHub. To be blunt, there are way better write-ups and videos walking through the path to pwnage, so I wanted to take a slightly different angle this time and do a "behind the scenes" look at how the VM is put together. Hopefully you get some inspiration to then create a vulnerable VM of your own!

Important links

  • The ADHD project is where many of Billy's trolls and traps come from, including the SSH and telnet honeypot, as well as phony Wordpress site.

  • I setup Billy's completely insecure SMB share using guidance from this blog post.

  • ROT13.com is a nice ROT13 decoder.

  • The fake SMTP server running on Billy is, appropriately, called FakeSMTP.

  • The open-source FTP server used is called ColoradoFTP.

  • Here's the slick pcap-parsing script courtesy of mrb3n813 (thank you Ben!).

  • Setting up port knocking is pretty straightforward.

  • If your Kali isn't pulling the latest version of Truecrack (3.6 at time of this writing) you might want to build from source like I did.

  • Download Veracrypt here.

Video:

Here's the complementary video content for today's audio podcast: