Farewell, loneferret

I’m normally very cheerful and all but not this time: for those who don’t know yet, Steven “loneferret” McElrea passed away last weekend.

I’m not really good with text so what I can say is he was my best friend and I already miss him a lot. If you wish to help his family, you can go here on gofundme.

About the future of this site, I intend to continue what he started and will see to publish a new vulnerable vm BUT I will need to migrate and change a few things as I don’t own the kioptrix.com domain so I will do so before it expires and redirect (hopefully) gracefully to the new domain.

See you soon,



NetHunter Install on Nexus 5

Installing Kali NetHunter on the Nexus 5…

So, the Internet is filled with posts on this subject. Some great, others not so great, yet I still had issues when first trying to get it installed. NetHunter has changed from when I beta tested it many cycles ago. The process has that clean, professional feeling with a hint of home-brew hacker vibe. When the process is finished, the device reboots, and you are greeted with a nice animation unique to the OS. That’s assuming the progress bar didn’t stick on 40% during install.

Hopefully my contribution to the sea of posts on the matter will help a few, so let’s get down to business… cue the Keurig!

Stuff used in this demonstration:
• 1 Google Nexus 5 (LG)
• 1 USB cable to hook it up to you box (in my case Mac OSX)
• Kali NetHunter from Offensive Security (link here)
• Binaries from rootnexus5.com (link here)
• Google Android stock OS (link here) – Choose Marshmallow
• TWRP Recovery image (link here)
• Super-SU 2.78 to root your phone (link here)
• Index finger



A few nice ESXi 5.5 binaries

So it has been a while hasn’t it? I really do like having a blog, but life/work keeps getting in the way. It’s not from a lack of subject matter, it really is just about time. At the time of this writing, it’s November 30th so hoping to get this out there today.

It’s funny that my first post, in what seems like an eternity, won’t be security related. Still doesn’t mean I can’t share stuff, regardless if some find it interesting or not. It’s my blog damn it!
If I want to post pictures of cats into BDSM I shall!… ANYwho.

To start off, I really like virtual machines… The flavour I mostly use at home is VMware’s ESXi. Now before anyone gets all huffy, don’t worry I’ll be giving you more reasons to hate me. I choose VMware for a few reasons, mostly it’s what I’ve used in previous places of employment, and I also had hardware to run it. So I figured I’d learn it.

One thing any ESXi user has had to do at some point, is log into via ssh in the host…then the fun starts, file editing.
Personally, I prefer “nano” over “vi” why? Because I keep forgetting “vi” commands. As simple as that. Go ahead, hate me for it.

Going to the googles I figured someone’s bound to have uploaded a file.. or something. Apparently not. I even thought about it really really hard for 24 hours, and it didn’t appear on SourceForge nor Github. So I figured I’d try my hand at compiling “nano” for use on ESXi. Much like this guy here: rsync statically linked binary.
Mind you, I’m not a coder/dev type person. No gcc guru here, just a system admin. For many this would’ve been a walk in the park. Wasn’t so simple for me. Something new is always hard, it’s called trying\learning.



First post in years…

And Toronto PamAm games says it’s illegal:

(because read this: http://t.co/AtQFnpL5Yz)


A new VM… After almost 2 years.

Saying it’s been awhile is an understatement. Almost 2 years without a new vulnerable VM and over 2 years without a blog post. I only have myself to blame, but work and family life takes up most of my waking hours. This is a hobby and hobbies come last.

I must start by saying how shocked I am with the reception my VMs have received since their inception. Over the past 24+ months, I’ve gotten so many nice messages and e-mails from people saying they enjoyed them. A few of my VMs have actually been mentioned in books, which was a pleasant surprise… So to all that have enjoyed them, and used them as reference material (or what have you) a big thank you from the bottom of my heart.

I never expected this little project would turn out the way it did. This just proves, if you put a bit of effort and time, anything can happen.

Why the new VM

Kioptrix VM 2014

The original idea behind my VMs has always been about learning, not only for the people downloading them but for me as well. With each new VM, I always try to do something “different”, something to take me out of my comfort zone… just a bit, just enough so I can learn something new and hopefully remember it. Installing old unsupported software from source on a newer OS or just using a flavour (or flavor) of Linux I’ve never tried before. It doesn’t have to be something huge, just something I don’t know or not too comfortable with. For me, trying and reading is one of the ways I learn.

This new machine is no different. I had an idea in my head, wanted to know a bit more about it and saw an opportunity to apply it in a VM (however g0tm1lk g0tmi1k kind of pushed me a bit to release a new one). I didn’t spend 2 years building this thing, but in the short amount of time it took me to build it (2 weeks… 3?) I got very familiar with what’s in there.

Why build these things…

Which brings me to another point I wish to blabber about, why build these things. As mentioned above, it’s primarily to learn. To experiment and discover different operating systems and software. Get more acquainted with compiling, installing and uninstalling (just to name a few). The great thing about this is, you’ll ask yourself questions and if you’re lucky bugs to look up and fix. At the end of the day, that’s the point really… to figure things out on your own.

If you’re building a VM to submit to vulnhub.com (as an example), then you need to pay attention to how your machine reacts to scans and attacks. You need to figure out what works and what doesn’t.
Why does attack “A” work but not “B”?
What if…
Why this…
Why that… You can learn lots if you take the time to ask yourself questions.

So I’ve come to the part where I’m babbling and writing for the sake of writing which is my queue to stop. Hope you enjoy the new VM.


About the VM

As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.

Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball reason it doesn’t get its IP (well I do kinda know why but don’t want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go.

This was created using ESX 5.0 and tested on Fusion, but shouldn’t be much of a problem on other platforms.
–Update 07-04-2014: Virtual Box users may encounter issues.. sorry

Kioptrix VM 2014 download 825Megs
MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a
SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432
Waist line 32″
p.s.: Don’t forget to read my disclaimer…