Saying it’s been awhile is an understatement. Almost 2 years without a new vulnerable VM and over 2 years without a blog post. I only have myself to blame, but work and family life takes up most of my waking hours. This is a hobby and hobbies come last.
I must start by saying how shocked I am with the reception my VMs have received since their inception. Over the past 24+ months, I’ve gotten so many nice messages and e-mails from people saying they enjoyed them. A few of my VMs have actually been mentioned in books, which was a pleasant surprise… So to all that have enjoyed them, and used them as reference material (or what have you) a big thank you from the bottom of my heart.
I never expected this little project would turn out the way it did. This just proves, if you put a bit of effort and time, anything can happen.
Why the new VM
The original idea behind my VMs has always been about learning, not only for the people downloading them but for me as well. With each new VM, I always try to do something “different”, something to take me out of my comfort zone… just a bit, just enough so I can learn something new and hopefully remember it. Installing old unsupported software from source on a newer OS or just using a flavour (or flavor) of Linux I’ve never tried before. It doesn’t have to be something huge, just something I don’t know or not too comfortable with. For me, trying and reading is one of the ways I learn.
This new machine is no different. I had an idea in my head, wanted to know a bit more about it and saw an opportunity to apply it in a VM (however
g0tm1lk g0tmi1k kind of pushed me a bit to release a new one). I didn’t spend 2 years building this thing, but in the short amount of time it took me to build it (2 weeks… 3?) I got very familiar with what’s in there.
Why build these things…
Which brings me to another point I wish to blabber about, why build these things. As mentioned above, it’s primarily to learn. To experiment and discover different operating systems and software. Get more acquainted with compiling, installing and uninstalling (just to name a few). The great thing about this is, you’ll ask yourself questions and if you’re lucky bugs to look up and fix. At the end of the day, that’s the point really… to figure things out on your own.
If you’re building a VM to submit to vulnhub.com (as an example), then you need to pay attention to how your machine reacts to scans and attacks. You need to figure out what works and what doesn’t.
Why does attack “A” work but not “B”?
Why that… You can learn lots if you take the time to ask yourself questions.
So I’ve come to the part where I’m babbling and writing for the sake of writing which is my queue to stop. Hope you enjoy the new VM.
About the VM
As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.
Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball reason it doesn’t get its IP (well I do kinda know why but don’t want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go.
This was created using ESX 5.0 and tested on Fusion, but shouldn’t be much of a problem on other platforms.
–Update 07-04-2014: Virtual Box users may encounter issues.. sorry
Kioptrix VM 2014 download 825Megs
MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a
SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432
Waist line 32″
p.s.: Don’t forget to read my disclaimer…