(Damn Vulnerable Windows 7: Lesson 2)

{ How to Install BadBlue }

Section 0. Background Information

What is BadBlue?
- BadBlue is the file-sharing web server that allows the sharing of photos, music, videos, and business files. BadBlue can also be integrated with PHP and Perl applications.
Exploit Description
- Stack-based buffer overflow in the PassThru functionality in ext.dll in BadBlue 2.72b and earlier allows remote attackers to execute arbitrary code via a long query string.
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6377
Pre-Requisite Lab
1. Damn Vulnerable Windows 7: Lesson 1: How to create a Damn Vulnerable Windows 7 Machine
Lab Notes
- In this lab we will do the following:
  1. Download BadBlue
  2. Install BadBlue
  3. Run BadBlue
Legal Disclaimer
- As a condition of your use of this Web site, you warrant to computersecuritystudent.com that you will not use this Web site for any purpose that is unlawful or that is prohibited by these terms, conditions, and notices.
- In accordance with UCC § 2-316, this product is provided with "no warranties, either express or implied." The information contained is provided "as-is", with "no guarantee of merchantability."
- In addition, this is a teaching website that does not condone malicious behavior of any kind.
- You are on notice, that continuing and/or using this lab outside your "own" test environment is considered malicious and is against the law.
- © 2015 No content replication of any kind is allowed without express written permission.

Section 1: Start your Windows 7 VM

Open VMware Player on your windows machine.
- Instructions:
  1. Click the Start Button
  2. Type "vmware player" in the search box
  3. Click on VMware Player
Edit Virtual Machine Settings
- Instructions:
  1. Click on Damn Vulnerable Windows 7
  2. Click on Edit virtual machine settings
Configure CD/DVE(IDE)
- Instructions:
  1. Select CD/DVD (IDE)
  2. Click on the Use physical drive: radio button
  3. Select Auto detect
- Note(FYI):
  1. Do not click on the OK Button
Configure Memory
- Instructions:
  1. Select Memory
  2. Click on "512 MB"
- Note(FYI):
  - Temporarily lower the amount of memory to 512 MB to limit the size of the crash dump file that we will later analyze in a proceeding lesson.
Configure Network Adapter
- Instructions:
  1. Select Network Adapter
  2. Click the radio button "NAT: Used to share the host's IP address"
  3. Click the OK button
- Note(FYI):
  1. We will use NAT instead of bridged, because of multiple VMware Player issues with Windows 7 not acquiring an IP Address when using a Wireless connection.
Start Damn Vulnerable Windows 7
- Instructions:
  1. Click on Damn Vulnerable Windows 7
  2. Click on Play virtual machine

Section 2: Login to Windows 7

Select Login User
- Instructions:
  1. Click on Administrator
Switch User
- Instructions:
  1. Supply the Administrator password (password).
  2. Click on the arrow

Section 3: Download and Install BadBlue

Open Firefox (On Damn Vulnerable Windows 7)
- Instructions:
  1. Click the Windows Start Button
  2. Search for firefox
  3. Click on Mozilla Firefox
Download BadBlue
- Instructions:
  1. Navigate to the following URL
    - https://www.exploit-db.com/apps/396bedff015be885c1719f39f4561081-badblue.tar_.gz
  2. Click on the Save File Radio Button
  3. Click on OK Button
Go To Downloads Folder
- Instructions:
  1. Tools --> Downloads
Open Containing Folder
- Instructions:
  1. Right Click on 396bedff015be885c1719f39f4561081-badblue.tar_.gz
  2. Click on Open Containing Folder
Unzip 396bedff015be885c1719f39f4561081-badblue.tar_.gz
- Instructions:
  1. Right Click on 396bedff015be885c1719f39f4561081-badblue.tar_.gz
  2. Click on 7-Zip
  3. Click on 396bedff015be885c1719f39f4561081-badblue.tar_
Open 396bedff015be885c1719f39f4561081-badblue.tar_ Folder
- Instructions:
  1. Right Click on 396bedff015be885c1719f39f4561081-badblue.tar_
  2. Click on Open
Extract Here
- Instructions:
  1. Right Click on 396bedff015be885c1719f39f4561081-badblue.tar_
  2. Click on 7-Zip
  3. Click on Extract Here
Begin BadBlue Installation
- Instructions:
  1. Right Click on bb98
  2. Click on Open
BadBlue Setup
- Instructions:
  1. Click on Next Button
Install BadBlue
- Instructions:
  1. Click on Install Button
BadBlue Automatic Startup
- Instructions:
  1. Click on Yes Button
Run BadBlue
- Instructions:
  1. Click on Finish Button
License Agreement
- Instructions:
  1. Full name: Your Name
  2. Email address: name@email.com
  3. Scroll to the end of the EULA
  4. Click the Agree Button
View BadBlue Application
- Note(FYI):
  1. BadBlue will start After clicking the Agree button

Section 4: Proof of Lab

Open Command Prompt
- Instructions:
  1. Click the Start Button
  2. Search for cmd
  3. Click on cmd
Proof of Lab (Basic Process Forensics)
- Instructions:
  1. netstat -nao | findstr ":80"
    - Record the Process ID. Mine is 2216.
  2. tasklist | findstr "2216"
    - Replace (2216) with your Process ID.
  3. date
  4. echo "Your Name"
    - Replace the string "Your Name" with your actual name.
    - e.g., echo "John Gray"
- Note(FYI):
  - Command #1, Use (netstat) to list all(-a) the tcp (-n) network connections and their process IDs (-o). Use (findstr) to only display lines that contain the string ":80".
  - Command #2, Use (tasklist) to display all system processes. Use (findstr) to only display lines that contain the Process ID string "2216". Your Process ID will probably be different.
- Proof of Lab Instructions:
  1. Do a PrtScn
  2. Paste into a word document
  3. Upload to Moodle