Introduction:

I’ve long been a huge fan of the movie Tommy Boy and also a fan of trying to hack the vulnerable VMs hosted at VulnHub. Last month I decided to combine those two loves by creating a vulnerable virtual machine with a Tommy Boy theme! The result? Tommy Boy 1.0.

Plot:

HOLY SCHNIKES! Tommy Boy needs your help!

The Callahan Auto company has finally entered the world of modern technology and stood up a Web server for their customers to use for ordering brake pads.

Unfortunately, the site just went down and the only person with admin credentials is Tom Callahan Sr. – who just passed away! And to make matters worse, the only other guy with knowledge of the server just quit!

You’ll need to help Tom Jr., Richard and Michelle get the Web page restored again. Otherwise Callahan Auto will most certainly go out of business 🙁

Objective:

The primary objective is to restore a backup copy of the homepage to Callahan Auto’s server. However, to consider the box fully pwned, you’ll need to collect 5 flags strewn about the system, and use the data inside them to unlock one final message.

Download:

• VulnHub.com page: https://www.vulnhub.com/entry/tommy-boy-1,157/

• Dropbox.com download: https://dl.dropboxusercontent.com/u/5473387/TommyBoy1dot0.ova

MD5 = e7cbe794995ea7c0344a354f339495d1
SHA1 = e26272db76ca014ba8fd523d8afc06e2c18f847c

Other info:

• Size: 1.3GB
• Hypervisor: Created with VMWare Fusion 8.1.1.
• Difficulty: ?

Special thanks to:

• Rand0mbytez for testing about 10 versions of this frickin’ thing to get the bugs worked out.
• RobertWinkel for additional detailed testing and suggestions for tweaking the VM for a better overall experience.