diff weak_scan.txt patched_scan.txt

git clone https://github.com/firefart/dirtycow.git cd dirtycow make ./dirtycow /usr/bin/su newrootpassword But since you are patching , instead apply the official mainline fix (requires kernel recompile or using ksplice if available). After applying your custom patches, take a second snapshot:

nmap -sV -p- 192.168.56.101 (Host-Only IP) nikto -h http://192.168.56.101 linpeas.sh (run inside VM) Document each weakness in a table:

sha256sum NEJICOMI_TMA02.ova # Expected: 3f7a8b1c9d0e2f4a6b8c0d1e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2 Virtualization platform of choice: VMware Workstation (Windows/Linux) or QEMU/KVM (Linux). For a “weak patched” workflow, snapshots are mandatory. Step 1 – Import the appliance # Using QEMU qemu-img convert -O qcow2 NEJICOMI_TMA02.ova NEJICOMI.qcow2 qemu-system-x86_64 -hda NEJICOMI.qcow2 -m 2048 -net user,hostfwd=tcp::2222-:22 -net nic For VMware: File → Open → select .ova . Step 2 – Initial “Weak” Snapshot Before any changes, take snapshot named TMA02-original-weak . This preserves the exact vulnerable state for later re-exploitation.

Once downloaded, verify the checksum (e.g., SHA256) against any provided hash. Many “weak” images come tampered. A legitimate hash example:

Expected result: High-risk vulnerabilities disappear. Medium-risk may remain if you chose not to patch them for learning purposes.