↧
Pinky's Palace: v3
↧
Temple of Doom: 1
[+] A CTF created by https://twitter.com/0katz
[+] Difficulty: Easy/Intermediate
[+] Tested in VirtualBox
[+] Note: 2 ways to get root!
VulnHub
↧
↧
Blacklight: 1
↧
billu: b0x 2
Machine Name: - Billi_b0x 2
Author Name: - Manish Kishan Tanwar (@indishell1046)
=========
This Virtual machine is using ubuntu (32 bit)
Other packages used: -
PHP Apache MySQL Apache tomcat
This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Gaining low or root privilege shell can be done in two ways (for both)
VulnHub
↧
WinterMute: 1
A new OSCP style lab involving 2 vulnerable machines, themed after the cyberpunk classic Neuromancer - a must read for any cyber-security enthusiast. This lab makes use of pivoting and post exploitation, which I've found other OSCP prep labs seem to lack. The goal is the get root on both machines. All you need is default Kali Linux.
I'd rate this as Intermediate. No buffer overflows or exploit development - any necessary password cracking can be done with small wordlists. It's much more related to an OSCP box vs a CTF. I've tested it quite a bit, but if you see any issues or need a nudge PM me here.
Virtual Box Lab setup instructions are included in the zip download, but here's a quick brief:
Straylight - simulates a public facing server with 2 NICS. Cap this first, then pivot to the final machine. Neuromancer - is within a non-public network with 1 NIC. Your Kali box should ONLY be on the same virtual network as Straylight.
VulnHub
↧
↧
Basic Pentesting: 2
This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security.
VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I haven’t tested that).
This VM is a moderate step up in difficulty from the first entry in this series. If you’ve solved the first entry and have tried a few other beginner-oriented challenges, this VM should be a good next step. Once again, this challenge contains multiple initial exploitation vectors and privilege escalation vulnerabilities.
Your goal is to remotely attack the VM, gain root privileges, and read the flag located at /root/flag.txt. Once you’ve finished, try to find other vectors you might have missed! If you’d like to send me a link to your writeup, enjoyed the VM or have questions or feedback, feel free to contact me at: josiah@vt.edu
If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. There were lots of wonderful writeups for Basic Pentesting: 1, and I look forward to reading the writeups for this challenge.
VulnHub
↧
Lin.Security: 1
Here at in.security we wanted to develop a Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.
We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will help you to perfect your local privilege escalation skills, techniques and toolsets. There are a number challenges which range from fairly easy to intermediate level and we’re excited to see the methods you use to solve them!
The image is just under 1.7 GB and can be downloaded using the link above. On opening the OVA file a VM named lin.security will be imported and configured with a NAT adapter, but this can be changed to bridged via the the preferences of your preferred virtualisation platform.
To get started you can log onto the host with the credentials: bob/secret
VulnHub
↧
Toppo: 1
The Machine isn't hard to own and don't require advanced exploitation .
Level : Beginner
DHCP : activated
Inside the zip you will find a vmdk file , and I think you will be able to use it with any usual virtualization software ( tested with Virtualbox) .
If you have any question : my twitter is @h4d3sw0rm
Happy Hacking !
VulnHub
↧
Bulldog: 2
Three years have passed since Bulldog Industries suffered several data breaches. In that time they have recovered and re-branded as Bulldog.social, an up and coming social media company. Can you take on this new challenge and get root on their production web server?
This is a Standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you!
Difficulty: Intermediate, there are some things you may have never seen before. Think everything through very carefully :)
Made by Nick Frichette (https://frichetten.com) Twitter: @frichette_n
I'd highly recommend running this on VirtualBox. Additionally DHCP is enabled so you shouldn't have any troubles getting it onto your network. It defaults to bridged mode but feel free to change that if you like.
VulnHub
↧
↧
ch4inrulz: 1
Frank has a small website and he is a smart developer with a normal security background , he always love to follow patterns , your goal is to discover any critical vulnerabilities and gain access to the system , then you need to gain root access in order to capture the root flag.
This machine was made for Jordan’s Top hacker 2018 CTF , we tried to make it simulate a real world attacks in order to improve your penetration testing skills.
The machine was tested on vmware (player / workstation) and works without any problems , so we recommend to use VMware to run it , Also works fine using virtualbox.
Difficulty: Intermediate , you need to think out of the box and collect all the puzzle pieces in order to get the job done.
The machine is already got DHCP enabled , so you will not have any problems with networking.
Happy Hacking !
VulnHub
↧
BSidesTLV: 2018 CTF
The 2018 BSidesTLV CTF competition brought together over 310 team burning the midnight oil to crack our challenged in a bout that lasted for two weeks! But you can now enjoy the same pain and suffering, using this easy to use, condensed VM that now hosts all our challenges in an easy to digest format. This VM now includes all challenges from the CTF:
- IAmBrute
- Shared Directory
- Redirect me
- Crypto2
- c1337Shell
- IH8emacs
- Into the rabbit hole
- PimpMyRide
- Wtflol
- Can you bypass the SOP?
- T.A.R.D.I.S.
- I'm Pickle Rick!
- Creative Agency
- hideinpILainsight
- DockingStation
- NoSocket
- PySandbox-Insane
- ContactUs
- GamingStore
In order to access the challenges you need to:
- run
ifconfig eth0(in the VM) - set
challenges.bsidestlv.comin hosts file with the VM IP address
Credentials:
CTFD User access (Use if you want to play):
user:user
CTFD Admin access (Use if you want to modify):
bsidestlv:bsidestlv
Boot2Docker SSH:
docker:tcuser
CTFd URL: http://challenges.bsidestlv.com
VulnHub
↧
Lampião: 1
Would you like to keep hacking in your own lab?
Try this brand new vulnerable machine! "Lampião 1".
Get root!
Level: Easy
VulnHub
↧
Rotating Fortress: 1
Rotating Fortress has been serveral months in the making and has a unique feature that sets it apart from other vms ;)
Zeus the admin of the server is retiring from Project: Rotating Fortress, but he doesn't want the project to die with his retirment. To find the successor to the project he has created a challenge. Will you be able to get in, rotate the fortress, escape isolation and reach root?
Your Goal is to get root and read /flag.txt
Note: This isn't a short VM and may take several hours to complete.
VulnHub
↧
↧
Rotating Fortress: 1.0.1
Difficulty: Intermediate/Hard
Rotating Fortress has been serveral months in the making and has a unique feature that sets it apart from other vms ;)
Zeus the admin of the server is retiring from Project: Rotating Fortress, but he doesn't want the project to die with his retirment. To find the successor to the project he has created a challenge. Will you be able to get in, rotate the fortress, escape isolation and reach root?
Your Goal is to get root and read /flag.txt
Note: This isn't a short VM and may take several hours to complete.
VulnHub
↧
ch4inrulz: 1.0.1
Frank has a small website and he is a smart developer with a normal security background , he always love to follow patterns , your goal is to discover any critical vulnerabilities and gain access to the system , then you need to gain root access in order to capture the root flag.
This machine was made for Jordan’s Top hacker 2018 CTF , we tried to make it simulate a real world attacks in order to improve your penetration testing skills.
The machine was tested on vmware (player / workstation) and works without any problems , so we recommend to use VMware to run it , Also works fine using virtualbox.
Difficulty: Intermediate , you need to think out of the box and collect all the puzzle pieces in order to get the job done.
The machine is already got DHCP enabled , so you will not have any problems with networking.
Happy Hacking !
VulnHub
↧
wakanda: 1
A new Vibranium market will soon be online in the dark net. Your goal, get your hands on the root file containing the exact location of the mine.
Intermediate level
Flags: There are three flags (flag1.txt, flag2.txt, root.txt)
- DHCP: Enabled
- IP Address: Automatically assigned
Hint: Follow your intuitions ... and enumerate!
For any questions, feel free to contact me on Twitter: xMagass
Happy Hacking!
VulnHub
↧
Node: 1
Description: Node is a medium level boot2root challenge, originally created for HackTheBox. There are two flags to find (user and root flags) and multiple different technologies to play with. The OVA has been tested on both VMware and Virtual Box.
VulnHub
↧
↧
WebSploit2018: 1
WebSploit2018
Web Application Exploitation Environment
WebSploit2018 is a collection of vulnerable web applications packed in a virtual environment.
This VM is intended for those who want to:
- Hack Web Applications in a controlled environment
- Learn about Web Application security
- Test automatic vulnerability scanners
- Test and analyze source code
Unpack the VM and run it in your virtualization software. It gets an IP address via DHCP System Login: user:websploit2018 password:websploit2018
Before attacking this VM remotely, you should edit your Penetration Testing machine's hosts file(IP-websploit2018). Point your browser to http://websploit2018/
Happy WebApp hacking ;)
VulnHub
↧
XXE Lab: 1
↧
Raven: 1
Raven is a Beginner/Intermediate boot2root machine. There are four flags to find and two intended ways of getting root. Built with VMware and tested on Virtual Box. Set up to use NAT networking.
VulnHub
↧