For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:
The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs.
User credentials:
root // password
tux // password
____ __.________
| |/ _|\_____ \
| < / ____/
| | \ / \
|____|__ \\_______ \ ·VM·
\/ \/
+----------------------------------------------------------------------------+
| cReaTeD....: sagi- (@s4gi_) | DaTe......: 2017-07-26 |
| oS.........: Linux | oBJecTiVe.: Get /root/flag.txt |
| | TeSTeR....: @leonjza |
+----------------------------------------------------------------------------+
| VM DesCriPtiOn: |
| This challenge was built to promote the Windows / Linux Local Privilege |
| Escalation workshop. A free of charge 3-day workshop that was created as |
| a give back to the community initiative. |
| |
| <3 sagi- |
+----------------------------------------------------------------------------+
| SSH AccEsS DeTaiLs: |
| Username: user |
| Password: password |
+----------------------------------------------------------------------------+
Machine Name: BTRSys2
IP : DHCP
Difficulty : Beginner / Intermediate
Format : Virtual Machine (VMware)
Description : This is a boot2root machine particularly educational for beginners. Follow us for next BTRSys systems. We hope you enjoy it!
twitter: btrisk
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility.
XVWA is designed to understand following security issues.
Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don't you find out? :)
This is a standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you!
Difficulty: Beginner/Intermediate, if you get stuck, try to figure out all the different ways you can interact with the system. That's my only hint ;)
Made by Nick Frichette (frichetten.com) Twitter: @frichette_n
I'd highly recommend running this on Virtualbox, I had some issues getting it to work in VMware. Additionally DHCP is enabled so you shouldn't have any troubles getting it onto your network. It defaults to bridged mode, but feel free to change that if you like.
This is a challenge-game to measure your hacking skills. Set in Game of Thrones fantasy world.
Goal:
Get the 7 kingdom flags and the 4 extra content flags (3 secret flags + final battle flag). There are 11 in total.
Rules/guidelines to play:
Requirements/starting guide:
Downloading challenge CTF vm:
Troubleshooting
_____ ___ _____ _
| __|___ _____ ___ ___| _| |_ _| |_ ___ ___ ___ ___ ___
| | | .'| | -_| | . | _| | | | | _| . | | -_|_ -|
|_____|__,|_|_|_|___| |___|_| |_| |_|_|_| |___|_|_|___|___|
Designed by/Credits
This vulnerable-by-design box depicts a hacking company known as H.A.S.T.E, or Hackers Attack Specific Targets Expeditiously, capable of bringing down any domains on their hit list.
I would like to classify this challenge with medium difficulty, requiring some trial and error before a successful takeover can be attained.
Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags.
It is intended for beginners and requires enumeration then [spoiler]!
Name: LazySysAdmin 1.0
Author: Togie Mcdogie
Twitter: @TogieMcdogie
[Description]
Difficulty: Beginner - Intermediate
Boot2root created out of frustration from failing my first OSCP exam attempt.
Aimed at:
> Teaching newcomers the basics of Linux enumeration
> Myself, I suck with Linux and wanted to learn more about each service whilst creating a playground for others to learn
Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18
[Lore]
LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep
[Tested with]
[Preffered setup]
Host only networking
[Hints]
[Other]
[Checksum]
This is a fedora server vm, created with virtualbox.
It is a very simple Rick and Morty themed boot to root.
There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root.
It's designed to be a beginner ctf, if you're new to pen testing, check it out!
https://3mrgnc3.ninja/2017/09/c0m80/
This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.
But again, that being said, it will depend on you how hard it is :D
The theme with this one is all about 'enumeration, enumeration, enumeration', lateral thinking, and how to "combine" vulnerabilities in order to exploit a system.
Once you have an IP insert it into your attack system /etc/hosts like this:
[dhcp-ip-address] C0m80.ctf
This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may 'rile' some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.
It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D
Sorry, I hope you can forgive me.
[Difficult] but depends on you really
There is only one goal here. Become God on the system and read the root flag.
I Hope You Enjoy It.
https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova
Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.
Alternatively email me at 3mrgnc3 at techie dot com
Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container?
Download this VM, pull out your pentest hats and get started
We have 2 Modes: - HARD: This would require you to combine your docker skills as well as your pen-testing skills to achieve host compromise. - EASY: Relatively easier path, knowing docker would be enough to compromise the machine and gain root on the host machines.
We have planted 3 flag files across the various machines / systems that are available to you. Your mission if you choose to accept would be as following:
Identify all the flags (2 in total: flag_1 and flag_3) (flag_2 was inadvertently left out)
Gain id=0 shell access on the host machine.
Welcome to Dina 1.0.1
________ _________
\________\--------___ ___ ____----------/_________/
\_______\----\\\\\\ //_ _ \\ //////-------/________/
\______\----\\|| (( ~|~ ))) ||//------/________/
\_____\---\\ ((\ = / ))) //----/_____/
\____\--\_))) \ _)))---/____/
\__/ ((( (((_/
| -))) - ))
This is my first Boot2Root - CTF VM. I hope you enjoy it.
if you run into any issue you can find me on Twitter: @touhidshaikh22
Contact: touhidshaikh22 at gmaill.com <- Feel Free to write mail
Website: http://www.touhidshaikh.com
Goal: /root/flag.txt
Level: Beginner (IF YOU STUCK ANYwhere PM me for HINT, But I don't think need any help).
Download: https://drive.google.com/file/d/0B1qWCgvhnTXgNUF6Rlp0c3Rlb0k/view
Try harder!: If you are confused or frustrated don't forget that enumeration is the key!
Feedback: This is my first boot2root - CTF Virtual Machine, please give me feedback on how to improve!
Tested: This VM was tested with:
Virtual Box 5.X
Networking: DHCP service: Enabled
**IP address**: Automatically assign
Fixing:
Some challenge issue reported by @eliot
Looking forward to the write-ups!
Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client's internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands into a form, and have it execute them. While developer-provided webshells are always nice, there were a few caveats. The page was expecting directory listing style output, which was then parsed and reformatted. If the output didn't match this parsing, no output to me. Additionally, there was no egress. ICMP, and all TCP/UDP ports including DNS were blocked outbound.
I was still able to leverage the command injection to compromise not just the server, but the entire infrastructure it was running on. After the dust settled, the critical report was made, and the vulnerability was closed, I thought the entire attack path was kind of fun, and decided to share how I went about it. Since I enjoy being a free man and only occasionally visit prisons, I've created a simple boot2root style VM that has a similar set of vulnerabilities to use in a walkthrough.
Lately, I’ve been enjoying creating hacking challenges for the security community. This new challenge encapsulates a company, entitled – The Ether, who has proclaimed an elixir that considerably alters human welfare. The CDC has become suspicious of this group due to the nature of the product they are developing.
The goal is to find out what The Ether is up to. You will be required to break into their server, root the machine, and retrieve the flag. The flag will contain more information about The Ether’s ominous operations regarding this medicine.
This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, I say this to keep you on track. This challenge is designed test you on multiple areas and it’s not for the feint of heart!
Whatever you do, do not give up! Exhaust all of your options! Looking forward to have OSCPs take this challenge. As always, good luck, have fun, God bless, and may the s0urce be with you.
It is based on a real world scenario I faced while testing for a client's site. Dedicated to Aunty g0rmint who is fed up of this government (g0rmint).
Does anyone need to know about that Aunty to root the CTF? No
The CTF is tested on Vmware and working well as expected.
Difficulty level to get limited shell: Intermediate or advanced
Difficulty level for privilege escalation: No idea
Give me feed back @nomanriffat
Let’s say you got curious about ARM assembly or exploitation and want to write your first assembly scripts or solve some ARM challenges. For that you either need an Arm device (e.g. Raspberry Pi), or you set up your lab environment in a VM for quick access.
This page contains 3 levels of lab setup laziness.
If you have the time and nerves to set up the lab environment yourself, I’d recommend doing it. You might get stuck, but you might also learn a lot in the process. Knowing how to emulate things with QEMU also enables you to choose what ARM version you want to emulate in case you want to practice on a specific processor.
How to emulate Raspbian with QEMU.
Welcome on laziness level 1. I see you don’t have time to struggle through various linux and QEMU errors, or maybe you’ve tried setting it up yourself but some random error occurred and after spending hours trying to fix it, you’ve had enough.
Don’t worry, here’s a solution: Hugsy (aka creator of GEF) released ready-to-play Qemu images for architectures like ARM, MIPS, PowerPC, SPARC, AARCH64, etc. to play with. All you need is Qemu. Then download the link to your image, and unzip the archive.
Become a ninja on non-x86 architectures
Let me guess, you don’t want to bother with any of this and just want a ready-made Ubuntu VM with all QEMU stuff setup and ready-to-play. Very well. The first Azeria-Labs VM is ready. It’s a naked Ubuntu VM containing an emulated ARMv6l.
This VM is also for those of you who tried emulating ARM with QEMU but got stuck for inexplicable linux reasons. I understand the struggle, trust me.
Download here:
Password: azerialabs
I’ve included a Lab VM Starter Guide and set it as the background image of the VM. It explains how to start up QEMU, how to write your first assembly program, how to assemble and disassemble, and some debugging basics. Enjoy!
I'm really interesting about security, love to learn new technologies and play CTF sometime. I’ve been enjoying creating hacking challenges for the security community. This is my first Challenge of boot2root, I was created some web challenge and solved others.I hope you will get some knowledges about my challenge. Thanks u Laiwon . I love you.
Difficulty level to get limited shell: Intermediate or advanced
Difficulty level for privilege escalation: Depend on You.
You will be required to break into target server,exploit and root the machine, and retrieve the flag. The flag will contain more information about my private info..
This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, If you got big stuck, Try with Password start with "sec*" with nice wordlist. Ok.. Try Harder!..
~Happy Hacking!...
This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally.
This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right.
Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed! If you enjoyed the VM or have questions, feel free to contact me at: josiah@vt.edu
If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. I look forward to reading them!