Bot Challenges: Flipping Bitbot
This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit...
View ArticleNo Exploiting Me: 1
Vulnerable VM with some focus on NoSQLThis vulnerable VM is meant to act as a practice virtual machine for security researchers to start looking at identifying and exploiting vulnerabilities in NoSQL,...
View ArticleDe-ICE: S1.140
De-ICE are Penetration LiveCD images available from http://forum.heorot.net and provide scenarios where students can test their penetration testing skills and tools in a legal environment. Courtesy of...
View Article/dev/random: relativity (v1.0.1)
__________ .__ __ .__ .__ __ \______ \ ____ | | _____ _/ |_|__|__ _|__|/ |_ ___.__. | _// __ \| | \__ \\ __\ \ \/ / \ __< | | | | \ ___/| |__/ __ \| | | |\ /| || | \___ | |____|_ /\___...
View ArticlePentester Lab: Electronic codebook (ECB)
DifficultyBeginnerDetailsThis exercise explains how you can tamper with an encrypted cookies to access another user's account.What you will learn?Weakness in ECB encryptionCookie tamperingVulnHub
View ArticleBrainpan: 2
_ _ ___ | | (_) |__ \ | |__ _ __ __ _ _ _ __ _ __ __ _ _ __ ) | | '_ \| '__/ _` | | '_ \| '_ \ / _` | '_ \ / / | |_) | | | (_| | | | | | |_) | (_| | | | | / /_ |_.__/|_| \__,_|_|_| |_| .__/ \__,_|_|...
View Articlexerxes: 1
____ ___ ____ ___ __ ____ ___ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` `MM,P MM MM MM' `MM,P MM MM YM. `MM. MMMMMMMM MM `MM. MMMMMMMM...
View ArticlePentester Lab: XSS and MySQL FILE
DifficultyBeginnerDetailsThis exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to...
View ArticleVulnOS: 1
Welcome to VulnOS !This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!!Your goal is to get root and...
View ArticleBot Challenges: Dexter
In general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that...
View ArticleKioptrix: 2014 (#5)
Note from VulnHub100% works with VMware player6, workstation 10 & fusion 6.May have issues with ViritualBoxIf this is the case, try this 'fix': http://download.vulnhub.com/kioptrix/kiop2014_fix.zip...
View ArticleCommand Injection ISO: 1
We've packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not...
View ArticlePentester Lab: CVE-2007-1860: mod_jk double-decoding
DifficultyBeginnerDetailsThis exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common...
View ArticleSecOS: 1
Not too tired after BSides London? Still want to solve challenges? Here is the VM I told about during my talk where you'll have to practice some of your skills to retrieve the precious flag located...
View ArticlebWAPP: bee-box (v1.4)
bee-box - README //////////////// bee-box is a custom Linux VM pre-installed with bWAPP. With bee-box you have the opportunity to explore all bWAPP vulnerabilities! bee-box gives you several ways to...
View ArticleCySCA: CySCA2014-in-a-Box
CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their...
View ArticleBot Challenges: LoBOTomy
I always enjoy creating and releasing vulnerable virtual machines so readers can get a first hand feel of attacking these command and control panels without doing anything illegal. The objective of...
View ArticleThe Infernal: Hades (v1.0.1)
Infernal: Hades v1.0.1.Hades is a new boot2root challenge pitched at the advanced hobbyist. Solving this challenge will require skills in reverse engineering, sploit development and sound computer...
View ArticleSkyTower: 1
Welcome to SkyTower:1This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in...
View ArticleHell: 1
Welcome to the challenge. This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet...
View Article