Pentester Lab: Play Session Injection
DifficultyBeginnerDetailsThis exercise covers the exploitation of a session injection in the Play frameworkWhat you will learn?Session injectionPlay frameworkPlay's cookiesVulnHub
View Articlexerxes: 2
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleMorning Catch: Phishing Industries
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View ArticleFlick: 1
.o88o. oooo o8o oooo 888 `" `888 `"' `888 o888oo 888 oooo .ooooo. 888 oooo 888 888 `888 d88' `"Y8 888 .8P' 888 888 888 888 888888. 888 888 888 888 .o8 888 `88b. o888o o888o o888o `Y8bod8P' o888o o888o...
View ArticleTr0ll: 1
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory.Not for the easily frustrated! Fair warning,...
View Articlexerxes: 2.0.1
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleOwlNest: 1.0.2
,' ``', ' (o)(o) ` > ; ', . ...-'"""""`'. .'`',`''''`________: ": (`'. '.; | ;/\;\; (`',.',.; | | (,'` .`.,' | | (,.',.',' | | (,.',.-`_____| | __\_ _\_ | | |_______________| Welcome to The Owl...
View ArticlePersistence: 1
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| ||...
View ArticlePentester Lab: CVE-2014-6271: ShellShock
Quickly created an exercise for cve-2014-6271:Source: https://twitter.com/PentesterLab/status/515079459284594688VulnHub
View ArticlebWAPP: bee-box (v1.5)
---------------- bee-box - README ---------------- bee-box is a custom Linux VM pre-installed with bWAPP. With bee-box you have the opportunity to explore all bWAPP vulnerabilities! bee-box gives you...
View ArticleKnock-Knock: 1.1
____ __. __ ____ __. __ ____ | |/ _| ____ ____ ____ | | __ | |/ _| ____ ____ ____ | | __ /_ | | < / \ / _ \_/ ___\| |/ / ______ | < / \ / _ \_/ ___\| |/ / | | | | \| | ( <_> ) \___| <...
View ArticleKvasir: I
Kvasir 1Filename: kvasir1.ovaMD5: e987e8bbe319db072246ab749912ea91SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4aAuthor: Rasta MouseTesters: Barrebas & OJNotes to the PlayerAs part of the challenge,...
View ArticleTr0ll: 2
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still...
View Articlexerxes: 1
____ ___ ____ ___ __ ____ ___ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` `MM,P MM MM MM' `MM,P MM MM YM. `MM. MMMMMMMM MM `MM. MMMMMMMM...
View ArticlePentester Lab: XSS and MySQL FILE
DifficultyBeginnerDetailsThis exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to...
View ArticleVulnOS: 1
Welcome to VulnOS !This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!!Your goal is to get root and...
View ArticleBot Challenges: Dexter
In general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that...
View ArticleKioptrix: 2014 (#5)
Note from VulnHub100% works with VMware player6, workstation 10 & fusion 6.May have issues with ViritualBoxIf this is the case, try this 'fix': http://download.vulnhub.com/kioptrix/kiop2014_fix.zip...
View ArticleCommand Injection ISO: 1
We've packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not...
View ArticlePentester Lab: CVE-2007-1860: mod_jk double-decoding
DifficultyBeginnerDetailsThis exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common...
View Article