The Purge: 1
Objective: gain shell access and root the box.Hardness: intermediate-> advanced.Note: The box doesn't respond to ping, so be sure to check the DHCP lease.VulnHub
View ArticlePandora's Box: 1
-=Pandora's Box =- ___ (((((\\ 6_6 ((, __ -\_ __\--. ,-',\\` '//,\_ \ |.----&----. \ `. \ (__,___,__(_ \ | _____| | |__`--'____ |________|,' hjw Filename: pandoras_b0x.ova MD5:...
View ArticleThe Frequency: 1
Objective: gain shell access for each level. Then reach root.Note: figure out what the blips are, where they are, and how to decode each one.VulnHub
View ArticlebWAPP: bee-box (v1.6)
---------------- bee-box - README ---------------- bee-box is a custom Linux VM pre-installed with bWAPP. With bee-box you have the opportunity to explore all bWAPP vulnerabilities! bee-box gives you...
View ArticleSokar: 1
Sokar Filename: sokar.ova MD5: 75f5c48e65fa81dc81ef3b58b7ee6bab SHA1: 5f4aca536898bf962bfcfd2aaccb66fda1ab790a Author: Rasta Mouse Testers: Barrebas & TheColonial ===== Notes ===== DHCP...
View ArticleTopHatSec: Freshly
The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)There are a couple...
View ArticleTopHatSec: ZorZ
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the...
View ArticleROP Primer: 1
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable...
View ArticleTopHatSec: FartKnocker
New VM challenge that should be fun for people trying to get into packet analysis!There are several steps to this box. I created it with virtualbox. The VM is built on:Ubuntu 14.04 32 bitIf you beat...
View ArticlePentester Lab: Play XML Entities
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanismVulnHub
View ArticleSkyTower: 1
Welcome to SkyTower:1This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in...
View ArticleHell: 1
Welcome to the challenge. This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet...
View ArticlePentester Lab: Play Session Injection
DifficultyBeginnerDetailsThis exercise covers the exploitation of a session injection in the Play frameworkWhat you will learn?Session injectionPlay frameworkPlay's cookiesVulnHub
View Articlexerxes: 2.0.1
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleMorning Catch: Phishing Industries
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View ArticleFlick: 1
.o88o. oooo o8o oooo 888 `" `888 `"' `888 o888oo 888 oooo .ooooo. 888 oooo 888 888 `888 d88' `"Y8 888 .8P' 888 888 888 888 888888. 888 888 888 888 .o8 888 `88b. o888o o888o o888o `Y8bod8P' o888o o888o...
View ArticleTr0ll: 1
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory.Not for the easily frustrated! Fair warning,...
View ArticleOwlNest: 1.0.2
,' ``', ' (o)(o) ` > ; ', . ...-'"""""`'. .'`',`''''`________: ": (`'. '.; | ;/\;\; (`',.',.; | | (,'` .`.,' | | (,.',.',' | | (,.',.-`_____| | __\_ _\_ | | |_______________|Welcome to The Owl Nest...
View ArticlePersistence: 1
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| ||...
View ArticlePentester Lab: CVE-2014-6271: ShellShock
Quickly created an exercise for cve-2014-6271:Source: https://twitter.com/PentesterLab/status/515079459284594688VulnHub
View Article