Knock-Knock: 1.1
____ __. __ ____ __. __ ____ | |/ _| ____ ____ ____ | | __ | |/ _| ____ ____ ____ | | __ /_ | | < / \ / _ \_/ ___\| |/ / ______ | < / \ / _ \_/ ___\| |/ / | | | | \| | ( <_> ) \___| <...
View ArticleKvasir: I
Kvasir 1Filename: kvasir1.ovaMD5: e987e8bbe319db072246ab749912ea91SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4aAuthor: Rasta MouseTesters: Barrebas & OJNotes to the PlayerAs part of the challenge,...
View ArticleTr0ll: 2
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still...
View ArticlebWAPP: bee-box (v1.6)
---------------- bee-box - README ---------------- bee-box is a custom Linux VM pre-installed with bWAPP. With bee-box you have the opportunity to explore all bWAPP vulnerabilities! bee-box gives you...
View ArticleUnderdist: 3
Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).EnjoyVulnHub
View ArticlePegasus: 1
Pegasus .-. %%%%,/ :-. % `%%%, / `\ _, |' )`%%| '-' / Filename: pegasus.ova \_/\ %%%/`-.___.' MD5: 5046e330ff42e9adee0a42b63694cbfe __/ %%%"--"""-.%, SHA1: f18b7437ca3c96f76a2e1b06f569186b63567dd5...
View ArticleThe Purge: 1
Objective: gain shell access and root the box.Hardness: intermediate-> advanced.Note: The box doesn't respond to ping, so be sure to check the DHCP lease.VulnHub
View ArticlePandora's Box: 1
-=Pandora's Box =- ___ (((((\\ 6_6 ((, __ -\_ __\--. ,-',\\` '//,\_ \ |.----&----. \ `. \ (__,___,__(_ \ | _____| | |__`--'____ |________|,' hjw Filename: pandoras_b0x.ova MD5:...
View ArticleThe Frequency: 1
Objective: gain shell access for each level. Then reach root.Note: figure out what the blips are, where they are, and how to decode each one.VulnHub
View ArticleSokar: 1
Sokar Filename: sokar.ova MD5: 75f5c48e65fa81dc81ef3b58b7ee6bab SHA1: 5f4aca536898bf962bfcfd2aaccb66fda1ab790a Author: Rasta Mouse Testers: Barrebas & TheColonial ===== Notes ===== DHCP...
View ArticleTopHatSec: Freshly
The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)There are a couple...
View ArticleTopHatSec: ZorZ
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the...
View ArticleROP Primer: 1
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable...
View ArticleTopHatSec: FartKnocker
New VM challenge that should be fun for people trying to get into packet analysis!There are several steps to this box. I created it with virtualbox. The VM is built on:Ubuntu 14.04 32 bitIf you beat...
View ArticlePentester Lab: Play XML Entities
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanismVulnHub
View ArticleDarknet: 1.0
Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers. As the target gets used will read...
View ArticleHell: 1
Welcome to the challenge. This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet...
View ArticlePentester Lab: Play Session Injection
DifficultyBeginnerDetailsThis exercise covers the exploitation of a session injection in the Play frameworkWhat you will learn?Session injectionPlay frameworkPlay's cookiesVulnHub
View Articlexerxes: 2.0.1
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleMorning Catch: Phishing Industries
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View Article