ROP Primer: 0.2
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable...
View ArticleHell: 1
Welcome to the challenge. This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet...
View ArticlePentester Lab: Play Session Injection
DifficultyBeginnerDetailsThis exercise covers the exploitation of a session injection in the Play frameworkWhat you will learn?Session injectionPlay frameworkPlay's cookiesVulnHub
View Articlexerxes: 2.0.1
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleMorning Catch: Phishing Industries
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View ArticleFlick: 1
.o88o. oooo o8o oooo 888 `" `888 `"' `888 o888oo 888 oooo .ooooo. 888 oooo 888 888 `888 d88' `"Y8 888 .8P' 888 888 888 888 888888. 888 888 888 888 .o8 888 `88b. o888o o888o o888o `Y8bod8P' o888o o888o...
View ArticleTr0ll: 1
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory.Not for the easily frustrated! Fair warning,...
View ArticleOwlNest: 1.0.2
,' ``', ' (o)(o) ` > ; ', . ...-'"""""`'. .'`',`''''`________: ": (`'. '.; | ;/\;\; (`',.',.; | | (,'` .`.,' | | (,.',.',' | | (,.',.-`_____| | __\_ _\_ | | |_______________|Welcome to The Owl Nest...
View ArticlePersistence: 1
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| ||...
View ArticlePentester Lab: CVE-2014-6271: ShellShock
Quickly created an exercise for cve-2014-6271:Source: https://twitter.com/PentesterLab/status/515079459284594688VulnHub
View ArticleKnock-Knock: 1.1
____ __. __ ____ __. __ ____ | |/ _| ____ ____ ____ | | __ | |/ _| ____ ____ ____ | | __ /_ | | < / \ / _ \_/ ___\| |/ / ______ | < / \ / _ \_/ ___\| |/ / | | | | \| | ( <_> ) \___| <...
View ArticleKvasir: I
Kvasir 1Filename: kvasir1.ovaMD5: e987e8bbe319db072246ab749912ea91SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4aAuthor: Rasta MouseTesters: Barrebas & OJNotes to the PlayerAs part of the challenge,...
View ArticleTr0ll: 2
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still...
View ArticlebWAPP: bee-box (v1.6)
---------------- bee-box - README ---------------- bee-box is a custom Linux VM pre-installed with bWAPP. With bee-box you have the opportunity to explore all bWAPP vulnerabilities! bee-box gives you...
View ArticleUnderdist: 3
Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).EnjoyVulnHub
View ArticlePegasus: 1
Pegasus .-. %%%%,/ :-. % `%%%, / `\ _, |' )`%%| '-' / Filename: pegasus.ova \_/\ %%%/`-.___.' MD5: 5046e330ff42e9adee0a42b63694cbfe __/ %%%"--"""-.%, SHA1: f18b7437ca3c96f76a2e1b06f569186b63567dd5...
View ArticleThe Purge: 1
Objective: gain shell access and root the box.Hardness: intermediate-> advanced.Note: The box doesn't respond to ping, so be sure to check the DHCP lease.VulnHub
View ArticlePandora's Box: 1
-=Pandora's Box =- ___ (((((\\ 6_6 ((, __ -\_ __\--. ,-',\\` '//,\_ \ |.----&----. \ `. \ (__,___,__(_ \ | _____| | |__`--'____ |________|,' hjw Filename: pandoras_b0x.ova MD5:...
View ArticleThe Frequency: 1
Objective: gain shell access for each level. Then reach root.Note: figure out what the blips are, where they are, and how to decode each one.VulnHub
View ArticleSokar: 1
Sokar Filename: sokar.ova MD5: 75f5c48e65fa81dc81ef3b58b7ee6bab SHA1: 5f4aca536898bf962bfcfd2aaccb66fda1ab790a Author: Rasta Mouse Testers: Barrebas & TheColonial ===== Notes ===== DHCP...
View Article