TopHatSec: Freshly
The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)There are a couple...
View ArticleTopHatSec: ZorZ
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the...
View ArticleTopHatSec: FartKnocker
New VM challenge that should be fun for people trying to get into packet analysis!There are several steps to this box. I created it with virtualbox. The VM is built on:Ubuntu 14.04 32 bitIf you beat...
View ArticlePentester Lab: Play XML Entities
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanismVulnHub
View ArticleDarknet: 1.0
Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers. As the target gets used will read...
View ArticleROP Primer: 0.2
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable...
View ArticleBrainpan: 3
__ ) _ \ \ _ _| \ | _ \ \ \ | _ _| _ _| _ _| __ \ | | _ \ | \ | | | _ \ \ | | | | | | __ < ___ \ | |\ | ___/ ___ \ |\ | | | | ____/ _| \_\ _/ _\ ___| _| \_| _| _/ _\ _| \_| ___| ___| ___| by...
View ArticleNullByte: 1
Codename: NB0x01Download: ly0n.me/nullbyte/NullByte.ova.zipObjetcive: Get to /root/proof.txt and follow the instructions.Level: Basic to intermediate.Description: Boot2root, box will get IP from dhcp,...
View ArticleOWASP Broken Web Applications Project: 1.2
MainThe Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:learning about web application...
View ArticleAcid Server: 1
Welcome to the world of Acid.Fairy tails uses secret keys to open the magical doors.SETUPThe named of the Virtual machine is "Acid Server". This Virtual Machine is completely web based. I have added...
View ArticleFlick: 2
_____ _ ____ __ __ _ ____ ____ | || | | | / ]| |/ ] | || | | __|| | | | / / | ' / | | | | | |_ | |___ | |/ / | \ | | | | | _] | | | / \_ | \ | | | | | | | | | \ || . | | | | | |__|...
View ArticleAcid: Server
Welcome to the world of Acid.Fairy tails uses secret keys to open the magical doors.SETUPThe named of the Virtual machine is "Acid Server". This Virtual Machine is completely web based. I have added...
View ArticleAcid: Reloaded
SETUPThe named of the Virtual machine is "Acid-Reloaded". This Virtual Machine contains both network logics and web logics. I have added new concept here and let's see how many of you think more...
View ArticleSpyderSec: Challenge
The Challenge:You are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find...
View ArticleLord Of The Root: 1.0.1
I created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP.This is a...
View Article/dev/random: Pipe
__________.__ \______ \__|_____ ____ | ___/ \____ \_/ __ \ | | | | |_> > ___/ |____| |__| __/ \___ > |__| \/ ·VM· (MiNi CHaLLeNGe BuiLT FoR ZaCoN Vi)...
View Article/dev/random: Sleepy
_________.__ / _____/| | ____ ____ ______ ___.__. \_____ \ | | _/ __ \_/ __ \\____ < | | / \| |_\ ___/\ ___/| |_> >___ | /_______ /|____/\___ >\___ > __// ____| ·VM· \/ \/ \/|__| \/...
View ArticleBTRSys: v1
Machine Name: BTRSys1IP : DHCPDifficulty : Beginner / IntermediateFormat : Virtual Machine (VMware)Description : This is a boot2root machine particularly educational for beginners. Follow us for next...
View ArticleBorn2Root: 1
When you see the ascii text that mean Born2Root's CTF challenge Is UPHack it , reach root and capture the flag.Born2root is based on debian 32 bits so you can run it even if Intel VT-X isn't installed...
View Articlezico2: 1
Zico's Shop: A Boot2Root Machine intended to simulate a real world cenarioDisclaimer:By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without...
View Article