The machines are in the intermediate difficulty range. None of them should be as easy as to just run a msf module to get root right away, if so please let me know. They all have two flags, one for local and one for root access.
A machine using the newest REMOVED Server, the newest REMOVED and containing some REMOVED....
DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.
It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.
To successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS.
There are multiple ways of gaining root, however, I have included some flags which contain clues for beginners.
There are five flags in total, but the ultimate goal is to find and read the flag in root's home directory. You don't even need to be root to do this, however, you will require root privileges.
Depending on your skill level, you may be able to skip finding most of these flags and go straight for root.
Beginners may encounter challenges that they have never come across previously, but a Google search should be all that is required to obtain the information required to complete this challenge.
DC-1 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.
While I haven't tested it within a VMware environment, it should also work.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
This is the first vulnerable lab challenge that I've created, so feel free to let me know what you think of it.
I can be contacted via Twitter - @DCAU7
Description: unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.
Difficulty: Intermediate
Flags: Your Goal is to get root and read /root/flag.txt
Networking:
Hint: Follow your intuitions ... and enumerate! and for any questions, feel free to contact me on Twitter: @unknowndevice64
Happy Hacking..!!!
HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet O?uz Tozkoparan, Ömer Faruk ?enyayla and Tufan Güngör for their help during creating this lab.
NOTE: localhost is meant to be there!
HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oguz Tozkoparan, Ömer Faruk Senyayla and Tufan Gungor for their help during creating this lab.
NOTE: localhost is meant to be there!
DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.
It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.
To successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS.
There are multiple ways of gaining root, however, I have included some flags which contain clues for beginners.
There are five flags in total, but the ultimate goal is to find and read the flag in root's home directory. You don't even need to be root to do this, however, you will require root privileges.
Depending on your skill level, you may be able to skip finding most of these flags and go straight for root.
Beginners may encounter challenges that they have never come across previously, but a Google search should be all that is required to obtain the information required to complete this challenge.
DC-1 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.
While I haven't tested it within a VMware environment, it should also work.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
This is the first vulnerable lab challenge that I've created, so feel free to let me know what you think of it.
I can be contacted via Twitter - @DCAU7
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
| Name: Happycorp | IP: DHCP |
| Date: 2019-March-05 | Goal: Get Root! |
| Author: Zayotic | Difficultly: ??? |
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
| |
| + Average beginner/intermediate VM, only a few twists |
| + May find it easy/hard (depends on YOUR background) |
| + ...also which way you attack the box |
| |
| + It SHOULD work on both VMware and Virtualbox |
| + REBOOT the VM if you CHANGE network modes |
| + Fusion users, you'll need to retry when importing |
| |
| |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
| |
| --[[~~Enjoy. Have fun. Happy Hacking.~~]]-- |
| |
+---------------------------------------------------------+
Description: unknowndevice64 v2.0 is a beginner level boot2root challenge. The OVA has been tested on both VMware (with some fix provided in this video https://www.youtube.com/watch?v=scRpxo8fra4) and Virtual Box.
Difficulty: Beginner
Flags: Your Goal is to get root and read flag.txt with at least two different ways.
Networking: - DHCP: Enabled - IP Address: Automatically assigned
Hint: Follow your intuitions ... and enumerate! and for any questions, feel free to contact me on Twitter: @unknowndevice64
Happy Hacking..!!!
Does penetration testing spark joy? If it does, this machine is for you.
This machine is full of services, full of fun, but how many ways are there to align the stars? Perhaps, just like the child in all of us, we may find joy in a playground such as this.
This is somewhat OSCP-like for learning value, but is nowhere as easy to complete with an OSCP exam timeframe. But if you found this box because of preparation for the OSCP, you might as well try harder. :-)
This is the evil twin of JOY. Unlike JOY, this machine is designed to drive you crazy. Stephen Hawking once mentioned, "God plays dice and throws them into places where they cannot be seen."
The dice for the machine can all be found on the Internet. Like all other machines built by me, you should not torment yourself by brute force. But perhaps, JOY and TORMENT are two sides of the same coin of satisfaction? Can we really spark joy if we can't first be tormented to endure sufferance?
This machine guarantees to teach you some new ways of looking at enumeration and exploitation. Unlike all the other OSCP-like machines written by me, this machine will be mind-twisting and maybe mind-blowing. You may lose your mind while at it, but we will still nudge you to... try harder!
This is NOT an easy machine and you should not feel discouraged if you spend a few days headbanging on this machine. At least three competent pentesters I have asked to test this machine report days (thankfully not weeks) of head banging and nerve wrecking. Do this machine if you enjoy being humbled.
Can you break free from Harrison's prison?
Flags - /root/flag.txt
Tested with VirtualBox
DHCP enabled
Difficulty: Intermediate
Should not be as easy as to just run a MSF module to get root right away, if so please let me know.
Jerome has created some awesome recipes. Can you find them?
Flags - /root/flag.txt - /home/jerome/flag.txt
Tested with VirtualBox
DHCP enabled
Difficulty: Intermediate
Should not be as easy as to just run a MSF module to get root right away, if so please let me know.
Description: Zeus is an intermediate level boot2root VM. Your goal is to get root and read the flags. Tested on VMware.
Difficulty: Medium
Flags: user.txt and root.txt
Networking: Static IP ~ 192.168.131.170
Simple Boot2root for beginner/immediate. This challenge is made for the Security Hackadeny (https://www.security-hackademie.de/). Made for virtualbox