CLAMP: 1.0.1

July 13, 2019, 4:00 pm

There are many vulnerabilities on the CLAMP machine.

You need some time and patience when dealing with security vulnerabilities. The scenario is progressing through web vulnerabilities. You will feel the test air while doing them. Maybe you'il have some fun.

When sending information, the security of the protocol you use is very important. You must keep the evidence in safe places.

Good Luck!

Machine Name: CLAMP
Machine Size: 3.2GB
Difficulty: Low
Flag: /root/flag.txt
Tested: VMWare workstation 12 Pro
DHCP: Enabled
Author: Mehmet Kelepçe // @doskey_history

VulnHub

↧

Ted: 1

July 15, 2019, 4:00 pm

≫ Next: DomDom: 1

≪ Previous: CLAMP: 1.0.1

How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities.

Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.

VulnHub

↧

DomDom: 1

July 10, 2019, 4:00 pm

≫ Next: Mission-Pumpkin v1.0: PumpkinFestival

≪ Previous: Ted: 1

Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.

VulnHub

↧

Mission-Pumpkin v1.0: PumpkinFestival

July 16, 2019, 4:00 pm

≫ Next: hackme: 1

≪ Previous: DomDom: 1

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems.

PumpkinFestival is Level 3 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file. Level 2 is about identifying pumpkin seeds.

In this level (Level 3) it is time for Pumpkin Festival, the goal is to reach root and access PumpkinFestival_Ticket and collect PumpkinTokens on the way.

VulnHub

↧

hackme: 1

July 17, 2019, 4:00 pm

≫ Next: symfonos: 2

≪ Previous: Mission-Pumpkin v1.0: PumpkinFestival

'hackme' is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently privilege escalate as root. The lab was created to mimic real life environment.

'hackme' uses DHCP and in the possible event that the mysqld shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently.

VulnHub

↧

symfonos: 2

July 17, 2019, 4:00 pm

≫ Next: symfonos: 3

≪ Previous: hackme: 1

OSCP-like Intermediate real life based machine designed to teach the importance of understanding a vulnerability. SHOULD work for both VMware and Virtualbox.

VulnHub

↧

symfonos: 3

July 19, 2019, 4:00 pm

≫ Next: MinU: v2

≪ Previous: symfonos: 2

Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox.

For hints you're welcome to contact me via Twitter @zayotic

VulnHub

↧

MinU: v2

July 17, 2019, 4:00 pm

≫ Next: The Library: 1

≪ Previous: symfonos: 3

This boot2root is a linux based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP.

Your goal is to capture the flag on /root.

Note: Tested on VirtualBox

Network: Host-Only, NAT (not required)

File: OVA

Difficulty: easy/intermediate

VulnHub

↧

The Library: 1

July 21, 2019, 4:00 pm

≫ Next: The Library: 2

≪ Previous: MinU: v2

The library is a sophisticated web application which has few advanced vulnerabilities. You will have to think out of the box to be able to compromised successfully this machine. If you can't you can just enjoy countries history ;)

VulnHub

↧

The Library: 2

July 24, 2019, 4:00 pm

≫ Next: ReadMe: 1

≪ Previous: The Library: 1

Hint: PHP $_REQUEST

VulnHub

↧

ReadMe: 1

July 25, 2019, 4:00 pm

≫ Next: jigsaw: 2

≪ Previous: The Library: 2

N/A

VulnHub

↧

jigsaw: 2

July 26, 2019, 4:00 pm

≫ Next: sunset: 1

≪ Previous: ReadMe: 1

Difficulty: Insane

It has 2 flags.

Certain functionality only work with VMware.

VulnHub

↧

sunset: 1

July 28, 2019, 4:00 pm

≫ Next: Tr0ll: 3

≪ Previous: jigsaw: 2

N/A

VulnHub

↧

Tr0ll: 3

August 5, 2019, 4:00 pm

≫ Next: WestWild: 1.1

≪ Previous: sunset: 1

The latest version of the Tr0ll series. This one is a little different from the previous iterations, I would say still on the beginner++ level. I hope everyone has fun, be sure to tag @Maleus21 with screen shots of the flag.

Type: Boot 2 Root

Goal: Obtain flag.txt

Difficulty: Beginner++

Fun level: Over 9000

VulnHub

↧

WestWild: 1.1

July 28, 2019, 4:00 pm

≫ Next: sunset: dawn

≪ Previous: Tr0ll: 3

This CTF series is for people who have basic knowledge of penetration testing tools and techniques, and this machine is include of:

1- Application Web testing 2- System Testing 3- Beginner Level of Steganography

And i hope you all will Have F0n ;)

IMPORTNAT

Add this Line into your /etc/hosts file :

192.168.8.103 westwild

and Replace 192.168.8.103 with IP of the machine.

VulnHub

↧

sunset: dawn

August 2, 2019, 4:00 pm

≫ Next: dpwwn: 1

≪ Previous: WestWild: 1.1

dawn is a boot2root machine with a difficulty designed to be Easy with multiple ways to be completed. It is recommended to use Virtualbox.

If you need to contact me for hints you can do it via twitter here: @whitecr0w1

VulnHub

↧

dpwwn: 1

August 3, 2019, 4:00 pm

≫ Next: dpwwn: 2

≪ Previous: sunset: dawn

About Release

Name: dpwwn-01

Date release: 04 Aug 2019

Author: Debashis Pal

Series: dpwwn

Description

This boot2root is a linux based virtual machine and has been tested using VMware workstation 14.

The network interface of VM will take it's IP settings from DHCP (Network Mode: NAT).

Goal: Gain the root privilege and obtain the content of dpwwn-01-FLAG.txt under /root Directory.

Note: Tested on VMware workstation 14.

Difficulty: Easy/helpful for beginners.

File Information

Filename: dpwwn-01.zip
File size: 618 MB
MD5: 3c33fd411d7d7d74503f18c96740eed5
SHA1: 2b61f54b27aba6223f0706ca26f99518156e0f951e9e9ff26569c2260f7be2c7

Virtual Machine

Format: Virtual Machine (VMware)

Operating System: Linux

Networking

DHCP service: Enabled

IP address: Automatically assign

Note: NAT mode was set.

VulnHub

↧

dpwwn: 2

August 7, 2019, 4:00 pm

≫ Next: Broken: Gallery

≪ Previous: dpwwn: 1

About Release

Name: dpwwn-02

Date release: 09 Aug 2019

Author: Debashis Pal

Series: dpwwn

Description

This boot2root is a linux based virtual machine and has been tested using VMware workstation.

Difficulty: Intermediate++ and fun.

Goal: Get the root shell i.e.(root@dpwwn-02:~#) and then obtain flag under /root(dpwwn-02-FLAG.txt).

File Information

Filename: dpwwn-02.zip

File size: 1.37 GB

MD5: 0ebd0bd68d651e65608a17310ca567e2

SHA1: 41856ebd27341fc9300a65724c47476f63edccbaaae30dced0c50cf1b4e52645

Virtual Machine

Format: Virtual Machine (VMware)

Operating System: Linux

Networking

DHCP service: Disabled

Static IP address: 10.10.10.10

Note: Host only network adapter set (VM IP: 10.10.10.10/24)

VulnHub

↧

Broken: Gallery

August 8, 2019, 4:00 pm

≫ Next: dpwwn: 3

≪ Previous: dpwwn: 2

The gallery is different kind of web application. You find what you are looking for like any other vulnerable web application. Try harder to fix the problem and then you will win. Privilege escalation is another method of security through obscurity.

VulnHub

↧

dpwwn: 3

August 11, 2019, 4:00 pm

≫ Next: Tempus Fugit: 1

≪ Previous: Broken: Gallery

About Release

Name: dpwwn-03

Date release: 12 Aug 2019

Author: Debashis Pal

Series: dpwwn

Description

This boot2root is a linux based virtual machine and has been tested using VMware workstation.

Goal: Get the root shell and then obtain flag under /root(dpwwn-03-FLAG.txt).

File Information

Filename: dpwwn-03.zip

File size: 659 MB

MD5: ba0e52d75803daadd29a782bdac8a22e

SHA1: 3e25cb3b0f97119500979ae5cfe408bb9eeb53744a48223184e94be1426aaf0d

Virtual Machine

Format: Virtual Machine (VMware)

Operating System: Linux

Networking

DHCP service: Enabled

IP address: Automatically assign

Note: NAT mode was set.

VulnHub

↧