Tempus Fugit: 1

August 15, 2019, 4:00 pm

≫ Next: symfonos: 4

≪ Previous: dpwwn: 3

$

0

0

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

It is an intermediate real life box.

Created mostly by 4ndr34z with some assistance by DCAU, the idea behind Tempus Fugit was to create something “out of the ordinary” and without giving anything away, something “dynamic” and a lot like time... changing.

The vm contains both user and root flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact us on Twitter: @4nqr34z @DCAU7

DHCP-Client.

Tested both on Virtualbox and vmware

Health warning: May drive people insane

VulnHub

---

symfonos: 4

August 19, 2019, 4:00 pm

≫ Next: serial: 1

≪ Previous: Tempus Fugit: 1

$

0

0

• Name: symfonos: 4
• Difficulty: Intermediate
• Tested: VirtualBox
• DHCP Enabled

OSCP-like Intermediate real life based machine designed to teach people to try harder.

VulnHub

serial: 1

August 19, 2019, 4:00 pm

≫ Next: GrimTheRipper: 1

≪ Previous: symfonos: 4

$

0

0

This is a simple boot2root for beginner/immediate. If you need a hint, feel free to contact me on Twitter: @sk4pwn

VulnHub

GrimTheRipper: 1

August 19, 2019, 4:00 pm

≫ Next: WestWild: 2

≪ Previous: serial: 1

$

0

0

This boot2root is a linux based virtual machine and has been tested using VMware workstation.

Goal: Get the root shell and then obtain flag under: /root/(flag.txt).

For any query contact me at: chandramanish900 at gmail dot com

VulnHub

WestWild: 2

August 20, 2019, 4:00 pm

≫ Next: nezuko: 1

≪ Previous: GrimTheRipper: 1

$

0

0

This CTF series is for people who have basic knowledge of penetration Testing and techniques

You will have to think out of the box to be able to compromise successfully this machine.

If you can't you can Try Harder

for any help You Can Contact

@Hashimalshareff @TheMinz1991

VulnHub

nezuko: 1

August 20, 2019, 4:00 pm

≫ Next: AI: Web: 1

≪ Previous: WestWild: 2

$

0

0

Creator : @yunaranyancat (Twitter)

Difficulty : Easy ~ Intermediate

OS Used: Ubuntu 18.04

Services : Webmin 1.920, Apache, SSH

User : root, zenitsu, nezuko

Hashes : at their home directory

VulnHub

AI: Web: 1

August 20, 2019, 4:00 pm

≫ Next: scarecrow: 1

≪ Previous: nezuko: 1

$

0

0

Difficulty: Intermediate

Network: DHCP (Automatically assign)

Network Mode: NAT

This box is designed to test skills of penetration tester. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root. For any hint please tweet on @arif_xpress

VulnHub

scarecrow: 1

August 20, 2019, 4:00 pm

≫ Next: DomDom: 1

≪ Previous: AI: Web: 1

$

0

0

This is an intermediate machine. Your goal is to get paw-sk4 user and then root flag. Try harder and share with us the flag, if you can ;).

For any need, contact us on Twitter: @sk4pwn @p4w16 and @bytevsbyt3

VulnHub

---

DomDom: 1

July 10, 2019, 4:00 pm

≫ Next: scarecrow: 1.1

≪ Previous: scarecrow: 1

$

0

0

How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities.

Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.

VulnHub

scarecrow: 1.1

August 25, 2019, 4:00 pm

≫ Next: sunset: nightfall

≪ Previous: DomDom: 1

$

0

0

This is an intermediate machine. Your goal is to get paw-sk4 user and then root flag. Try harder and share with us the flag, if you can ;).

For any need, contact us on Twitter: @sk4pwn @p4w16 and @bytevsbyt3

VulnHub

sunset: nightfall

August 28, 2019, 4:00 pm

≫ Next: DC: 7

≪ Previous: scarecrow: 1.1

$

0

0

nightfall is a born2root VM designed for beginners.

Virtualbox is strongly recommended for doing this challenge.

If you need to contact me for hints you can do it via twitter here: @whitecr0w1

VulnHub

DC: 7

August 30, 2019, 4:00 pm

≫ Next: AI: Web: 2

≪ Previous: sunset: nightfall

$

0

0

Description

DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

While this isn't an overly technical challenge, it isn't exactly easy.

While it's kind of a logical progression from an earlier DC release (I won't tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. :-) If you need to resort to brute forcing or dictionary attacks, you probably won't succeed.

What you will need to do, is to think "outside" of the box.

Waaaaaay "outside" of the box. :-)

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

DC-7 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

VulnHub

AI: Web: 2

August 31, 2019, 4:00 pm

≫ Next: Prime: 1

≪ Previous: DC: 7

$

0

0

About Release:

• Name: AI: Web 2.0
• Author: Mohammad Ariful Islam
• Series: AI: Web

Description:

• Difficulty: Intermediate
• Network: DHCP (Automatically assign)
• Network Mode: NAT

This is the second box from the series AI: Web and you will have more fun to crack this challenge. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root.

You may need to crack password. Use wordlist SecLists/rockyou-45.txt by Mr. Daniel Miessler.

For any hint please tweet on @arif_xpress

File Information:

• Filename: AI Web 2.0.7z
• File size: 906 MB

Virtual Machine:

• Tested: VMWare Workstation 10 or later.
• Operating System: Linux

Networking:

• DHCP service: Enabled
• IP Address: Automatically assign

VulnHub

Prime: 1

August 31, 2019, 4:00 pm

≫ Next: The Fortress: 1

≪ Previous: AI: Web: 2

$

0

0

This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam.

This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP and Hackthebox's machines are designed.

So you have a target to get root flag as well as user flag. If stuck on a point some help are given at a level of enumeration. If any extra help needed

Visit our website http://hacknpentest.com and http://hnpsecurity.com.

Some extra improvement needed to my VM please contact me on my email- suraj at hnpsecurity dot com.

VulnHub

The Fortress: 1

September 3, 2019, 4:00 pm

≫ Next: Mordor: 1

≪ Previous: Prime: 1

$

0

0

Hard CTF challenge.

VulnHub

---

Mordor: 1

September 4, 2019, 4:00 pm

≫ Next: SP: alphonse (v1.1)

≪ Previous: The Fortress: 1

$

0

0

Mordor-CTF

• Author: strider
• Testers: Kyubai
• Difficulty: Intermediate

Mordor CTF is a CTF-Machine with a nice story.

This VM has a small touch of lord of the rings. And tells a story during part 2 of the movies.

In this VM are 9 flags to get.

This I my first VM i've created, I hope you enjoy it.

The goal is to reach the root and readout the file /root/flag.txt

If you found other ways, to reach the goal, let me know :)

What include this VM? - Information Gathering - Enumerarion - Cracking - Webexploitation - Reverse Engineering - Binary Exploitation - General Linux skills - and more...

OS: - Debian 10 Buster - IPv4 / DHCP Autoassign

For any hints contact me here [strider007 at protonmail dot com]

If you found Bugs or you have problems with the VM, you can contact me also here [strider007 at protonmail dot com]

VulnHub

SP: alphonse (v1.1)

September 9, 2019, 4:00 pm

≫ Next: HA: Wordy (v1.1)

≪ Previous: Mordor: 1

$

0

0

Alphonse is into genes and would like to research your DNA. Is his setup secure thought?

Flags: - /root/flag.txt - /home/alphonse/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

VulnHub

HA: Wordy (v1.1)

September 12, 2019, 4:00 pm

≫ Next: Tempus Fugit: 2

≪ Previous: SP: alphonse (v1.1)

$

0

0

Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities.

As this is a wordpress based lab, it is designed so that users can practice following vulnerabilities: - LFI - RFI - CSRF - File Upload - SQL

There is a total of 3 flags. Completion is only registered on exploiting all vulnerabilities and flags.

Hint: “Everything is not what it seems to be.”

Visit our website http://hackingarticles.in

VulnHub

Tempus Fugit: 2

September 9, 2019, 4:00 pm

≫ Next: HA: Infinity Stones

≪ Previous: HA: Wordy (v1.1)

$

0

0

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an intermediate, real life box.

---

In Tempus Fugit 2, the idea is still, like in the first vm; to create something “out of the ordinary”.

The vm contains both user and root flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact me on Twitter: @4nqr34z

---

DHCP-Client.

Tested both on Virtualbox and vmware

Health warning: Have driven people to the brink of insanity

VulnHub

HA: Infinity Stones

September 15, 2019, 4:00 pm

≫ Next: DC: 8

≪ Previous: Tempus Fugit: 2

$

0

0

Thanos thinks that if he kills half of all life in the universe, he’ll restore balance. To do so, he needs all six Infinity Stones to power his Infinity Gauntlet, which in turn will give him the ability to bend time, space, energy, and the laws of physics and reality. But the Avengers are one step ahead of Thanos this time. Avengers have hidden all the Infinity Stones all over this CTF. Help Thanos to get all the Infinity Stones and restore the balance of the universe.

This machine contains 6 Infinity Stones with Six different flags to test your skills.

• Space Stone
• Mind Stone
• Reality Stone
• Time Stone
• Power Stone
• Soul Stone

Each stone can be found in a different way.

ENUMERATION IS THE KEY!!!!!

Visit our website http://hackingarticles.in

VulnHub