DC: 8

September 7, 2019, 4:00 pm

≫ Next: HA: Wordy

≪ Previous: HA: Infinity Stones

$

0

0

DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited.

The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42.

The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag.

You probably wouldn't even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it's definitely there and doing it's job.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

VulnHub

---

HA: Wordy

September 12, 2019, 4:00 pm

≫ Next: Bob's Missing Cat CTF: 1

≪ Previous: DC: 8

$

0

0

Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities.

As this is a wordpress based lab, it is designed so that users can practice following vulnerabilities: - LFI - RFI - CSRF - File Upload - SQL

There is a total of 3 flags. Completion is only registered on exploiting all vulnerabilities and flags.

Hint: “Everything is not what it seems to be.”

Visit our website http://hackingarticles.in

VulnHub

Bob's Missing Cat CTF: 1

September 8, 2019, 4:00 pm

≫ Next: HA: Avengers Arsenal

≪ Previous: HA: Wordy

$

0

0

Bob’s Missing Cat is a three part CTF where the goal is to find your lost cat.

Bob’s Missing Cat Pt. 1 is an introduction to the world of Linux.

(This CTF is different from most, intended to be played out more like a story.)

Types of Commands learned by the end of Pt. 1: cd, ls, ls -la, pwd, cat, mkdir, mv, nano, chmod, etc.

Please do Bob’s Missing Cat Pt. 1 alongside the BMCInstrictable document.

Download ~ https://download.vulnhub.com/bobsmissingcat/BMCInstructable.docx

VulnHub

HA: Avengers Arsenal

September 19, 2019, 4:00 pm

≫ Next: HA: Armour

≪ Previous: Bob's Missing Cat CTF: 1

$

0

0

Avengers are meant to be Earth’s Mightiest Heroes, but some heroes just aren’t mighty enough without their trusty weapon in hand.

The Goal is to gather all the 5 mightiest weapons:

• VIBRANIUM SHIELD
• MJØLNIR
• SCEPTRE
• STORMBREAKER
• YAKA ARROW

ENUMERATION IS THE KEY!!!!!

Visit our website http://hackingarticles.in

VulnHub

HA: Armour

September 21, 2019, 4:00 pm

≫ Next: Misdirection: 1

≪ Previous: HA: Avengers Arsenal

$

0

0

Klaw has stolen some armours from the Avengers Super-Secret Base. Falcon has checked the manifest, following things are unaccountable:

1. HulkBuster Armour
2. Spiderman Armour
3. Ant-Man Armour
4. Black Panther Armour
5. Iron Man Armour

Klaw hide all these armours and now it's up to you. Can you use your penetration skills to recover them all?

-Captain Steve Rogers

P.S. Klaw has a habit of dividing his passwords into 3 parts and save them at different locations. So, if you get some combine them to move forward.

VulnHub

Misdirection: 1

September 23, 2019, 4:00 pm

≫ Next: Mumbai: 1

≪ Previous: HA: Armour

$

0

0

The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam.

VulnHub

Mumbai: 1

September 24, 2019, 4:00 pm

≫ Next: serial: 2

≪ Previous: Misdirection: 1

$

0

0

N/A

VulnHub

serial: 2

September 26, 2019, 4:00 pm

≫ Next: Bottleneck: 1

≪ Previous: Mumbai: 1

$

0

0

This box has an intermediate difficulty for the user, I suggest you to enumerate it and use some tools for get the first flag. Note that if you don't see the flag maybe you should find it in other place ;).

The hard part is the privilege escalation for the root user, try hard and get the root flag (if you can;))!

If you need an hint, feel free to contact me on Twitter: @sk4pwn

VulnHub

---

Bottleneck: 1

September 27, 2019, 4:00 pm

≫ Next: bossplayersCTF: 1

≪ Previous: serial: 2

$

0

0

Bottleneck is an intermediate boot2root machine.

After some cyber attacks the admin hardened the system, show him that it's not so secure.

If you need a hint feel free to contact me on Twitter: @bytevsbyt3

VulnHub

bossplayersCTF: 1

October 27, 2019, 5:00 pm

≫ Next: WebGOAT: 1

≪ Previous: Bottleneck: 1

$

0

0

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

VulnHub

WebGOAT: 1

September 15, 2019, 4:00 pm

≫ Next: HA: ISRO

≪ Previous: bossplayersCTF: 1

$

0

0

This is ubuntu 18.04 server which autostarts webgoat on http://<ip address>:8000/WebGoat/

Credentials: - user: webgoat - pass: webgoat

This machine is used to practice on different types of web attacks. Enjoy!

VulnHub

HA: ISRO

October 3, 2019, 4:00 pm

≫ Next: SafeHarbor: 1

≪ Previous: WebGOAT: 1

$

0

0

This is our tribute to the Indian Space Research Organisation (ISRO). We as Indians are proud of ISRO and its achievements. Solve this CTF challenge and feel the work of ISRO.

This machine contains 4 different flags to test your skills.

1. Aryabhata
2. Bhaskara
3. Mangalyaan
4. Chandrayaan 2

ENUMERATION IS THE KEY!!!!!

VulnHub

SafeHarbor: 1

October 4, 2019, 4:00 pm

≫ Next: Hacker Fest: 2019

≪ Previous: HA: ISRO

$

0

0

A harder VM designed to train for both pentesting newer IT infrastructure methodologies as well as network pivot practice.

You'll need to be familiar with pivoting techniques, web app vulnerabilities, Metasploit and Meterpreter, as well as enumeration methodologies and a good bit of patience.

As a note, there are two additional bonus flags that will appear in the /root directory based on pre-defined actions taken during the course of rooting the VM.

VulnHub

Hacker Fest: 2019

October 6, 2019, 4:00 pm

≫ Next: HA: Joker

≪ Previous: SafeHarbor: 1

$

0

0

The machine was part of my workshop for Hacker Fest 2019 at Prague.

Difficulty level of this VM is very “very easy”. There are two paths for exploit it.

• There are no intentional rabbit holes.
• Through a vulnerable "[retracted]". Exploit is part of MSF.
• Through vulnerable "[retracted]".
  • Can be found by "[retracted]".
  • There is a "[retracted]" injection (exploit is part of MSF).
  • Recovered credentials (username + hash) can be cracked by John and rockyou.txt wordlist.
  • Low priv shell can be gained through MSF exploit or trying the credentials against "[retracted]".
  • Priv. esc. is simply done by "[retracted]".

VulnHub

HA: Joker

October 8, 2019, 4:00 pm

≫ Next: SiXeS: 1

≪ Previous: Hacker Fest: 2019

$

0

0

This lab is going to introduce a little anarchy. It will upset the established order, and everything becomes will become chaos. Get your face painted and wear that Purple suit because it’s time to channel your inner Joker. This is a boot2root lab. Getting the root flag is ultimate goal.

ENUMERATION IS THE KEY!!!!!

VulnHub

---

SiXeS: 1

October 7, 2019, 4:00 pm

≫ Next: Bob's Missing Cat CTF: 1.1

≪ Previous: HA: Joker

$

0

0

Advanced-Hard Boot2Root machine intended to be used in a Workshop/CTF beside Shellmates Club.

The machine has 6 flags that will guide the challenger through it.

It covers web security, binary exploitation, and various misconfigurations.

VulnHub

Bob's Missing Cat CTF: 1.1

October 10, 2019, 4:00 pm

≫ Next: HA: Naruto

≪ Previous: SiXeS: 1

$

0

0

Bob’s Missing Cat is a three part CTF where the goal is to find your lost cat.

Bob’s Missing Cat Pt. 1 is an introduction to the world of Linux.

(This CTF is different from most, intended to be played out more like a story.)

Types of Commands learned by the end of Pt. 1: cd, ls, ls -la, pwd, cat, mkdir, mv, nano, chmod, etc.

Please do Bob’s Missing Cat Pt. 1 alongside the BMCInstrictable document.

Download ~ https://download.vulnhub.com/bobsmissingcat/BMCInstructable.docx

VulnHub

HA: Naruto

October 10, 2019, 4:00 pm

≫ Next: Gears of War: EP#1

≪ Previous: Bob's Missing Cat CTF: 1.1

$

0

0

Book your tickets to The Konohagakure, and train under Master Jiraiya, Hokage Uzumaki and Tsunade. Use your hacking skills to stop Orrochimaru and Rescue Sasuke. Hack this boot to root and get the title of “The Number One Hyperactive, Knucklehead Ninja”

ENUMERATION IS THE KEY!!!!!

VulnHub

Gears of War: EP#1

October 16, 2019, 4:00 pm

≫ Next: Mortal Kombat: 1

≪ Previous: HA: Naruto

$

0

0

Its a CTF machine that deals with the history of gears of war, where we must try to escape from prison and obtain root privileges. it has some rabbit holes, so you have to try to connect the tracks to get access.

VulnHub

Mortal Kombat: 1

October 17, 2019, 4:00 pm

≫ Next: Connect The Dots: 1

≪ Previous: Gears of War: EP#1

$

0

0

This is an hard machine.

You'll need to master and chain together multiple vulnerabilities.

If you need a hint feel free to contact me on Twitter: @p4w16

VulnHub