Difficulty : Intermediate
Flag : Need to get root to read flag (root.txt)
Learning : Exploit | Web Application | Digital Forensics | Enumeration | Privilege Escalation
DHCP enabled
Welcome to Fsoft Hacking Labs !
If during boot, you notice Apache error. Please wait one minute then reboot. Labs are designed to destroy themselves when you exploit them incorrectly - Please create a snapshot of yourself.
Good luck to you as well !
Akasafe Team - FSOFT
Difficulty : Easy to Intermediate
Flag : 2 Flag first user And second root
Learning : Web Application | Enumeration | Password Cracking
MyExpense is a deliberately vulnerable web application that allows you to train in detecting and exploiting different web vulnerabilities. Unlike a more traditional "challenge" application (which allows you to train on a single specific vulnerability), MyExpense contains a set of vulnerabilities you need to exploit to achieve the whole scenario.
You are "Samuel Lamotte" and you have just been fired by your company "Furtura Business Informatique". Unfortunately because of your hasty departure, you did not have time to validate your expense report for your last business trip, which still amounts to 750 € corresponding to a return flight to your last customer.
Fearing that your former employer may not want to reimburse you for this expense report, you decide to hack into the internal application called "MyExpense " to manage employee expense reports.
So you are in your car, in the company carpark and connected to the internal Wi-Fi (the key has still not been changed after your departure). The application is protected by username/password authentication and you hope that the administrator has not yet modified or deleted your access.
Your credentials were: samuel/fzghn4lw
Once the challenge is done, the flag will be displayed on the application while being connected with your (samuel) account.
If you need to restore the database : go to http://IP/config/setup.php
Literally Vulnerable is supposed to give beginners a taste of real-world scenarios and OSCP machines at the same time! It was inspired highly by the @DC series.
You're supposed to know the big three (EEEs) Enumeration, Exploitation & Escalation of pentesting to pwn the machine. The machine is supposed to be beginner-friendly and the difficulty level is Easy-Intermediate depending on your knowledge. You need to have enough information about Linux file types & permissions for privileges escalation.
I'll try my best to continue with the series!
There are three flags in the machine: local.txt, user.txt & root.txt. You're supposed to grab all three in order to completely pwn the machine!
Hope you like the machine, best of luck! :)
Difficulty : Easy to Intermediate
Flag : 2 Flag first user And second root
Learning : Web Application | Enumeration | Password Cracking
Description: This VM tells us that there are a couple of lovers namely Alice and Bob, where the couple was originally very romantic, but since Alice worked at a private company, "Ceban Corp", something has changed from Alice's attitude towards Bob like something is "hidden", And Bob asks for your help to get what Alice is hiding and get full access to the company!
Difficulty Level: Beginner
Notes: there are 2 flag files
Learning: Web Application | Simple Privilege Escalation
Difficulty: Intermediate
Flag: 2 Flag first user And the second root
Learning: Web Application | Enumeration | Privilege Escalation
Web-site: www.hacknos.com
Contact-us : @rahul_gehlaut
Blog Post : https://secrethackersite.blogspot.com/2019/10/hackable-secret-hacker-vulnerable-web.html
DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
DC-9 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.
DC-9 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
A big thanks goes out to the members of @m0tl3ycr3w.
I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).
I can be contacted via Twitter - @DCAU7
The Stheno Corporation are planning to cause a doomsday event using an unknown doomsday device within the next 12 hours, are you able to stop them dead in their tracks?
Stop the doomsday from occuring by disabling the doomsday devices created by The Stheno Corporation. Once you have succeeded you can retrieve your flag from http://192.168.56.105/flag.php
================ !!! IMPORTANT !!! ================
There are two vms that need to be powered on at the same time you cannot have one open while the other is offline
The vms must be on a host-only network and must be able to use the following ips (default settings for virtualbox):
Settings for virtualbox: - IPv4 Address: 192.168.56.1 - IPv4 Netmask: 255.255.255.0
DHCP:
This must be setup as there are strict firewall rules on the vms
Do not worry if you cannot reach 192.168.56.107 from the host pc this is intended
Description: The Mattermost chatting system may or may not hold sensitive information. Can you find your way in?
Virtual Machine: VMware
Operation System: Linux Ubuntu 16.04
Format: VMDK
DHCP Service: Enabled
IP Address: Automatically Assigned
Intermediate real life based machine designed to teach people the importance of understanding from the interior.
Tested on VMware and Virtualbox
Good Enumeration Skills
Difficulty: Easy to Intermediate
Flag: 2 Flag first user And the second root
Learning: Web Application | Enumeration | Privilege Escalation
Web-site: www.hacknos.com
Contact-us
Twitter: @rahul_gehlaut
Five86-1 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
Five86-1 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.
Five86-1 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
A big thanks goes out to the members of @m0tl3ycr3w.
I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).
I can be contacted via Twitter - @Five86_x
Five86-2 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.
The ultimate goal of this challenge is to get root and to read the one and only flag.
Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.
For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.
Five86-2 is a VirtualBox VM built on Ubuntu 64 bit, but there shouldn't be any issues running it on most PCs.
Five86-2 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.
It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.
Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.
While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.
In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.
A big thanks goes out to the members of @m0tl3ycr3w and @syed__umar.
I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).
I can be contacted via Twitter - @Five86_x
Beginner real life based machine designed to teach people the importance of understanding from the interior.
Tested on VMware and Virtualbox
Good Enumeration Skills
Difficulty: Easy to Intermediate
Flag: 2 Flag first user And the second root
Learning: Web Application | Enumeration | Privilege Escalation
Web-site: www.hacknos.com
Contact-us
Twitter: @rahul_gehlaut
Difficulty : Intermediate ~ Hard
There is one intended way to get low privilege user and two intended ways to get root shell.
Getting root using the easier way : Use anything you have
Getting root the harder way : Only use what's in the /root/
Virtual Machine
Networking