Quantcast
Channel: VulnHub ~ Entries
Viewing all 861 articles
Browse latest View live

Kvasir: I

October 16, 2014, 4:00 pm
$
0
0

Kvasir 1

Filename: kvasir1.ova

MD5: e987e8bbe319db072246ab749912ea91

SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4a

Author: Rasta Mouse

Testers: Barrebas & OJ

Notes to the Player

As part of the challenge, Kvasir utilises LXC to provide kernel isolation. When the host VM boots, it takes can take a little bit of time before the containers become available.

It is therefore advised to wait 30-60 seconds after the login prompt is presented, before attacking the VM.

A few other pointers:

  • Not every LXC is ‘rootable’
  • No SSH brute-forcing is required



VulnHub
Search

Tr0ll: 2

October 23, 2014, 4:00 pm
$
0
0

The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)

Difficulty is beginner++ to intermediate.

The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address.

Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas.

If you have issues with the machine, feel free to contact me at @Maleus21 or maleus overflowsecurity.com.

-Maleus

www.overflowsecurity.com




VulnHub

Underdist: 3

November 28, 2014, 4:00 pm
$
0
0

Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).

Enjoy




VulnHub

Pegasus: 1

December 15, 2014, 4:00 pm
$
0
0

Pegasus

         .-.
   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)




VulnHub

The Purge: 1

January 2, 2015, 4:00 pm
$
0
0
  • Objective: gain shell access and root the box.
  • Hardness: intermediate-> advanced.
  • Note: The box doesn't respond to ping, so be sure to check the DHCP lease.



VulnHub

Pandora's Box: 1

January 3, 2015, 4:00 pm
$
0
0 
-=Pandora's Box =-
               ___
             (((((\\
              6_6 ((,
          __ -\_ __\--.
       ,-',\\` '//,\_  \
      |.----&----. \ `. \
      (__,___,__(_  \   |
  _____|        | |__`--'____
       |________|,'        hjw

Filename: pandoras_b0x.ova
MD5: bf3eb20ca837edccc7edbf627e095bbd
SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201
Author: c0ne
Testers: Barrebas / Jelle
Difficulty: Medium

About:
Pandora's box is a Boot2Root VM focused on binary exploitation and
reverse engineering. You have to complete all levels to r00t the box.
Some levels come with a readme file which you should read.

Usage:
Import, boot and wait 60 seconds for everything to start up before
scanning it.

Shootout:
Major thanks to Barrebas and Jelle for testing the VM and challenges
and the feedback.


c0ne



VulnHub

The Frequency: 1

January 6, 2015, 4:00 pm
$
0
0
  • Objective: gain shell access for each level. Then reach root.
  • Note: figure out what the blips are, where they are, and how to decode each one.



VulnHub

Sokar: 1

January 29, 2015, 4:00 pm
$
0
0 
Sokar

Filename:  sokar.ova
MD5:  75f5c48e65fa81dc81ef3b58b7ee6bab
SHA1:  5f4aca536898bf962bfcfd2aaccb66fda1ab790a
Author:  Rasta Mouse
Testers:  Barrebas & TheColonial

=====
Notes
=====
DHCP (Automatically Assigned)

    Special note to VMWare users - you must manually set the
    NIC MAC address to 08:00:27:F2:40:DB

Get root, then the flag!



VulnHub
Search

ROP Primer: 1

March 3, 2015, 4:00 pm
$
0
0

Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.

We hope you enjoy it!




VulnHub

TopHatSec: FartKnocker

March 5, 2015, 4:00 pm
$
0
0

New VM challenge that should be fun for people trying to get into packet analysis!

There are several steps to this box. I created it with virtualbox. The VM is built on:

Ubuntu 14.04 32 bit

If you beat the box then please shoot me an email! Have fun guys!

P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)




VulnHub

TopHatSec: ZorZ

February 17, 2015, 4:00 pm
$
0
0

ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:

Welcome to the ZorZ VM Challenge

This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!

admin@top-hat-sec.com




VulnHub

TopHatSec: Freshly

February 17, 2015, 4:00 pm
$
0
0

The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)

There are a couple of different ways that you can go with this one. Good luck!

Simply download and import the OVA file into virtualbox!




VulnHub

Pentester Lab: Play XML Entities

April 6, 2015, 4:00 pm
$
0
0

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism




VulnHub

Darknet: 1.0

May 1, 2015, 4:00 pm
$
0
0

Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers.

As the target gets used will read the file contents /root/flag.txt obviously once climbed the privileges necessary to accomplish the task.

The image can be mounted with VirtualBox . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Good luck !. If you want to send in pdf format solucionarios can do so at the following address: s3csignal [at] gmail [dot] com




VulnHub

Hell: 1

July 6, 2014, 4:00 pm
$
0
0

Welcome to the challenge.

This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet the challenge. There is no 'one' focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts!

A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place!

Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won't get any, but I'll feel all warm and fuzzy inside knowing you're suffering.

Enjoy.




VulnHub
Search

SkyTower: 1

June 25, 2014, 4:00 pm
$
0
0

Welcome to SkyTower:1

This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach and obtain the "flag".

You will require skills across different facets of system and application vulnerabilities, as well as an understanding of various services and how to attack them. Most of all, your logical thinking and methodical approach to penetration testing will come into play to allow you to successfully attack this system. Try different variations and approaches. You will most likely find that automated tools will not assist you.

We encourage you to try it our for yourself first, give yourself plenty of time and then only revert to the Walkthroughs below.

Enjoy!

Telspace Systems

@telspacesystems




VulnHub

xerxes: 2.0.1

August 3, 2014, 4:00 pm
$
0
0 
____   ___  ____  ___  __ ____   ___  ____     ____     ____
`MM(   )P' 6MMMMb `MM 6MM `MM(   )P' 6MMMMb   6MMMMb\  6MMMMb
 `MM` ,P  6M'  `Mb MM69 "  `MM` ,P  6M'  `Mb MM'    ` MM'  `Mb
  `MM,P   MM    MM MM'      `MM,P   MM    MM YM.           ,MM
   `MM.   MMMMMMMM MM        `MM.   MMMMMMMM  YMMMMb      ,MM'
   d`MM.  MM       MM        d`MM.  MM            `Mb   ,M'
  d' `MM. YM    d9 MM       d' `MM. YM    d9 L    ,MM ,M'
_d_  _)MM_ YMMMM9 _MM_    _d_  _)MM_ YMMMM9  MYMMMM9  MMMMMMMM



                Welcome.

                Before you lies the mainframe of XERXES.
                Compromise the subsystems and gain access to /root/flag.txt

                                XERXES wishes you
                                 a pleasant stay.



                @barrebas


                Shoutout & Thanks
                -----------------
                Many thanks to
                        TheColonial (@TheColonial) & rasta_mouse (@_RastaMouse)
                for testing!


                File information
                ----------------
                xerxes2.vmdk:

                md5   : 724d4be6ecd126d4591f487d1710f7af
                sha1  : 7978e6dde9e589c5ea90561502b297a8e08147a4



VulnHub

Pentester Lab: Play Session Injection

July 13, 2014, 4:00 pm
$
0
0

Difficulty

Beginner

Details

This exercise covers the exploitation of a session injection in the Play framework

What you will learn?

  • Session injection
  • Play framework
  • Play's cookies



VulnHub

Flick: 1

August 7, 2014, 4:00 pm
$
0
0 
 .o88o. oooo   o8o            oooo
 888 `" `888   `"'            `888
o888oo   888  oooo   .ooooo.   888  oooo
 888     888  `888  d88' `"Y8  888 .8P'
 888     888   888  888        888888.
 888     888   888  888   .o8  888 `88b.
o888o   o888o o888o `Y8bod8P' o888o o888o

Welcome to the flick boot2root!

- Where is the flag?
- What do you need to flick to find it?

Completing "flick" will require some sound
thinking, good enumeration skills & time! The
objective is to find and read the flag that
lives /root/

As a bonus, can you get root command execution?

Shoutout to @barrebas & @TheColonial for testing
it out first :)

$ sha1sum flick.ova
0e65f5a1f2b560d10115796c1adfb03548583db2  flick.ova

Good Luck!
@leonjza



VulnHub

Tr0ll: 1

August 13, 2014, 4:00 pm
$
0
0

Tr0ll was inspired by the constant trolling of the machines within the OSCP labs.

The goal is simple, gain root and get Proof.txt from the /root directory.

Not for the easily frustrated! Fair warning, there be trolls ahead!

Difficulty: Beginner ; Type: boot2root

Special thanks to @OS_Eagle11 and @superkojiman for suffering through the testing all the way to root!

The machine should pull an IP using DHCP, if you have any problems, contact me for a password to get it to working.

Feedback is always appreciated!

@maleus21

Freenode - Maleus

MD5SUM (Tr0ll.rar): 318fe0b1c0dd4fa0a8dca43edace8b20




VulnHub
Viewing all 861 articles
Browse latest View live
Search