Pentester Lab: CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection...
DifficultyBeginnerDetailsThis exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.What you will learn?Exploiting...
View ArticlePentester Lab: From SQL injection to Shell: PostgreSQL edition
DifficultyBeginnerDetailsThis exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system....
View ArticlePentester Lab: Rack Cookies and Commands Injection
DifficultyIntermediateDetailsAfter a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is...
View ArticlePentester Lab: Introduction to Linux Host Review
DifficultyBeginnerDetailsThis exercice explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed...
View ArticlePentester Lab: CVE-2012-2661: ActiveRecord SQL injection
DifficultyAdvancedDetailsThis exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database.What you will learn?Exploiting CVE-2012-2661Time based SQL injectionsVulnHub
View ArticlePentester Lab: CVE-2012-1823: PHP CGI
DifficultyBeginnerDetailsThis exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution.What you will learn?Exploiting CVE-2012-1823 The...
View ArticlePentester Lab: PHP Include And Post Exploitation
DifficultyBeginnerDetailsThis exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.What you will...
View ArticlePentester Lab: From SQL injection to Shell
DifficultyBeginnerDetailsThis exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the...
View ArticleCommand Injection ISO: 1
We've packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not...
View ArticlePentester Lab: CVE-2007-1860: mod_jk double-decoding
DifficultyBeginnerDetailsThis exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common...
View ArticleLAMPSecurity: CTF4
Updated to set default runlevel to 3 (no X windows) and fixed DHCP.This is the fourth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions....
View ArticleLAMPSecurity: CTF5
This is the fifth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not...
View ArticleLAMPSecurity: CTF6
The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture...
View ArticleLAMPSecurity: CTF7
This is the latest of several releases that are part of the LAMP Security project. The other exercises can be found under the 'Capture the Flag' folder. Note the PDF doesn't include the target image....
View ArticleLAMPSecurity: CTF8
ctf8.zip contains the compressed virtual machine target (ctf8.vmdk) as well as the PDF walk through instructions.The latest release fixes some issues with the user cron jobs that check their mail....
View ArticleSecOS: 1
Not too tired after BSides London? Still want to solve challenges? Here is the VM I told about during my talk where you'll have to practice some of your skills to retrieve the precious flag located...
View ArticleBot Challenges: LoBOTomy
I always enjoy creating and releasing vulnerable virtual machines so readers can get a first hand feel of attacking these command and control panels without doing anything illegal. The objective of...
View ArticleCySCA: CySCA2014-in-a-Box
CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their...
View ArticleHell: 1
Welcome to the challenge. This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet...
View ArticleSkyTower: 1
Welcome to SkyTower:1This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in...
View Article