xerxes: 2
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticlePentester Lab: Play Session Injection
DifficultyBeginnerDetailsThis exercise covers the exploitation of a session injection in the Play frameworkWhat you will learn?Session injectionPlay frameworkPlay's cookiesVulnHub
View ArticleFlick: 1
.o88o. oooo o8o oooo 888 `" `888 `"' `888 o888oo 888 oooo .ooooo. 888 oooo 888 888 `888 d88' `"Y8 888 .8P' 888 888 888 888 888888. 888 888 888 888 .o8 888 `88b. o888o o888o o888o `Y8bod8P' o888o o888o...
View ArticleTr0ll: 1
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. The goal is simple, gain root and get Proof.txt from the /root directory.Not for the easily frustrated! Fair warning,...
View ArticleMorning Catch: Phishing Industries
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.On this virtual machine, you will find: a website...
View Articlexerxes: 2.0.1
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM....
View ArticleOwlNest: 1.0.2
,' ``', ' (o)(o) ` > ; ', . ...-'"""""`'. .'`',`''''`________: ": (`'. '.; | ;/\;\; (`',.',.; | | (,'` .`.,' | | (,.',.',' | | (,.',.-`_____| | __\_ _\_ | | |_______________| Welcome to The Owl...
View ArticlePersistence: 1
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| ||...
View ArticlePentester Lab: CVE-2014-6271: ShellShock
Quickly created an exercise for cve-2014-6271:Source: https://twitter.com/PentesterLab/status/515079459284594688VulnHub
View ArticleKnock-Knock: 1.1
____ __. __ ____ __. __ ____ | |/ _| ____ ____ ____ | | __ | |/ _| ____ ____ ____ | | __ /_ | | < / \ / _ \_/ ___\| |/ / ______ | < / \ / _ \_/ ___\| |/ / | | | | \| | ( <_> ) \___| <...
View ArticleKvasir: I
Kvasir 1Filename: kvasir1.ovaMD5: e987e8bbe319db072246ab749912ea91SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4aAuthor: Rasta MouseTesters: Barrebas & OJNotes to the PlayerAs part of the challenge,...
View ArticleTr0ll: 2
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still...
View ArticlePentester Lab: PHP Include And Post Exploitation
DifficultyBeginnerDetailsThis exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks.What you will...
View ArticlePentester Lab: From SQL injection to Shell
DifficultyBeginnerDetailsThis exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the...
View ArticleCommand Injection ISO: 1
We've packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not...
View ArticlePentester Lab: CVE-2007-1860: mod_jk double-decoding
DifficultyBeginnerDetailsThis exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common...
View ArticleLAMPSecurity: CTF4
Updated to set default runlevel to 3 (no X windows) and fixed DHCP.This is the fourth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions....
View ArticleLAMPSecurity: CTF5
This is the fifth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not...
View ArticleLAMPSecurity: CTF6
The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture...
View ArticleLAMPSecurity: CTF7
This is the latest of several releases that are part of the LAMP Security project. The other exercises can be found under the 'Capture the Flag' folder. Note the PDF doesn't include the target image....
View Article