This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there).

This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. This is the second of many to come, please feel free to supply feedback so I can make future ones more enjoyable and fulfilling.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

There are no supplied credentials, and it is intended that the network services on the VM are the attack vectors.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there). You can also ask me on Twitter(@botnet_hunter). You can also email me at bwall(at)ballastsecurity.net

Tr0ll was inspired by the constant trolling of the machines within the OSCP labs.

The goal is simple, gain root and get Proof.txt from the /root directory.

Not for the easily frustrated! Fair warning, there be trolls ahead!

Difficulty: Beginner ; Type: boot2root

Special thanks to @OS_Eagle11 and @superkojiman for suffering through the testing all the way to root!

The machine should pull an IP using DHCP, if you have any problems, contact me for a password to get it to working.

Feedback is always appreciated!

@maleus21

Freenode - Maleus

MD5SUM (Tr0ll.rar): 318fe0b1c0dd4fa0a8dca43edace8b20

Pegasus

         .-.
   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Location

https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 [File size: 600MB]

Hints

1. Get a user shell by uploading a reverse shell and executing it.
2. A proxy may help you to upload the file you want, rather than the file that the server expects.
3. There are 3 known privesc exploits that work. Some people have had trouble executing one of them unless it was over a reverse shell using a netcat listener.

Contact @RobertWinkel for more hints.

Title: The Wall
File: thewall.ova
md5sum: a5e6ebde160239bce605cca8e1cf207d
Size: 299.4MB
Hypervisor: Created with VMWare Fusion.  Tested with vmware (fusion) and virtualbox.
Author:  @xerubus
Test Bunnies:  Rasta Mouse and TheColonial
Difficulty: Intermediate

This boot2root box is exclusive to VulnHub. If you have a crack at the challenge, please consider supporting VulnHub for the great work they do for our offsec community.

Description

In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of Pink Floyd's contribution to the music industry, with each challenge giving the attacker an introduction to each member of the Floyd.

You challenge is simple... set your controls for the heart of the sun, get root, and grab the flag! Rock on!

Notes

• DHCP (Automatically assigned)
• IMPORTANT: The vm IS working as intended if you receive a successful DHCP lease as seen in the boot up sequence.
• 'thewall' vm must be on the same subnet as the attacking machine AND the attacking machine should ideally be a vm on the same network as 'thewall'. If you choose to use a physical box as the attacking machine, 'thewall' must exist on the same network via a bridged interface.

         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods

More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

Welcome to 1989!

And welcome to Germany!

This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it.

This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques!

Just a solid and simple advanced persistent threat (admins) ;)

So the level is clearly: beginner (as intended).

For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM.

I made the effort to throw some very basic story/polish into it.

Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console!

-No, I dont consider finding the VM in your own network a real challenge ;)-

If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub!

Hope you enjoy this VM!

Gonna enjoy reading some writeups and hope you might find other ways then the intended ones!

Best Regards

Warrior

Title: The Necromancer

File: necromancer.ova

md5sum: 6c4cbb7776acac8c3fba27a0c4c8c98f

sha1sum: 712d4cfc19199dea92792e64a43ae7ac59b1dd05

Size: 345MB

Hypervisor: Created with VirtualBox 5.0.20. Tested with virtualbox and vmware player.

Author: @xerubus

Test Bunnies: @dooktwit and @RobertWinkel

Difficulty: Beginner

Description

The Necromancer boot2root box was created for a recent SecTalks Brisbane CTF competition.

There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner.

The end goal is simple... destroy The Necromancer!

Notes

• DHCP (Automatically assigned)
• IMPORTANT: The vm IS working as intended if you receive a successful DHCP lease as seen in the boot up sequence.
• The Necromancer VM MUST be on the same subnet as the attacking machine. Ideally both the boot2root VM and the attacking machine should be on the same HostOnly network. If you choose to use a physical box as the attacking machine, the boot2root VM must exist on the same network via a bridged interface.

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

• SQL Injection (Error-based)
• SQL Injection (Blind)
• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Insecure Direct-Object Reference
• Username Enumeration
• Path Traversal
• Exposed phpinfo()
• Exposed Administrative Interface
• Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip

Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip

Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD

SkyDog Con CTF 2016 - Catch Me If You Can

Difficulty: Beginner/Intermediate

Instructions: The CTF is a virtual machine and works best in Virtual Box. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above make sure that USB 2.0 is disabled before booting up the VM. The networking is setup for a Host-Only Adapter by default but you can change this before booting up depending on your networking setup. The Virtual Machine Server is configured for DHCP. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help.

Flags

The eight flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533

Flag #1 Don’t go Home Frank! There’s a Hex on Your House.

Flag #2 Obscurity or Security?

Flag #3 Be Careful Agent, Frank Has Been Known to Intercept Traffic Our Traffic.

Flag #4 A Good Agent is Hard to Find.

Flag #5 The Devil is in the Details - Or is it Dialogue? Either Way, if it’s Simple, Guessable, or Personal it Goes Against Best Practices

Flag #6 Where in the World is Frank?

Flag #7 Frank Was Caught on Camera Cashing Checks and Yelling - I’m The Fastest Man Alive!

Flag #8 Franks Lost His Mind or Maybe it’s His Memory. He’s Locked Himself Inside the Building. Find the Code to Unlock the Door Before He Gets Himself Killed!