A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo

What?

Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.

Why?

The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.

Where?

Download Web Security Dojo from http://sourceforge.net/projects/websecuritydojo/files/ .

How?

To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox. As of version 1.0 a VMware version is also provided, as well as video install instructions

Who?

Sponsored by Maven Security Consulting Inc (performing web app security testing & training since 1996). Also, could be you! Web Security Dojo is an open source and fully transparent project, with public build scripts and bug trackers on Sourceforge .

More?

Look for Dojo videos on our YouTube channel at http://www.youtube.com/user/MavenSecurity Hack your way to fame and glory 1 with our security challenges posted at Reddit (http://www.reddit.com/r/WebSecChallenges/). [1. Fame and glory not included; void where prohibited by law]

 _               _                         
| |__  _ __ __ _(_)_ __  _ __   __ _ _ __  
| '_ \| '__/ _` | | '_ \| '_ \ / _` | '_ \ 
| |_) | | | (_| | | | | | |_) | (_| | | | |
|_.__/|_|  \__,_|_|_| |_| .__/ \__,_|_| |_|
                        |_|                
                            by superkojiman  
                 http://www.techorganic.com

DISCLAIMER
----------
By using this virtual machine, you agree that in no event will I be liable 
for any loss or damage including without limitation, indirect or 
consequential loss or damage, or any loss or damage whatsoever arising 
from loss of data or profits arising out of or in connection with the use 
of this software.

TL;DR: If something bad happens, it's not my fault.



SETUP
-----
Brainpan has been tested and found to work on the following hypervisors:
-    VMware Player 5.0.1
-    VMWare Fusion 5.0
-    VirtualBox 4.2.8

Import Brainpan into your preferred hypervisor and configure the network 
settings to your needs. It will get an IP address via DHCP, but it's 
recommended you run it within a NAT or visible to the host OS only since it
is vulnerable to attacks.

Source: Brainpan.zip/readme.txt

MD5 (brainpan.ova) = fc0f163220b9884df5dcc9cdc45361e4

Source: Brainpan.zip/md5.txt

     __________       .__          __  .__      .__  __
     \______   \ ____ |  | _____ _/  |_|__|__  _|__|/  |_ ___.__.
      |       _// __ \|  | \__  \\   __\  \  \/ /  \   __<   |  |
      |    |   \  ___/|  |__/ __ \|  | |  |\   /|  ||  |  \___  |
      |____|_  /\___  >____(____  /__| |__| \_/ |__||__|  / ____| ·VM·
             \/     \/          \/                        \/  -v1.0.1-
 +-----------------------------------------------------------------------+
 |  cReaTeD....: sagi-               |  DaTe......: 2013-11-29           |
 |  oS.........: Linux               |  oBJecTiVe.: Read /root/flag.txt  |
 |                                   |  GReeTZ....: g0tmi1k & l0ca1hoSt  |
 +-----------------------------------------------------------------------+

v1.0.1 ~ 2013-11-29 Fixed a few bugs when using VirtualBox (thanks to Bas van den Berg - @barrebas)

v1.0 ~ 2013-11-16 Public release

v0.0 ~ 2013-11-01 Private release - Zacon

v0.0 ~ 2013-06-29 Private release - HackFu

  _               _                           ___  
 | |             (_)                         |__ \ 
 | |__  _ __ __ _ _ _ __  _ __   __ _ _ __      ) |
 | '_ \| '__/ _` | | '_ \| '_ \ / _` | '_ \    / / 
 | |_) | | | (_| | | | | | |_) | (_| | | | |  / /_ 
 |_.__/|_|  \__,_|_|_| |_| .__/ \__,_|_| |_| |____|
                         | |                       
                         |_|

                             by superkojiman  
                  http://www.techorganic.com

DISCLAIMER

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR: If something bad happens, it's not my fault.

SETUP

Brainpan has been tested and found to work on the following hypervisors: - VMware Player 6.0.1 - VMWare Fusion 6.0.2 - VirtualBox 4.3.2

Check to make sure brainpan2.ova has following checksums so you know your download is intact:

MD5: bf01f03ea0e7cea2553f74189ff35161

SHA1: b46891cda684246832f4dbc80ec6e40a997af65a

Import brainpan2.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it's recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.

____   ___   ____   ___  __ ____   ___   ____     ____
`MM(   )P'  6MMMMb  `MM 6MM `MM(   )P'  6MMMMb   6MMMMb\
 `MM` ,P   6M'  `Mb  MM69 "  `MM` ,P   6M'  `Mb MM'    `
  `MM,P    MM    MM  MM'      `MM,P    MM    MM YM.
   `MM.    MMMMMMMM  MM        `MM.    MMMMMMMM  YMMMMb
   d`MM.   MM        MM        d`MM.   MM            `Mb
  d' `MM.  YM    d9  MM       d' `MM.  YM    d9 L    ,MM
_d_  _)MM_  YMMMM9  _MM_    _d_  _)MM_  YMMMM9  MYMMMM9




    xerxes v0.1
    by @barrebas

    xerxes.ova md5 4a1b5e1a984d8e01353dd32fd37554bc

    get root and read /root/flag

    tested on virtualbox 4.1.12 -- many thanks to
    TheColonial for testing!

    please share your thoughts on this vm! if you
    find any bugs, please let me know on irc
    (freenode #vulnhub)



DISCLAIMER

By using this virtual machine, you agree that in no event
will I be liable for any loss or damage including without
limitation, indirect or consequential loss or damage,  or
any  loss or  damage whatsoever arising from loss of data
or profits  arising out of  or in connection with the use
of this software.

Welcome to VulnOS !

This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!!

Your goal is to get root and find all the vulnerabilities inside the OS ! It is a ubuntu server 10.04 LTS (that's been made very buggy!!!!) DO NOT USE This Box in a production environment!!!!!!! It's a VM thas has been made with Virtualbox 4.3.8 - so it's in the .vdi format.

Networking :

This box has been made with bridged networking and uses DHCP to get an IP address (was 192.168.1.66 when I built it). So it is best to share the attack OS and the TARGET BOX to IP-Range OF 192.168.1.1/24

Maybe you could set it up with m0n0wall and setup static IP-addresses.

If you cannot find the target's IP ADRERSS, contact me @ blakrat1 AT gmail DOT com I will give you the root user and password to login....

Hope you find this useful !!!

Note from VulnHub

100% works with VMware player6, workstation 10 & fusion 6.

May have issues with ViritualBox If this is the case, try this 'fix': http://download.vulnhub.com/kioptrix/kiop2014_fix.zip - Step by Step screenshots for Virtualbox 4.3 & VMware Workstation 9)

About the VM

As usual, this vulnerable machine is targeted at the beginner. It's not meant for the seasoned pentester or security geek that's been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.

Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball reason it doesn't get its IP (well I do kinda know why but don't want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go.

This was created using ESX 5.0 and tested on Fusion, but shouldn't be much of a problem on other platforms.

Kioptrix VM 2014 download 825Megs

MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a

SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432

Waist line 32"

p.s.: Don't forget to read my disclaimer...

Not too tired after BSides London? Still want to solve challenges? Here is the VM I told about during my talk where you'll have to practice some of your skills to retrieve the precious flag located here: /root/flag.txt. This VM is an entry-level boot2root and is web based.

This VM is the first of a series which I'm currently creating where there will be links between all of them. Basically, each machine in the series will rely/depend on each other, so keep the flags for the next VMs.

This has been tested on VirtualBox and gets its IP from the DHCP server. Moreover, if you find yourself bruteforcing, you're doing something wrong. It is not needed and it wasn't designed to be done this way. Instead, focus on exploiting web bugs!

If you have any questions, feel free to ask me on Twitter @PaulWebSec or throw me a mail: paulwebsec(at)gmail(dot)com

CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags.

To use CySCA2014 in a box virtual machines, players will need to have either Oracle VirtualBox or VMWare Player installed on their machines. Additionally we recommend players have at least 4GB of RAM. If you have less RAM, you can reduce the amount of RAM available to the VM down to 512MB, however it may adversely affect the speed of some of the challenges.

CAUTION The VM contains software that is deliberately vulnerable. We advise that you do not attach it to a critical network. Consider using your virtualisation softwares host-only network functionality.

 _______  _______  ______    _______  ___   _______  _______  _______  __    _  _______  _______ 
|       ||       ||    _ |  |       ||   | |       ||       ||       ||  |  | ||       ||       |
|    _  ||    ___||   | ||  |  _____||   | |  _____||_     _||    ___||   |_| ||       ||    ___|
|   |_| ||   |___ |   |_||_ | |_____ |   | | |_____   |   |  |   |___ |       ||       ||   |___ 
|    ___||    ___||    __  ||_____  ||   | |_____  |  |   |  |    ___||  _    ||      _||    ___|
|   |    |   |___ |   |  | | _____| ||   |  _____| |  |   |  |   |___ | | |   ||     |_ |   |___ 
|___|    |_______||___|  |_||_______||___| |_______|  |___|  |_______||_|  |__||_______||_______|

         "the fact of continuing in an opinion or course of action in spite of 
      difficulty or opposition"

                                                   by sagi- & superkojiman

DISCLAIMER

By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.

ABOUT

Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:

"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge

"Energy and persistence conquer all things." - Benjamin Franklin

"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley

GOAL

Get a root shell and read the contents of /root/flag.txt to complete the challenge!

SETUP

The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:

VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3

SHOUT OUTS

Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!

The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)

Difficulty is beginner++ to intermediate.

The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address.

Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas.

If you have issues with the machine, feel free to contact me at @Maleus21 or maleus overflowsecurity.com.

-Maleus

www.overflowsecurity.com