----------------
bee-box - README
----------------

bee-box is a custom Linux VM pre-installed with bWAPP.

With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...

This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. 
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.

We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)

Enjoy!

Cheers

Malik Mesellem
Twitter: @MME_IT

-----------------------
bee-box - Release notes
-----------------------

v1.6
****

Release date: 2/11/2014

bWAPP version: 2.2

New features:

- Vulnerable Drupal installation (Drupageddon)

Bug fixes: /

Modifications: /


v1.5
****

Release date: 27/09/2014

bWAPP version: 2.1

New features:

- CGI support (Shellshock ready)

Bug fixes: /

Modifications: /


v1.4
****

Release date: 12/05/2014

bWAPP version: 2.0

New features:

- Lighttpd web server installed, running on port TCP/9080 and TCP/9443
- PHP SQLite module installed
- SQLiteManager 1.2.4 installed
- Vulnerable bWAPP movie network service (BOF)

Bug fixes: /

Modifications: /


v1.3
****

Release date: 19/04/2014

bWAPP version: 1.9+

New features:

- Nginx web server installed, running on port TCP/8080 and TCP/8443
- Nginx web server configured with a vulnerable OpenSSL version (heartbleed vulnerability)
- Insecure distcc (a fast, free distributed C/C++ compiler)
- Insecure NTP configuration
- Insecure SNMP configuration
- Insecure VNC configuration

Bug fixes:

- bWAPP update script checks for Internet connectivity

Modifications: /


v1.2
****

Release date: 22/12/2013

bWAPP version: 1.8

New features:

- Apache modules enabled: rewrite, include, headers, dav, action
- Apache server-status directive enabled
- Insecure anonymous FTP configuration
- Insecure WebDAV configuration
- Server-Side Includes configuration
- Vulnerable PHP CGI configuration

Bug fixes: /

Modifications:

- MySQL listening on 0.0.0.0
- New bWAPP update script


v1.1
****

Release date: 12/09/2013

bWAPP version: 1.5

New features:

- bWAPP update script

Bug fixes: /

Modifications: /


v1.0
****

Release date: 15/07/2013

bWAPP version: 1.4

New features: /

Bug fixes: /

Modifications: /

-----------------
bee-box - INSTALL
-----------------

bee-box is a custom Linux VM pre-installed with bWAPP.

With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...


Requirements
////////////

*/ Windows, Linux or Mac OS
*/ VMware Player, Workstation, Fusion or Oracle VirtualBox


Installation steps
//////////////////

No! I will not explain how to install VMware or VirtualBox...

*/ Extract the compressed file.

*/ Double click on the VM configuration file (bee-box.vmx), or import the VM into the VMware software.

*/ Start the VM. It will login automatically.

*/ Check the IP address of the VM.

*/ Go to the bWAPP login page. If you browse the bWAPP root directory you will be redirected.

    example: http://[IP]/bWAPP/
    example: http://[IP]/bWAPP/login.php

*/ Login with the default bWAPP credentials, or make a new user.

    default credentials: bee/bug

*/ You are ready to explore and exploit the bee!


Notes
/////

*/ Linux credentials:

    bee/bug
    root/bug

*/ MySQL credentials:

    root/bug

*/ Modify the Postfix settings (relayhost,...) to your environment.

    config file: /etc/postfix/main.cf

*/ bee-box gives you several ways to deface the bWAPP website.
   It's even possible to hack the bee-box to get root access...

   Have fun!

*/ Take a snapshot of the VM before hacking the bee-box.
   There is also a backup of the bWAPP website (/var/www/bWAPP_BAK).

*/ To reinstall the bWAPP database, delete the database with phpmyadmin (http://[IP]/phpmyadmin/).
   Afterwards, browse to the following page: https://[IP]/bWAPP/install.php

*/ Don't upgrade the Linux operating system, you will lose all fun :)


This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. 
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.

We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)

Enjoy!

Cheers

Malik Mesellem
Twitter: @MME_IT

Pegasus

         .-.
   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)

The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)

There are a couple of different ways that you can go with this one. Good luck!

Simply download and import the OVA file into virtualbox!

New VM challenge that should be fun for people trying to get into packet analysis!

There are several steps to this box. I created it with virtualbox. The VM is built on:

Ubuntu 14.04 32 bit

If you beat the box then please shoot me an email! Have fun guys!

P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)

Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers.

As the target gets used will read the file contents /root/flag.txt obviously once climbed the privileges necessary to accomplish the task.

The image can be mounted with VirtualBox . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Good luck !. If you want to send in pdf format solucionarios can do so at the following address: s3csignal [at] gmail [dot] com

Codename: NB0x01

Download: ly0n.me/nullbyte/NullByte.ova.zip

Objetcive: Get to /root/proof.txt and follow the instructions.

Level: Basic to intermediate.

Description: Boot2root, box will get IP from dhcp, works fine with virtualbox&vmware.

Hints: Use your lateral thinking skills, maybe you’ll need to write some code.

The Challenge:

You are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find the second flag (a text file). Look, read and maybe even listen. You will need to use basic web application recon skills as well as some forensics to find both flags.

Level: Intermediate

Description:

The virtual machine comes in an OVA format, and is a generic 32 bit CentOS Linux build with a single available service (HTTP) where the challenge resides. Feel free to enable bridged networking to have the VM automatically be assigned a DHCP address. This VM has been tested in VMware Workstation 12 Player (choose "Retry" if needed), and VirtualBox 4.3.

SHA1: f60f497f3f8fda0d0aeccfc84dad8e19ad164f55 Challenge.ova

Twitter: @SpyderSec

I created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP.

This is a boot-to-root machine will not require any guest interaction.

There are two designed methods for privilege escalation.

• 23/09/2015 == v1.0.1
• 22/09/2015 == v1.0

If you are having issues with VirtualBox, try the following:

• Downloaded LordOfTheRoot_1.0.1.ova (confirmed file hash)
• Downloaded and installed VMWare ovftool.
• Converted the OVA to OVF using ovftool.

• Modified the OVF using text editor, and did the following:

  replaced all references to "ElementName" with "Caption" replaced the single reference to "vmware.sata.ahci" with "AHCI"

• Saved the OVF. +Deleted the .mf (Manifest) file. If you don't you get an error when importing, saying the SHA doesn't match for the OVF (I also tried modifying the hash, but no luck).

• Try import the OVF file, and it should work fine.

Source: https://twitter.com/dooktwit/status/646840273482330112

Minotaur CTF

Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly.

The VM will assign itself a specific IP address (in the 192.168.56.0/24 range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X.

If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a "Host Only" network adapter. You can see the machine from VMWare Workstation by: - Going into Virtual Network Editor and changing the VMnet0 network to "Bridged to: VirtualBox Host-Only Ethernet Adapter". - Setting your VMWare network adapter to Custom (VMnet0) - If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a 192.168.56.0/24 address.

Location

The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 [File size: 691MB]

Hints

1. This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
2. One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.

Contact @RobertWinkel for more hints.

Fuku CTF

Fuku (pronounced "far queue") CTF is designed to fuck with people.

This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the 192.168.56.0/24 range. It only likes having an IP address in that range.

Treat the box as if it was on the network. Don't try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader.

There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell.

Scenario

"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."

Location

The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 [File size: 2GB]

Hints

1. Some scripting will probably be needed to find a useful port.
2. If the machine seems to go down after a while, it probably hasn't. This CTF isn't called Fuku for nothing!

Contact @RobertWinkel for more hints.

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Location

https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 [File size: 600MB]

Hints

1. Get a user shell by uploading a reverse shell and executing it.
2. A proxy may help you to upload the file you want, rather than the file that the server expects.
3. There are 3 known privesc exploits that work. Some people have had trouble executing one of them unless it was over a reverse shell using a netcat listener.

Contact @RobertWinkel for more hints.