Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment.

For download links and a walkthrough of some of the vulnerabilities (and how to exploit them), please take a look at the Metasploitable 2 Exploitability Guide.

Have fun!

Name: Game Over Category: Web Pentest Learning Platform File Type: VM image/iso

Author: Jovin Lobo Mentor: Murtuja Bharmal

Download URL: http://sourceforge.net/projects/null-gameover/files

Default Credentials: [username:root / password:gameover]

Description:

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover:

• XSS
• CSRF
• RFI & LFI
• BruteForce Authentication
• Directory/Path traversal
• Command execution
• SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!)

The host is based upon Ubuntu Server 12.04 and is fully patched as of early September 2012. The details are as follows:

• Architecture: x86
• Format: VMware (vmx & vmdk) compatibility with version 4 onwards
• RAM: 512MB
• Network: NAT
• Extracted size: 820MB
• Compressed (download size): 194MB – 7zip format – 7zip can be obtained from here

• MD5 Hash of Vulnix.7z: 0bf19d11836f72d22f30bf52cd585757

• Download Vulnix from HERE -

The goal; boot up, find the IP, hack away and obtain the trophy hidden away in /root by any means you wish – excluding the actual hacking of the vmdk

Free free to contact me with any questions/comments using the comments section below.

Enjoy!

About hackxor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

Features:

• Client attack simulation using HtmlUnit; no alert('xss') here.
• Smooth difficulty gradient from moderately easy to fiendishly tricky.
• Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
• Open ended play; progress by any means possible.

Download & install instructions

• Download the full version of hackxor (700mb)
• Install VMWare Player (This involves creating a free account with vmware)
• Extract hackxor1.7z, run the image using VMware player.
• Work out what the IP of hackxor is ((try 172.16.93.129)|| logging into the VM with username:root pass:hackxor and typing ifconfig)
• Configure your hosts file (/etc/hosts on linux) to redirect the following domains to the IP of hackxor: wraithmail, wraithbox, cloaknet, GGHB, hub71, utrack.
• Browse to http://wraithmail:8080 and login with username:algo password:smurf

If you can't edit the hosts file for some reason, you could use the 'Override hostname resolution' option in Burp proxy

Troubleshooting the installation:

• If http://wraithmail:8080 loads everything is probably working.
• First: Try 'nmap wraithmail' in a shell to see if port 8080 is open. If it is open, contact me! Otherwise:
• Second: Try nmap . If that succeeds, fix your hosts file. Otherwise:
• Third: If you really can't get any network contact with the VM, check the VM settings in the VM manager
• (this does not involve logging into the virtual machine). Make sure it is set to NAT. If that doesn't fix it:
• Fourth: Try changing the VM network setting to 'Bridged'. This will mean other people on the LAN can access it.
• Fifth: If all else fails, contact me on twitter.

The scene

You play a professional blackhat hacker hired to track down another hacker by any means possible. Start by checking your email on wraithmail, and see how far down the rabbit hole you can get. The key websites in this game are http://wraithmail:8080 http://cloaknet:8080 http://gghb:8080 and http://hub71:8080 so if you don't feel like tracking down your target you may hack them in any order. Each website will be properly introduced through the plot.

Changes since 1.0

• Fixed a potential-lose bug in hub71

Changes since the beta

• Made cloaknet (second level) harder/better/more realistic
• Added stealth ranking system
• Fixed 2 unintentional XSS vulns in rentnet(hub71)
• Enhanced rentnet(hub71) session security (You'll see)
• Added online demo (first 2 levels)
• Improved names/other fluff
• Added clear ending
• Made VM IP static-ish for easier installation
• Made VM only accessible from the host machine by default
• Linked sites together better
• Added anti-bruteforce protection
• Removed numerous bits of test code
• Removed a few obscenities
• Fixed some inaccuracies&minor bugs

VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.

Just to keep things interesting this particular disto also suffers from a known exploit from which it is relatively easy to gain a root shell. Once you've found the easy way, can you get root using a different method?

I've created these basic VoIP hacking training exercises as I found very limited resources online. Hopefully VulnVoIP will help others learn the basic fundamentals of VoIP hacking in a safe environment.

• Architecture: x86
• Format: VMware (vmx & vmdk) compatibility with version 4 onwards
• RAM: 512MB
• Network: NAT
• Extracted size: 1.68GB
• Compressed (download size): 552MB - 7zip format - 7zip can be obtained from here
• MD5 Hash of VulnVoIP.7z: 1411bc06403307d5ca2ecae47181972a

During my SQL Injection learning journey I needed a vulnerable web application for practice.

I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL.

I must confess, I am not a programmer and I have never coded in PHP before, I thought it would be a good practice to develop a PHP based site from scratch in order to learn the basic of PHP and MySQL.

exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques and it is a fully functional web site with a content management system based on fckeditor.

I thought some of you may find it useful so i decided to share it via a SourceForge project page i created for it at :

https://sourceforge.net/projects/exploitcoilvuln

Read Me First

Please notice! this web app is extremely vulnerable to SQLi attack and its poorly coded and configured intentionally.

It is not recommended to use this WebApp as live site on the net neither set it up on your local machine with access to it from the web.

Please use it in your internal LAN only, Set it up in a virtual environment such as VMware or Virtual Box.

This is a fully functional web site with a content management system based on fckeditor.

I hope you will find this web app useful in your SQLi and web app security studies or demonstrations.

General Information

Visit the Vulnerable Web Site by browsing to its IP address

Admin interface can be found at: http://localhost/admin

Username: admin

Password: P@ssw0rd

Database Name: exploit

Database contains 8 tables:

articles authors category downloads links members news videos I have only tested the web app for SQLi, but i am sure you will find some more interesting vulnerabilities

Please try to avoid using automated tools to find the vulnerabilities and try doing it manually

Feel free to discuss this web app by visiting http://exploit.co.il and commenting on the relevant post.

You can send solutions, videos and ideas to shai[at]exploit.co.il and i will post them on my blog.

Good Luck!

The idea behind VulnVPN is to exploit the VPN service to gain access to the sever and ‘internal’ services. Once you have an internal client address there are a number of ways of gaining root (some easier than others).

Client VPN Configuration

I have created/uploaded the relevant files which can be obtained from the compressed file here. You’ll need to configure Openswan/xl2tpd on your system, if you’re using an Ubuntu based Linux variant you can follow the below steps – please note that I’ve used Backtrack 5r3 for all client testing (mentioned as I know it works well):

1. apt-get install openswan xl2tpd ppp

2. Copy the downloaded client files into the following locations:

   /etc/ipsec.conf

   /etc/ipsec.secrets

   /etc/ppp/options.l2tpd.client

   /etc/xl2tpd/xl2tpd.conf

3. VulnVPN is located at 192.168.0.10 and the client configuration files state that the client IP address is 192.168.0.11. If you want your client to have a different address ensure you change the relevant settings in /etc/ipsec.conf.

4. To establish a VPN connection run the following command: ipsec auto –up vpn (that’s two hyphens before up, they get lost in the post formatting). If you’re viewing the logs you should see something along the lines of ‘IPsec SA established’.

5. If the connection succeeds (remember you’ll need to obtain the PSK before this is possible) you can run the ‘start-vpn.sh’ script (included with client config files download) or run the following command to initialise the PPP adaptor: echo “c vpn” > /var/run/xl2tpd/l2tp-control

6. Run ip list or ifconfig and you should see that a new PPP adapter has been created and assigned an IP address (this may not be instant, give it a few seconds). If the adaptor fails to come up run the script/command again – I’ve come across this issue a few times.

Note: If you change your configuration/IP settings etc you’ll need to reload the relevant configuration files i.e. /etc/init.d/ipsec restart and/or /etc/init.d/xl2tpd restart

Troubleshooting

I realise that VPN’s can be very troublesome (setting this challenge up was bad enough), so I have allowed access to auth and ufw logs. These should help highlight issues you may be experiencing and can be found at http://192.168.0.10:81 (note port 81). Please note that hacking this page and associated scripts are not part of the challenge, rather they have been provided for assistance.

A useful config reference can also be found here: https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup

Download Information

Architecture: x86 Format: VMware (vmx & vmdk) compatibility with version 4 onwards RAM: 1GB Network: NAT – Static IP 192.168.0.10 (no G/W or DNS configured) Extracted size: 1.57GB Compressed (download size): 368MB – 7zip format – 7zip can be obtained from here Download VulnVPN from -HERE-

MD5 Hash of VulnVPN.7z: 9568aa4c94bf0b5809cb0a282fffa5c2

Download Client files from -HERE-

MD5 Hash of client.7z: e598887f2e4b18cd415ea747606644f6

As per usual, I shall add a related solutions post shortly. Until then, enjoy