Welcome to the challenge.

This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet the challenge. There is no 'one' focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts!

A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place!

Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won't get any, but I'll feel all warm and fuzzy inside knowing you're suffering.

Enjoy.

 _______  _______  ______    _______  ___   _______  _______  _______  __    _  _______  _______ 
|       ||       ||    _ |  |       ||   | |       ||       ||       ||  |  | ||       ||       |
|    _  ||    ___||   | ||  |  _____||   | |  _____||_     _||    ___||   |_| ||       ||    ___|
|   |_| ||   |___ |   |_||_ | |_____ |   | | |_____   |   |  |   |___ |       ||       ||   |___ 
|    ___||    ___||    __  ||_____  ||   | |_____  |  |   |  |    ___||  _    ||      _||    ___|
|   |    |   |___ |   |  | | _____| ||   |  _____| |  |   |  |   |___ | | |   ||     |_ |   |___ 
|___|    |_______||___|  |_||_______||___| |_______|  |___|  |_______||_|  |__||_______||_______|

         "the fact of continuing in an opinion or course of action in spite of 
      difficulty or opposition"

                                                   by sagi- & superkojiman

DISCLAIMER

By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.

ABOUT

Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:

"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge

"Energy and persistence conquer all things." - Benjamin Franklin

"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley

GOAL

Get a root shell and read the contents of /root/flag.txt to complete the challenge!

SETUP

The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:

VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3

SHOUT OUTS

Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!

 ____  __.                     __              ____  __.                     __      ____ 
|    |/ _| ____   ____   ____ |  | __         |    |/ _| ____   ____   ____ |  | __ /_   |
|      <  /    \ /  _ \_/ ___\|  |/ /  ______ |      <  /    \ /  _ \_/ ___\|  |/ /  |   |
|    |  \|   |  (  <_> )  \___|    <  /_____/ |    |  \|   |  (  <_> )  \___|    <   |   |
|____|__ \___|  /\____/ \___  >__|_ \         |____|__ \___|  /\____/ \___  >__|_ \  |___|
        \/    \/            \/     \/                 \/    \/            \/     \/

Pretty much thought of a pretty neat idea I hadn't seen done before with a VM, and I wanted to turn it into reality!

Your job is to escalate to root, and find the flag.

Since I've gotten a few PM's, remember: There is a difference between "Port Unreachable" and "Host Unreachable". DHCP is not broken ;)

Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing :)

Also, gotta thank barrebas who was able to find a way to make things easier... but of course that is fixed with this update! ;)

MD5 -- 3b6839a28b4be64bd71598aa374ef4a6 knock-knock-1-1.ova

SHA1 -- 0ec29d8baad9997fc250bda65a307e0f674e4180 knock-knock-1-1.ova

Feel free to hit me up in #vulnhub on freenode -- zer0w1re

Sokar

Filename:  sokar.ova
MD5:  75f5c48e65fa81dc81ef3b58b7ee6bab
SHA1:  5f4aca536898bf962bfcfd2aaccb66fda1ab790a
Author:  Rasta Mouse
Testers:  Barrebas & TheColonial

=====
Notes
=====
DHCP (Automatically Assigned)

    Special note to VMWare users - you must manually set the
    NIC MAC address to 08:00:27:F2:40:DB

Get root, then the flag!

  __ )    _ \      \    _ _|   \  |   _ \    \      \  |     _ _| _ _| _ _| 
  __ \   |   |    _ \     |     \ |  |   |  _ \      \ |       |    |    |  
  |   |  __ <    ___ \    |   |\  |  ___/  ___ \   |\  |       |    |    |  
 ____/  _| \_\ _/    _\ ___| _| \_| _|   _/    _\ _| \_|     ___| ___| ___|

                                                            by superkojiman
                                                            techorganic.com

DISCLAIMER

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR: If something bad happens, it's not my fault.

SETUP

Brainpan 3 has been tested and found to work with VMware Player, VMware Fusion, and Virtual Box.

Check to make sure Brainpan_III.ova has following checksums so you know your download is intact:

MD5 : 170e0d8b26ab721587537fcde69087a0

SHA1: ed9ae53c556a1ce6988b3a54621dd6469c8b8aa5

Import Brainpan_III.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it's recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.

GOAL

Get root and get the flag.

TESTERS

• barrebas : https://twitter.com/barrebas
• Swappage : https://twitter.com/Swappage

 _____  _      ____   __  __  _      ____  ____
|     || |    |    | /  ]|  |/ ]    |    ||    |
|   __|| |     |  | /  / |  ' /      |  |  |  |
|  |_  | |___  |  |/  /  |    \      |  |  |  |
|   _] |     | |  /   \_ |     \     |  |  |  |
|  |   |     | |  \     ||  .  |     |  |  |  |
|__|   |_____||____\____||__|\_|    |____||____|
                                    by: @leonjza

Welcome!

Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live.

You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider.

The .apk may be installed on a phone (though I wont be offended if you don't trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html).

Good Luck!

$ shasum * e74061c5348fef33d00f5f4f2aee9e921c591129 flick-check-dist.apk e6fbcd5aab5ed95c54d02855fdfbad74587f3db7 flickII-dist.ova

Note: Vmware will complain about the OVF specification. Just click retry on the import and everything should be ok!

Shouts:

@barrebas for testing and patience
@s4gi_ for testing and the inspiration

  _________.__                              
 /   _____/|  |   ____   ____ ______ ___.__.
 \_____  \ |  | _/ __ \_/ __ \\____ <   |  |
 /        \|  |_\  ___/\  ___/|  |_> >___  |
/_______  /|____/\___  >\___  >   __// ____| ·VM·
        \/           \/     \/|__|   \/

+-----------------------------------------------------------------------+
|  cReaTeD....: sagi- (@s4gi_)      |  DaTe......: 2015-10-02           |
|  oS.........: Linux               |  oBJecTiVe.: Get /root/flag.txt   |
|                                   |  GReeTZ....: @nanomebia           |
|                                   |  TeSTeRs...: @barrebas            |
|                                   |              Christopher Panayi   |
+-----------------------------------------------------------------------+
|  VM HiSToRY:                                                          |
|  v1.0 - Public release @ ZaCon VI "Capture the Flag (and in between)" |
|  V0.1 - Private release @ SecTalks Perth                              |
+-----------------------------------------------------------------------+

Title: The Wall
File: thewall.ova
md5sum: a5e6ebde160239bce605cca8e1cf207d
Size: 299.4MB
Hypervisor: Created with VMWare Fusion.  Tested with vmware (fusion) and virtualbox.
Author:  @xerubus
Test Bunnies:  Rasta Mouse and TheColonial
Difficulty: Intermediate

This boot2root box is exclusive to VulnHub. If you have a crack at the challenge, please consider supporting VulnHub for the great work they do for our offsec community.

Description

In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of Pink Floyd's contribution to the music industry, with each challenge giving the attacker an introduction to each member of the Floyd.

You challenge is simple... set your controls for the heart of the sun, get root, and grab the flag! Rock on!

Notes

• DHCP (Automatically assigned)
• IMPORTANT: The vm IS working as intended if you receive a successful DHCP lease as seen in the boot up sequence.
• 'thewall' vm must be on the same subnet as the attacking machine AND the attacking machine should ideally be a vm on the same network as 'thewall'. If you choose to use a physical box as the attacking machine, 'thewall' must exist on the same network via a bridged interface.

         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods

More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

• This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE "pentesting is a wide concept"

If you have questions, feel free to contact me on m4db33f@gmail dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

Welcome to 1989!

And welcome to Germany!

This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it.

This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques!

Just a solid and simple advanced persistent threat (admins) ;)

So the level is clearly: beginner (as intended).

For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM.

I made the effort to throw some very basic story/polish into it.

Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console!

-No, I dont consider finding the VM in your own network a real challenge ;)-

If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub!

Hope you enjoy this VM!

Gonna enjoy reading some writeups and hope you might find other ways then the intended ones!

Best Regards

Warrior