Virtual Machines
single series all timeline

This is my first boot2root machine. It's begginer-intermediate level.

It's been tested in VBox and VMware and seems to work without issues in both.

A tip, anything can be a vector, really think things through here based on how the machine works. Make a wrong move though and some stuff gets moved around and makes the machine more difficult!

This is part one in a two part series. I was inspired by several vms I found on vulnhub and added a bit of a twist to the machine.

Good luck and I hope you guys enjoy!


This is my first CTF/Vulnerable VM ever. I created it both for educational purposes and so people can have a little fun testing their skills in a legal, pentest lab environment.

Some notes before you download!

  • Try to use a Host-Only Adapter. This is an intentionally vulnerable machine and leaving it open on your network can have bad results.
  • It should work with Vmware flawlessly. I've tested it with vbox and had one other friend test it on Vbox as well so I think it should work just fine on anything else.

This is a Boot2Root machine. The goal is for you to attempt to attempt to gain root privileges in the VM. Do not try to get the root flag through a recovery iso etc, this is essentially cheating! The idea is to get through by pretending this machine is being attacked over a network with no physical access.

I themed this machine to make it feel a bit more realistic. You are breaking into a fictional characters server (named Wallaby) and trying to gain root without him noticing, or else the difficulty level will increase if you make the wrong move! Good luck and I hope you guys enjoy!

more...

DC416 CTF CHALLENGES

These four virtual machines were created by members of the VulnHub CTF Team for DefCon Toronto's first offline CTF.

They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate.

Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints.

Enjoy!

more...

SkyDog Con CTF 2016 - Catch Me If You Can

Difficulty: Beginner/Intermediate

Instructions: The CTF is a virtual machine and works best in Virtual Box. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above make sure that USB 2.0 is disabled before booting up the VM. The networking is setup for a Host-Only Adapter by default but you can change this before booting up depending on your networking setup. The Virtual Machine Server is configured for DHCP. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help.

Flags

The eight flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533

Flag #1 Don’t go Home Frank! There’s a Hex on Your House.

Flag #2 Obscurity or Security?

Flag #3 Be Careful Agent, Frank Has Been Known to Intercept Traffic Our Traffic.

Flag #4 A Good Agent is Hard to Find.

Flag #5 The Devil is in the Details - Or is it Dialogue? Either Way, if it’s Simple, Guessable, or Personal it Goes Against Best Practices

Flag #6 Where in the World is Frank?

Flag #7 Frank Was Caught on Camera Cashing Checks and Yelling - I’m The Fastest Man Alive!

Flag #8 Franks Lost His Mind or Maybe it’s His Memory. He’s Locked Himself Inside the Building. Find the Code to Unlock the Door Before He Gets Himself Killed!

more...