+---------------------------------------------------------+
|                                                         |
|                                  __..--''\              |
|                          __..--''         \             |
|                  __..--''          __..--''             |
|          __..--''          __..--''       |             |
|          \ o        __..--''____....----""              |
|           \__..--''\                                    |
|           |         \                                   |
|          +----------------------------------+           |
|          +----------------------------------+           |
|                                                         |
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
|   Name: Stapler           |          IP: DHCP           |
|   Date: 2016-June-08      |        Goal: Get Root!      |
| Author: g0tmi1k           | Difficultly: ??? ;)         |
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
|                                                         |
| + Average beginner/intermediate VM, only a few twists   |
|   + May find it easy/hard (depends on YOUR background)  |
|   + ...also which way you attack the box                |
|                                                         |
| + It SHOULD work on both VMware and Virtualbox          |
|   + REBOOT the VM if you CHANGE network modes           |
|   + Fusion users, you'll need to retry when importing   |
|                                                         |
| + There are multiple methods to-do this machine         |
|   + At least two (2) paths to get a limited shell       |
|   + At least three (3) ways to get a root access        |
|                                                         |
| + Made for BsidesLondon 2016                            |
|   + Slides: https://download.vulnhub.com/media/stapler/ |
|                                                         |
| + Thanks g0tmi1k, nullmode, rasta_mouse & superkojiman  |
|   + ...and shout-outs to the VulnHub-CTF Team =)        |
|                                                         |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
|                                                         |
|       --[[~~Enjoy. Have fun. Happy Hacking.~~]]--       |
|                                                         |
+---------------------------------------------------------+

Welcome to my third boot2root / CTF this one is called Sidney. The VM is set to grab a DHCP lease on boot. As before, gaining root is not the end of this VM. You will need to snag the flag, and being me, it's never where they normally live... B-)

If you are having trouble with the NIC, make sure the adapter is set to use the MAC 00:0C:29:50:14:56

Some hints for you:

• If you are hitting a wall, read https://de.wikipedia.org/wiki/MOS_Technology_6502
• The flag is audio as well as visual

SHA1SUM: 114ABA151B77A028AA5CFDAE66D3AEC6EAF0751A sidney.ova

Many thanks to Rasta_Mouse and GKNSB for testing this CTF.

Special thanks and shout-outs go to GKNSB and Rasta_Mouse, hopefully he streams this one live too! Also a shout-out to g0tmi1k for #vulnhub and offering to host my third CTF.

Welcome to 1989!

And welcome to Germany!

This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it.

This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques!

Just a solid and simple advanced persistent threat (admins) ;)

So the level is clearly: beginner (as intended).

For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM.

I made the effort to throw some very basic story/polish into it.

Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console!

-No, I dont consider finding the VM in your own network a real challenge ;)-

If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub!

Hope you enjoy this VM!

Gonna enjoy reading some writeups and hope you might find other ways then the intended ones!

Best Regards

Warrior

VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

• This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE "pentesting is a wide concept"

If you have questions, feel free to contact me on m4db33f@gmail dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

Welcome to another boot2root / CTF this one is called Gibson. The VM is set to grab a DHCP lease on boot. It doesn't matter what your local subnet is, as long as you keep away from the 192.168.122.0/24 subnet. You will see why soon enough...

Once again, I'll offer some hints to you:

• SSH can forward X11.
• The challenge isn't over with root. The flag is not where you expect to find it.

SHA1SUM: f4601f62b7011cc6ad403553cb8a9375e43cb0b5 gibson.ova

Many thanks to g0blin and GKNSB for testing this CTF.

Special thanks and shout-outs go to Barrebas and Rasta_Mouse. and g0tmi1k for more advice and offering to host my second CTF.

Kudos to g0blin for adivsing on how to use this in Vi

Virtual box users can run: tar zxf gibson.ova && qemu-img convert gibson-disk1.vmdk gibson-disk1.bin && VBoxManage convertfromraw gibson-disk1.bin gibson-disk1.vdi --format VDI

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

• SQL Injection (Error-based)
• SQL Injection (Blind)
• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Insecure Direct-Object Reference
• Username Enumeration
• Path Traversal
• Exposed phpinfo()
• Exposed Administrative Interface
• Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip

Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip

Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD

About Release

Name........: SickOs1.2
Date Release: 26 Apr 2016
Author......: D4rk
Series......: SickOs
Objective...: Get /root/7d03aaa2bf93d80040f3f22ec6ad9d5a.txt
Tester(s)...: h1tch1, Eagle11
Twitter.....: https://twitter.com/D4rk36

Description:-

This is second in following series from SickOs and is independent of the prior releases, scope of challenge is to gain highest privileges on the system.

File Information:-

Filename: Sick0s1.2.zip
File size: 696.2 MB
MD5: b013ba76f50c15890554632a40b697bd
SHA1: 9f45f7c060e15dc6bb93c1cf39efdd75125e30a0

Virtual Machine

Format: OVF
Operating System: Ubuntu
Tested on: VMWare workstation Pro 12.1.0 build-3272444

Networking

DHCP service: Enabled
IP address: Automatically assign

Flag(s):

Yes

Welcome to Droopy. This is a beginner's boot2root/CTF VM.

The VM is set to grab a DHCP lease on boot.

There's 2 hints I would offer you:

1.) Grab a copy of the rockyou wordlist.

2.) It's fun to read other people's email.

SHA1SUM: e6862fa5ebc9c2a8e582e77f440510062afe47ba droopyctf.ova

Special thanks and shout-outs go to Barrebas and Rasta_Mouse for testing, and g0tmi1k for advice and offering to host my first CTF.

SkyDog Con CTF – The Legend Begins

Over but not forgotten.

Download Link http://bit.ly/SkyDogConCTF

Instructions

The CTF is a virtual machine and works best in Virtual Box. This OVA was created using Virtual Box 4.3.32. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above it is best to disable the USB 2.0 setting before booting up the VM. The networking is setup for a NAT Network but you can change this before booting up depending on your networking setup. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help.

Goal of Sky Dog Con CTF

The purpose of this CTF is to find all six flags hidden throughout the server by hacking network and system services. This can be achieved without hacking the VM file itself.

Flags

The six flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533

Flag #1 Home Sweet Home or (A Picture is Worth a Thousand Words)

Flag #2 When do Androids Learn to Walk?

Flag #3 Who Can You Trust?

Flag #4 Who Doesn’t Love a Good Cocktail Party?

Flag #5 Another Day at the Office

Flag #6 Little Black Box

Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Location

https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 [File size: 600MB]

Hints

1. Get a user shell by uploading a reverse shell and executing it.
2. A proxy may help you to upload the file you want, rather than the file that the server expects.
3. There are 3 known privesc exploits that work. Some people have had trouble executing one of them unless it was over a reverse shell using a netcat listener.

Contact @RobertWinkel for more hints.

Fuku CTF

Fuku (pronounced "far queue") CTF is designed to fuck with people.

This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the 192.168.56.0/24 range. It only likes having an IP address in that range.

Treat the box as if it was on the network. Don't try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader.

There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell.

Scenario

"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."

Location

The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 [File size: 2GB]

Hints

1. Some scripting will probably be needed to find a useful port.
2. If the machine seems to go down after a while, it probably hasn't. This CTF isn't called Fuku for nothing!

Contact @RobertWinkel for more hints.

Minotaur CTF

Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly.

The VM will assign itself a specific IP address (in the 192.168.56.0/24 range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X.

If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a "Host Only" network adapter. You can see the machine from VMWare Workstation by: - Going into Virtual Network Editor and changing the VMnet0 network to "Bridged to: VirtualBox Host-Only Ethernet Adapter". - Setting your VMWare network adapter to Custom (VMnet0) - If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a 192.168.56.0/24 address.

Location

The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 [File size: 691MB]

Hints

1. This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
2. One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.

Contact @RobertWinkel for more hints.