Virtual Machines
single series all timeline

Search Result: virtualbox (346 results)

Game of Thrones Hacking CTF

This is a challenge-game to measure your hacking skills. Set in Game of Thrones fantasy world.

Goal:

Get the 7 kingdom flags and the 4 extra content flags (3 secret flags + final battle flag). There are 11 in total.

Rules/guidelines to play:

  • Start your conquer of the seven kingdoms
  • You'll need hacking skills, no Game of Thrones knowledge is required. But if you play, it may contains spoilers of the TV series
  • Difficulty of the CTF: Medium-High
  • Don't forget to take your map (try to find it). It will guide you about the natural flag order to follow over the kingdoms
  • Listen CAREFULLY to the hints. If you are stuck, read the hints again!
  • Powerful fail2ban spells were cast everywhere. Bruteforce is not an option for this CTF (2 minutes ban penalty)
  • The flags are 32 chars strings. Keep'em all! you'll need them

Requirements/starting guide:

  • Import the Linux based CTF challenge virtual machine (OVA file)
  • OVA file is compatible with Oracle Virtualbox and Vmware
  • The challenge vm needs 1 cpu and 1512mb RAM to work properly
  • The challenge vm has its network configured by default as bridge. It will take an IP from the DHCP of your network

Downloading challenge CTF vm:

Troubleshooting

  • Vmware:
  • If you get a warning/error importing machine, press "Retry" and it will be imported flawlessly
  • Oracle Virtualbox
  • It's recommended to use "Import Appliance" menu option instead of double click on OVA file
  • If you get an error regarding network, just select your network interface

Good luck, the old gods and the new will protect you!

 _____                      ___    _____ _                       
|   __|___ _____ ___    ___|  _|  |_   _| |_ ___ ___ ___ ___ ___ 
|  |  | .'|     | -_|  | . |  _|    | | |   |  _| . |   | -_|_ -|
|_____|__,|_|_|_|___|  |___|_|      |_| |_|_|_| |___|_|_|___|___|

Designed by/Credits

  • Óscar Alfonso (OscarAkaElvis or v1s1t0r)
  • Contact: [[email protected]]
  • Thanks to the beta testers, specially to j0n3, Kal3l and masAcre
  • Version 1.0 (September 2017)
more...
Game of Thrones CTF: 1
8 Sep 2017
 by 
OscarAkaElvis
ellipsis

Name: LazySysAdmin 1.0

Author: Togie Mcdogie

Twitter: @TogieMcdogie

[Description]

Difficulty: Beginner - Intermediate

Boot2root created out of frustration from failing my first OSCP exam attempt.

Aimed at:

      > Teaching newcomers the basics of Linux enumeration
      > Myself, I suck with Linux and wanted to learn more about each service whilst creating a playground for others to learn

Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18

[Lore]

LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep

[Tested with]

  • Virtualbox
  • Vnware Workstation player

[Preffered setup]

Host only networking

[Hints]

  • Enumeration is key
  • Try Harder
  • Look in front of you
  • Tweet @togiemcdogie if you need more hints

[Other]

  • What could you of done to speed up the enumeration process?
  • Are there any obvious things that you missed, which you shouldnt of missed?
  • Did you learn anything interesting?
  • What have you added to your enumeration process to prevent you from wasting time?

[Checksum]

  • Name: Lazysysadmin.zip
  • Size: 501925265 bytes (478 MB)
  • SHA256: DBAC88A2E76FD5A6693A2890030DD3BE0DC2C09F30B43A79BE8AB7A23B708EF5
more...
LazySysAdmin: 1
20 Sep 2017
 by 
Togie Mcdogie
ellipsis

This is a fedora server vm, created with virtualbox.

It is a very simple Rick and Morty themed boot to root.

There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root.

It's designed to be a beginner ctf, if you're new to pen testing, check it out!

more...
RickdiculouslyEasy: 1
21 Sep 2017
 by 
Luke
ellipsis

C0m80 Boot2Root

https://3mrgnc3.ninja/2017/09/c0m80/

About

This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.

But again, that being said, it will depend on you how hard it is :D

The theme with this one is all about 'enumeration, enumeration, enumeration', lateral thinking, and how to "combine" vulnerabilities in order to exploit a system.

Important Note

Once you have an IP insert it into your attack system /etc/hosts like this:

[dhcp-ip-address] C0m80.ctf

This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may 'rile' some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.

It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D

Sorry, I hope you can forgive me.

Difficulty Rating

[Difficult] but depends on you really

Goal

There is only one goal here. Become God on the system and read the root flag.

I Hope You Enjoy It.

Download Link

https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova

Details

  • File: C0m80_3mrgnc3-v1.0.ova
  • OS: WondawsXP ;D
  • VM Type: VirtualBox
  • IP Address: DHCP
  • Size: 2.7 GB

Walkthroughs

Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.

Alternatively email me at 3mrgnc3 at techie dot com

more...
C0m80: 1
23 Sep 2017
 by 
3mrgnc3
ellipsis

Welcome to Dina 1.0.1

________                                                _________
\________\--------___       ___         ____----------/_________/
    \_______\----\\\\\\   //_ _ \\    //////-------/________/
        \______\----\\|| (( ~|~ )))  ||//------/________/
            \_____\---\\ ((\ = / ))) //----/_____/
                 \____\--\_)))  \ _)))---/____/
                       \__/  (((     (((_/
                          |  -)))  -  ))

This is my first Boot2Root - CTF VM. I hope you enjoy it.

if you run into any issue you can find me on Twitter: @touhidshaikh22

Contact: touhidshaikh22 at gmaill.com <- Feel Free to write mail

Website: http://www.touhidshaikh.com

Goal: /root/flag.txt

Level: Beginner (IF YOU STUCK ANYwhere PM me for HINT, But I don't think need any help).

Download: https://drive.google.com/file/d/0B1qWCgvhnTXgNUF6Rlp0c3Rlb0k/view

Try harder!: If you are confused or frustrated don't forget that enumeration is the key!

Feedback: This is my first boot2root - CTF Virtual Machine, please give me feedback on how to improve!

Tested: This VM was tested with:

Virtual Box 5.X

Networking: DHCP service: Enabled

**IP address**: Automatically assign

Fixing:

Some challenge issue reported by @eliot

Looking forward to the write-ups!

more...
Dina: 1.0.1
17 Oct 2017
 by 
Touhid Shaikh
ellipsis

This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally.

This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right.

Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed! If you enjoyed the VM or have questions, feel free to contact me at: [email protected]

If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. I look forward to reading them!

more...
Basic Pentesting: 1
8 Dec 2017
 by 
Josiah Pierce
ellipsis

VM Name:

BlackMarket

VM Description:

BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flag and one r00t flag. Each Flag leads to another Flag and flag format is flag{blahblah}.

Shoutout to @RobertWinkel and @dooktwit for hosting at SecTalk Brisbane

If you get stuck in rabbit hole and need hints hit me up on twitter. Have fun!

VM Difficulty Level:

Beginner/Intermediate

What will you learn?

Learn about how to enumerate your target and join dots in order to pwn this VM.

VM Tested:

VMware Player VirtualBox

Networking:

DHCP Enabled

Author:

AcEb0mb3R Twitter: @Acebomber911

more...
BlackMarket: 1
28 Feb 2018
 by 
AcEb0mb3R
ellipsis

Box Info: Tested on VirtualBox using DHCP Host-only & Bridged Adapter types.

File Type: OVA

Background:

Pinky is creating his very own website! He has began setting up services and some simple web applications

Description:

A realistic Boot2Root box. Gain access to the system and read the root.txt.

Difficulty to get user: Easy/Intermediate

Difficulty to get root: Easy/Intermediate

If you need a hint or have a question contact me on twitter: @Pink_P4nther

more...
Pinky's Palace: v1
6 Mar 2018
 by 
Pink_Panther
ellipsis

VM Name: JIS-CTF : VulnUpload

Difficulty: Beginner

Description: There are five flags on this machine. Try to find them. It takes 1.5 hour on average to find all flags.

more...
JIS-CTF: VulnUpload
8 Mar 2018
 by 
Mohammad Khreesha
ellipsis

Trollcave is a vulnerable VM, in the tradition of Vulnhub and infosec wargames in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you'll see a simple community blogging website with a bunch of users. From this initial point, you enumerate the machine's running services and general characteristics and devise ways to gain complete control over it by finding and exploiting vulnerabilities and misconfigurations.

Your first goal is to abuse the services on the machine to gain unauthorised shell access. Your ultimate goal is to read a text file in the root user's home directory root/flag.txt).

This VM is designed to be holistic and fairly down to earth. I wanted to simulate a real attack on a real website rather than just presenting a puzzle box of disparate elements, and I wanted to avoid the more esoteric vulnerable VMisms, like when you have to do signal processing on an MP3 you found to discover a port-knocking sequence. Of course there are always tradeoffs between what's realistic and what's optimally fun/challenging, but I've tried to keep the challenges grounded.

Because this is a VM that you're downloading, importing and booting, one way to achieve this goal would be to mount the VM's hard disk. I haven't encrypted the disk or done anything to prevent this, so if you want to take that route, go ahead. I'm also not offering a prize or anything for completing this VM, so know that it will be entirely pointless.

Because this is a VM running a real operating system with real services, there may be ways to get to root that I did not intend. Ideally, this should be part of the fun, but if they make the box entirely trivial I'd like to know about and fix them – within reason. As of this release, I've installed all the updates available for Ubuntu Server 16.04 LTS, but I cannot and will not attempt to patch this VM against every new Linux kernel exploit that comes out in the future. So there's a hint – you don't have to use a kernel exploit to root this box.

What you will need is a good HTTP intercepting proxy – I recommend Burpsuite – and a couple of network tools like nmap and nc. You'll also need some virtualisation software – VirtualBox will be easiest for most people, but KVM and VMWare should also be able to import the .ova file after a bit of fiddling. Once you've imported the VM, put it on the same network as your attacking system (preferably don't give it internet access) and start hacking!

You can grab the .ova file here (929MB) (updated 2018-03-19). Let me know what you think.

more...
Trollcave: 1.2
21 Mar 2018
 by 
David Yates
ellipsis

Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target.

This workshop will provide you with a custom-made VM where the goal is to obtain root level access on it.

This is a great chance for people who want to get into pentesting but don’t know where to start. *

If this sounds intimidating, don’t worry! During the workshop, we’ll be discussing various methodologies, common pitfalls and useful tools at every step of our pentest.

Requirements:

  • Laptop capable of running two VMs and has a USB port.
  • At least 20GB of free space.
  • VirtualBox pre-installed.
  • Kali VM
  • Some familiarity with CLI.
more...
BSides Vancouver: 2018 (Workshop)
21 Mar 2018
 by 
abatchy
ellipsis

Name: MinUv1

Date Release: 2018-07-10

Author: 8bitsec

Description: This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP. Your goal is to capture the flag on /root.

Note: Tested on VirtualBox

Network: Host-Only/DHCP (should work on bridged)

File: OVA

Difficulty: easy/intermediate

Filename: MinUv1.ova.7z

File Size: 540MB

MD5: cc3d58173a8e9ed3f7606c8d12140a68

SHA1: 8409ceb3cd959085c0249eb676af2f384da85466

Format: Virtual Machine (Virtualbox - OVA)

Operating System: Linux

DHCP service: Enabled

IP address: Automatically assign

more...
MinU: 1
2 May 2018
 by 
8BitSec
ellipsis
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link (or by clicking the 'Privacy Policy' link at the top of any page).