Virtual Machines
single series all timeline

Search Result: bypass (4 results)

Damn Vulnerable Linux (DVL) E605 (1.3):

Added many many vulnerabilities. Added much exercise material including sources. Now included the HoneyNet Project and WebGoat.

  • 0000070: [Reverse Code Engineering] Add Boomerang Decompiler
  • 0000082: [Application Development] Free Pascal Compiler
  • 0000136: [Tools] Add Valgrind 3.2.0 + Valkyrie
  • 0000135: [Application Development] Add SmallBasic 0.9.7
  • 0000134: [Application Development] Add Dr. Scheme
  • 0000133: [Application Development] Add SWI Prolog
  • 0000131: [Application Development] Add GCC-g77
  • 0000127: [Web Exploitation] Add Cyphor
  • 0000109: [Shellcode / Exploitation] Add atari800 Local Root Exploit
  • 0000120: [Shellcode / Exploitation] Add phpBB 2.0.13 (admin_styles.php) Remote Command Execution Exploit
  • 0000125: [Web Exploitation] Add Joomla <= 1.0.9 (Weblinks) Remote Blind SQL Injection Exploit
  • 0000126: [Web Exploitation] Add Joomla <=1.0.7 (feed) Denial of Service Exploit
  • 0000123: [Web Exploitation] Add PHPNuke 7.8
  • 0000124: [Application Development] Add PHP-Nuke 7.4 POST Method Admin Variable Privilege Escalation
  • 0000122: [Shellcode / Exploitation] Add linux-ftpd-ssl 0.17 (MKD/CWD) Remote Root Exploit
  • 0000110: [Shellcode / Exploitation] Add Aeon 0.2a Local Linux Exploit
  • 0000108: [Shellcode / Exploitation] Add SoX Local Buffer Overflow Exploit
  • 0000111: [Shellcode / Exploitation] Add sash <= 3.7 Local Buffer Overflow Exploit
  • 0000104: [Shellcode / Exploitation] Add splitvt < 1.6.5 Local Exploit
  • 0000121: [Web Exploitation] Add e107 <= 0.6172 (resetcore.php) Remote SQL Injection Exploit
  • 0000102: [Shellcode / Exploitation] Add ProFTPD <= 1.3.0a (mod_ctrls support) Local Buffer Overflow PoC
  • 0000016: [Reverse Code Engineering] Fenris should be added
  • 0000067: [Reverse Code Engineering] Add ELFIO
  • 0000084: [Application Development] Add FakeAP
  • 0000083: [Application Development] Add BestCrypt
  • 0000085: [Application Development] Add FindDDOS
  • 0000078: [Tools] Add QTParted
  • 0000094: [Shellcode / Exploitation] Add Minicom 1.81
  • 0000096: [Shellcode / Exploitation] Add Nestea \"Off By One\" attack
  • 0000099: [Web Exploitation] Add PhpBB 2.0.12 Session Handling Authentication Bypass
  • 0000100: [Web Exploitation] Add WordPress 1.5.1.1 SQL Injection
  • 0000101: [Web Exploitation] Add Nabopoll 1.2 Remote File Inclusion, Remote Configuration Disclosure
  • 0000093: [Application Development] Add HLA Compiler Construction Kit
  • 0000092: [Application Development] Add YASM Assembler
  • 0000091: [Application Development] Add FASM
  • 0000090: [Application Development] Add SciLab
  • 0000081: [Application Development] Add GSL GNU Scientific Library
  • 0000080: [Application Development] Add FreeBasic
  • 0000079: [Application Development] Add BlueFish Editor
  • 0000033: [Application Development] RHIDE should be added
  • 0000089: [Application Development] Add C++6 libs
  • 0000088: [Application Development] Add LibGC
  • 0000087: [Application Development] Add BOOST Library
  • 0000076: [Application Development] Remove JRE and add JDK 1.5
  • 0000075: [Application Development] Add QEMU
  • 0000074: [Application Development] Add Scite Editor
  • 0000073: [Peneration Testing] Add OWASP's WebGoat

DVL Strychnine + E605 is final! I just remastered the ISO and we land at 1050 MB size which fits perfectly on a 2 GB USB stick (and gives us more free space to add additional stuff). I will upload the ISO today and inform the mirrors. Finally after all this installation part I can play myself with it :)

Source: http://web.archive.org/web/20071024101507/https://www.damnvulnerablelinux.org/content/view/32/73/

Source: http://web.archive.org/web/20071012222920/http://blog.damnvulnerablelinux.org/2007/07/27/dvl-strychnine-e605-is-final/

Source: http://web.archive.org/web/20090312135824/http://www.damnvulnerablelinux.org/index.php/eng/Damn%20Vulnerable%20Linux%20Distro/Damn%20Vulnerable%20Linux/Release%20Notes%20for%20Damn%20Vulnerable%20Linux%20(up%20to%20release%201.4)

more...
Damn Vulnerable Linux (DVL): 1.3 (E605)
27 Jul 2007
 by 
DVL
ellipsis

This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism

more...
Pentester Lab: Play XML Entities
7 Apr 2015
 by 
Pentester Lab
ellipsis

The 2018 BSidesTLV CTF competition brought together over 310 team burning the midnight oil to crack our challenged in a bout that lasted for two weeks! But you can now enjoy the same pain and suffering, using this easy to use, condensed VM that now hosts all our challenges in an easy to digest format. This VM now includes all challenges from the CTF:

  • IAmBrute
  • Shared Directory
  • Redirect me
  • Crypto2
  • c1337Shell
  • IH8emacs
  • Into the rabbit hole
  • PimpMyRide
  • Wtflol
  • Can you bypass the SOP?
  • T.A.R.D.I.S.
  • I'm Pickle Rick!
  • Creative Agency
  • hideinpILainsight
  • DockingStation
  • NoSocket
  • PySandbox-Insane
  • ContactUs
  • GamingStore

In order to access the challenges you need to:

  • run ifconfig eth0 (in the VM)
  • set challenges.bsidestlv.com in hosts file with the VM IP address

Credentials:

  • CTFD User access (Use if you want to play):

    • user:user

  • CTFD Admin access (Use if you want to modify):

    • bsidestlv:bsidestlv

  • Boot2Docker SSH:

    • docker:tcuser

CTFd URL: http://challenges.bsidestlv.com

more...
BSidesTLV: 2018 CTF
28 Jul 2018
 by 
Tomer ZaitBSidesTLV CTF Team
ellipsis

DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited.

The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42.

The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag.

You probably wouldn't even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it's definitely there and doing it's job.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

more...
DC: 8
8 Sep 2019
 by 
DCAU
ellipsis
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link (or by clicking the 'Privacy Policy' link at the top of any page).