Difficulty: intermediate-hard

This VM was designed to search for the attackers "Achilles' heel". Please only assign one network adapter to avoid issues.

VMware works fine. Virtualbox has issues.

Welcome to "My Tomcat Host"

This boot to root VM is designed for testing your basic enumeration skills and concepts.

Goal: Get the root flag of the target.

Difficulty: Easy/Beginner Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

Hello Agent.

You're here on a special mission.

A mission to take down one of the biggest weapons suppliers which is Moriarty Corp.

Enter flag{start} into the webapp to get started!

Notes:

  • Web panel is on port 8000 (not in scope. Don’t attack)
  • Flags are stored in #_flag.txt format. Flags are entered in flag{} format. They're usually stored in / directory but can be in different locations.
  • To temporarily stop playing, pause the VM. Do not shut it down.
  • The webapp starts docker containers in the background when you add flags. Shutting down and rebooting will mess it up.

(the story is bad. sorry for the lack of creativity)

Difficulty: Med-Hard

Tasks involved:

  • port scanning
  • webapp attacks and bug hunting
  • pivoting (meterpreter is highly recommended)
  • password guessing/bruteforcing

Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux

Networking: - DHCP Service: Enabled - IP Address Automatically assign

You've been assigned to test another social networking webapp.

You have been given access to a dev server.

The current devs use many custom tools and scripts that you'll have to review and attack.

Difficulty: Hard

Tasks involved:

  • port scanning
  • webapp attacks
  • code review
  • custom bruteforcing
  • reverse engineering
  • buffer overflow
  • exploitation

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

Leave a message is a new anonymous social networking site where users can post messages for each other. They've assigned you to test their set up. They do utilize docker containers. You can conduct attacks against those too. Try to see if you can get root on the host though.

Difficulty: Med

Tasks involved:

  • port scanning
  • webapp attacks
  • code injection
  • pivoting
  • exploitation
  • password cracking
  • brute forcing

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

Cloud Anti-Virus Scanner! is a cloud-based antivirus scanning service.

Currently, it's in beta mode. You've been asked to test the setup and find vulnerabilities and escalate privs.

Difficulty: Easy

Tasks involved:

  • port scanning
  • webapp attacks
  • sql injection
  • command injection
  • brute forcing
  • code analysis

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

This is the first SecKC boot2root VM! The objective is to gain access and elevate to root!

If you enjoyed this boot2root, please let us know and we will create more! Thanks!

Any questions, hints and feedback can be directed to my Twitter: @EricSGuillen

Networking

This VM is accessible via its static IP of 192.168.9.184

Configure your VirtualBox/VMWare Network settings to something like Host-Only Adapter with an IP of 192.168.9.1/24 , 255.255.255.0

For more details around SecKC, visit https://www.seckc.org/

Welcome to "Wordpress Host Server"

This VM consists of a "Wordpress Website" which is specially made for learning and sharpening Wordpress Enumeration and Exploitation skills. The Website contains 40+ vulnerabilities which can compromise the security of the website.

Goal: Try to find out as much as vulnerabilities you can exploit. This time our goal is not to get the root but to practice more.

Difficulty: Intermediate Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Note : If you are unable to browse the web page properly then add the hostname of web in /etc/hosts file.

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

Debian 10 64 bit machine . This is a simple box. No advanced stuff , just some fun… can you find the trail to root?

This VM is given as challenge 3 in InfoSecWarrior CTF 2020.

Official website : https://www.infosecwarrior.com/

This box is dedicated to my mentors (you will find there names in the box itself)

If you face any error or needed help ping me on Twitter CyberKnight00

Or ping them after finding their names.

During the CTF event, this box contains a Loot box (zip file) consist of download link of the next Challenge and super_flag.txt.

Goal : You have to gain highest privileges and collect only 2 flags (user flag and root flag). loot box is not available in this VM.

The WordPress developer configured the machine to work internally. But due to some miss-configuration wordpress is exposed to outside world. Use your skills and get the root flag.

BTW someone already hacked the box and placed his backdoor find it. It will help you.