This machine was developed to prepare for OSCP. It is boot2root, tested on VirtualBox (but works on VMWare) and has two flags: user.txt and proof.txt.

Funbox: 1

0815R2d2 20 Jul 2020

Boot2Root ! This is a reallife szenario, but easy going. You have to enumerate and understand the szenario to get the root-flag in round about 20min.

This VM is created/tested with Virtualbox. Maybe it works with vmware.

If you need hints, call me on twitter: @0815R2d2

Have fun...

Difficulty: Intermediate

Important!: Before auditing this machine make sure you add the host "sunset-midnight" to your /etc/hosts file, otherwise it may not work as expected.

It is recommended to run this machine in Virtualbox.

So Simple: 1

roel 17 Jul 2020

This is an easy level VM with some rabbitholes. Enumeration is key to find your way in. There are three flags (2 user and 1 root flag).

The VM is tested on Virtualbox. After the startup it shows the IP address.

Share your rootflag with me on Twitter: @roelvb79

Good luck and have fun!

An easy CTF box created for use with the AttackerKB room. This is the standalone version for practicing. This box will likely show up in a subsequent room on supply chain attacks as it's an excellent and recent example of that.

  • Users: 5
  • Difficulty Level: Intermediate +
  • Hint: PTES, OWASP and Encryption knowledge. For initial foothold, network analysis and enumeration are important.

Are you ready for Glasgow Smile 2? GS2 follows the philosophy of Glasgow Smile. It's a CTF vs OSCP.

If you are a newbie in Penetration Testing and afraid of OSCP preparation, do not worry. Glasgow Smile2 is supposed to be a kind of gym for OSCP machines.

The machine is designed to be a DC tribute but also a kind of real life techniques container. You will find also a bunch of ctf style challanges.

You need to have enough information about Linux enumeration, PTES and encryption for privileges escalation.

About the VM

Just download, extract and load the .ova file in VMware Workstation (tested on VMware Workstation 15.x.x)

The adapter is currently NAT, networking is configured for DHCP and IP will get assigned automatically


You can contact me on Hack the box ( or by email ([email protected]) for hints!

P.S If you liked my machines, offer me a coffee, I'll work on the next one! Thank you! (

Easy/Intermediate (May variate depending on your background)

It is recommended to run this machine in Virtualbox.

Boot to Root

Your target is gain the Root access

There is no any flag in this VMs

Share root access with me [email protected]

GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’. As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection.

Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come across anything you wouldn’t experience in a real environment.

You will need to enumerate this box very well, and likely chain together different bits of information and vulnerabilities in order to gain access.


British Internet Service Provider GreenOptic has been subject to a large scale Cyber Attack. Over 5 million of their customer records have been stolen, along with credit card information and bank details.

GreenOptic have created an incident response team to analyse the attack and close any security holes. Can you break into their server before they fix their security holes?

This is my first box. i don't know level of the box. this will be your choice(easy or hard)