______            _____ __                         __
   / ____/      __   / ___// /____  __________  __  __/ /
  / __/ | | /| / /   \__ \/ //_/ / / /_  /_  / / / / / /
 / /___ | |/ |/ /   ___/ / ,< / /_/ / / /_/ /_/ /_/ /_/
/_____/ |__/|__/   /____/_/|_|\__,_/ /___/___/\__, (_)
                                             /____/

Welcome to 'Ew Skuzzy!' - my first CTF VM.

Level: Intermediate.

"Liberamos nuestro CTF creado por y para la old school."

We released our CTF created by and for the old school.


"Nivel : medio-bajo

Tipo de CTF : lineal, una prueba te va llevando a la siguiente.

Idioma : Español

Plataforma : Raspberry pi 3

Tools para grabar la imagen : win32image o ApplePi-baker"

Level: medium-low

Type of CTF: linear, one test takes you to the next.

Spanish Language

Platform: Raspberry pi 3

Tools to burn the image: win32image or ApplePi-baker


"Descarga la imagen lista para grabar en una sd y montarla en tu raspberry pi, conectala a la corriente y a jugar!"

Download the image ready to burn to a SD and mount it on your raspberry pi, plug it into the stream and play!


"link de descarga : https://mega.nz/#!qANi1STA!tjxTAhaAA1WyoZwp-tp5OWVz8251hJw57Y0kp0skiyc"

Download link : https://mega.nz/#!qANi1STA!tjxTAhaAA1WyoZwp-tp5OWVz8251hJw57Y0kp0skiyc


"Espero que os guste.

LoRKa"

I hope you like it.

LoRKa

Welcome to Orcus

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Hard

Tips:

If youre stuck enumerate more! Seriously take each service running on the system and enumerate them more!

Goals: This machine is intended to take a lot of enumeration and understanding of Linux system.

There are 4 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box 4. There is something on this box that is different from the others from this series (Quaoar and Sedna) find why its different.

Feedback: This is my third vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected]

Special Thanks to madmantm for testing this machine

SHA-256 : 79B1D93C60E664D70D8EB3C0CDF1AD98BF2B95036C84F87EEF065FA71C1AE51E

Welcome to Sedna

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Medium

Tips:

There are multiple way to root this box, if it should work but doesn't try to gather more info about why its not working.

Goals: This machine is intended to be doable by someone who have some experience in doing machine on vulnhub

There are 4 flags on this machine One for a shell One for root access Two for doing post exploitation on Sedna

Feedback: This is my second vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected]

Special Thanks to madmantm for testing this virtual machine

SHA-256 : 178306779A86965E0361AA20BA458C71F2C7AEB490F5FD8FAAFAEDAE18E0B0BA

Welcome to Quaoar

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Very Easy

Tips:

Here are the tools you can research to help you to own this machine. nmap dirb / dirbuster / BurpSmartBuster nikto wpscan hydra Your Brain Coffee Google :)

Goals: This machine is intended to be doable by someone who is interested in learning computer security There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box

Feedback: This is my first vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected] Special Thanks to madmantm for testing

SHA-256 DA39EC5E9A82B33BA2C0CD2B1F5E8831E75759C51B3A136D3CB5D8126E2A4753

Defenc Space CTF is our first Iso design to honor our fallen hero in the military who have fought to defend the integrity of our country Nigeria. The story line on the CTF are based on true life happening in Northern Nigeria, however we have adopted code name “Operation Lafia dole” , the cyber component of the operation to make the challenge more exciting to our players to puzzle the challenge.

Exercise start from simple information gathering which is applicable to both military and cyber based operation to complex infiltration and encryption been used by intelligence agency around the world to pass out secret. The player module uses tools in kali Linux to achieve it result. Other related information is on Open Source Data “goggle it”. It has 7 flags to be captured but so addictive said C.E.O of Silex Secure.

Author's Walkthrough: http://ctf2017.silexsecure.com/walkthrough/2017-defence-ctf-walkthrough/

"Enjoy" --- @ryanoberto

Third in a multi-part series, Breach 3.0 is a slightly longer boot2root/CTF challenge which attempts to showcase a few real-world scenarios/vulnerabilities, with plenty of twists and trolls along the way.

Difficulty: Intermediate, requires some creative thinking and persistence more so than advanced exploitation.

The VM is configured to grab a lease via DHCP.

A few things:

1) This is the culmination of the series, keep your notes close from the previous 2 challenges, they may come in handy. 2) Remember that recon is an iterative process. Make sure you leave no stone unturned. 3) The VM uses KVM and QEMU for virtualization. It is not necessary to root every host to progress. 4) There are 3 flags throughout, once you reach a flag you have achieved that intended level of access and can move on. These 3 flags are your objectives and it will be clear once you have found each and when it is time to move on.

Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as g0blin, Rand0mByteZ, mr_h4sh and vdbaan for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining Vulnhub.

If you run into any issues you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub.

Looking forward to the write-ups!

Enjoy and happy hunting!

SHA1: EBB2123E65106F161479F3067C68CFA143CA98D3

This is my first boot2root machine. It's begginer-intermediate level.

It's been tested in VBox and VMware and seems to work without issues in both.

A tip, anything can be a vector, really think things through here based on how the machine works. Make a wrong move though and some stuff gets moved around and makes the machine more difficult!

This is part one in a two part series. I was inspired by several vms I found on vulnhub and added a bit of a twist to the machine.

Good luck and I hope you guys enjoy!


This is my first CTF/Vulnerable VM ever. I created it both for educational purposes and so people can have a little fun testing their skills in a legal, pentest lab environment.

Some notes before you download!

  • Try to use a Host-Only Adapter. This is an intentionally vulnerable machine and leaving it open on your network can have bad results.
  • It should work with Vmware flawlessly. I've tested it with vbox and had one other friend test it on Vbox as well so I think it should work just fine on anything else.

This is a Boot2Root machine. The goal is for you to attempt to attempt to gain root privileges in the VM. Do not try to get the root flag through a recovery iso etc, this is essentially cheating! The idea is to get through by pretending this machine is being attacked over a network with no physical access.

I themed this machine to make it feel a bit more realistic. You are breaking into a fictional characters server (named Wallaby) and trying to gain root without him noticing, or else the difficulty level will increase if you make the wrong move! Good luck and I hope you guys enjoy!

Difficulty: Beginner/Intermediate

Instructions: The CTF is a virtual machine and has been tested in Virtual Box. It has all required drivers if you want it to run on VMware or KVM (virtio). The network interface of the virtual machine will take it`s IP settings from DHCP.

Flags: There are 7 flags that should be discovered in form of: Country_name Flag: [md5 hash]. In CTF platform of the CTF-USV competition there was a hint available for each flag, but accessing it would imply a penalty. If you need any of those hints to solve the challenge, send me a message on Twitter @gusu_oana and I will be glad to help.

About: CTF-USV 2016 was the first International Students Contest in Information Security organized in Romania by Suceava University. Security challenges creation, evaluation of results and building of CTF environment was provided by Safetech Tech Team: Oana Stoian (@gusu_oana), Teodor Lupan (@theologu) and Ionut Georgescu (@ionutge1)

SHA1: f401e4e9084f937a674356dd4fa2144e10b8471a