SmashTheTux: 1

canyoupwn.me 18 Mar 2016
SmashTheTux 1 screenshot

SmashTheTux v1.0

by canyoupwn.me

Introduction to Application Vulnerabilities

For Educational Purposes

SmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation. This VM consists of 9 challenges, each introducing a different type of vulnerability. SmashTheTux covers basic exploitation of the following weaknesses:

  • Stack Overflow Vulnerability
  • Off-by-One Vulnerability
  • Integer Overflow
  • Format String Vulnerability
  • Race Conditions
  • File Access Weaknesses
  • Heap Overflow Vulnerability

Credentials => tux:tux, root:1N33dP0w3r

Have fun!

SHA1: 1CBC89FEB7AD1F92DC94CE5CA6739415FDCA57C8

Download

Kevgir: 1

canyoupwn.me 15 Feb 2016
Kevgir 1 screenshot

Kevgir

by canyoupwn.me

Multi Vulnerable Virtual Machine

For Educational Purposes

Kevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that.

Have fun!

Default username:pass => user:resu

  • Bruteforce Attacks
  • Web Application Vulnerabilities
  • Hacking with Redis
  • Hacking with Tomcat, Jenkins
  • Hacking with Misconfigurations
  • Hacking with CMS Exploits
  • Local Privilege Escalation
  • And other vulnerabilities.

SHA1: 38E12F8DC93F519C6F716EAC6BEE1632BC199811

Download Walkthroughs    

PRIMER: 1.0.1

Arne Rick 15 Jan 2016
PRIMER 1.0.1 screenshot 
         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods

More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

SHA1: 5315D9856A1F52E491D65F10417015CB1986C60C

Download Walkthroughs    

Csharp: VulnJson

Brandon Perry 4 Jan 2016
Csharp VulnJson screenshot

The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

SHA1: F3FD7B4C043681EFDFE3F6B70964A2B8F2E86FF7

Download Walkthroughs    

Csharp: VulnSoap

Brandon Perry 4 Jan 2016
Csharp VulnSoap screenshot

The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.

The vulnerable SOAP service is available on http://<ip>/Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

SHA1: 3CDBFA9ABB24F2FC69AA1A556C9A2B4DFA24DA44

Download

FristiLeaks: 1.3

Ar0xA 14 Dec 2015
FristiLeaks 1.3 screenshot

About:

Name: Fristileaks 1.3
Author: Ar0xA
Series: Fristileaks
Style: Enumeration/Follow the breadcrumbs
Goal: get root (uid 0) and read the flag file
Tester(s): dqi, barrebas
Difficulty: Basic

Description:

A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..

SHA1: 4AB71D307E6D9AA3CEFE7547DDC1F987D738C596

Download Walkthroughs    

SickOs: 1.1

D4rk 11 Dec 2015
SickOs 1.1 screenshot

About Release

Name........: SickOs1.1
Date Release: 11 Dec 2015
Author......: D4rk
Series......: SickOs
Objective...: Get /root/a0216ea4d51874464078c618298b1367.txt
Tester(s)...: h1tch1
Twitter.....: https://twitter.com/D4rk36

Description:

This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.

File Information:

FileName: sick0s1.1.7z
File Size: 652.52 MB
MD5: 396e46897c54da6ded6604b861c806b7
SHA1: 3578a10ba92f860c2f0d8934ec5a9bbffc4c7859

Virtual Machine:

Format: 7z
Operating System: Ubuntu
Tested: VMware Workstation 11.0.0 build-2305329

Networking:

DHCP service: Enabled
IP address: Automatically assign

Flag(s):

Yes

SHA1: 3578A10BA92F860C2F0D8934EC5A9BBFFC4C7859

Download Walkthroughs    

The Wall: 1

Xerubus 27 Nov 2015
The Wall 1 screenshot 
Title: The Wall
File: thewall.ova
md5sum: a5e6ebde160239bce605cca8e1cf207d
Size: 299.4MB
Hypervisor: Created with VMWare Fusion.  Tested with vmware (fusion) and virtualbox.
Author:  @xerubus
Test Bunnies:  Rasta Mouse and TheColonial
Difficulty: Intermediate

This boot2root box is exclusive to VulnHub. If you have a crack at the challenge, please consider supporting VulnHub for the great work they do for our offsec community.

Description

In 1965, one of the most influential bands of our times was formed.. Pink Floyd. This boot2root box has been created to celebrate 50 years of Pink Floyd's contribution to the music industry, with each challenge giving the attacker an introduction to each member of the Floyd.

You challenge is simple... set your controls for the heart of the sun, get root, and grab the flag! Rock on!

Notes

  • DHCP (Automatically assigned)
  • IMPORTANT: The vm IS working as intended if you receive a successful DHCP lease as seen in the boot up sequence.
  • 'thewall' vm must be on the same subnet as the attacking machine AND the attacking machine should ideally be a vm on the same network as 'thewall'. If you choose to use a physical box as the attacking machine, 'thewall' must exist on the same network via a bridged interface.

SHA1: A2520E21CF28752FB317F9DDB4143229702BC21B

Download Walkthroughs    

/dev/random: Sleepy

Sagi- 2 Oct 2015
/dev/random Sleepy screenshot 
  _________.__                              
 /   _____/|  |   ____   ____ ______ ___.__.
 \_____  \ |  | _/ __ \_/ __ \\____ <   |  |
 /        \|  |_\  ___/\  ___/|  |_> >___  |
/_______  /|____/\___  >\___  >   __// ____| ·VM·
        \/           \/     \/|__|   \/

+-----------------------------------------------------------------------+
|  cReaTeD....: sagi- (@s4gi_)      |  DaTe......: 2015-10-02           |
|  oS.........: Linux               |  oBJecTiVe.: Get /root/flag.txt   |
|                                   |  GReeTZ....: @nanomebia           |
|                                   |  TeSTeRs...: @barrebas            |
|                                   |              Christopher Panayi   |
+-----------------------------------------------------------------------+
|  VM HiSToRY:                                                          |
|  v1.0 - Public release @ ZaCon VI "Capture the Flag (and in between)" |
|  V0.1 - Private release @ SecTalks Perth                              |
+-----------------------------------------------------------------------+

SHA1: 9BA1A0366A53073CF4C7CF5B221313FDE6D1126F

Download Walkthroughs    

/dev/random: Pipe

Sagi- 2 Oct 2015
/dev/random Pipe screenshot 
__________.__               
\______   \__|_____   ____  
 |     ___/  \____ \_/ __ \ 
 |    |   |  |  |_> >  ___/ 
 |____|   |__|   __/ \___  >
             |__|        \/  ·VM· (MiNi CHaLLeNGe BuiLT FoR ZaCoN Vi)

+-----------------------------------------------------------------------+
|  cReaTeD....: sagi- (@s4gi_)      |  DaTe......: 2015-10-02           |
|  oS.........: Linux               |  oBJecTiVe.: Get /root/flag.txt   |
|                                   |  GReeTZ....: @zac0n               |
|                                   |  TeSTeRs...: @leonjza             |
|                                   |              @barrebas            |
+-----------------------------------------------------------------------+

SHA1: 43688498287762221A3DBAE0F264B9503064DBB4

Download Walkthroughs    
Search

Sort

Type

© VulnHub 2012-2016