Mission: Millionaire psychopath Max Zorin is a mastermind behind a scheme to destroy Silicon Valley in order to gain control over the international microchip market. Get root and stop this madman from achieving his goal!

  • Difficulty: Intermediate
  • Flag is /root/flag/flag.sh
  • Use in VMware. DHCP enabled.
  • Learning Objectives: Web Application Security, Scripting, Linux enumeration and more.

This festive season witness the Mahakaal himself in this Boot to Root Challenge. Gain the Root and Get indulged in the Bliss of The Rudra. Call yourself the True Bhole Bakth on completion of this challenge.


  • Level: Beginner-Intermediate
  • User flag: user.txt
  • Root flag: root.txt
  • Description: The machine is VirtualBox compatible but can be used in VMWare as well (not tested but it should work). The DHCP will assign an IP automatically. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively. Enjoy pwning it!

This is an hard machine.

You'll need to master and chain together multiple vulnerabilities.

If you need a hint feel free to contact me on Twitter: @p4w16

Its a CTF machine that deals with the history of gears of war, where we must try to escape from prison and obtain root privileges. it has some rabbit holes, so you have to try to connect the tracks to get access.

Book your tickets to The Konohagakure, and train under Master Jiraiya, Hokage Uzumaki and Tsunade. Use your hacking skills to stop Orrochimaru and Rescue Sasuke. Hack this boot to root and get the title of “The Number One Hyperactive, Knucklehead Ninja”


Advanced-Hard Boot2Root machine intended to be used in a Workshop/CTF beside Shellmates Club.

The machine has 6 flags that will guide the challenger through it.

It covers web security, binary exploitation, and various misconfigurations.

  • LinkedIn: https://www.linkedin.com/in/hafidh-zouahi-b95373132/
  • e-mail: gh_zouahi at esi dot dz

This lab is going to introduce a little anarchy. It will upset the established order, and everything becomes will become chaos. Get your face painted and wear that Purple suit because it’s time to channel your inner Joker. This is a boot2root lab. Getting the root flag is ultimate goal.


The machine was part of my workshop for Hacker Fest 2019 at Prague.

Difficulty level of this VM is very “very easy”. There are two paths for exploit it.

  • There are no intentional rabbit holes.
  • Through a vulnerable "[retracted]". Exploit is part of MSF.
  • Through vulnerable "[retracted]".
    • Can be found by "[retracted]".
    • There is a "[retracted]" injection (exploit is part of MSF).
    • Recovered credentials (username + hash) can be cracked by John and rockyou.txt wordlist.
    • Low priv shell can be gained through MSF exploit or trying the credentials against "[retracted]".
    • Priv. esc. is simply done by "[retracted]".

A harder VM designed to train for both pentesting newer IT infrastructure methodologies as well as network pivot practice.

You'll need to be familiar with pivoting techniques, web app vulnerabilities, Metasploit and Meterpreter, as well as enumeration methodologies and a good bit of patience.

As a note, there are two additional bonus flags that will appear in the /root directory based on pre-defined actions taken during the course of rooting the VM.