Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox.

For hints you're welcome to contact me via Twitter @zayotic

Welcome to "It’s October"

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target.

Goal: Get the root flag of the target.

Difficulty: Easy/Medium Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

TBBT2: FunWithFlags

______             _    _ _ _   _      ______ _                 
|  ___|           | |  | (_) | | |     |  ___| |                
| |_ _   _ _ __   | |  | |_| |_| |__   | |_  | | __ _  __ _ ___ 
|  _| | | | '_ \  | |/\| | | __| '_ \  |  _| | |/ _` |/ _` / __|
| | | |_| | | | | \  /\  / | |_| | | | | |   | | (_| | (_| \__ \
\_|  \__,_|_| |_|  \/  \/|_|\__|_| |_| \_|   |_|\__,_|\__, |___/
                                                       __/ |    
                                                      |___/

Welcome to "Fun with Flags" 2!

This boot2root machine is part of the TBBT Fun with Flags series and it is themed after the famous TV show, The Big Bang Theory and has really strong CTF elements. It's more like solving a set of interesting CTF challenges as a puzzle than facing these in a real life scenario.

Goal: Hack Sheldon and get user and root flags

Difficulty: Intermediate but if you have never watched the series I would rate it as hard, still solvable though

• Runs only with VirtualBox!
• DHCP is enabled

Need hints? Tweet @emaragkos

Your feedback is really valuable for me!

Was there something that you didn’t like about it? Maybe something you have liked more if it was different?

Good luck and have fun :)

Welcome to "My Web Server"

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerablities of target.

Goal: Get the root flag of the target.

Difficulty: Medium/Intermediate Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

An easy to intermediate, TIGER KING themed boot2root.

Why is this "Tiger King" themed!? Well I decided to put my first CTF together, and needed some ideas for the blog.

Lo and behold, Joe Exotic appeared on TV and thus, this CTF was made.

Can you help Joe escape from prison?

There are no off the shelf exploits here, and bruteforcing will get you nowhere. You will need to perform manual investigation and enumeration.

Multiple ways to achieve root, ranging from beginner to medium difficulty.

An easy to intermediate boot2root.

Enumeration is key and bruteforcing SSH will get you banned.

Created in Virtualbox.

Goal: Get the root flag.

Your feedback is appreciated -- Twitter: @iamv1nc3nt

Description

DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

For those with experience doing CTF and Boot2Root challenges, this probably won't take you long at all (in fact, it could take you less than 20 minutes easily).

If that's the case, and if you want it to be a bit more of a challenge, you can always redo the challenge and explore other ways of gaining root and obtaining the flag.

Technical Information

DC-3 is a VirtualBox VM built on Ubuntu 32 bit, so there should be no issues running it on most PCs.

Please note: There was an issue reported with DC-3 not working with VMware Workstation. To get around that, I recommend using VirtualBox, however, I have created a separate DC-3 VMware edition for those who can only use VMware.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

This is a beginner boot2root in a similar style to ones I personally enjoy like Mr Robot, Lazysysadmin and MERCY.

This is a VMware machine. DHCP is enabled, add lemonsqueezy to your hosts. It’s easypeasy!

Cyber criminals have taken over the energy grid across Europe. As a member of the security service, you’re tasked with breaking into their server, gaining root access, and preventing them from launching their malware before it’s too late.

We know from previous intelligence that this group sometimes use weak passwords. We recommend you look at this attack vector first – make sure you configure your tools properly. We do not have time to waste.

Unfortunately, the criminals have started a 3 hour clock. Can you get to their server in time before their malware is deployed and they destroy the evidence on their server?

This exercise is designed to be completed in one sitting. Shutting down the virtual machine will not pause the timer. After the timer has finished, the CTF machine will be shut down and you will be unable to boot it. Please keep a local backup of the CTF prior to starting, in case you wish to attempt a second time.

If you are to succeed, I strongly recommend reading these points:

• Keep a local backup before starting in case you run out of time
• You will need a basic understanding of the GPG tool and how it works
• Configure your tools so they work at the maximum/hardest level possible. Make sure you are looping around the correct thing, if you know what I mean
• Getting the initial shell is possibly the longest part.
• There are four flags in total. Each flag file will guide you to the next area
• This virtual machine has been tested in VirtualBox only. I cannot guarantee it will work on VMWare, but it should be okay.

SHA-256: 8bc79937082748c21de14c5da3772f7fc750d52b68cf27816922186f6e68d6b7

This is rated as 'Hard' (as per the matrix here: https://security.caerdydd.wales/ctf-difficulty-levels/)

Nataraj is a dancing avatar of Hindu God Shiva. His dance is called Tandava and it is only performed when he is most angry. Whoever interrupts his dance dies by Shiva while dancing. This is a Boot2Root challenge. Based on Nataraja. You only have to root the machine and find the root flag! All the best!

Welcome to the agency! Here we look only for the best of the best.

Do you think you got what it takes? Then step up and show us what you got!

This is a Boot2Root challenge. The final goal is to take the flag in /root.

This VM is created and tested with VMWare, but Vbox also should work just fine.

Welcome to "GainPower: 01"

This is a Boot2Root challenge.

• Difficulty: Beginner to Intermediate
• Goal: Get the user and root flag
• DHCP: Enabled
• Warning: Be careful with "rabbit hole" !.

This VM is created and tested with VirtualBox

Need hints? Twitter @VanshalG

Your feedback is really valuable to me! Twitter @VanshalG

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!