It was originally created for HackTheBox

Description : Two french people want to start the very first fanclub of the youtuber Khaos Farbauti Ibn Oblivion. But they're not very security aware ! (IMPORTANT NOTE : The whole challenge is in french, including server conf. Which may add to the difficulty if you are non-native or using a non-azerty keyboard)

Difficulty : Beginner with some little non-usual twists

Flag : There are four flags to find, not all of them on the solution path

Description: Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For any questions, feel free to contact me on Twitter: @unknowndevice64

Raven is a Beginner/Intermediate boot2root machine. There are four flags to find and two intended ways of getting root. Built with VMware and tested on Virtual Box. Set up to use NAT networking.

N/A

Haboob Team made this virtual machine regarding the published paper "XML External Entity Injection - Explanation and Exploitation" https://www.exploit-db.com/docs/45374 to exploit the vulnerability in a private network. We hope that you enjoy the challenge!

The challenge is right here: http://IP-ADDRESS/xxe

WebSploit2018

Web Application Exploitation Environment

WebSploit2018 is a collection of vulnerable web applications packed in a virtual environment.

This VM is intended for those who want to:

  • Hack Web Applications in a controlled environment
  • Learn about Web Application security
  • Test automatic vulnerability scanners
  • Test and analyze source code

Unpack the VM and run it in your virtualization software. It gets an IP address via DHCP System Login: user:websploit2018 password:websploit2018

Before attacking this VM remotely, you should edit your Penetration Testing machine's hosts file(IP-websploit2018). Point your browser to http://websploit2018/

Happy WebApp hacking ;)

Node: 1

Rob 7 Aug 2018

Description: Node is a medium level boot2root challenge, originally created for HackTheBox. There are two flags to find (user and root flags) and multiple different technologies to play with. The OVA has been tested on both VMware and Virtual Box.

A new Vibranium market will soon be online in the dark net. Your goal, get your hands on the root file containing the exact location of the mine.

Intermediate level

Flags: There are three flags (flag1.txt, flag2.txt, root.txt)

  • DHCP: Enabled
  • IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For any questions, feel free to contact me on Twitter: xMagass

Happy Hacking!

The 2018 BSidesTLV CTF competition brought together over 310 team burning the midnight oil to crack our challenged in a bout that lasted for two weeks! But you can now enjoy the same pain and suffering, using this easy to use, condensed VM that now hosts all our challenges in an easy to digest format. This VM now includes all challenges from the CTF:

  • IAmBrute
  • Shared Directory
  • Redirect me
  • Crypto2
  • c1337Shell
  • IH8emacs
  • Into the rabbit hole
  • PimpMyRide
  • Wtflol
  • Can you bypass the SOP?
  • T.A.R.D.I.S.
  • I'm Pickle Rick!
  • Creative Agency
  • hideinpILainsight
  • DockingStation
  • NoSocket
  • PySandbox-Insane
  • ContactUs
  • GamingStore

In order to access the challenges you need to:

  • run ifconfig eth0 (in the VM)
  • set challenges.bsidestlv.com in hosts file with the VM IP address

Credentials:

  • CTFD User access (Use if you want to play):

    • user:user
  • CTFD Admin access (Use if you want to modify):

    • bsidestlv:bsidestlv
  • Boot2Docker SSH:

    • docker:tcuser

CTFd URL: http://challenges.bsidestlv.com