- Objective: gain shell access for each level. Then reach root.
- Note: figure out what the blips are, where they are, and how to decode each one.
-=Pandora's Box =- ___ (((((\\ 6_6 ((, __ -\_ __\--. ,-',\\` '//,\_ \ |.----&----. \ `. \ (__,___,__(_ \ | _____| | |__`--'____ |________|,' hjw Filename: pandoras_b0x.ova MD5: bf3eb20ca837edccc7edbf627e095bbd SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201 Author: c0ne Testers: Barrebas / Jelle Difficulty: Medium About: Pandora's box is a Boot2Root VM focused on binary exploitation and reverse engineering. You have to complete all levels to r00t the box. Some levels come with a readme file which you should read. Usage: Import, boot and wait 60 seconds for everything to start up before scanning it. Shootout: Major thanks to Barrebas and Jelle for testing the VM and challenges and the feedback. c0ne
.-. %%%%,/ :-. % `%%%, / `\ _, |' )`%%| '-' / Filename: pegasus.ova \_/\ %%%/`-.___.' MD5: 5046e330ff42e9adee0a42b63694cbfe __/ %%%"--"""-.%, SHA1: f18b7437ca3c96f76a2e1b06f569186b63567dd5 /`__| %% \%% Difficulty: Intermediate \\ \ / | /'%, Author: Knaps \] | /----'. < `%, Tester: Mulitia || `>> > || ///` /( //(
Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.
Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!
As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)
The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)
Difficulty is beginner++ to intermediate.
The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address.
Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas.
If you have issues with the machine, feel free to contact me at @Maleus21 or maleus
Author: Rasta Mouse
Testers: Barrebas & OJ
Notes to the Player
As part of the challenge, Kvasir utilises LXC to provide kernel isolation. When the host VM boots, it takes can take a little bit of time before the containers become available.
It is therefore advised to wait 30-60 seconds after the login prompt is presented, before attacking the VM.
A few other pointers:
____ __. __ ____ __. __ ____ | |/ _| ____ ____ ____ | | __ | |/ _| ____ ____ ____ | | __ /_ | | < / \ / _ \_/ ___\| |/ / ______ | < / \ / _ \_/ ___\| |/ / | | | | \| | ( <_> ) \___| < /_____/ | | \| | ( <_> ) \___| < | | |____|__ \___| /\____/ \___ >__|_ \ |____|__ \___| /\____/ \___ >__|_ \ |___| \/ \/ \/ \/ \/ \/ \/ \/
Pretty much thought of a pretty neat idea I hadn't seen done before with a VM, and I wanted to turn it into reality!
Your job is to escalate to root, and find the flag.
Since I've gotten a few PM's, remember: There is a difference between "Port Unreachable" and "Host Unreachable". DHCP is not broken ;)
Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing :)
Also, gotta thank barrebas who was able to find a way to make things easier... but of course that is fixed with this update! ;)
MD5 -- 3b6839a28b4be64bd71598aa374ef4a6 knock-knock-1-1.ova
SHA1 -- 0ec29d8baad9997fc250bda65a307e0f674e4180 knock-knock-1-1.ova
Feel free to hit me up in #vulnhub on freenode -- zer0w1re
Quickly created an exercise for cve-2014-6271:
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| || |___ | |_||_ | |_____ | | | |_____ | | | |___ | || || |___ | ___|| ___|| __ ||_____ || | |_____ | | | | ___|| _ || _|| ___| | | | |___ | | | | _____| || | _____| | | | | |___ | | | || |_ | |___ |___| |_______||___| |_||_______||___| |_______| |___| |_______||_| |__||_______||_______| "the fact of continuing in an opinion or course of action in spite of difficulty or opposition" by sagi- & superkojiman
By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.
TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.
Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:
"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge
"Energy and persistence conquer all things." - Benjamin Franklin
"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley
Get a root shell and read the contents of /root/flag.txt to complete the challenge!
The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:
VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3
Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!