The two french fans of Khaos Farbauti Ibn Oblivion are back ! Since the last attack on their server, Bob is trying to create a new, so much more secure, one. ... Well at least he thinks so. Time to prove him wrong !

Difficulty : Beginner with some little non-usual twists

Flag : No flag except for the root one, some easter eggs along the way

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinRaising is Level 2 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file, this level is all about identifying 4 pumpkin seeds (4 Flags - Seed ID’s) and gain access to root and capture final Flag.txt file.

Escalate_Linux - A intentionally developed Linux vulnerable virtual machine.The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques.

"Escalate_Linux" A Linux vulnerable virtual machine contains different features as.

  1. 12+ ways of Privilege Escalation
  2. Vertical Privilege Escalation
  3. Horizontal Privilege Escalation
  4. Multi-level Privilege Escalation

Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox.

  • Name: symfonos: 1
  • Difficulty: Beginner
  • Tested: VMware Workstation 15 Pro & VirtualBox 6.0
  • DHCP Enabled

Note: You may need to update your host file for symfonos.local

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinGarden is Level 1 of series of 3 machines under Mission-Pumpkin v1.0. The end goal of this CTF is to gain access to PumpkinGarden_key file stored in the root account.

There are many vulnerabilities on the CLAMP machine.

You need some time and patience when dealing with security vulnerabilities. The scenario is progressing through web vulnerabilities. You will feel the test air while doing them. Maybe you'il have some fun.

When sending information, the security of the protocol you use is very important. You must keep the evidence in safe places.

Good Luck!

  • Machine Name: CLAMP
  • Machine Size: 3.2GB
  • Difficulty: Low
  • Flag: /root/flag.txt
  • Tested: VMWare workstation 12 Pro
  • DHCP: Enabled
  • Author: Mehmet Kelepçe // @doskey_history

2much: 1

4ndr34z 11 Jun 2019

2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn't be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key.

The vm contains both user and root flags. If you don’t see them, you need to try harder…

Built and tested on VMWare ESXi and Fusion.


Need any hints? Feel free to contact me on Twitter: @4nqr34z

Oz was originally created and submitted to HackTheBox. It is a medium/hard boot2root challenge. The Oz box has 2 flags to find (user and root) and has a direct route for each, no need to bruteforce access. It is a slightly trolly box with real world vulnerabilities. The OVF has been tested on VirtualBox, VMware Fusion, and VMware Workstation.

If you have questions or concerns we can be contacted via Twitter - @incidrthreat and @ilove2pwn_

Welcome to CSRF Minefield!

CSRF Minefield is an Ubuntu Server 18.04 based virtual machine, that is heavily ridden with Cross-Site Request Forgery (CSRF) vulnerabilities. This VM hosts 11 real-world web applications that were found vulnerable to CSRF vulnerability and your aim is to find them and detonate them before they explode the target network.

What is CSRF?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - OWASP

How to find or test for a CSRF vulnerability?

As a starting point, you can use the following resources by the OWASP Project:

OWASP Testing Guide OWASP Code Review Guide

List of Web applications included in this version of CSRF Minefield (along with access details):

  1. Bolt CMS 3.6.6
  2. | Username:admin Password:admin123
  3. PilusCart 1.4.1
  4. | Username:admin Password:admin123
  5. zzzphp CMS 1.6.1
  6. | Admin link: | Username:admin Password:admin123
  7. CMSSite 1.0
  8. | Username:victor Password:victor
  9. OOP CMS Blog 1.0
  10. | Admin link: | Username:admin Password:123
  11. Integria IMS 5.0.83
  12. | Username:admin Password:integria
  13. ZeusCart 4.0
  14. | Admin link: | Username:admin Password:admin123
  15. WSTMart 2.0.8
  16. | Admin link: | Username:admin Password:admin123
  17. Simple Online Hotel Reservation System
  18. | Admin link: | Username:admin Password:admin
  19. OrientDB 3.0.17 GA Community Edition
    • Command to start web app:/opt/orient/bin/ | | Username:root Password:toor
  20. Apache CouchDB 2.3.1
    • Command to start web app:/opt/couchdb/bin/couchdb | | Username:root Password:toor

How to get started?

  1. Download the VM from here and extract the Zip file.
  2. Import / Open OVF with VMWare Player or VMWare Workstation
  3. Run the VM
  4. Access the VM on IP address
  5. VM login details:
  6. Username: ptlab
  7. Password: ptlab
  8. To login as root: sudo su //(password same as above)
  9. Start hunting!
  10. There might be a few vulnerabilities of other kind. Let's see if you can find them as well.

In case you run into any troubles, contact me on @yaksas443 (twitter) or csc[at]yaksas[dot]in

May the force be with you!

---------------SPOILERS AHEAD!!--------------------

Credits (vulnerability researchers):

  1. Bolt CMS 3.6.6 - FelipeGaspar
  2. PilusCart 1.4.1 - Gionathan Reale
  3. zzzphp CMS 1.6.1 - Yang Chenglong
  4. CMSSite 1.0 - Mr Winst0n
  5. OOP CMS Blog 1.0 - Mr Winst0n
  6. Integria IMS 5.0.83 - Javier Olmedo
  7. ZeusCart 4.0 - mqt
  8. WSTMart 2.0.8 - linfeng
  9. Simple Online Hotel Reservation System - Mr Winst0n
  10. OrientDB 3.0.17 GA Community Edition - Ozer Goker
  11. Apache CouchDB 2.3.1 - Ozer Goker

DC: 6

DCAU 26 Apr 2019


DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

This isn't an overly difficult challenge so should be great for beginners.

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

DC-6 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.

NOTE: You WILL need to edit your hosts file on your pentesting device so that it reads something like: wordy

NOTE: I've used as an example. You'll need to use your normal method to determine the IP address of the VM, and adapt accordingly.

This is VERY important.

And yes, it's another WordPress based VM (although only my second one).


While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.


I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7


OK, this isn't really a clue as such, but more of some "we don't want to spend five years waiting for a certain process to finish" kind of advice for those who just want to get on with the job.

cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. ;-)