Typhoon Vulnerable VM

Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering and DNS attacks. Prisma trainings involve practical use of Typhoon.

MD5 (Typhoon-v1.02.ova) = 16e8fef8230343711f1a351a2b4fb695

OS: Linux

Author: PrismaCSI

Series: Typhoon

Format: VM(OVA)

DHCP service: Enabled

IP address: Automatically assign

Task is to become root and read /root/flag.txt.

Pinky has setup a development environment to develop and test new software. He thinks his dev environment is pretty locked down security wise, what do you think?

Network (DHCP) Bridged

Difficulty for user: Hard/Expert

Difficulty for root: Hard/Expert

Tested in VirtualBox

You've received intelligence of a new Villain investing heavily into Space and Laser Technologies. Although the Villian is unknown we know the motives are ominous and apocalyptic.

Hack into the Moonraker system and discover who's behind these menacing plans once and for all. Find and destroy the Villain before it's too late!

-- Difficulty: Challenging

-- Flag is /root/flag.txt

-- Tested on VMware

-- DCHP enabled

-- No extra tools besides what's on Kali by default

-- Learning Objectives: Client-side Attacks, NoSQL, RESTful, NodeJS, Linux Enumeration and Google-fu.

Thanks to /u/limbernie on Reddit for testing!

Good luck and have fun!

MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. :-)

MERCY is a name-play on some aspects of the PWK course. It is NOT a hint for the box.

If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Mercy is: (#1): what you always plead for but cannot get, (#2): a dubious machine, (#3): https://www.youtube.com/watch?v=c-5UnMdKg70

Note: Some report a kernel privilege escalation works on this machine. If it does, try harder! There is another vector that you should try!

Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.

I created this boot2root last year to be hosted on Peerlyst.com It's beginner level, but requires more than just an exploitdb search or metasploit to run.

It was created in (and is intended to be used with) VirtualBox, and takes some extra configuration to set up in VMWare.

It was originally created for HackTheBox

Description : Two french people want to start the very first fanclub of the youtuber Khaos Farbauti Ibn Oblivion. But they're not very security aware ! (IMPORTANT NOTE : The whole challenge is in french, including server conf. Which may add to the difficulty if you are non-native or using a non-azerty keyboard)

Difficulty : Beginner with some little non-usual twists

Flag : There are four flags to find, not all of them on the solution path

Description: Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For any questions, feel free to contact me on Twitter: @unknowndevice64

Raven is a Beginner/Intermediate boot2root machine. There are four flags to find and two intended ways of getting root. Built with VMware and tested on Virtual Box. Set up to use NAT networking.