Here at we wanted to develop a Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker.

We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will help you to perfect your local privilege escalation skills, techniques and toolsets. There are a number challenges which range from fairly easy to intermediate level and we’re excited to see the methods you use to solve them!

The image is just under 1.7 GB and can be downloaded using the link above. On opening the OVA file a VM named will be imported and configured with a NAT adapter, but this can be changed to bridged via the the preferences of your preferred virtualisation platform.

To get started you can log onto the host with the credentials: bob/secret

[+] A CTF created by

[+] Difficulty: Easy/Intermediate

[+] Tested in VirtualBox

[+] Note: 2 ways to get root!


This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security.

VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I haven’t tested that).

This VM is a moderate step up in difficulty from the first entry in this series. If you’ve solved the first entry and have tried a few other beginner-oriented challenges, this VM should be a good next step. Once again, this challenge contains multiple initial exploitation vectors and privilege escalation vulnerabilities.

Your goal is to remotely attack the VM, gain root privileges, and read the flag located at /root/flag.txt. Once you’ve finished, try to find other vectors you might have missed! If you’d like to send me a link to your writeup, enjoyed the VM or have questions or feedback, feel free to contact me at: [email protected]

If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. There were lots of wonderful writeups for Basic Pentesting: 1, and I look forward to reading the writeups for this challenge.

I recently got done creating an OSCP type vulnerable machine that's themed after the great James Bond film (and even better n64 game) GoldenEye. The goal is to get root and capture the secret GoldenEye codes - flag.txt.

I'd rate it as Intermediate, it has a good variety of techniques needed to get root - no exploit development/buffer overflows. After completing the OSCP I think this would be a great one to practice on, plus there's a hint of CTF flavor.

I've created and validated on VMware and VirtualBox. You won't need any extra tools other than what's on Kali by default. Will need to be setup as Host-Only, and on VMware you may need to click "retry" if prompted, upon initially starting it up because of formatting.

A new OSCP style lab involving 2 vulnerable machines, themed after the cyberpunk classic Neuromancer - a must read for any cyber-security enthusiast. This lab makes use of pivoting and post exploitation, which I've found other OSCP prep labs seem to lack. The goal is the get root on both machines. All you need is default Kali Linux.

I'd rate this as Intermediate. No buffer overflows or exploit development - any necessary password cracking can be done with small wordlists. It's much more related to an OSCP box vs a CTF. I've tested it quite a bit, but if you see any issues or need a nudge PM me here.

Virtual Box Lab setup instructions are included in the zip download, but here's a quick brief:

Straylight - simulates a public facing server with 2 NICS. Cap this first, then pivot to the final machine. Neuromancer - is within a non-public network with 1 NIC. Your Kali box should ONLY be on the same virtual network as Straylight.

Machine Name: - Billi_b0x 2

Author Name: - Manish Kishan Tanwar (@indishell1046)


This Virtual machine is using ubuntu (32 bit)

Other packages used: -

PHP Apache MySQL Apache tomcat

This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Gaining low or root privilege shell can be done in two ways (for both)



MinU: 1

8BitSec 2 May 2018

Name: MinUv1

Date Release: 2018-07-10

Author: 8bitsec

Description: This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP. Your goal is to capture the flag on /root.

Note: Tested on VirtualBox

Network: Host-Only/DHCP (should work on bridged)

File: OVA

Difficulty: easy/intermediate

Filename: MinUv1.ova.7z

File Size: 540MB

MD5: cc3d58173a8e9ed3f7606c8d12140a68

SHA1: 8409ceb3cd959085c0249eb676af2f384da85466

Format: Virtual Machine (Virtualbox - OVA)

Operating System: Linux

DHCP service: Enabled

IP address: Automatically assign