Kioptrix VM Image Challenges:

This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.

Source: http://www.kioptrix.com/blog/?page_id=135

Source: http://www.kioptrix.com/blog/?p=49

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Source: http://pynstrom.com/holynix.php

-- README

Holynix 2.0 Release Notes


Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. The object of the challenge v1 is just to root the box. Register on the forums to receive an email update when a new challenge is released.

Network Configuration


Holynix v2 is set with static ip and requires some network configuration in order to run.

  • Network: 192.168.1.0/24
  • Pool Starting Addr: 192.168.1.2
  • Gateway Addr: 192.168.1.1
  • Subnet Mask: 255.255.255.0

Support


Homepage: http://pynstrom.com/

Project Page: http://pynstrom.com/holynix.php

Forums: http://pynstrom.com/forum/

Bugs


Bugs can be reported using sourceforge's bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at [email protected]

Source: holynix-v2.tar.bz2/README.txt

--Forum

Getting Started w/ Holynix v2

Source: http://pynstrom.com/forum/viewtopic.php?f=8&t=7

Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you're having trouble, or there are any problems, it can be discussed here.

Source: http://pynstrom.com/holynix.php

-- README

Holynix 1.0 beta Release Notes


Similar to the de-ice and pWnOS pentest cds, Holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example. The object of the challenge is to gain root level privileges and access to personal client information.

Support


Homepage: http://pynstrom.com/

Project Page: http://pynstrom.com/holynix.php

Forums: http://pynstrom.com/forum/

Bugs


Bugs or can be reported using sourceforge's bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at pynstrom AT pynstrom DOT com

Source: holynix-v1.tar.bz2/README.txt

README.txt wasn't updated with the release of the final version

-- Forum

Difference between beta and final

  • Set HD to non-persistant so any mistakes will be fixed at reboot.
  • Removed some trash I accidentally left laying around.

Source: http://pynstrom.com/forum/viewtopic.php?f=2&t=5

Getting Started w/ Holynix v1

Source: http://pynstrom.com/forum/viewtopic.php?f=6&t=6

-- Checksums

Beta MD5: D19306C6C2305005C72A7811D2B72B51

Beta SHA1: 0C5B7D37FECD39C52BC2C8C2EE66A617BB576A90

Final MD5: EBB8EF2544559D72A052687497F78341

Final SHA1: 967F3DB6D97CCC615EB5758AC75387D46C3D1199

About hackxor

Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc

Features:

  • Client attack simulation using HtmlUnit; no alert('xss') here.
  • Smooth difficulty gradient from moderately easy to fiendishly tricky.
  • Realistic vulnerabilities modelled from Google, Mozilla, etc (No rot13!)
  • Open ended play; progress by any means possible.

Download & install instructions

  • Download the full version of hackxor (700mb)
  • Install VMWare Player (This involves creating a free account with vmware)
  • Extract hackxor1.7z, run the image using VMware player.
  • Work out what the IP of hackxor is ((try 172.16.93.129)|| logging into the VM with username:root pass:hackxor and typing ifconfig)
  • Configure your hosts file (/etc/hosts on linux) to redirect the following domains to the IP of hackxor: wraithmail, wraithbox, cloaknet, GGHB, hub71, utrack.
  • Browse to http://wraithmail:8080 and login with username:algo password:smurf

If you can't edit the hosts file for some reason, you could use the 'Override hostname resolution' option in Burp proxy

Troubleshooting the installation:

  • If http://wraithmail:8080 loads everything is probably working.
  • First: Try 'nmap wraithmail' in a shell to see if port 8080 is open. If it is open, contact me! Otherwise:
  • Second: Try nmap . If that succeeds, fix your hosts file. Otherwise:
  • Third: If you really can't get any network contact with the VM, check the VM settings in the VM manager
  • (this does not involve logging into the virtual machine). Make sure it is set to NAT. If that doesn't fix it:
  • Fourth: Try changing the VM network setting to 'Bridged'. This will mean other people on the LAN can access it.
  • Fifth: If all else fails, contact me on twitter.

The scene

You play a professional blackhat hacker hired to track down another hacker by any means possible. Start by checking your email on wraithmail, and see how far down the rabbit hole you can get. The key websites in this game are http://wraithmail:8080 http://cloaknet:8080 http://gghb:8080 and http://hub71:8080 so if you don't feel like tracking down your target you may hack them in any order. Each website will be properly introduced through the plot.

Changes since 1.0

  • Fixed a potential-lose bug in hub71

Changes since the beta

  • Made cloaknet (second level) harder/better/more realistic
  • Added stealth ranking system
  • Fixed 2 unintentional XSS vulns in rentnet(hub71)
  • Enhanced rentnet(hub71) session security (You'll see)
  • Added online demo (first 2 levels)
  • Improved names/other fluff
  • Added clear ending
  • Made VM IP static-ish for easier installation
  • Made VM only accessible from the host machine by default
  • Linked sites together better
  • Added anti-bruteforce protection
  • Removed numerous bits of test code
  • Removed a few obscenities
  • Fixed some inaccuracies&minor bugs

Source: http://hackxor.sourceforge.net/cgi-bin/index.pl

This is the second realistic hackademic challenge (root this box) by mr.pr0n

Download the target and get root.

After all, try to read the contents of the file 'key.txt' in the root directory.

Enjoy!

Source: https://ghostinthelab.wordpress.com/2011/09/06/hackademic-rtb2-%E2%80%93-root-this-box/

This is the first realistic hackademic challenge (root this box) by mr.pr0n

Download the target and get root.

After all, try to read the contents of the file 'key.txt' in the root directory.

Enjoy!

Source: http://ghostinthelab.wordpress.com/2011/09/06/hackademic-rtb1-root-this-box/

Name: Game Over Category: Web Pentest Learning Platform File Type: VM image/iso

Author: Jovin Lobo Mentor: Murtuja Bharmal

Download URL: http://sourceforge.net/projects/null-gameover/files

Default Credentials: [username:root / password:gameover]

Description:

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover:

  • XSS
  • CSRF
  • RFI & LFI
  • BruteForce Authentication
  • Directory/Path traversal
  • Command execution
  • SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

Source: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform/

About

Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as: + Address Space Layout Randomisation + Position Independent Executables + Non-executable Memory + Source Code Fortification (_DFORTIFY_SOURCE=) + Stack Smashing Protection (ProPolice / SSP)

In addition to the above, there are a variety of other challenges and things to explore, such as: + Cryptographic issues + Timing attacks + Variety of network protocols (such as Protocol Buffers and Sun RPC) + At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.

Getting started

Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of "fusion" (without quotes), and password "godmode" (again, without quotes).

To get root for debugging purposes, do "sudo -s" with the password of "godmode".

Source: http://exploit-exercises.com/fusion

Configuration

The network is configured to obtain an IP address via DHCP by default. Although if you want to further configure the virtual machine you can login as user root and password toor. The apache web server is configured to run on port 8880.

Mission

The challenge includes an image hosting web service that has various design vulnerabilities. You must enumerate the various web service features and find an exploitable vulnerability in order to read system hidden files. The web application is 100% custom so do not try to search google for relative PoC exploit code.

FINAL GOAL: Reveal the hidden message for a date arrange that Bob sent to Alice.

Source: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/

--S2.100

SCENARIO

The scenario for this LiveCD is that you have been given an assignment to test a company's 192.168.2.xxx network to identify any vulnerabilities or exploits. The systems within this network are not critical systems and recent backups have been created and tested, so any damage you might cause is of little concern. The organization has had multiple system administrators manage the network over the last couple of years, and they are unsure of the competency previous (or current) staff2

CONFIGURATIO

PenTest Lab Disk 2.100: This LiveCD is configured with an IP address of 192.168.2.100 - no additional configuration is necessary.

Pentest Machine:

Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 2.100 can be found on the BackTrack Disk. No additional installations will be necessary.

Router Configuration:

The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values:

  • DHCP Server: active
  • Pool Starting Addr.: 192.168.2.2

LAN TCP/IP: + IP Address: 192.168.2.1 + IP Subnet Mask: 255.255.255.0

Source: http://forums.hackingdojo.com/viewtopic.php?f=18&t=91

--Level 2

Where to get the current PenTest Lab Level 2 disks:

Disk 2.100 version 1.1: http://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso

Where to find the hash values of the disks:

http://heorot.net/instruction/tutorials/iso/iso_hashes

Where to get the BackTrack disk:

http://remote-exploit.org/backtrack_download.html Warning: BackTrack v. 3 beta is known to NOT work. Please use version 2

Where to get the network configuration information:

Network configuration: 192.168.2.xxx = http://forums.heorot.net/viewtopic.php?f=18&t=91

Source: http://forums.hackingdojo.com/viewtopic.php?f=18&t=16