It has 2 flags.
Certain functionality only work with VMware.
This boot2root is a linux based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP.
Your goal is to capture the flag on /root.
Note: Tested on VirtualBox
Network: Host-Only, NAT (not required)
Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox.
For hints you're welcome to contact me via Twitter @zayotic
'hackme' is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently privilege escalate as root. The lab was created to mimic real life environment.
'hackme' uses DHCP and in the possible event that the mysqld shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently.
Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems.
PumpkinFestival is Level 3 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file. Level 2 is about identifying pumpkin seeds.
In this level (Level 3) it is time for Pumpkin Festival, the goal is to reach root and access PumpkinFestival_Ticket and collect PumpkinTokens on the way.
How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities.
Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.