A series of challenges to test basic stack overflow skills, originally developed for the Sheffield University Ethical Hacking Society.

Starting as level0 exploit a binary owned by the next user to get the flag.

There are 5 flags to collect:

  • /home/level1/level1.txt
  • /home/level2/level2.txt
  • /home/level3/level3.txt
  • /home/level4/level4.txt
  • /root/root.txt

Each flag is the corresponding users password, so once you exploit the binary owned by level1 and get the level1 flag, you can su to level1 and take on the next challenge

To start boot the machine and login as:

  • username: level0
  • password: level0

You'll find the first binary to exploit is: /home/level0/level1

You may want to increase the resources allocated to the machine


A machine using the newest REMOVED Server, the newest REMOVED and containing some REMOVED....

Will you gain your status as a 00 agent?

  • Difficulty: Intermediate
  • Flag is /root/flag/flag.sh
  • DHCP enabled, tested on VMware


myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge. The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1.

CTF Flag Information

This CTF challenge consists of a total of 20 flags. The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host. The 1 host that is the exception has no flags. (A mistake that I made was to name 2 flags the same.)

The structure of each flag is as follows: {{tryharder:xxx}}. The xxx in the example could be a single digit or up to 4 digits.

Network Diagram

Below is a network diagram of the setup which may or may not be accurate. The virtual machine represents the firewall in the network diagram below. A total of 7 docker images/containers launch each time the virtual machine loads.


Download Information

You are able to download this file from my Google Drive at this link. The file is 2.7GB compressed with 7-zip. The file is a compressed OVF exported virtual machine from VMWorkstation 14. After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images. After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers.

The Beast 2 is an intermediate level boot2root VM. Capture the flag event, can you follow the hints?. Can you still breach The Beast?

DHCP service: Enabled

IP address: Automatically assign

Ultimate goal : find the /root/root.txt

Difficulty for user: Medium

Difficulty for root: Easy/Medium

Kuya: 1

Ashhad 21 Dec 2018

A Boot2Root machine with hints of CTF

In total there are 3 flags and you will be required to use some CTF skills to solve it.

Name: Basilic Author: DrStache

The Basilic VM was created as part of NorzhCTF 2019.

A Python developer has put a website online. Your goal is to compromise the different users of the server and gain root privileges.

There are 4 flags to retrieve, they are in md5 format.

  • Flag 1: "Persistence is the path to success." - Charlie Chaplin
  • Flag 2: "You can always escape from a prison. But freedom?" - Jean-Christophe Grangé
  • Flag 3: "The future is a door, the past is the key." - Victor Hugo
  • Flag 4: "There is no less blame for concealing a truth than for falsifying a lie." - Etienne Pasquier

Difficulty: Intermediate / Hard

Categories: Web, Jail, Crypto, PrivEsc

For any questions, feel free to contact me on Twitter: @DrStache_

This machine hopes to inspire BRAVERY in you; this machine may surprise you from the outside. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made more nefarious than the original.

If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Bravery is (#1): a positive trait in people, (#2): another way of saying "try harder", (#3): https://www.youtube.com/watch?v=k2QPJ2xGMiY

Note: There may be more than one method to obtain root privileges on this machine. Look around you!

Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.