Quickly created an exercise for cve-2014-6271:
Quickly created an exercise for cve-2014-6271:
_______ _______ ______ _______ ___ _______ _______ _______ __ _ _______ _______ | || || _ | | || | | || || || | | || || | | _ || ___|| | || | _____|| | | _____||_ _|| ___|| |_| || || ___| | |_| || |___ | |_||_ | |_____ | | | |_____ | | | |___ | || || |___ | ___|| ___|| __ ||_____ || | |_____ | | | | ___|| _ || _|| ___| | | | |___ | | | | _____| || | _____| | | | | |___ | | | || |_ | |___ |___| |_______||___| |_||_______||___| |_______| |___| |_______||_| |__||_______||_______| "the fact of continuing in an opinion or course of action in spite of difficulty or opposition" by sagi- & superkojiman
By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.
TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.
Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:
"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge
"Energy and persistence conquer all things." - Benjamin Franklin
"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley
Get a root shell and read the contents of /root/flag.txt to complete the challenge!
The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:
VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3
Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!
,' ``', ' (o)(o) ` > ; ', . ...-'"""""`'. .'`',`''''`________: ": (`'. '.; | ;/\;\; (`',.',.; | | (,'` .`.,' | | (,.',.',' | | (,.',.-`_____| | __\_ _\_ | | |_______________|
Welcome to The Owl Nest Owls are lovely but hates you :) and maybe after this one, you will hate them too.
Notes from the author: I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players :) Even if the machine was tested, maybe there are shortcuts to reach the flag.. hopefully not :)
Expect some curve balls :)
Special thanks goes to Barrebas for testing the VM
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.
On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The other is a vulnerable Windows client-side attack surface.
Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment.
Your use of Morning Catch starts with the login screen.
Boyd Jenius is the Systems Administrator and his password is ‘password’. Login as Boyd to get to the vulnerable Linux desktop.
Richard Bourne is Morning Catch’s CEO and his password is also ‘password’. Login as Richard to get to the vulnerable Windows desktop.
You can also RDP into the Morning Catch environment.
Richard’s desktop includes the Windows’ versions of Firefox, Thunderbird, Java, and putty. Open up Thunderbird to check Richard’s email.
You can send a phish to him too. This VM includes a mail server to receive email for users at the morningcatch.ph domain. Open up a terminal and find out the IP address of the VM. Make sure you relay messages through this server. Use [email protected] as the address.
Are you looking for some attacks to try? Here are a few staples:
Spin up a malicious Java Applet and visit it as Richard. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Or, generate an executable with your payload and run it as Richard. I’m sure he won’t mind. Morning Catch’s WINE environment runs post-exploitation payloads, to include Windows Meterpreter and Beacon, without too much trouble.
Boyd’s desktop is the vulnerable Linux attack surface. Boyd has the Linux versions of Firefox, Java, and Thunderbird. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Try to ssh to Metasploitable 2 as root and see what happens.
Morning Catch also includes RoundCube webmail for all of its users. Use this as a target to clone and harvest passwords from.
Morning Catch isn’t a replacement for a vulnerable Windows lab. It’s a safe and freely redistributable target to experiment with phishing and client-side attacks. It’s my hope that this environment will help more people experiment with and understand these attacks better.
Are you in Las Vegas for BlackHat USA or DEF CON? Stop by the Black Hat Arsenal on Wednesday at 10am for a demo of this new environment and a Morning Catch sticker. I’m also giving away DVDs with a revised Cobalt Strike pen testing lab that uses Morning Catch. Find me at the Cobalt Strike kiosk in the Innovation City portion of the Black Hat USA Exhibitor Hall. I will also give away these DVDs at the Cobalt Strike table in the DEF CON vendor area.
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs.
The goal is simple, gain root and get Proof.txt from the /root directory.
Not for the easily frustrated! Fair warning, there be trolls ahead!
Difficulty: Beginner ; Type: boot2root
Special thanks to @OS_Eagle11 and @superkojiman for suffering through the testing all the way to root!
The machine should pull an IP using DHCP, if you have any problems, contact me for a password to get it to working.
Feedback is always appreciated!
MD5SUM (Tr0ll.rar): 318fe0b1c0dd4fa0a8dca43edace8b20
.o88o. oooo o8o oooo 888 `" `888 `"' `888 o888oo 888 oooo .ooooo. 888 oooo 888 888 `888 d88' `"Y8 888 .8P' 888 888 888 888 888888. 888 888 888 888 .o8 888 `88b. o888o o888o o888o `Y8bod8P' o888o o888o Welcome to the flick boot2root! - Where is the flag? - What do you need to flick to find it? Completing "flick" will require some sound thinking, good enumeration skills & time! The objective is to find and read the flag that lives /root/ As a bonus, can you get root command execution? Shoutout to @barrebas & @TheColonial for testing it out first :) $ sha1sum flick.ova 0e65f5a1f2b560d10115796c1adfb03548583db2 flick.ova Good Luck! @leonjza
____ ___ ____ ___ __ ____ ___ ____ ____ ____ `MM( )P' 6MMMMb `MM 6MM `MM( )P' 6MMMMb 6MMMMb\ 6MMMMb `MM` ,P 6M' `Mb MM69 " `MM` ,P 6M' `Mb MM' ` MM' `Mb `MM,P MM MM MM' `MM,P MM MM YM. ,MM `MM. MMMMMMMM MM `MM. MMMMMMMM YMMMMb ,MM' d`MM. MM MM d`MM. MM `Mb ,M' d' `MM. YM d9 MM d' `MM. YM d9 L ,MM ,M' _d_ _)MM_ YMMMM9 _MM_ _d_ _)MM_ YMMMM9 MYMMMM9 MMMMMMMM Welcome. Before you lies the mainframe of XERXES. Compromise the subsystems and gain access to /root/flag.txt XERXES wishes you a pleasant stay. @barrebas Shoutout & Thanks ----------------- Many thanks to TheColonial (@TheColonial) & rasta_mouse (@_RastaMouse) for testing! File information ---------------- xerxes2.vmdk: md5 : 724d4be6ecd126d4591f487d1710f7af sha1 : 7978e6dde9e589c5ea90561502b297a8e08147a4
Welcome to SkyTower:1
This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach and obtain the "flag".
You will require skills across different facets of system and application vulnerabilities, as well as an understanding of various services and how to attack them. Most of all, your logical thinking and methodical approach to penetration testing will come into play to allow you to successfully attack this system. Try different variations and approaches. You will most likely find that automated tools will not assist you.
We encourage you to try it our for yourself first, give yourself plenty of time and then only revert to the Walkthroughs below.
Welcome to the challenge.
This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet the challenge. There is no 'one' focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts!
A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place!
Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won't get any, but I'll feel all warm and fuzzy inside knowing you're suffering.