Xtreme Vulnerable Web Application (XVWA)

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility.

XVWA is designed to understand following security issues.

  • SQL Injection – Error Based
  • SQL Injection – Blind
  • OS Command Injection
  • XPATH Injection
  • Formula Injection
  • PHP Object Injection
  • Unrestricted File Upload
  • Reflected Cross Site Scripting
  • Stored Cross Site Scripting
  • DOM Based Cross Site Scripting
  • Server Side Request Forgery (Cross Site Port Attacks)
  • File Inclusion
  • Session Issues
  • Insecure Direct Object Reference
  • Missing Functional Level Access Control
  • Cross Site Request Forgery (CSRF)
  • Cryptography
  • Unvalidated Redirect & Forwards
  • Server Side Template Injection

Down By The Docker

Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container?

Download this VM, pull out your pentest hats and get started

We have 2 Modes: - HARD: This would require you to combine your docker skills as well as your pen-testing skills to achieve host compromise. - EASY: Relatively easier path, knowing docker would be enough to compromise the machine and gain root on the host machines.

We have planted 3 flag files across the various machines / systems that are available to you. Your mission if you choose to accept would be as following:

  1. Identify all the flags (2 in total: flag_1 and flag_3) (flag_2 was inadvertently left out)

  2. Gain id=0 shell access on the host machine.

This is a fedora server vm, created with virtualbox.

It is a very simple Rick and Morty themed boot to root.

There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root.

It's designed to be a beginner ctf, if you're new to pen testing, check it out!

This exercise covers the exploitation of the Struts S2-052 vulnerability

Name: LazySysAdmin 1.0


Author: Togie Mcdogie

Twitter: @TogieMcdogie


[Description]

Difficulty: Beginner - Intermediate

Boot2root created out of frustration from failing my first OSCP exam attempt.

Aimed at:

      > Teaching newcomers the basics of Linux enumeration
      > Myself, I suck with Linux and wanted to learn more about each service whilst creating a playground for others to learn

Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18


[Lore]

LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep


[Tested with]

  • Virtualbox
  • Vnware Workstation player

[Preffered setup]

Host only networking

[Hints]

  • Enumeration is key
  • Try Harder
  • Look in front of you
  • Tweet @togiemcdogie if you need more hints

[Other]

  • What could you of done to speed up the enumeration process?
  • Are there any obvious things that you missed, which you shouldnt of missed?
  • Did you learn anything interesting?
  • What have you added to your enumeration process to prevent you from wasting time?

[Checksum]

  • Name: Lazysysadmin.zip
  • Size: 501925265 bytes (478 MB)
  • SHA256: DBAC88A2E76FD5A6693A2890030DD3BE0DC2C09F30B43A79BE8AB7A23B708EF5
 ____  __.________
|    |/ _|\_____  \
|      <   /  ____/
|    |  \ /       \
|____|__ \\_______ \ ·VM·
        \/        \/

+----------------------------------------------------------------------------+
|  cReaTeD....: sagi- (@s4gi_)      |  DaTe......: 2017-07-26                |
|  oS.........: Linux               |  oBJecTiVe.: Get /root/flag.txt        |
|                                   |  TeSTeR....: @leonjza                  |
+----------------------------------------------------------------------------+
|  VM DesCriPtiOn:                                                           |
|  This challenge was built to promote the Windows / Linux Local Privilege   |
|  Escalation workshop. A free of charge 3-day workshop that was created as  |
|  a give back to the community initiative.                                  |
|                                                                            |
|  <3 sagi-                                                                  |
+----------------------------------------------------------------------------+
| SSH AccEsS DeTaiLs:                                                        |
| Username: user                                                             |
| Password: password                                                         |
+----------------------------------------------------------------------------+

This vulnerable-by-design box depicts a hacking company known as H.A.S.T.E, or Hackers Attack Specific Targets Expeditiously, capable of bringing down any domains on their hit list.

I would like to classify this challenge with medium difficulty, requiring some trial and error before a successful takeover can be attained.

Hacker House are community sponsors at this year’s BSides London 2017 and, to celebrate, we have an exploit challenge for you. A key date in the UK security scene, it offers an alternative technical conference for the hackers and tech geeks to share war stories and learn. We are providing a challenge lab designed especially for the conference that attendees can sink disassemblers into. If you aren’t at the event, you can also hack along at home, but remember that prizes for solutions can only be claimed at our stand during the event! The challenge is provided in ISO format which you can boot in VirtualBox or any similar virtualisation software, heck you can even run it on an ATM if you like, but this is unsupported. If you solve our little brain teasing conundrums and beat the system to get root, the first three successful solutions presented to us at our stand can claim one of our awesome hoodies, check them out in our shop! This challenge is open to individuals, but if you do decide to team up, then let us know as only one prize can be claimed per solution. We are also giving several t-shirts away during the raffle so make sure you get your tickets!

Our challenge will test your elite hacking skills and requires web application, reverse engineering, cryptography and exploit abilities. It shouldn’t take the competent skilled hacker too much time, but if you do struggle then watch our social media feeds during the event for some tips to this adventure. You should run the challenge in Host-Only networking mode and on successful boot you will be presented with a console, similar to the one shown at the end of this post. You should solve the challenge from a network perspective, only solutions using this route will be accepted for prizes (unless they are really cool!).

The goal of the challenge is to hack the ISO, level up your skills and get root, come and show us how you did it if you want to claim your prize! If you are struggling with the configuration of our challenge, you can check out our training course free module, which details steps for configuring a similar lab. You can find details and upcoming dates of our training here.

Happy hacking and remember sharing is caring so post (tweet us @myhackerhouse!) or email a solution and let us know about it after the event. We will share links to the best of them on this blog! May the force be with you, young padawan, and remember that hacking isn’t just a skill – it’s a survival trade.

Game of Thrones Hacking CTF

This is a challenge-game to measure your hacking skills. Set in Game of Thrones fantasy world.


Goal:

Get the 7 kingdom flags and the 4 extra content flags (3 secret flags + final battle flag). There are 11 in total.

Rules/guidelines to play:

  • Start your conquer of the seven kingdoms
  • You'll need hacking skills, no Game of Thrones knowledge is required. But if you play, it may contains spoilers of the TV series
  • Difficulty of the CTF: Medium-High
  • Don't forget to take your map (try to find it). It will guide you about the natural flag order to follow over the kingdoms
  • Listen CAREFULLY to the hints. If you are stuck, read the hints again!
  • Powerful fail2ban spells were cast everywhere. Bruteforce is not an option for this CTF (2 minutes ban penalty)
  • The flags are 32 chars strings. Keep'em all! you'll need them

Requirements/starting guide:

  • Import the Linux based CTF challenge virtual machine (OVA file)
  • OVA file is compatible with Oracle Virtualbox and Vmware
  • The challenge vm needs 1 cpu and 1512mb RAM to work properly
  • The challenge vm has its network configured by default as bridge. It will take an IP from the DHCP of your network

Downloading challenge CTF vm:

Troubleshooting

  • Vmware:
  • If you get a warning/error importing machine, press "Retry" and it will be imported flawlessly
  • Oracle Virtualbox
  • It's recommended to use "Import Appliance" menu option instead of double click on OVA file
  • If you get an error regarding network, just select your network interface

Good luck, the old gods and the new will protect you!


 _____                      ___    _____ _                       
|   __|___ _____ ___    ___|  _|  |_   _| |_ ___ ___ ___ ___ ___ 
|  |  | .'|     | -_|  | . |  _|    | | |   |  _| . |   | -_|_ -|
|_____|__,|_|_|_|___|  |___|_|      |_| |_|_|_| |___|_|_|___|___|

Designed by/Credits

Welcome to Dina 1.0.1

________                                                _________
\________\--------___       ___         ____----------/_________/
    \_______\----\\\\\\   //_ _ \\    //////-------/________/
        \______\----\\|| (( ~|~ )))  ||//------/________/
            \_____\---\\ ((\ = / ))) //----/_____/
                 \____\--\_)))  \ _)))---/____/
                       \__/  (((     (((_/
                          |  -)))  -  ))

This is my first Boot2Root - CTF VM. I hope you enjoy it.

if you run into any issue you can find me on Twitter: @touhidshaikh22

Contact: touhidshaikh22 at gmaill.com <- Feel Free to write mail

Website: http://www.touhidshaikh.com

Goal: /root/flag.txt

Level: Beginner (IF YOU STUCK ANYwhere PM me for HINT, But I don't think need any help).

Download: https://drive.google.com/file/d/0B1qWCgvhnTXgNUF6Rlp0c3Rlb0k/view

Try harder!: If you are confused or frustrated don't forget that enumeration is the key!

Feedback: This is my first boot2root - CTF Virtual Machine, please give me feedback on how to improve!

Tested: This VM was tested with:

Virtual Box 5.X

Networking: DHCP service: Enabled

**IP address**: Automatically assign

Fixing:

Some challenge issue reported by @eliot

Looking forward to the write-ups!