This lab is going to introduce a little anarchy. It will upset the established order, and everything becomes will become chaos. Get your face painted and wear that Purple suit because it’s time to channel your inner Joker. This is a boot2root lab. Getting the root flag is ultimate goal.

ENUMERATION IS THE KEY!!!!!

The machine was part of my workshop for Hacker Fest 2019 at Prague.

Difficulty level of this VM is very “very easy”. There are two paths for exploit it.

  • There are no intentional rabbit holes.
  • Through a vulnerable "[retracted]". Exploit is part of MSF.
  • Through vulnerable "[retracted]".
    • Can be found by "[retracted]".
    • There is a "[retracted]" injection (exploit is part of MSF).
    • Recovered credentials (username + hash) can be cracked by John and rockyou.txt wordlist.
    • Low priv shell can be gained through MSF exploit or trying the credentials against "[retracted]".
    • Priv. esc. is simply done by "[retracted]".

A harder VM designed to train for both pentesting newer IT infrastructure methodologies as well as network pivot practice.

You'll need to be familiar with pivoting techniques, web app vulnerabilities, Metasploit and Meterpreter, as well as enumeration methodologies and a good bit of patience.

As a note, there are two additional bonus flags that will appear in the /root directory based on pre-defined actions taken during the course of rooting the VM.

This is our tribute to the Indian Space Research Organisation (ISRO). We as Indians are proud of ISRO and its achievements. Solve this CTF challenge and feel the work of ISRO.

This machine contains 4 different flags to test your skills.

  1. Aryabhata
  2. Bhaskara
  3. Mangalyaan
  4. Chandrayaan 2

ENUMERATION IS THE KEY!!!!!

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.

Bottleneck is an intermediate boot2root machine.

After some cyber attacks the admin hardened the system, show him that it's not so secure.

If you need a hint feel free to contact me on Twitter: @bytevsbyt3

serial: 2

sk4 27 Sep 2019

This box has an intermediate difficulty for the user, I suggest you to enumerate it and use some tools for get the first flag. Note that if you don't see the flag maybe you should find it in other place ;).

The hard part is the privilege escalation for the root user, try hard and get the root flag (if you can;))!

If you need an hint, feel free to contact me on Twitter: @sk4pwn

N/A

The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam.

Klaw has stolen some armours from the Avengers Super-Secret Base. Falcon has checked the manifest, following things are unaccountable:

  1. HulkBuster Armour
  2. Spiderman Armour
  3. Ant-Man Armour
  4. Black Panther Armour
  5. Iron Man Armour

Klaw hide all these armours and now it's up to you. Can you use your penetration skills to recover them all?

-Captain Steve Rogers

P.S. Klaw has a habit of dividing his passwords into 3 parts and save them at different locations. So, if you get some combine them to move forward.