Welcome to another boot2root / CTF this one is called Analougepond. The VM is set to grab a DHCP lease on boot. I've tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope).

Since you're not a Teuchter, I'll offer some hints to you:

Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.

To consider this VM complete, you need to have obtained:

• Troll Flag: where you normally look for them
• Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
• Flag 2: It will include a final challenge to confirm you hit the jackpot.
• Have root everywhere (this will make sense once you're in the VM)
• User passwords
• 2 VNC passwords

Best of luck! If you get stuck, eat some EXTRABACON

NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.

Changelog

• v0.1b - Initial Version
• v01.c - Fixes for flags based on feedback from mrB3n
• v0.1d - Fixes based on shortcut to intended route
• v0.2a - Fixes and clean up of disks for smaller OVA export
• v0.2b - Small edit to remove copy of flag in wrong folder

SHA1SUM: D75AA2405E2DFB30C1470358EFD0767A10CF1EB1 analoguepond-0.2b.ova

Many thanks to mrB3n, Rand0mByteZ and kevinnz for testing this CTF.

A special thank you to g0tmi1k for hosting all these challenges and offering advice. A tip of the hat to mrb3n for his recent assistence.

Level

Intermediate.

Description

Welcome to Super Mario Host!

This VM is meant to be a simulation of a real world case scenario.

The goal is to find the 2 flags within the VM. Root is not enough (sorry!)

The VM can be exploited in various ways, but remember that Enumeration is the key.

The level of the challenge is Intermediate.

Thanks to vdbaan, kltdwd, mrb3n and GKNSB for testing.

D0Not5top Boot2Root

This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is :D It's filled with a few little things to make the player smile.

Again there are a few “Red Herrings”, and enumeration is key.

DIFFICULTY ?????

CAPTURE THE FLAGS
There are 7 flags to collect, designed to get progressively more difficult to obtain

DETAILS

• File: D0Not5top_3mrgnc3_v1.2.ova
• OS: ?????
• VM Type: VirtualBox
• IP Address: DHCP
• Size: 700 MB

SUPPORT Any support issues can be directed to [email protected]

C0m80 Boot2Root

https://3mrgnc3.ninja/2017/09/c0m80/

About

This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.

But again, that being said, it will depend on you how hard it is :D

The theme with this one is all about 'enumeration, enumeration, enumeration', lateral thinking, and how to "combine" vulnerabilities in order to exploit a system.

Important Note

Once you have an IP insert it into your attack system /etc/hosts like this:

[dhcp-ip-address] C0m80.ctf

This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may 'rile' some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.

It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D

Sorry, I hope you can forgive me.

Difficulty Rating

[Difficult] but depends on you really

Goal

There is only one goal here. Become God on the system and read the root flag.

I Hope You Enjoy It.

Download Link

https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova

Details

• File: C0m80_3mrgnc3-v1.0.ova
• OS: WondawsXP ;D
• VM Type: VirtualBox
• IP Address: DHCP
• Size: 2.7 GB

Walkthroughs

Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.

Alternatively email me at 3mrgnc3 at techie dot com

Difficulty:

Beginner

Description:

Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own system which is almost ready to go live...

Instructions:

This is a boot2root Ubuntu based virtual machine. It was tested on VMware Fusion and VMware Workstation12 using DHCP settings for its network interface. It was designed to model some of the earlier machines I encountered during my OSCP labs also with a few minor curve-balls but nothing too fancy. Stick to your classic hacking methodology and enumerate all the things!

Your goal is to remotely attack the VM and find all 4 flags eventually leading you to full root access. Don't forget to #tryharder

Example: flag1(AB0BFD73DAAEC7912DCDCA1BA0BA3D05). Do not waste time decrypting the hash in the flag as it has no value in the challenge other than an identifier.

Contact

Hit me up if you enjoy this VM! Twitter: @securekomodo Email: [email protected]

The matrix is controlling this machine, neo is trying to escape from it and take back the control on it , your goal is to help neo to gain access as a “root” to this machine , through this machine you will need to perform a hard enumration on the target and understand what is the main idea of it , and exploit every possible “weakness” that you can found , also you will be facing some upnormal behaviours during exploiting this machine.

This machine was made for Jordan’s Top hacker 2018 CTF , we tried to make it simulate a real world attacks “as much as possible” in order to improve your penetration testing skills , also we but a little tricky techniques on it so you can learn more about some unique skills.

The machine was tested on vmware (player / workstation) and works without any problems , so we recommend to use VMware to run it , Also works fine using virtualbox.

Difficulty: Intermediate , you need to think out of the box and collect all the puzzle pieces in order to get the job done.

The machine is already got DHCP enabled , so you will not have any problems with networking.

Happy Hacking !

Machine Details: Matrix is a medium level boot2root challenge Series of MATRIX Machines. The OVA has been tested on both VMware and Virtual Box.

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For walkthrough writeup permission or any other query, feel free to contact me on: Twitter: @unknowndevice64 or Email: info[@]ud64.com

Machine Size (in MB): 554 MB

Machine OS: linux

Machine Level: intermediate

About Release:

• Name: AI: Web 2.0
• Author: Mohammad Ariful Islam
• Series: AI: Web

Description:

• Difficulty: Intermediate
• Network: DHCP (Automatically assign)
• Network Mode: NAT

This is the second box from the series AI: Web and you will have more fun to crack this challenge. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root.

You may need to crack password. Use wordlist SecLists/rockyou-45.txt by Mr. Daniel Miessler.

For any hint please tweet on @arif_xpress

File Information:

• Filename: AI Web 2.0.7z
• File size: 906 MB

Virtual Machine:

• Tested: VMWare Workstation 10 or later.
• Operating System: Linux

Networking:

• DHCP service: Enabled
• IP Address: Automatically assign

Difficulty : Intermediate

Flag : 2 Flag first user And second root

Learning : exploit | SMB | Enumration | Stenography | Privilege Escalation

Contact .. https://www.linkedin.com/in/rahulgehlaut/

This is a beginner boot2root in a similar style to ones I personally enjoy like Mr Robot, Lazysysadmin and MERCY.

This is a VMware machine. DHCP is enabled, add lemonsqueezy to your hosts. It’s easypeasy!