This is the first realistic hackademic challenge (root this box) by mr.pr0n

Download the target and get root.

After all, try to read the contents of the file 'key.txt' in the root directory.

Enjoy!

Source: http://ghostinthelab.wordpress.com/2011/09/06/hackademic-rtb1-root-this-box/

Name: Game Over Category: Web Pentest Learning Platform File Type: VM image/iso

Author: Jovin Lobo Mentor: Murtuja Bharmal

Download URL: http://sourceforge.net/projects/null-gameover/files

Default Credentials: [username:root / password:gameover]

Description:

Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover:

  • XSS
  • CSRF
  • RFI & LFI
  • BruteForce Authentication
  • Directory/Path traversal
  • Command execution
  • SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.

Source: http://null.co.in/2012/06/14/gameover-web-pentest-learning-platform/

About

Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as: + Address Space Layout Randomisation + Position Independent Executables + Non-executable Memory + Source Code Fortification (_DFORTIFY_SOURCE=) + Stack Smashing Protection (ProPolice / SSP)

In addition to the above, there are a variety of other challenges and things to explore, such as: + Cryptographic issues + Timing attacks + Variety of network protocols (such as Protocol Buffers and Sun RPC) + At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations.

Getting started

Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of "fusion" (without quotes), and password "godmode" (again, without quotes).

To get root for debugging purposes, do "sudo -s" with the password of "godmode".

Source: http://exploit-exercises.com/fusion

Configuration

The network is configured to obtain an IP address via DHCP by default. Although if you want to further configure the virtual machine you can login as user root and password toor. The apache web server is configured to run on port 8880.

Mission

The challenge includes an image hosting web service that has various design vulnerabilities. You must enumerate the various web service features and find an exploitable vulnerability in order to read system hidden files. The web application is 100% custom so do not try to search google for relative PoC exploit code.

FINAL GOAL: Reveal the hidden message for a date arrange that Bob sent to Alice.

Source: https://bechtsoudis.com/work-stuff/challenges/drunk-admin-web-hacking-challenge/

--S2.100

SCENARIO

The scenario for this LiveCD is that you have been given an assignment to test a company's 192.168.2.xxx network to identify any vulnerabilities or exploits. The systems within this network are not critical systems and recent backups have been created and tested, so any damage you might cause is of little concern. The organization has had multiple system administrators manage the network over the last couple of years, and they are unsure of the competency previous (or current) staff2

CONFIGURATIO

PenTest Lab Disk 2.100: This LiveCD is configured with an IP address of 192.168.2.100 - no additional configuration is necessary.

Pentest Machine:

Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 2.100 can be found on the BackTrack Disk. No additional installations will be necessary.

Router Configuration:

The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values:

  • DHCP Server: active
  • Pool Starting Addr.: 192.168.2.2

LAN TCP/IP: + IP Address: 192.168.2.1 + IP Subnet Mask: 255.255.255.0

Source: http://forums.hackingdojo.com/viewtopic.php?f=18&t=91

--Level 2

Where to get the current PenTest Lab Level 2 disks:

Disk 2.100 version 1.1: http://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso

Where to find the hash values of the disks:

http://heorot.net/instruction/tutorials/iso/iso_hashes

Where to get the BackTrack disk:

http://remote-exploit.org/backtrack_download.html Warning: BackTrack v. 3 beta is known to NOT work. Please use version 2

Where to get the network configuration information:

Network configuration: 192.168.2.xxx = http://forums.heorot.net/viewtopic.php?f=18&t=91

Source: http://forums.hackingdojo.com/viewtopic.php?f=18&t=16

Where to get the current Hackerdemia PenTest Tool Tutorial disk: http://heorot.net/instruction/tutorials/iso/hackerdemia-1.1.0.iso

The MD5 Hash Values of Each Disk: 09e960360714df7879679dee72ce5733 ==> hackerdemia-1.1.0.iso

How to start the disk: Boot the LiveCD on a system within your pentest lab, which needs to be configured to be in the 192.168.xxx.xxx range. Connect to http://192.168.1.123 using a web browser (preferably in BackTrack or your favorite pentest platform)

You will be presented with a web page, which is your tutorials. All hands-on examples were created with the Hackerdemia disk as the target, so your results should exactly match those found in the tutorials.

Where to get the BackTrack disk: http://remote-exploit.org/backtrack_download.html

Network configuration: The LiveCD configures itself to an IP address of 192.168.1.123 by default. If you want to change it, simply log in as: username: root password: toor

...and change the ifconfig information (If you don't know what I'm talking about, go to: http://en.wikipedia.org/wiki/Ifconfig)

Source: http://forums.hackingdojo.com/

De-ICE are Penetration LiveCD images available from http://forum.heorot.net and provide scenarios where students can test their penetration testing skills and tools in a legal environment.

Courtesy of student Cody M.

De-ICE are Penetration LiveCD images available from http://forum.heorot.net and provide scenarios where students can test their penetration testing skills and tools in a legal environment.

Courtesy of student Chadwick B.

-- S1.110

SCENARIO

The scenario for this LiveCD is that a CEO of a small company has tasked you to do more extensive penetration testing of systems within his company. The network administrator has reconfigured systems within his network to meet tougher security requirements and expects you to fail any further penetration attempts. This system is an ftp server used by the network administrator team to create / reload systems on the company intranet. No classified or sensitive information should reside on this server. Through discussion with the administrator, you found out that this server had been used in the past to maintain customer information, but has been sanitized (as opposed to re-built).

Prove to the network administrator that proper system configuration is not the only thing critical in securing a server.

CONFIGURATION

PenTest Lab Disk 1.110:

This LiveCD is configured with an IP address of 192.168.1.110 - no additional configuration is necessary.

Pentest Machine:

Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 1.110 can be found on the BackTrack Disk. No additional installations will be necessary.

Router Configuration:

The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values: + DHCP Server: active + Pool Starting Addr.: 192.168.1.2

LAN TCP/IP: + IP Address: 192.168.1.1 + IP Subnet Mask: 255.255.255.0

Source: http://forums.hackingdojo.com/viewtopic.php?f=16&t=17

-- Level 1

Where to get the current PenTest Lab Level 1 disks:

192.168.1.100 = http://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso 192.168.1.110 = http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso

The MD5 Hash Values of Each Disk:

a3341316ca9860b3a0acb06bdc58bbc1 ==>de-ice.net-1.100-1.1.iso a626d884148c63bfc9df36f2743d7242 ==>de-ice.net-1.110-1.0.iso

Where to get the scenario information for each disk:

192.168.1.100 = http://forums.heorot.net/viewtopic.php?f=16&t=15 192.168.1.110 = http://forums.heorot.net/viewtopic.php?f=16&t=17

Where to get the BackTrack disk:

http://remote-exploit.org/backtrack_download.html (NOTE: version "bt20061013.iso" and "BT2_Beta-Nov_19_2006.iso" were used to exploit the PenTest disks. Newer (when released) and older versions may work just as well).

Where to get the network configuration information:

Network configuration: 192.168.1.xxx = http://forums.heorot.net/viewtopic.php?f=16&t=15

Source: http://forums.hackingdojo.com/viewtopic.php?f=16&t=13

-- S1.100

SCENARIO

The scenario for this LiveCD is that a CEO of a small company has been pressured by the Board of Directors to have a penetration test done within the company. The CEO, believing his company is secure, feels this is a huge waste of money, especially since he already has a company scan their network for vulnerabilities (using nessus). To make the BoD happy, he decides to hire you for a 5-day job; and because he really doesn't believe the company is insecure, he has contracted you to look at only one server - a old system that only has a web-based list of the company's contact information.

The CEO expects you to prove that the admins of the box follow all proper accepted security practices, and that you will not be able to obtain access to the box. Prove to him that a full penetration test of their entire corporation would be the best way to ensure his company is actually following best security practices.

CONFIGURATION

PenTest Lab Disk 1.100: This LiveCD is configured with an IP address of 192.168.1.100 - no additional configuration is necessary.

Pentest Machine:

Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 1.100 can be found on the BackTrack Disk. No additional installations will be necessary.

Router Configuration:

The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values: + DHCP Server: active + Pool Starting Addr.: 192.168.1.2

LAN TCP/IP: + IP Address: 192.168.1.1 + IP Subnet Mask: 255.255.255.0

Source: http://forums.hackingdojo.com/viewtopic.php?f=16&t=15

-- Level 1

Where to get the current PenTest Lab Level 1 disks:

192.168.1.100 = http://heorot.net/instruction/tutorials/iso/de-ice.net-1.100-1.1.iso 192.168.1.110 = http://heorot.net/instruction/tutorials/iso/de-ice.net-1.110-1.0.iso

The MD5 Hash Values of Each Disk:

a3341316ca9860b3a0acb06bdc58bbc1 ==>de-ice.net-1.100-1.1.iso a626d884148c63bfc9df36f2743d7242 ==>de-ice.net-1.110-1.0.iso

Where to get the scenario information for each disk:

192.168.1.100 = http://forums.heorot.net/viewtopic.php?f=16&t=15 192.168.1.110 = http://forums.heorot.net/viewtopic.php?f=16&t=17

Where to get the BackTrack disk:

http://remote-exploit.org/backtrack_download.html (NOTE: version "bt20061013.iso" and "BT2_Beta-Nov_19_2006.iso" were used to exploit the PenTest disks. Newer (when released) and older versions may work just as well).

Where to get the network configuration information:

Network configuration: 192.168.1.xxx = http://forums.heorot.net/viewtopic.php?f=16&t=15

Source: http://forums.hackingdojo.com/viewtopic.php?f=16&t=13