Simple CTF

Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP.

Location

https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 [File size: 600MB]

Hints

  1. Get a user shell by uploading a reverse shell and executing it.
  2. A proxy may help you to upload the file you want, rather than the file that the server expects.
  3. There are 3 known privesc exploits that work. Some people have had trouble executing one of them unless it was over a reverse shell using a netcat listener.

Contact @RobertWinkel for more hints.

Fuku CTF

Fuku (pronounced "far queue") CTF is designed to fuck with people.

This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the 192.168.56.0/24 range. It only likes having an IP address in that range.

Treat the box as if it was on the network. Don't try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader.

There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell.

Scenario

"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."

Location

The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 [File size: 2GB]

Hints

  1. Some scripting will probably be needed to find a useful port.
  2. If the machine seems to go down after a while, it probably hasn't. This CTF isn't called Fuku for nothing!

Contact @RobertWinkel for more hints.

Minotaur CTF

Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don't have physical access to this machine. Therefore, tricks like editing the VM's BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.

I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly.

The VM will assign itself a specific IP address (in the 192.168.56.0/24 range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X.

If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a "Host Only" network adapter. You can see the machine from VMWare Workstation by: - Going into Virtual Network Editor and changing the VMnet0 network to "Bridged to: VirtualBox Host-Only Ethernet Adapter". - Setting your VMWare network adapter to Custom (VMnet0) - If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a 192.168.56.0/24 address.

Location

The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 [File size: 691MB]

Hints

  1. This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
  2. One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.

Contact @RobertWinkel for more hints.

SmashTheTux v1.0.1

by canyoupwn.me

Introduction to Application Vulnerabilities

For Educational Purposes

SmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation. This VM consists of 9 challenges, each introducing a different type of vulnerability. SmashTheTux covers basic exploitation of the following weaknesses:

  • Stack Overflow Vulnerability
  • Off-by-One Vulnerability
  • Integer Overflow
  • Format String Vulnerability
  • Race Conditions
  • File Access Weaknesses
  • Heap Overflow Vulnerability

Credentials => tux:tux, root:1N33dP0w3r

Have fun!


History

  • SmashTheTux v1.0.1 (01/04/2016)
  • Fixed 0x02 file permissions

  • SmashTheTux v1.0.1 (18/03/2016)

  • First Public Release

Kevgir

by canyoupwn.me

Multi Vulnerable Virtual Machine

For Educational Purposes

Kevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that.

Have fun!

Default username:pass => user:resu

  • Bruteforce Attacks
  • Web Application Vulnerabilities
  • Hacking with Redis
  • Hacking with Tomcat, Jenkins
  • Hacking with Misconfigurations
  • Hacking with CMS Exploits
  • Local Privilege Escalation
  • And other vulnerabilities.
         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods


More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer


Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.


Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.

The vulnerable SOAP service is available on http://<ip>/Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.

About:

Name: Fristileaks 1.3
Author: Ar0xA
Series: Fristileaks
Style: Enumeration/Follow the breadcrumbs
Goal: get root (uid 0) and read the flag file
Tester(s): dqi, barrebas
Difficulty: Basic

Description:

A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..

SickOs: 1.1

D4rk 11 Dec 2015

About Release

Name........: SickOs1.1
Date Release: 11 Dec 2015
Author......: D4rk
Series......: SickOs
Objective...: Get /root/a0216ea4d51874464078c618298b1367.txt
Tester(s)...: h1tch1
Twitter.....: https://twitter.com/D4rk36

Description:

This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.

File Information:

FileName: sick0s1.1.7z
File Size: 652.52 MB
MD5: 396e46897c54da6ded6604b861c806b7
SHA1: 3578a10ba92f860c2f0d8934ec5a9bbffc4c7859

Virtual Machine:

Format: 7z
Operating System: Ubuntu
Tested: VMware Workstation 11.0.0 build-2305329

Networking:

DHCP service: Enabled
IP address: Automatically assign

Flag(s):

Yes