HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oguz Tozkoparan, Ömer Faruk Senyayla and Tufan Gungor for their help during creating this lab.

NOTE: localhost is meant to be there!

Description: unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt


  • DHCP: Enabled
  • IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate! and for any questions, feel free to contact me on Twitter: @unknowndevice64

Happy Hacking..!!!

DC: 1

DCAU 28 Feb 2019


DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing.

It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn.

To successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS.

There are multiple ways of gaining root, however, I have included some flags which contain clues for beginners.

There are five flags in total, but the ultimate goal is to find and read the flag in root's home directory. You don't even need to be root to do this, however, you will require root privileges.

Depending on your skill level, you may be able to skip finding most of these flags and go straight for root.

Beginners may encounter challenges that they have never come across previously, but a Google search should be all that is required to obtain the information required to complete this challenge.

Technical Information

DC-1 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs.

While I haven't tested it within a VMware environment, it should also work.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go.


While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.


This is the first vulnerable lab challenge that I've created, so feel free to let me know what you think of it.

I can be contacted via Twitter - @DCAU7


A series of challenges to test basic stack overflow skills, originally developed for the Sheffield University Ethical Hacking Society.

Starting as level0 exploit a binary owned by the next user to get the flag.

There are 5 flags to collect:

  • /home/level1/level1.txt
  • /home/level2/level2.txt
  • /home/level3/level3.txt
  • /home/level4/level4.txt
  • /root/root.txt

Each flag is the corresponding users password, so once you exploit the binary owned by level1 and get the level1 flag, you can su to level1 and take on the next challenge

To start boot the machine and login as:

  • username: level0
  • password: level0

You'll find the first binary to exploit is: /home/level0/level1

You may want to increase the resources allocated to the machine


A machine using the newest REMOVED Server, the newest REMOVED and containing some REMOVED....

Will you gain your status as a 00 agent?

  • Difficulty: Intermediate
  • Flag is /root/flag/flag.sh
  • DHCP enabled, tested on VMware


myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge. The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1.

CTF Flag Information

This CTF challenge consists of a total of 20 flags. The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host. The 1 host that is the exception has no flags. (A mistake that I made was to name 2 flags the same.)

The structure of each flag is as follows: {{tryharder:xxx}}. The xxx in the example could be a single digit or up to 4 digits.

Network Diagram

Below is a network diagram of the setup which may or may not be accurate. The virtual machine represents the firewall in the network diagram below. A total of 7 docker images/containers launch each time the virtual machine loads.


Download Information

You are able to download this file from my Google Drive at this link. The file is 2.7GB compressed with 7-zip. The file is a compressed OVF exported virtual machine from VMWorkstation 14. After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images. After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers.

The Beast 2 is an intermediate level boot2root VM. Capture the flag event, can you follow the hints?. Can you still breach The Beast?