Machine Name: BTRSys1
IP : DHCP
Difficulty : Beginner / Intermediate
Format : Virtual Machine (VMware)
Description : This is a boot2root machine particularly educational for beginners. Follow us for next BTRSys systems. We hope you enjoy it!
One of the VMs used in the online CTF hosted back in September 2016 by Defcon Toronto, slightly modified to suit boot2root challenges.
Information: Overall 7 flags to collect, id 0 is the final step.
For any issues you can shoot an email to: dolev at dc416.com or DM me @dolevfarhi
d8888b. d8888b. .d88b. d888888b d88888b db db .d8888. 88 `8D 88 `8D .8P Y8. `~~88~~' 88' 88 88 88' YP 88oodD' 88oobY' 88 88 88 88ooooo 88 88 `8bo. 88~~~ 88`8b 88 88 88 88~~~~~ 88 88 `Y8b. 88 88 `88. `8b d8' 88 88. 88b d88 db 8D 88 88 YD `Y88P' YP Y88888P ~Y8888P' `8888Y'
"A bacterium found in the intestines of animals and in the soil."
Corporate Malware Validator.
An IT Company implemented a new malware analysis tool for their employees to scan potentially malicious files. This PoC could be a make or break for the company.
It is your task to find the bacterium.
Goal: Get root, and get flag...
This VM was written in a manner that does not require
wget http://exploit; gcc exploit.
NB: VMWare might complain about the .ovf specification. If this does come accross your path, click the retry button and all should be well.
This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is :D It's filled with a few little things to make the player smile.
Again there are a few “Red Herrings”, and enumeration is key.
CAPTURE THE FLAGS
There are 7 flags to collect, designed to get progressively more difficult to obtain
SUPPORT Any support issues can be directed to [email protected]
For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:
The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs.
root // password tux // password
-----BEGIN PGP SIGNED MESSAGE-----
___ _ ___ _ | \ ___ _ _ | |_____ _ _| \ ___ __| |_____ _ _ | |) / _ \ ' \| / / -_) || | |) / _ \/ _| / / -_) '_| |___/\___/_||_|_\_\___|\_, |___/\___/\__|_\_\___|_| |__/ Made with <3 v.1.0 - 2017
This is my first boot2root - CTF VM. I hope you enjoy it. if you run into any issue you can find me on Twitter: @dhn_ or feel free to write me a mail to:
Level: I think the level of this boot2root challange is hard or intermediate.
Try harder!: If you are confused or frustrated don't forget that enumeration is the key!
Thanks: Special thanks to @1nternaut for the awesome CTF VM name!
Feedback: This is my first boot2root - CTF VM, please give me feedback on how to improve!
Tested: This VM was tested with:
Networking: DHCP service: Enabled
IP address: Automatically assign
77439cb457a03d554bec78303dc42e5d3074ff85 DonkeyDocker-disk1.vmdk d3193cca484f7f1b36c20116f49e9025bf60889c DonkeyDocker.mf 7013d6a7c151332c99c0e96d34b812e0e7ce3d57 DonkeyDocker.ovf
Looking forward to the write-ups!
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJY2snaAAoJEKjdmUcmQRI8fG0QAK9eCaBggC4+aRD2SrY5ZFtI /5Lyi8fdGCrtIDhLIoAoM/HHX68GH6pPzWt2VesW1zCM0pnO+hAaQSzl5+C4e39g IYIUx9WMojxrrDgvvZ0NxosYMTFyyXCudCpGZXo2fjW3xnZ9v1n/Yid0H23gXKyo gLzMEVuCh4/Bh1YNx5Jc6X03rZg6nhWEaLzShDOsUu0d4bYD6ZL7Cnr1W7HFmoEn oV3OOOEj79VG2EeIc4nNzyVnp1I+C3BjngAV0w6bQdepbWZvy/pyzdk8HEB4Xc56 MkKidbVx9oTh38tro//VzDCTwfGHyt+V3RhXpIQvvFOboG/CpvQFxMpSIn25tGNY 2rADxHJ40KG85MWey4lP2jzpbJDH5LYYMIej8w8iz1+DN9czXSRDVVdY3aAGaghe NaWwqdktT0j0j2/6w2kiRR60LOaRK+u1rNckm6qBrlEQ+M3Pv7yD4A9rR8K4FVF8 2PyRrtltI8RkucJP0JjHWtl4Sry4dPA5EDtuUWQIO5mYjeJlQ9yg7TPGne4/hWSx Gibj9XfiwwvpZ9qTJu2W91rt3P+xm6ic2QVCJ8oNRgwi0jGP4nhryg4I1yyaRpeR ANbof9vxkEct1fuDODgXTIwQ1uGtG2X3khHiKxt5wcymCZ1v8CwQ0+vyiK/sbOsS TyJq5lfMNJWrdsMNowNm =Oo5M -----END PGP SIGNATURE-----
This Virtual machine is using ubuntu (32 bit)
Other packages used: -
This virtual machine is having medium difficulty level with tricks.
One need to break into VM using web application and from there escalate privileges to gain root access
For any query ping me at https://twitter.com/IndiShell1046
Enjoy the machine
+---------------------------------------------------------+ | Name: Moria | | IP: Through DHCP | | Difficulty: Not easy! | | Goal: Get root | +---------------------------------------------------------+ | | | DESCRIPTION: | | Moria is NOT a beginner-oriented Boot2Root VM, it will | | require good enum skills and a lot of persistence. | | | | VM has been tested on both VMware and VirtualBox, and | | gets its IP through DHCP, make sure you're on the same | | network. | | | | Special thanks to @seriousblank for helping me create it| | and @johnm and @cola for helping me test it. | | | | Link: dropbox.com/s/r3btdcmwjigk62d/Moria1.1.rar | | Size: 1.56GB | | MD5: 2789bca41a7b8f5cc48e92c635eb83cb | | SHA1: e3bddd4133320ae42ff65aec41b9f6516d33bb89 | | | | CONTACT: | | You can find me on NetSecFocus slack, twitter at | | @abatchy17 or occasionally on #vulnhub for questions. | | | | PS: No Lord of The Rings knowledge is required ;) | | | | -Abatchy | +---------------------------------------------------------+
Welcome to Super Mario Host!
This VM is meant to be a simulation of a real world case scenario.
The goal is to find the 2 flags within the VM. Root is not enough (sorry!)
The VM can be exploited in various ways, but remember that Enumeration is the key.
The level of the challenge is Intermediate.
Thanks to vdbaan, kltdwd, mrb3n and GKNSB for testing.