Date Release: 2018-07-10
Description: This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP. Your goal is to capture the flag on /root.
Note: Tested on VirtualBox
Network: Host-Only/DHCP (should work on bridged)
File Size: 540MB
Format: Virtual Machine (Virtualbox - OVA)
Operating System: Linux
DHCP service: Enabled
IP address: Automatically assign
Name: Gemini Inc v2
Date release: 2018-07-10
Series: Gemini Inc
Description: I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.
Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.
GeminiInc v2 has been created that replicate a few issues that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.
Adding a little made-up background story to make it more interesting…
Introduction: Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.
Tweet me your writeup @ https://twitter.com/sec_9emin1
More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/
Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v2-virtual-machine-walkthrough/
The VM has been tested on the following platform and is working:
It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.
Name : Android4
OS : Android v4.4
Description : This is my Second booT2Root CTF VM..I hope you enjoy it. if you run into any issue you can find me on Twitter: @touhidshaikh22
Flag : /data/root/ (in this Directory)
Contact: Touhid M.Shaikh aka Agent22 email@example.com <- Feel Free to write mail
Try harder!: If you are confused or frustrated don't forget that enumeration is the key!
Feedback: This is my Second boot2root - CTF VM. please give me feedback ( [email protected] )
This VM was tested with: Virtual Box 5.X
Walkthrough : https://www.youtube.com/channel/UC7lxfIwNnSIE7ei9O2K8ZKw (Walkthrough playlist)
DHCP service: Enabled IP address: Automatically assign
Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target.
This workshop will provide you with a custom-made VM where the goal is to obtain root level access on it.
This is a great chance for people who want to get into pentesting but don’t know where to start. *
If this sounds intimidating, don’t worry! During the workshop, we’ll be discussing various methodologies, common pitfalls and useful tools at every step of our pentest.
Trollcave is a vulnerable VM, in the tradition of Vulnhub and infosec wargames in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you'll see a simple community blogging website with a bunch of users. From this initial point, you enumerate the machine's running services and general characteristics and devise ways to gain complete control over it by finding and exploiting vulnerabilities and misconfigurations.
Your first goal is to abuse the services on the machine to gain unauthorised shell access. Your ultimate goal is to read a text file in the
root user's home directory
This VM is designed to be holistic and fairly down to earth. I wanted to simulate a real attack on a real website rather than just presenting a puzzle box of disparate elements, and I wanted to avoid the more esoteric vulnerable VMisms, like when you have to do signal processing on an MP3 you found to discover a port-knocking sequence. Of course there are always tradeoffs between what's realistic and what's optimally fun/challenging, but I've tried to keep the challenges grounded.
Because this is a VM that you're downloading, importing and booting, one way to achieve this goal would be to mount the VM's hard disk. I haven't encrypted the disk or done anything to prevent this, so if you want to take that route, go ahead. I'm also not offering a prize or anything for completing this VM, so know that it will be entirely pointless.
Because this is a VM running a real operating system with real services, there may be ways to get to
root that I did not intend. Ideally, this should be part of the fun, but if they make the box entirely trivial I'd like to know about and fix them – within reason. As of this release, I've installed all the updates available for Ubuntu Server 16.04 LTS, but I cannot and will not attempt to patch this VM against every new Linux kernel exploit that comes out in the future. So there's a hint – you don't have to use a kernel exploit to root this box.
What you will need is a good HTTP intercepting proxy – I recommend Burpsuite – and a couple of network tools like
nc. You'll also need some virtualisation software – VirtualBox will be easiest for most people, but KVM and VMWare should also be able to import the
.ova file after a bit of fiddling. Once you've imported the VM, put it on the same network as your attacking system (preferably don't give it internet access) and start hacking!
Description: A realistic Boot2Root. Gain access to the system and read the /root/root.txt
Note: Only works in VMware
Questions: Tweeeeeeter @Pink_P4nther
Difficulty to get entry: easy/intermediate
Difficulty to get root: intermediate/hard
Note From VulnHub: Wordpress will not render correctly. You will need to alter your host file with the IP shown on the console:
echo 192.168.x.x pinkydb | sudo tee -a /etc/hosts