This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator's cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use.
The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation.
Download Web Security Dojo from
To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox.
As of version 1.0 a VMware version is also provided, as well as video install instructions
Sponsored by Maven Security Consulting Inc
(performing web app security testing & training since 1996).
Also, could be you! Web Security Dojo is an open source and fully transparent project, with public build scripts and bug trackers on Sourceforge .
Look for Dojo videos on our YouTube channel at http://www.youtube.com/user/MavenSecurity
Hack your way to fame and glory 1 with our security challenges posted at Reddit (http://www.reddit.com/r/WebSecChallenges/).
[1. Fame and glory not included; void where prohibited by law]
100% works with VMware player6, workstation 10 & fusion 6.
May have issues with ViritualBoxIf this is the case, try this 'fix': http://download.vulnhub.com/kioptrix/kiop2014_fix.zip - Step by Step screenshots for Virtualbox 4.3 & VMware Workstation 9)
About the VM
As usual, this vulnerable machine is targeted at the beginner. It's not meant for the seasoned pentester or security geek that's been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard.
Also, before powering on the VM I suggest you remove the network card and re-add it. For some oddball reason it doesn't get its IP (well I do kinda know why but don't want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go.
This was created using ESX 5.0 and tested on Fusion, but shouldn't be much of a problem on other platforms.
Hades is a new boot2root challenge pitched at the advanced hobbyist. Solving this challenge will require skills in reverse engineering, sploit development and sound computer architecture understanding. If you've never heard of an opaque predicate, you're going to have a hard time of it!
I strongly suggest you don't start this the week before exams, important meetings, deadlines of any sort, marriages, etc.
The aim of this challenge is for you to incrementally increase your access to the box until you can escalate to root. The /root/flag.txt contains, amongst other things, a public PGP key which you can use to demonstrate victory - the private key has been given to the VulnHub.com admins.
I have verified this challenge is completable using 'Kali 3.7-trunk-686-pae' (Kali Linux 1.0.5 x86) as my attack platform with VMware Fusion 5.
It's meant to be hard.
EDB is your friend.
Hades will get an IP address by DHCP.
By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.
If something bad happens, it's not my fault. Use at your own risk!
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.