Your pentesting company has been hired to perform a test on a client company's internal network. Your team has scanned the network and you have been assigned one of the discovered systems. Perform a test on this system starting from the beginning of your chosen methodology and submit your report to the project manager at scenes AT 21LTR DOT com
The client has defined a set of limitations for the pentest:
- All tests will be restricted to the systems identified on the 192.168.2.0/24 network.
- All commands run against the network and systems must be supplied in the form of script files packaged with the submission of the report
- A final report indicating all identified vulnerabilities and exploits will be provided to the company's engineering department within 90 days of the start of this engagement.
Scenario Pentest Lab Scene 1:
This LiveCD is configured with an IP address of 192.168.2.120 - no additional configuration is necessary.
Damn Vulnerable Linux (DVL) Strychnine+E605 (1.4):
Added more tools. Now Reverse Code Engineering tools is 99%, added Truecrypt, Eclipse IDE for Java and C++, added Mono for .NET vulnerability. Rearranged the menu, minor bug fixes ( :grin: ). We close tool addition with this and focus on bug fix and training material only from now on.
[Application Development] Add Motor IDE
[Application Development] Update HLA to 1.98 and StdLib to 2.3
DVL 1.4 final is ready to go and is uploaded at the moment. We hit the 1.6 GB size, including all necessary to train software development, IT security and Reverse Code Engineering. During the next time the mirrors will be informed. After this we post the links. As well we do a short intro video to show all features and on how to use DVL.
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.