oreo: 1

Alexander 7 Mar 2020

Name: Oreo

OS: Android-x86 8.1 64-bit

Categories: basic enumeration, reverse engineering

Level: medium

Tested Virtualization Platforms: KVM, VMware

Root Flag Location: /data/root.txt

MuzzyBox: 1

Muzzy 28 Feb 2020

I have created this amazing CTF for pentester. However, This is not like other CTF which has been using common exploits and tools. Instead, you will learn about Real-world website testing methodology, advance injections and more.

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, probably insane, real life box, created by @4nqr34z and @theart42.

As in the former Tempus Fugits, #5 the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @tfhints

DHCP-Client.

Tested and works both on Virtualbox and vmware

Health warning:

May cause loss of hair, severe self doubt and enlarged imposter syndrome

Story:

Recovered from the security disaster that was Tempus Fugit 4, our friends at Mofo company returned to the warm bosom of Linux. They have developed a sensational Internet application and have protected it with all sorts of fancy tooling. Deploying new technology and cool security features, they are confident that they can now withstand the worst of the worst. But, being hacked so many times, may the real danger be lurking from within?? Hack TF5 and find out for yourself!, @theart42 and @4nqr34z

N/A

This is the first in our collaborative series. This machine has 3 flags and requires a combination of traffic analysis, linux priv esc, and some outside the box CTF thinking.

Technical Info:

  • Ubuntu 64bit
  • Tested on virtualBox
  • DHCP should be enabled (set as bridged networking)

This a beginner level machine , getting a shell is a little bit harder, just think out of the box to get the shell.privilege escalation is easy once you get the shell.

This machine has 3 flags. Each flag is present in the Home directory of particular user. Be ready to test your Linux skills.

Technical Information

  • machine is based on Ubuntu 64bit
  • Tested on virtualBox
  • DHCP is enabled (set as bridged networking)

Installation

unzip it and then import it into virtualBox

Difficulty

Beginner/intermediate

Contact

If you have solved this machine in an unintended way then please let us know,you may get a chance to publish your writeup on our website. website link : https://www.haclabs.org

This machine is designed by keeping in mind about all the beginners who wants to start their journey in CTF challenges.

This machine doesn't require any prior knowledge about different web vulnerabilities.

Privilege escalation is the Key!

This machine has 3 flags. Each flag is present in home directory.

You must know some basic linux commands to pawn this machine.

Technical Information

  • Machine is based on Ubuntu 64bit
  • Tested on virtualBox
  • DHCP is enabled (set as bridged networking)

Installation

Unzip it and then import it into virtualBox

Contact

If you have solved this machine in an unintended way then please let us know,you may get a chance to publish your writeup on our website. website link : https://www.haclabs.org

Sar: 1

Love 15 Feb 2020

Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing.

Description: Here is another box, enjoy it!

Difficulty: Intermediate

Contact: @whitecr0wz

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, real life box, created by @4nqr34z and @theart42.

As in the former Tempus Fugits, #4 the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @4nqr34z or @theart42

DHCP-Client.

Tested and works both on Virtualbox and vmware

Story:

After being hacked multiple times, the company decides to do things differently this time. They left Linux and choose another operating system that claimed to be more secure. Realising they could have resources inside the company that are willing to help the relative small IT department (originally only web-designers) and the fact (according to Hugh Janus) there are safety in numbers, they start a internal crowdsourcing project. Allowing internal employees to request access to the new server.