64Base Boot2Root

This is my very first public Boot2Root, It’s intended to be more of a fun game than a serious hacking challenge. Hopefully anyone interested enough to give it a try will enjoy the story with this one.

It is based on the StarWars storyline and is designed to Troll you in a fun way.

Just be warned, it’s littered with more than a few “Red Herrings” ;D

Difficulty Rating

[BEGINNER - INTERMEDIATE]

Capture The Flags

There are 6 flags to collect. Each in the format of flag1{ZXhhbXBsZSBmbGFnCg==} Beat the Empire and steal the plans for the Death Star before its too late.

I Hope You Enjoy It.

DC416 CTF CHALLENGES

These four virtual machines were created by members of the VulnHub CTF Team for DefCon Toronto's first offline CTF.

They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate.

Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints.

Enjoy!

This was used in HackDay Albania's 2016 CTF.

The level is beginner to intermediate .

It uses DHCP.

SkyDog Con CTF 2016 - Catch Me If You Can

Difficulty: Beginner/Intermediate

Instructions: The CTF is a virtual machine and works best in Virtual Box. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above make sure that USB 2.0 is disabled before booting up the VM. The networking is setup for a Host-Only Adapter by default but you can change this before booting up depending on your networking setup. The Virtual Machine Server is configured for DHCP. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help.

Flags

The eight flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533

Flag #1 Don’t go Home Frank! There’s a Hex on Your House.

Flag #2 Obscurity or Security?

Flag #3 Be Careful Agent, Frank Has Been Known to Intercept Traffic Our Traffic.

Flag #4 A Good Agent is Hard to Find.

Flag #5 The Devil is in the Details - Or is it Dialogue? Either Way, if it’s Simple, Guessable, or Personal it Goes Against Best Practices

Flag #6 Where in the World is Frank?

Flag #7 Frank Was Caught on Camera Cashing Checks and Yelling - I’m The Fastest Man Alive!

Flag #8 Franks Lost His Mind or Maybe it’s His Memory. He’s Locked Himself Inside the Building. Find the Code to Unlock the Door Before He Gets Himself Killed!

Welcome to another boot2root / CTF this one is called Teuchter. The VM is set to grab a DHCP lease on boot. As with my previous VMs, there is a theme, and you will need to snag the flag in order to complete the challenge. Less hochmagandy and more studying is needed for this one!

A word of warning: The VM has a small HDD so please set the disk to non persistent so you can always revert. You may need to set the MAC to 00:0C:29:65:D0:A0 too.

Hints for you:

  • This VM is designed to be a bit of a joke/troll so a translator might be useful.
  • The challenge isn't over with root. I've done my usual flag shenanigans.
  • A bit of info security research and knowing your target helps here.
  • http://www.jackiestewart.co.uk/jokes/weegie%20windies%202000.htm

SHA1SUM: b5a89761b0a0ee9f0c5e1089b2fde9649ba76b3f Teuchter_0.3.ova

IMF: 1

Geckom 30 Oct 2016

Welcome to "IMF", my first Boot2Root virtual machine. IMF is a intelligence agency that you must hack to get all flags and ultimately root. The flags start off easy and get harder as you progress. Each flag contains a hint to the next flag. I hope you enjoy this VM and learn something.

Difficulty: Beginner/Moderate

Can contact me at: geckom at redteamr dot com or on Twitter: @g3ck0m

IMPORTANT NOTE: do not use host-only mode, as issues have been discovered. Set the Billy Madison VM to "auto-detect" to get a regular DHCP address off your network.


Plot: Help Billy Madison stop Eric from taking over Madison Hotels!

Sneaky Eric Gordon has installed malware on Billy's computer right before the two of them are set to face off in an academic decathlon. Unless Billy can regain control of his machine and decrypt his 12th grade final project, he will not graduate from high school. Plus, it means Eric wins, and he takes over as head of Madison Hotels!


Objective: The primary objective of the VM is to figure out how Eric took over the machine and then undo his changes so you can recover Billy's 12th grade final project. You will probably need to root the box to complete this objective.


Download:

  • BillyMadison1dot0.zip - https://dl.dropboxusercontent.com/u/5473387/BillyMadison1dot0.zip
  • MD5 = afcb926608d6d7b2471e4de6c367afb4
  • SHA1 = 4933ca408fcb2e88e6388fe4ea321f758b133d72

Other Information:

  • Size: 1.68GB
  • Hypervisor: Created with VMWare ESXi 6.0.0
  • Difficulty: Beginner/Moderate

Special Thanks To:

  • @rand0mbytez and @mrb3n813 for their tenacious help in beta testing, ironing out the bugs, suggesting better ways to do things, battling trolls and just generally being awesome.
  • @g0tmi1k, @_RastaMouse and the VulnHub crew for hosting VMs, encouraging VM creators/testers and being a tremendous resource to the infosec community.
  • @ReverseBrain for helping and testing with Vbox
  • My wife. She rules.

The DEFCON CTF VM

Over the past 6 years, I've been collecting pieces of the DEFCON CTF's past and attempting to preserve them in a way that will allow future generations to enjoy the game. With the conclusion of DARPA's Cyber Grand Challenge and the start of DEFCON 24's CTF Finals, I'm releasing what I have. It's not 100% finished (I've been way too busy lately), but it is usable!

TL;DR: The most recent copy of the VM is v0.1.0 and can be downloaded here. Credentials are below.

UPDATE 2016-08-08: Minor text fixes.


How do I use this stuff?

Booting the virtual machine should be all that's required to get services up and running. To interact with a service, simply open a socket connection to the VM on that service's port. On a *nix system, this can be done in a terminal with netcat: nc xxx.xxx.xxx.xxx yyyyy (X's represent the IP address, Y's represent the port number)

Of course, this just gets you a connection. The game requires you to find and patch/exploit flaws in each service. To do this (for most services), you will need to disassemble and step through the compiled executable by hand.

The industry-standard tool for reverse engineering is IDA Pro. Alternatives include Hopper and the recently-released Binary Ninja. If you don't want to spring for a license (or use the free demo version), the Binary Ninja prototype is open-source. Radare is another open-source alternative. And, of course, no discussion of disassemblers would be complete without mentioning objdump, which should be readily available on *nix systems in your distribution's repositories.

To assist newcomers in understanding how to find, patch, and exploit vulnerable code in these services, I have also published a fully detailed walkthrough of one of the services from DEFCON as a tutorial:

Once you've gone through it (or decided it's beneath you), I recommend "antipasto" (from DEFCON 16), "deltad" (from DEFCON 17), and "sammichd" (from DEFCON 15) as other, easier services to start with.

Breach: 2.1

mrb3n 15 Aug 2016

Second in a multi-part series, Breach 2.0 is a boot2root/CTF challenge which attempts to showcase a real-world scenario, with plenty of twists and trolls along the way.

The VM is configured with a static IP (192.168.110.151) so you'll need to configure your host only adaptor to this subnet. Sorry! Last one with a static IP ;)

A hint: Imagine this as a production environment during a busy work day.

Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as rastamouse, twosevenzero and g0blin for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining #vulnhub.

VirtualBox users: if the screen goes black on boot once past the grub screen make sure to go to settings ---> general, and make sure it says Type: Linux Version: Debian 64bit

If you run into any issues, you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub.

Looking forward to the write-ups, especially any unintended paths to local/root.

Happy hunting!

SHA1:D8F33A9234E107CA745A8BEC853448408AD4773F

Note: v2.1 fixes a few issues.

Description

Wellcome to "PwnLab: init", my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read de flag.

Can contact me at: [email protected] or on Twitter: @Chronicoder

  • Difficulty: Low
  • Flag: /root/flag.txt

File Information

  • Filename: pwnlab_init.ova
  • File size: 784 MB
  • MD5: CE8AB26DE76E5883E67D6DE04C0F6E43
  • SHA1: 575F19216A3FA3E377EFE69D5BF715913F294A3B

Virtual Machine

  • Format: Virtual Machine (Virtualbox - OVA)
  • Operating System: Debian

Networking

  • DHCP service: Enabled
  • IP address: Automatically assign