This box is upgraded edition of previous (MyFileServer 2) box.

Multiple way to get user and root flags are added.

Ping me on twitter @CyberKnight00 if you face any difficulty.

Don't stop after finding 1 way there are more ways.

Welcome to "My Web Server"

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerablities of target.

Goal: Get the root flag of the target.

Difficulty: Medium/Intermediate Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

DMV: 1

Jonathan 12 Apr 2020

It is a simple machine that replicates a real scenario that I found.

The goal is to get two flags, one that is in the secret folder and the other that can only be read by the root user

TBBT2: FunWithFlags

______             _    _ _ _   _      ______ _                 
|  ___|           | |  | (_) | | |     |  ___| |                
| |_ _   _ _ __   | |  | |_| |_| |__   | |_  | | __ _  __ _ ___ 
|  _| | | | '_ \  | |/\| | | __| '_ \  |  _| | |/ _` |/ _` / __|
| | | |_| | | | | \  /\  / | |_| | | | | |   | | (_| | (_| \__ \
\_|  \__,_|_| |_|  \/  \/|_|\__|_| |_| \_|   |_|\__,_|\__, |___/
                                                       __/ |    
                                                      |___/

Welcome to "Fun with Flags" 2!


This boot2root machine is part of the TBBT Fun with Flags series and it is themed after the famous TV show, The Big Bang Theory and has really strong CTF elements. It's more like solving a set of interesting CTF challenges as a puzzle than facing these in a real life scenario.


Goal: Hack Sheldon and get user and root flags


Difficulty: Intermediate but if you have never watched the series I would rate it as hard, still solvable though


  • Runs only with VirtualBox!
  • DHCP is enabled

Need hints? Tweet @emaragkos


Your feedback is really valuable for me!

Was there something that you didn’t like about it? Maybe something you have liked more if it was different?


Good luck and have fun :)

Welcome to "It’s October"

This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target.

Goal: Get the root flag of the target.

Difficulty: Easy/Medium Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

Difficulty: Intermediate

Learning: Web Application | Enumerate | Good Enumeration | Privilege Escalation

Overview:

Tested: VirtualBox/VMWare

Virtual Machine: - Format: Virtual Machine Virtualbox OVA

Networking: - DHCP Service: Enabled

twitter @rahul_gehlaut

Difficulty: intermediate-hard

This VM was designed to search for the attackers "Achilles' heel". Please only assign one network adapter to avoid issues.

VMware works fine. Virtualbox has issues.

Welcome to "My Tomcat Host"

This boot to root VM is designed for testing your basic enumeration skills and concepts.

Goal: Get the root flag of the target.

Difficulty: Easy/Beginner Level

Need hints? Twitter @akankshavermasv

DHCP is enabled

Your feedback is really valuable for me! Twitter @akankshavermasv

Was there something that you didn’t like about this VM?

Please let me know so that I can make more interesting challenges in the future.

Good Luck..!!!

Hello Agent.

You're here on a special mission.

A mission to take down one of the biggest weapons suppliers which is Moriarty Corp.

Enter flag{start} into the webapp to get started!

Notes:

  • Web panel is on port 8000 (not in scope. Don’t attack)
  • Flags are stored in #_flag.txt format. Flags are entered in flag{} format. They're usually stored in / directory but can be in different locations.
  • To temporarily stop playing, pause the VM. Do not shut it down.
  • The webapp starts docker containers in the background when you add flags. Shutting down and rebooting will mess it up.

(the story is bad. sorry for the lack of creativity)

Difficulty: Med-Hard

Tasks involved:

  • port scanning
  • webapp attacks and bug hunting
  • pivoting (meterpreter is highly recommended)
  • password guessing/bruteforcing

Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux

Networking: - DHCP Service: Enabled - IP Address Automatically assign

You've been assigned to test another social networking webapp.

You have been given access to a dev server.

The current devs use many custom tools and scripts that you'll have to review and attack.

Difficulty: Hard

Tasks involved:

  • port scanning
  • webapp attacks
  • code review
  • custom bruteforcing
  • reverse engineering
  • buffer overflow
  • exploitation

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign