This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made.
That being said, it will depend on you how hard it is :D
It's filled with a few little things to make the player smile.
Again there are a few “Red Herrings”, and enumeration is key.
CAPTURE THE FLAGS
There are 7 flags to collect, designed to get progressively more difficult to obtain
| Name: Moria |
| IP: Through DHCP |
| Difficulty: Not easy! |
| Goal: Get root |
| DESCRIPTION: |
| Moria is NOT a beginner-oriented Boot2Root VM, it will |
| require good enum skills and a lot of persistence. |
| VM has been tested on both VMware and VirtualBox, and |
| gets its IP through DHCP, make sure you're on the same |
| network. |
| Special thanks to @seriousblank for helping me create it|
| and @johnm and @cola for helping me test it. |
| Link: dropbox.com/s/r3btdcmwjigk62d/Moria1.1.rar |
| Size: 1.56GB |
| MD5: 2789bca41a7b8f5cc48e92c635eb83cb |
| SHA1: e3bddd4133320ae42ff65aec41b9f6516d33bb89 |
| CONTACT: |
| You can find me on NetSecFocus slack, twitter at |
| @abatchy17 or occasionally on #vulnhub for questions. |
| PS: No Lord of The Rings knowledge is required ;) |
| -Abatchy |
Welcome to another boot2root / CTF this one is called Analougepond. The VM is set to grab
a DHCP lease on boot. I've tried to mix things up a little on this one, and have used the
feedback from #vulnhub to make this VM a little more challenging (I hope).
Since you're not a Teuchter, I'll offer some hints to you:
Remember TCP is not the only protocol on the Internet
My challenges are never finished with root. I make you work for the flags.
The intended route is NOT to use forensics or 0-days, I will not complain either way.
To consider this VM complete, you need to have obtained:
Troll Flag: where you normally look for them
Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
Flag 2: It will include a final challenge to confirm you hit the jackpot.
Have root everywhere (this will make sense once you're in the VM)
2 VNC passwords
Best of luck! If you get stuck, eat some EXTRABACON
NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run
before proceeding to attack.
v0.1b - Initial Version
v01.c - Fixes for flags based on feedback from mrB3n
v0.1d - Fixes based on shortcut to intended route
v0.2a - Fixes and clean up of disks for smaller OVA export
v0.2b - Small edit to remove copy of flag in wrong folder
This is a vulnerable machine i created for the Hackfest 2016 CTF
Difficulty : Hard
If youre stuck enumerate more! Seriously take each service running
on the system and enumerate them more!
Goals: This machine is intended to take a lot of enumeration and
understanding of Linux system.
There are 4 flags on this machine
1. Get a shell
2. Get root access
3. There is a post exploitation flag on the box
4. There is something on this box that is different from the others
from this series (Quaoar and Sedna) find why its different.
Feedback: This is my third vulnerable machine, please give me
feedback on how to improve !
@ViperBlackSkull on Twitter
Special Thanks to madmantm for testing this machine
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.