-=Pandora's Box =-
__ -\_ __\--.
,-',\\` '//,\_ \
|.----&----. \ `. \
(__,___,__(_ \ |
_____| | |__`--'____
Testers: Barrebas / Jelle
Pandora's box is a Boot2Root VM focused on binary exploitation and
reverse engineering. You have to complete all levels to r00t the box.
Some levels come with a readme file which you should read.
Import, boot and wait 60 seconds for everything to start up before
Major thanks to Barrebas and Jelle for testing the VM and challenges
and the feedback.
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)
Difficulty is beginner++ to intermediate.
The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address.
Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas.
If you have issues with the machine, feel free to contact me at @Maleus21 or maleus overflowsecurity.com.
By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.
TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.
Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:
"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge
"Energy and persistence conquer all things." - Benjamin Franklin
"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley
Get a root shell and read the contents of /root/flag.txt to complete the challenge!
The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:
Welcome to The Owl Nest
Owls are lovely but hates you :)
and maybe after this one, you will hate them too.
Notes from the author:
I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players :)
Even if the machine was tested, maybe there are shortcuts to reach the flag.. hopefully not :)
Expect some curve balls :)
Special thanks goes to Barrebas for testing the VM
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.