Title: The Necromancer

File: necromancer.ova

md5sum: 6c4cbb7776acac8c3fba27a0c4c8c98f

sha1sum: 712d4cfc19199dea92792e64a43ae7ac59b1dd05

Size: 345MB

Hypervisor: Created with VirtualBox 5.0.20. Tested with virtualbox and vmware player.

Author: @xerubus

Test Bunnies: @dooktwit and @RobertWinkel

Difficulty: Beginner


Description

The Necromancer boot2root box was created for a recent SecTalks Brisbane CTF competition.

There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner.

The end goal is simple... destroy The Necromancer!

Notes

  • DHCP (Automatically assigned)
  • IMPORTANT: The vm IS working as intended if you receive a successful DHCP lease as seen in the boot up sequence.
  • The Necromancer VM MUST be on the same subnet as the attacking machine. Ideally both the boot2root VM and the attacking machine should be on the same HostOnly network. If you choose to use a physical box as the attacking machine, the boot2root VM must exist on the same network via a bridged interface.

Welcome to another boot2root / CTF this one is called Violator. The VM is set to grab a DHCP lease on boot. As with my previous VMs, there is a theme, and you will need to snag the flag in order to complete the challenge.

A word of warning: The VM has a small HDD so you can brute force, but please set the disk to non persistent so you can always revert.

Some hints for you:

  • Vince Clarke can help you with the Fast Fashion.
  • The challenge isn't over with root. The flag is something special.
  • I have put a few trolls in, but only to sport with you.

SHA1SUM: 47F68241E95E189126E94A38CB4AD461DD58EE88 violator.ova

Many thanks to BenR and GKNSB for testing this CTF.

Special thanks and shout-outs go to BenR, Rasta_Mouse and g0tmi1k for helping me to learn a lot creating these challenges.

Breach: 1

mrb3n 30 Jun 2016

First in a multi-part series, Breach 1.0 is meant to be beginner to intermediate boot2root/CTF challenge. Solving will take a combination of solid information gathering and persistence. Leave no stone unturned.

The VM is configured with a static IP address (192.168.110.140) so you will need to configure your host-only adaptor to this subnet.

Many thanks to knightmare and rastamouse for testing and providing feedback.

Shout-out to g0tmi1k for maintaining #vulnhub and hosting my first challenge.

If you run into any issues, you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub.

Looking forward to the write-ups, especially any unintended paths to local/root.

Note, you may need to use 7zip to extract the ZIP.

Based on the show, Mr. Robot.

This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find.

The VM isn't too difficult. There isn't any advanced exploitation or reverse engineering. The level is considered beginner-intermediate.


+---------------------------------------------------------+
|                                                         |
|                                  __..--''\              |
|                          __..--''         \             |
|                  __..--''          __..--''             |
|          __..--''          __..--''       |             |
|          \ o        __..--''____....----""              |
|           \__..--''\                                    |
|           |         \                                   |
|          +----------------------------------+           |
|          +----------------------------------+           |
|                                                         |
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
|   Name: Stapler           |          IP: DHCP           |
|   Date: 2016-June-08      |        Goal: Get Root!      |
| Author: g0tmi1k           | Difficultly: ??? ;)         |
+- - - - - - - - - - - - - -|- - - - - - - - - - - - - - -+
|                                                         |
| + Average beginner/intermediate VM, only a few twists   |
|   + May find it easy/hard (depends on YOUR background)  |
|   + ...also which way you attack the box                |
|                                                         |
| + It SHOULD work on both VMware and Virtualbox          |
|   + REBOOT the VM if you CHANGE network modes           |
|   + Fusion users, you'll need to retry when importing   |
|                                                         |
| + There are multiple methods to-do this machine         |
|   + At least two (2) paths to get a limited shell       |
|   + At least three (3) ways to get a root access        |
|                                                         |
| + Made for BsidesLondon 2016                            |
|   + Slides: https://download.vulnhub.com/media/stapler/ |
|                                                         |
| + Thanks g0tmi1k, nullmode, rasta_mouse & superkojiman  |
|   + ...and shout-outs to the VulnHub-CTF Team =)        |
|                                                         |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - -+
|                                                         |
|       --[[~~Enjoy. Have fun. Happy Hacking.~~]]--       |
|                                                         |
+---------------------------------------------------------+

Welcome to my third boot2root / CTF this one is called Sidney. The VM is set to grab a DHCP lease on boot. As before, gaining root is not the end of this VM. You will need to snag the flag, and being me, it's never where they normally live... B-)

If you are having trouble with the NIC, make sure the adapter is set to use the MAC 00:0C:29:50:14:56

Some hints for you:

  • If you are hitting a wall, read https://de.wikipedia.org/wiki/MOS_Technology_6502
  • The flag is audio as well as visual

SHA1SUM: 114ABA151B77A028AA5CFDAE66D3AEC6EAF0751A sidney.ova

Many thanks to Rasta_Mouse and GKNSB for testing this CTF.

Special thanks and shout-outs go to GKNSB and Rasta_Mouse, hopefully he streams this one live too! Also a shout-out to g0tmi1k for #vulnhub and offering to host my third CTF.

Milnet: 1

Warrior 1 Jun 2016

Welcome to 1989!

And welcome to Germany!

This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it.


This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques!


Just a solid and simple advanced persistent threat (admins) ;)

So the level is clearly: beginner (as intended).


For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM.


I made the effort to throw some very basic story/polish into it.

Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console!

-No, I dont consider finding the VM in your own network a real challenge ;)-

If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub!


Hope you enjoy this VM!

Gonna enjoy reading some writeups and hope you might find other ways then the intended ones!

Best Regards

Warrior

VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

  • This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE "pentesting is a wide concept"

If you have questions, feel free to contact me on [email protected] dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

Welcome to another boot2root / CTF this one is called Gibson. The VM is set to grab a DHCP lease on boot. It doesn't matter what your local subnet is, as long as you keep away from the 192.168.122.0/24 subnet. You will see why soon enough...

Once again, I'll offer some hints to you:

  • SSH can forward X11.
  • The challenge isn't over with root. The flag is not where you expect to find it.

SHA1SUM: f4601f62b7011cc6ad403553cb8a9375e43cb0b5 gibson.ova

Many thanks to g0blin and GKNSB for testing this CTF.

Special thanks and shout-outs go to Barrebas and Rasta_Mouse. and g0tmi1k for more advice and offering to host my second CTF.

Kudos to g0blin for adivsing on how to use this in Vi

Virtual box users can run: tar zxf gibson.ova && qemu-img convert gibson-disk1.vmdk gibson-disk1.bin && VBoxManage convertfromraw gibson-disk1.bin gibson-disk1.vdi --format VDI

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

  • SQL Injection (Error-based)
  • SQL Injection (Blind)
  • Reflected Cross-Site Scripting
  • Stored Cross-Site Scripting
  • Insecure Direct-Object Reference
  • Username Enumeration
  • Path Traversal
  • Exposed phpinfo()
  • Exposed Administrative Interface
  • Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip


Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip


Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD