Bobby: 1

TheXero 7 Dec 2011
TheXero's    ____        __    __         
            / __ )____  / /_  / /_  __  __
           / __  / __ \/ __ \/ __ \/ / / /
          / /_/ / /_/ / /_/ / /_/ / /_/ / 
         /_____/\____/_.___/_.___/\__, / v.1 
|Objective| There is a 'flag' in the administrator's personal folder. |
|         | Find it & read the contents of the file.                  |
|       OS| Windows XP Pro SP3 x86                                    |
|  Network| Static (Somewhere in                      |


p.s. The setup of this vulnerable machine uses 'AutoIT' to automate the various aspects of the installation.
If the timings during the installation are off, the setup will fail.
Try installing it again if it does fail, however if it keeps on failing - please get in touch.

Source: readme.txt

Welcome to is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.


v1.0 – Original version for 2004 RSA Show

v1.1 – Added:

  • More supported NICs.

  • Referrer checking for Supplier Upload.

  • badstore.old in /cgi-bin/

  • Select icons added to the /icons/ directory.

v1.2 – Version presented at CSI 2004


  • Full implementation of MySQL.

  • JavaScript Redirect in index.html.

  • JavaScript validation of a couple key fields.

  • My Account services, password reset and recovery.

  • Numerous cosmetic updates.

  • 'Scanbot Killer' directory structure to detect scanners.

  • favicon.ico.

  • Reset files and databases to original state without reboot.

  • Dynamic dates and times in databases.

  • Additional attack possibilities.

Source: BadStore_Manual.pdf

VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.

Just to keep things interesting this particular disto also suffers from a known exploit from which it is relatively easy to gain a root shell. Once you've found the easy way, can you get root using a different method?

I've created these basic VoIP hacking training exercises as I found very limited resources online. Hopefully VulnVoIP will help others learn the basic fundamentals of VoIP hacking in a safe environment.

  • Architecture: x86
  • Format: VMware (vmx & vmdk) compatibility with version 4 onwards
  • RAM: 512MB
  • Network: NAT
  • Extracted size: 1.68GB
  • Compressed (download size): 552MB - 7zip format - 7zip can be obtained from here
  • MD5 Hash of VulnVoIP.7z: 1411bc06403307d5ca2ecae47181972a


"Created for Lars's students"

Source: e-mail

A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.


A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up 'capture the flag'.



UltimateLAMP includes a long list of popular LAMP stack applications. For more information take a look a the UltimateLAMP products list.

With the success of this first product, research has already commenced in our next two products UltimateLAMJ (Open Source Java Based Applications) and UltimateLAMR (Open Source Ruby Applications).

Latest News

  • Oct 27 2006 - Information regarding Passwords.
  • Aug 14 2006 - And the winners are?
  • May 20 2006 - VMware Appliance Challenge Application.
  • May 15 2006 - Version 0.2 release of UltimateLAMP.
  • May 12 2006 - Initial Version 0.1 release of UltimateLAMP.


Welcome, welcome! The time has come to select one courageous young hacker for the honor of representing District 12 in the 74th annual Hacker Games! And congratulations, for you have been selected as tribute!

Hacking games and CTF’s are a lot of fun; who doesn’t like pitting your skills against the gamemakers and having a free pass to break into things?

But watch out, as you will find out, some games are more dangerous than others. I have talked about counterattacks here before, and this system has implemented a number of aggressive anti-hacker measures.

In fact, this VM is downright evil. I am probably legally obligated to tell you that it will try to hack you. So if a calculator or message declaring your pwnedness pops up or shows up on your desktop, you asked for it. But don’t worry, it won’t steal your docs or rm you, it will just demonstrate compromise for the game.

To save precious bandwidth, this has been implemented in a minimal tinycore-based VM, and will require VirtualBox to run. But vbox is free – you can download it here:

Unfortunately, I didn’t have the time to add nearly all the things I wanted to, so there are really just a few challenges, a couple of counterhacks, and about 10 memes to conquer. Depending on your skill level, you could pwn (or be pwned) in just a few minutes or in a few hours. So hack it before it hacks you!

No sponsors are necessary, so don’t light yourself on fire. Simply download the evil VM here:, start it, and open up http://localhost:3000/ to begin. Now, you can totally cheat since you own the VM, but see if you can beat the challenges without cheating. Then you can go ahead and cheat, which should also be fun – you’re probably comfortable with many physical access attacks involving the hard disk, but this system doesn’t use a hard disk. So enjoy and remember…

May the odds be ever in your favor!




  • Get root... Win!


pWnOS v2.0 is a Virutal Machine Image which hosts a server to pratice penetration testing. It will test your ability to exploit the server and contains multiple entry points to reach the goal (root). It was design to be used with WMWare Workstation 7.0, but can also be used with most other virtual machine software.

Configuration & Setup:

  • Configure your attacking platform to be within the network range

For example the ip of with the netmask of is what I statically set my BackTrack 5 network adapter to.

  • VMWare's Network Adapter is set to Bridged Network Adapter

You may need to change VMWare's Network Adapter to NAT or Host-Only depending on your setup

The server's ip is staticaly set to

Server's Network Settings:

  • IP:
  • Netmask:
  • Gateway:

Version History:

v2.0 - 07/04/2011 - Pre-Release copy for initial testing

Source: pWnOS_v2.0.7z/pWnOS v2.0/pWnOS_INFO-v2_0.txt

pWnOS: 1.0

pWnOS 27 Jun 2008

Some of you may have noticed this new pWnOS forum section. I created pWnOS as a virtual machine and Grendel was nice enough to let me post about it here. Here's a bit of information on pWnOS.

It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. :) Currently, the virtual machine NIC is configured in bridged networking, so it will obtain a normal IP address on the network you are connected to. You can easily change this to NAT or Host Only if you desire. A quick ping sweep will show the IP address of the virtual machine. scenario/storyline with this one. I wasn't really planning to release it like this, so maybe for version 2.0 I'll be more creative. :) I'm anxious to get feedback so let me know how it goes or if you have questions. Thanks and good luck!


-- Readme

Thanks for trying pWnOS 1.0. A few things to note before getting started. pWnOS is made using VMware Workstation and can be started by downloading VMware Server or Vmware player...both of which are free! Or VMware Workstation (Windows) or VMware Fusion (OS X), which are not free.

  1. If Vmware asks whether you copied or moved this virtual machine on first boot, click MOVED! Otherwise the network settings could get messed up.
  2. The virtual machine is currently setup to use bridged networking, but you may want to change this to NAT or Host Only...depending on your preferences.
  3. All necessary tools/exploits/whatever can be found at
  4. There are multiple paths to get shell access. I created a n00b path and a more advanced path. See if you can get both of them!

I would rate the difficulty of pWnOS approximately the same as De-Ice's level 2 disk...maybe a bit more difficult. See for information on the De-Ice penetration testing disks.

I hope you enjoy it! If you have any questions or feedback, email me at bond00(at)


Source: readme.txt