Your challenge, should you choose to accept, is to gain root
access on the server! The employees over at Flick Inc. have
been hard at work prepping the release of their server
checker app. Amidst all the chaos, they finally have a version
ready for testing before it goes live.
You have been given a pre-production build of the Android .apk
that will soon appear on the Play Store, together with a VM
sample of the server that they want to deploy to their cloud
The .apk may be installed on a phone (though I wont be offended if
you don't trust me ;]) or run in an android emulator such as the
Android Studio (https://developer.android.com/sdk/index.html).
By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.
TL;DR: If something bad happens, it's not my fault.
Brainpan 3 has been tested and found to work with VMware Player, VMware Fusion, and Virtual Box.
Check to make sure Brainpan_III.ova has following checksums so you know your download is intact:
MD5 : 170e0d8b26ab721587537fcde69087a0
Import Brainpan_III.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it's recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.
Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers.
As the target gets used will read the file contents /root/flag.txt obviously once climbed the privileges necessary to accomplish the task.
The image can be mounted with VirtualBox . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Good luck !. If you want to send in pdf format solucionarios can do so at the following address: s3csignal [at] gmail [dot] com
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:
Welcome to the ZorZ VM Challenge
This machine will probably test your web app skills once again.
There are 3 different pages that should be focused on (you will see!)
If you solve one or all three pages, please send me an email and
quick write up on how you solved each challenge. Your goal is to successfully
upload a webshell or malicious file to the server. If you can execute
system commands on this box, thats good enough!!! I hope you have fun!
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
This VM is meant as a small introduction to 32-bit return-oriented-programming on Linux. It contains three vulnerable binaries, that must be exploited using ROP.
The machine is built and tested in VirtualBox 4.3.20. It's an Ubuntu 32 bit VM, with ASLR disabled. Useful tools like gdb-peda are installed. A description of the levels, including instructions, can be found on the webserver.
A big shout-out to my team mates of the Vulnhub CTF Team!
@barrebas, March 2015 & June 2015
The links below are community submitted 'solutions' showing hints/nudges or possibly a complete walkthrough* of how they solved the puzzle.
Please note, there could be (many) more methods of completing this, they just haven't, either been discovered, or submitted. If you know something that isn't listed, please submit it or get in touch and we would be glad to add it.
* This is a spoiler. It could possibly show you a way of completely solving it.
Here you can download the mentioned files using various methods.
We have listed the original source, from the author's page. However, after time these links 'break', for example: either the files are moved, they have reached their maximum bandwidth limit, or, their hosting/domain has expired.
For these reasons, we have been in touch with each author asking for permission to mirror the files. If the author has agreed, we have created mirrors. These are untouched copies of the listed files. (You can check for yourself via the MD5 & SHA1 checksums which are individually displayed on their entry page. See how here).
We also offer the download via BitTorrent. We prefer that people use BitTorrent, however, we do understand that it is not as straight forward as clicking on a direct link.
To make sure everyone using VulnHub has the best experience possible using the site, we have had to
limit the amount of simultaneous direct download files to two files, with a max speed of 3mb
This is because the average file size is currently about 700mb, which causes our bandwidth to be high (couple of terabytes each month!). As this is a privately funded project, we believe we have chosen the best hosting provider for the limited budget.
If would you like to be able to download a mass, and at quicker speed, please use torrents as these will be seeded 24/7. For a guide on how to setup and use torrents, see here.
If you're the owner of a listed file or believe that we are unlawfully distributing files without permission, please get in touch here.