• Level: Beginner-Intermediate
  • User flag: user.txt
  • Root flag: root.txt
  • Description: The machine is VirtualBox compatible but can be used in VMWare as well (not tested but it should work). The DHCP will assign an IP automatically. You have to find and read two flags (user and root) which is present in user.txt and root.txt respectively. Enjoy pwning it!

This is an hard machine.

You'll need to master and chain together multiple vulnerabilities.

If you need a hint feel free to contact me on Twitter: @p4w16

Its a CTF machine that deals with the history of gears of war, where we must try to escape from prison and obtain root privileges. it has some rabbit holes, so you have to try to connect the tracks to get access.

Book your tickets to The Konohagakure, and train under Master Jiraiya, Hokage Uzumaki and Tsunade. Use your hacking skills to stop Orrochimaru and Rescue Sasuke. Hack this boot to root and get the title of “The Number One Hyperactive, Knucklehead Ninja”

ENUMERATION IS THE KEY!!!!!

Advanced-Hard Boot2Root machine intended to be used in a Workshop/CTF beside Shellmates Club.

The machine has 6 flags that will guide the challenger through it.

It covers web security, binary exploitation, and various misconfigurations.

  • LinkedIn: https://www.linkedin.com/in/hafidh-zouahi-b95373132/
  • e-mail: gh_zouahi at esi dot dz

This lab is going to introduce a little anarchy. It will upset the established order, and everything becomes will become chaos. Get your face painted and wear that Purple suit because it’s time to channel your inner Joker. This is a boot2root lab. Getting the root flag is ultimate goal.

ENUMERATION IS THE KEY!!!!!

The machine was part of my workshop for Hacker Fest 2019 at Prague.

Difficulty level of this VM is very “very easy”. There are two paths for exploit it.

  • There are no intentional rabbit holes.
  • Through a vulnerable "[retracted]". Exploit is part of MSF.
  • Through vulnerable "[retracted]".
    • Can be found by "[retracted]".
    • There is a "[retracted]" injection (exploit is part of MSF).
    • Recovered credentials (username + hash) can be cracked by John and rockyou.txt wordlist.
    • Low priv shell can be gained through MSF exploit or trying the credentials against "[retracted]".
    • Priv. esc. is simply done by "[retracted]".

A harder VM designed to train for both pentesting newer IT infrastructure methodologies as well as network pivot practice.

You'll need to be familiar with pivoting techniques, web app vulnerabilities, Metasploit and Meterpreter, as well as enumeration methodologies and a good bit of patience.

As a note, there are two additional bonus flags that will appear in the /root directory based on pre-defined actions taken during the course of rooting the VM.

This is our tribute to the Indian Space Research Organisation (ISRO). We as Indians are proud of ISRO and its achievements. Solve this CTF challenge and feel the work of ISRO.

This machine contains 4 different flags to test your skills.

  1. Aryabhata
  2. Bhaskara
  3. Mangalyaan
  4. Chandrayaan 2

ENUMERATION IS THE KEY!!!!!

Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF's. It should take around 30 minutes to root.