Virtual Machines
single series all timeline

This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security.

VirtualBox is the recommended platform for this challenge (though it should also work with VMware -- however, I haven’t tested that).

This VM is a moderate step up in difficulty from the first entry in this series. If you’ve solved the first entry and have tried a few other beginner-oriented challenges, this VM should be a good next step. Once again, this challenge contains multiple initial exploitation vectors and privilege escalation vulnerabilities.

Your goal is to remotely attack the VM, gain root privileges, and read the flag located at /root/flag.txt. Once you’ve finished, try to find other vectors you might have missed! If you’d like to send me a link to your writeup, enjoyed the VM or have questions or feedback, feel free to contact me at: [email protected]

If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. There were lots of wonderful writeups for Basic Pentesting: 1, and I look forward to reading the writeups for this challenge.

more...
Basic Pentesting: 2
10 Jul 2018
 by 
Josiah Pierce
ellipsis

I recently got done creating an OSCP type vulnerable machine that's themed after the great James Bond film (and even better n64 game) GoldenEye. The goal is to get root and capture the secret GoldenEye codes - flag.txt.

I'd rate it as Intermediate, it has a good variety of techniques needed to get root - no exploit development/buffer overflows. After completing the OSCP I think this would be a great one to practice on, plus there's a hint of CTF flavor.

I've created and validated on VMware and VirtualBox. You won't need any extra tools other than what's on Kali by default. Will need to be setup as Host-Only, and on VMware you may need to click "retry" if prompted, upon initially starting it up because of formatting.

more...
GoldenEye: 1
4 May 2018
 by 
creosote
ellipsis

A new OSCP style lab involving 2 vulnerable machines, themed after the cyberpunk classic Neuromancer - a must read for any cyber-security enthusiast. This lab makes use of pivoting and post exploitation, which I've found other OSCP prep labs seem to lack. The goal is the get root on both machines. All you need is default Kali Linux.

I'd rate this as Intermediate. No buffer overflows or exploit development - any necessary password cracking can be done with small wordlists. It's much more related to an OSCP box vs a CTF. I've tested it quite a bit, but if you see any issues or need a nudge PM me here.

Virtual Box Lab setup instructions are included in the zip download, but here's a quick brief:

Straylight - simulates a public facing server with 2 NICS. Cap this first, then pivot to the final machine. Neuromancer - is within a non-public network with 1 NIC. Your Kali box should ONLY be on the same virtual network as Straylight.

more...
WinterMute: 1
5 Jul 2018
 by 
creosote
ellipsis

Machine Name: - Billi_b0x 2

Author Name: - Manish Kishan Tanwar (@indishell1046)

=========

This Virtual machine is using ubuntu (32 bit)

Other packages used: -

PHP Apache MySQL Apache tomcat

This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Gaining low or root privilege shell can be done in two ways (for both)

more...
billu: b0x 2
10 Jun 2018
 by 
Manish Kishan Tanwar
ellipsis

N/A
Pinky's Palace: v3
15 May 2018
 by 
Pink_Panther
ellipsis

N/A
FourAndSix: 1
6 May 2018
 by 
Fred Wemeijer
ellipsis

Name: MinUv1

Date Release: 2018-07-10

Author: 8bitsec

Description: This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP. Your goal is to capture the flag on /root.

Note: Tested on VirtualBox

Network: Host-Only/DHCP (should work on bridged)

File: OVA

Difficulty: easy/intermediate

Filename: MinUv1.ova.7z

File Size: 540MB

MD5: cc3d58173a8e9ed3f7606c8d12140a68

SHA1: 8409ceb3cd959085c0249eb676af2f384da85466

Format: Virtual Machine (Virtualbox - OVA)

Operating System: Linux

DHCP service: Enabled

IP address: Automatically assign

more...
MinU: 1
2 May 2018
 by 
8BitSec
ellipsis

Name: Gemini Inc v2

Date release: 2018-07-10

Author: 9emin1

Series: Gemini Inc

Description: I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.

Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.

GeminiInc v2 has been created that replicate a few issues that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.

Adding a little made-up background story to make it more interesting…

Introduction: Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.

Tweet me your writeup @ https://twitter.com/sec_9emin1

File Information:

  • Filename: Gemini-Pentest-v2.zip
  • File size: 2239959453
  • SHA 1: 5f210dd9a52a701bab262a9def88009b1ca46300

Virtual Machine:

  • Format: Virtual Machine (VMWare)
  • Operating System: Debian

Networking:

  • DHCP Service : Enabled
  • IP Address: Automatically Assigned

More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/

Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v2-virtual-machine-walkthrough/

The VM has been tested on the following platform and is working:

  • Mac OSX VMWare Fusion
  • Windows 10 VMWare Player
  • Windows 10 VMWare Workstation

It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.

more...
Gemini Inc: 2
29 Apr 2018
 by 
9emin1
ellipsis

Name : Android4

OS : Android v4.4

Description : This is my Second booT2Root CTF VM..I hope you enjoy it. if you run into any issue you can find me on Twitter: @touhidshaikh22

Flag : /data/root/ (in this Directory)

Level: Beginner.

Contact: Touhid M.Shaikh aka Agent22 touhidshaikh22@gmaill.com <- Feel Free to write mail

Website: http://www.touhidshaikh.com

Try harder!: If you are confused or frustrated don't forget that enumeration is the key!

Feedback: This is my Second boot2root - CTF VM. please give me feedback ( [email protected] )

Tested:
This VM was tested with: Virtual Box 5.X

Walkthrough : https://www.youtube.com/channel/UC7lxfIwNnSIE7ei9O2K8ZKw (Walkthrough playlist)

Networking:
DHCP service: Enabled IP address: Automatically assign

more...
Android4: 1
4 Apr 2018
 by 
Touhid Shaikh
ellipsis

If you want to keep your hacking studies, please try out this machine!

Jarbas 1.0 – A tribute to a nostalgic Brazilian search engine in the end of 90’s.

Objective: Get root shell!

more...
Jarbas: 1
3 Apr 2018
 by 
Tiago Tavares
ellipsis

Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target.

This workshop will provide you with a custom-made VM where the goal is to obtain root level access on it.

This is a great chance for people who want to get into pentesting but don’t know where to start. *

If this sounds intimidating, don’t worry! During the workshop, we’ll be discussing various methodologies, common pitfalls and useful tools at every step of our pentest.

Requirements:

  • Laptop capable of running two VMs and has a USB port.
  • At least 20GB of free space.
  • VirtualBox pre-installed.
  • Kali VM
  • Some familiarity with CLI.
more...
BSides Vancouver: 2018 (Workshop)
21 Mar 2018
 by 
abatchy
ellipsis

Trollcave is a vulnerable VM, in the tradition of Vulnhub and infosec wargames in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you'll see a simple community blogging website with a bunch of users. From this initial point, you enumerate the machine's running services and general characteristics and devise ways to gain complete control over it by finding and exploiting vulnerabilities and misconfigurations.

Your first goal is to abuse the services on the machine to gain unauthorised shell access. Your ultimate goal is to read a text file in the root user's home directory root/flag.txt).

This VM is designed to be holistic and fairly down to earth. I wanted to simulate a real attack on a real website rather than just presenting a puzzle box of disparate elements, and I wanted to avoid the more esoteric vulnerable VMisms, like when you have to do signal processing on an MP3 you found to discover a port-knocking sequence. Of course there are always tradeoffs between what's realistic and what's optimally fun/challenging, but I've tried to keep the challenges grounded.

Because this is a VM that you're downloading, importing and booting, one way to achieve this goal would be to mount the VM's hard disk. I haven't encrypted the disk or done anything to prevent this, so if you want to take that route, go ahead. I'm also not offering a prize or anything for completing this VM, so know that it will be entirely pointless.

Because this is a VM running a real operating system with real services, there may be ways to get to root that I did not intend. Ideally, this should be part of the fun, but if they make the box entirely trivial I'd like to know about and fix them – within reason. As of this release, I've installed all the updates available for Ubuntu Server 16.04 LTS, but I cannot and will not attempt to patch this VM against every new Linux kernel exploit that comes out in the future. So there's a hint – you don't have to use a kernel exploit to root this box.

What you will need is a good HTTP intercepting proxy – I recommend Burpsuite – and a couple of network tools like nmap and nc. You'll also need some virtualisation software – VirtualBox will be easiest for most people, but KVM and VMWare should also be able to import the .ova file after a bit of fiddling. Once you've imported the VM, put it on the same network as your attacking system (preferably don't give it internet access) and start hacking!

You can grab the .ova file here (929MB) (updated 2018-03-19). Let me know what you think.

more...
Trollcave: 1.2
21 Mar 2018
 by 
David Yates
ellipsis
This website uses 'cookies' to give you the best, most relevant experience. Using this website means you're happy with this. You can find out more about the cookies used by clicking this link (or by clicking the 'Privacy Policy' link at the top of any page).