Bottleneck is an intermediate boot2root machine.

After some cyber attacks the admin hardened the system, show him that it's not so secure.

If you need a hint feel free to contact me on Twitter: @bytevsbyt3

serial: 2

sk4 27 Sep 2019

This box has an intermediate difficulty for the user, I suggest you to enumerate it and use some tools for get the first flag. Note that if you don't see the flag maybe you should find it in other place ;).

The hard part is the privilege escalation for the root user, try hard and get the root flag (if you can;))!

If you need an hint, feel free to contact me on Twitter: @sk4pwn


The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam.

Klaw has stolen some armours from the Avengers Super-Secret Base. Falcon has checked the manifest, following things are unaccountable:

  1. HulkBuster Armour
  2. Spiderman Armour
  3. Ant-Man Armour
  4. Black Panther Armour
  5. Iron Man Armour

Klaw hide all these armours and now it's up to you. Can you use your penetration skills to recover them all?

-Captain Steve Rogers

P.S. Klaw has a habit of dividing his passwords into 3 parts and save them at different locations. So, if you get some combine them to move forward.

Avengers are meant to be Earth’s Mightiest Heroes, but some heroes just aren’t mighty enough without their trusty weapon in hand.

The Goal is to gather all the 5 mightiest weapons:



Visit our website

Bob’s Missing Cat is a three part CTF where the goal is to find your lost cat.

Bob’s Missing Cat Pt. 1 is an introduction to the world of Linux.

(This CTF is different from most, intended to be played out more like a story.)

Types of Commands learned by the end of Pt. 1: cd, ls, ls -la, pwd, cat, mkdir, mv, nano, chmod, etc.

Please do Bob’s Missing Cat Pt. 1 alongside the BMCInstrictable document.

Download ~

DC: 8

DCAU 8 Sep 2019

DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

This challenge is a bit of a hybrid between being an actual challenge, and being a "proof of concept" as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited.

The "proof of concept" portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42.

The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag.

You probably wouldn't even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it's definitely there and doing it's job.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Thanos thinks that if he kills half of all life in the universe, he’ll restore balance. To do so, he needs all six Infinity Stones to power his Infinity Gauntlet, which in turn will give him the ability to bend time, space, energy, and the laws of physics and reality. But the Avengers are one step ahead of Thanos this time. Avengers have hidden all the Infinity Stones all over this CTF. Help Thanos to get all the Infinity Stones and restore the balance of the universe.

This machine contains 6 Infinity Stones with Six different flags to test your skills.

  • Space Stone
  • Mind Stone
  • Reality Stone
  • Time Stone
  • Power Stone
  • Soul Stone

Each stone can be found in a different way.


Visit our website

This is ubuntu 18.04 server which autostarts webgoat on http://<ip address>:8000/WebGoat/

Credentials: - user: webgoat - pass: webgoat

This machine is used to practice on different types of web attacks. Enjoy!