Introduction

Lately, I’ve been enjoying creating hacking challenges for the security community. This new challenge encapsulates a company, entitled – The Ether, who has proclaimed an elixir that considerably alters human welfare. The CDC has become suspicious of this group due to the nature of the product they are developing.

The Goal

The goal is to find out what The Ether is up to. You will be required to break into their server, root the machine, and retrieve the flag. The flag will contain more information about The Ether’s ominous operations regarding this medicine.

Any Hints?

This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, I say this to keep you on track. This challenge is designed test you on multiple areas and it’s not for the feint of heart!

Last Words

Whatever you do, do not give up! Exhaust all of your options! Looking forward to have OSCPs take this challenge. As always, good luck, have fun, God bless, and may the s0urce be with you.

Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don't you find out? :)

This is a standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you!

Difficulty: Beginner/Intermediate, if you get stuck, try to figure out all the different ways you can interact with the system. That's my only hint ;)

Made by Nick Frichette (frichetten.com) Twitter: @frichette_n

I'd highly recommend running this on Virtualbox, I had some issues getting it to work in VMware. Additionally DHCP is enabled so you shouldn't have any troubles getting it onto your network. It defaults to bridged mode, but feel free to change that if you like.

zico2: 1

Rafael 19 Jun 2017

Zico's Shop: A Boot2Root Machine intended to simulate a real world cenario

Disclaimer:

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities. If something bad happens, it's not my fault.

Level: Intermediate

Goal: Get root and read the flag file

Description:

Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?

Hint: Enumerate, enumerate, and enumerate!

Thanks to: VulnHub

Author: Rafael (@rafasantos5)

Xtreme Vulnerable Web Application (XVWA)

XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility.

XVWA is designed to understand following security issues.

  • SQL Injection – Error Based
  • SQL Injection – Blind
  • OS Command Injection
  • XPATH Injection
  • Formula Injection
  • PHP Object Injection
  • Unrestricted File Upload
  • Reflected Cross Site Scripting
  • Stored Cross Site Scripting
  • DOM Based Cross Site Scripting
  • Server Side Request Forgery (Cross Site Port Attacks)
  • File Inclusion
  • Session Issues
  • Insecure Direct Object Reference
  • Missing Functional Level Access Control
  • Cross Site Request Forgery (CSRF)
  • Cryptography
  • Unvalidated Redirect & Forwards
  • Server Side Template Injection

Down By The Docker

Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container?

Download this VM, pull out your pentest hats and get started

We have 2 Modes: - HARD: This would require you to combine your docker skills as well as your pen-testing skills to achieve host compromise. - EASY: Relatively easier path, knowing docker would be enough to compromise the machine and gain root on the host machines.

We have planted 3 flag files across the various machines / systems that are available to you. Your mission if you choose to accept would be as following:

  1. Identify all the flags (2 in total: flag_1 and flag_3) (flag_2 was inadvertently left out)

  2. Gain id=0 shell access on the host machine.

This is a fedora server vm, created with virtualbox.

It is a very simple Rick and Morty themed boot to root.

There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root.

It's designed to be a beginner ctf, if you're new to pen testing, check it out!

This exercise covers the exploitation of the Struts S2-052 vulnerability

Name: LazySysAdmin 1.0


Author: Togie Mcdogie

Twitter: @TogieMcdogie


[Description]

Difficulty: Beginner - Intermediate

Boot2root created out of frustration from failing my first OSCP exam attempt.

Aimed at:

      > Teaching newcomers the basics of Linux enumeration
      > Myself, I suck with Linux and wanted to learn more about each service whilst creating a playground for others to learn

Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18


[Lore]

LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep


[Tested with]

  • Virtualbox
  • Vnware Workstation player

[Preffered setup]

Host only networking

[Hints]

  • Enumeration is key
  • Try Harder
  • Look in front of you
  • Tweet @togiemcdogie if you need more hints

[Other]

  • What could you of done to speed up the enumeration process?
  • Are there any obvious things that you missed, which you shouldnt of missed?
  • Did you learn anything interesting?
  • What have you added to your enumeration process to prevent you from wasting time?

[Checksum]

  • Name: Lazysysadmin.zip
  • Size: 501925265 bytes (478 MB)
  • SHA256: DBAC88A2E76FD5A6693A2890030DD3BE0DC2C09F30B43A79BE8AB7A23B708EF5
 ____  __.________
|    |/ _|\_____  \
|      <   /  ____/
|    |  \ /       \
|____|__ \\_______ \ ·VM·
        \/        \/

+----------------------------------------------------------------------------+
|  cReaTeD....: sagi- (@s4gi_)      |  DaTe......: 2017-07-26                |
|  oS.........: Linux               |  oBJecTiVe.: Get /root/flag.txt        |
|                                   |  TeSTeR....: @leonjza                  |
+----------------------------------------------------------------------------+
|  VM DesCriPtiOn:                                                           |
|  This challenge was built to promote the Windows / Linux Local Privilege   |
|  Escalation workshop. A free of charge 3-day workshop that was created as  |
|  a give back to the community initiative.                                  |
|                                                                            |
|  <3 sagi-                                                                  |
+----------------------------------------------------------------------------+
| SSH AccEsS DeTaiLs:                                                        |
| Username: user                                                             |
| Password: password                                                         |
+----------------------------------------------------------------------------+

This vulnerable-by-design box depicts a hacking company known as H.A.S.T.E, or Hackers Attack Specific Targets Expeditiously, capable of bringing down any domains on their hit list.

I would like to classify this challenge with medium difficulty, requiring some trial and error before a successful takeover can be attained.