D0Not5top Boot2Root

This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is :D It's filled with a few little things to make the player smile.

Again there are a few “Red Herrings”, and enumeration is key.

DIFFICULTY ?????

CAPTURE THE FLAGS
There are 7 flags to collect, designed to get progressively more difficult to obtain

DETAILS

• File: D0Not5top_3mrgnc3_v1.2.ova
• OS: ?????
• VM Type: VirtualBox
• IP Address: DHCP
• Size: 700 MB

SUPPORT Any support issues can be directed to [email protected]

+---------------------------------------------------------+
|                     Name: Moria                         |
|                       IP: Through DHCP                  |
|               Difficulty: Not easy!                     |
|                     Goal: Get root                      |
+---------------------------------------------------------+
|                                                         |
| DESCRIPTION:                                            |
| Moria is NOT a beginner-oriented Boot2Root VM, it will  |
| require good enum skills and a lot of persistence.      |
|                                                         |
| VM has been tested on both VMware and VirtualBox, and   |
| gets its IP through DHCP, make sure you're on the same  |
| network.                                                |
|                                                         |
| Special thanks to @seriousblank for helping me create it|
| and @johnm and @cola for helping me test it.            |
|                                                         |
|     Link: dropbox.com/s/r3btdcmwjigk62d/Moria1.1.rar    |
|     Size: 1.56GB                                        |
|      MD5: 2789bca41a7b8f5cc48e92c635eb83cb              |
|     SHA1: e3bddd4133320ae42ff65aec41b9f6516d33bb89      |
|                                                         |
| CONTACT:                                                |
| You can find me on NetSecFocus slack, twitter at        |
| @abatchy17 or occasionally on #vulnhub for questions.   |
|                                                         |
| PS: No Lord of The Rings knowledge is required ;)       |
|                                                         |
| -Abatchy                                                |
+---------------------------------------------------------+

Hacker House are community sponsors at this year’s BSides London 2017 and, to celebrate, we have an exploit challenge for you. A key date in the UK security scene, it offers an alternative technical conference for the hackers and tech geeks to share war stories and learn. We are providing a challenge lab designed especially for the conference that attendees can sink disassemblers into. If you aren’t at the event, you can also hack along at home, but remember that prizes for solutions can only be claimed at our stand during the event! The challenge is provided in ISO format which you can boot in VirtualBox or any similar virtualisation software, heck you can even run it on an ATM if you like, but this is unsupported. If you solve our little brain teasing conundrums and beat the system to get root, the first three successful solutions presented to us at our stand can claim one of our awesome hoodies, check them out in our shop! This challenge is open to individuals, but if you do decide to team up, then let us know as only one prize can be claimed per solution. We are also giving several t-shirts away during the raffle so make sure you get your tickets!

Our challenge will test your elite hacking skills and requires web application, reverse engineering, cryptography and exploit abilities. It shouldn’t take the competent skilled hacker too much time, but if you do struggle then watch our social media feeds during the event for some tips to this adventure. You should run the challenge in Host-Only networking mode and on successful boot you will be presented with a console, similar to the one shown at the end of this post. You should solve the challenge from a network perspective, only solutions using this route will be accepted for prizes (unless they are really cool!).

The goal of the challenge is to hack the ISO, level up your skills and get root, come and show us how you did it if you want to claim your prize! If you are struggling with the configuration of our challenge, you can check out our training course free module, which details steps for configuring a similar lab. You can find details and upcoming dates of our training here.

Happy hacking and remember sharing is caring so post (tweet us @myhackerhouse!) or email a solution and let us know about it after the event. We will share links to the best of them on this blog! May the force be with you, young padawan, and remember that hacking isn’t just a skill – it’s a survival trade.

Zico's Shop: A Boot2Root Machine intended to simulate a real world cenario

Disclaimer:

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities. If something bad happens, it's not my fault.

Level: Intermediate

Goal: Get root and read the flag file

Description:

Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?

Hint: Enumerate, enumerate, and enumerate!

Thanks to: VulnHub

Author: Rafael (@rafasantos5)

C0m80 Boot2Root

https://3mrgnc3.ninja/2017/09/c0m80/

About

This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two.

But again, that being said, it will depend on you how hard it is :D

The theme with this one is all about 'enumeration, enumeration, enumeration', lateral thinking, and how to "combine" vulnerabilities in order to exploit a system.

Important Note

Once you have an IP insert it into your attack system /etc/hosts like this:

[dhcp-ip-address] C0m80.ctf

This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may 'rile' some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later.

It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D

Sorry, I hope you can forgive me.

Difficulty Rating

[Difficult] but depends on you really

Goal

There is only one goal here. Become God on the system and read the root flag.

I Hope You Enjoy It.

Download Link

https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova

Details

• File: C0m80_3mrgnc3-v1.0.ova
• OS: WondawsXP ;D
• VM Type: VirtualBox
• IP Address: DHCP
• Size: 2.7 GB

Walkthroughs

Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image.

Alternatively email me at 3mrgnc3 at techie dot com

Welcome to Dina 1.0.1

________                                                _________
\________\--------___       ___         ____----------/_________/
    \_______\----\\\\\\   //_ _ \\    //////-------/________/
        \______\----\\|| (( ~|~ )))  ||//------/________/
            \_____\---\\ ((\ = / ))) //----/_____/
                 \____\--\_)))  \ _)))---/____/
                       \__/  (((     (((_/
                          |  -)))  -  ))

This is my first Boot2Root - CTF VM. I hope you enjoy it.

if you run into any issue you can find me on Twitter: @touhidshaikh22

Contact: touhidshaikh22 at gmaill.com <- Feel Free to write mail

Website: http://www.touhidshaikh.com

Goal: /root/flag.txt

Level: Beginner (IF YOU STUCK ANYwhere PM me for HINT, But I don't think need any help).

Download: https://drive.google.com/file/d/0B1qWCgvhnTXgNUF6Rlp0c3Rlb0k/view

Try harder!: If you are confused or frustrated don't forget that enumeration is the key!

Feedback: This is my first boot2root - CTF Virtual Machine, please give me feedback on how to improve!

Tested: This VM was tested with:

Virtual Box 5.X

Networking: DHCP service: Enabled

**IP address**: Automatically assign

Fixing:

Some challenge issue reported by @eliot

Looking forward to the write-ups!

Difficulty: Beginner/Intermediate

About: This is the VM used in the online qualifications phase of the CTF-USF 2017 (Capture the Flag - Suceava University) contest which addresses to universities students. The VM was created by Oana Stoian (@gusu_oana) and Teodor Lupan (@theologu) from Safetech Innovations, the technical partner of the contest.

Instructions: The CTF is a virtual machine and has been tested in Virtual Box. The network interface of the virtual machine will take it's IP settings from DHCP.

Flags: There are 5 flags that should be discovered in form of: Country_name Flag: [md5 hash]. In CTF platform of the CTF-USV competition there was a hint available for each flag, but accessing it would imply a penalty. If you need any of those hints to solve the challenge, send me a message on Twitter @gusu_oana and I will be glad to help. The countries that should be tracked for flags are: Croatia, France, Italy, Laos, Phillippines

Name: Gemini Inc v1

Date release: 2018-01-09

Author: 9emin1

Series: Gemini Inc

Description:

I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.

Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.

GeminiInc v1 has been created that replicate an issue that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.

Adding a little made-up background story to make it more interesting...

Introduction:

Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.

Tweet me your writeup @ https://twitter.com/sec_9emin1

File Information:

Filename: Gemini-Pentest-v1.zip

File size: 3283684247

SHA 1: 47ca8fb27b9a4b59aa6c85b8b1fe4df564c19a1e

Virtual Machine:

Format: Virtual Machine (VMWare)

Operating System: Debian

Networking:

DHCP Service : Enabled

IP Address: Automatically Assigned

More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/

Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v1-vm-walkthrough/

The VM has been tested on the following platform and is working:

• Mac OSX VMWare Fusion
• Windows 10 VMWare Player
• Windows 10 VMWare Workstation

It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.

THE ARM IoT EXPLOIT LABORATORY - Damn Vulnerable ARM Router (DVAR)

DVAR is an emulated Linux based ARM router running a vulnerable web server that you can sharpen your ARM stack overflow skills with.

DVAR runs in the tinysploitARM VMWare VM under a fully emulated QEMU ARM router image.

Simply extract the ZIP file and launch the VM via tinysploitARM.vmx. After starting up, the VM's IP address and default URL shall be displayed on the console. Using your host computer's browser, navigate to the URL and follow the instructions and clues. The virtual network adapter is set to NAT mode.

Your goal is to write a working stack overflow exploit for the web server running on the DVAR tinysploitARM target.

SHA256: 1f2bdd9ae4e44443dbb4bf9062300f1991c47f609426a1d679b8dcd17abb384c

DVAR started as an optional preparatory exercise for the ARM IoT Exploit Lab.

UPCOMING ARM IoT EXPLOIT LABORATORY TRAINING

RECON Brussels 2018 (4 day) January 29-Feb 1 https://recon.cx/2018/brussels/training/trainingexploitlab.html

Offensivecon Berlin 2018 (4 day) February 12-15 https://www.offensivecon.org/trainings/2018/the-arm-iot-exploit-laboratory-saumil-shah.html

Cansecwest Vancouver 2018 (4 day) March 10-13 https://cansecwest.com/dojos/2018/exploitlab.html

SyScan360 Singapore 2018 (4 day) March 18-21 https://www.coseinc.com/syscan360/index.php/syscan360/details/SYS1842#regBox

Helpful material

If you are new to the world of ARM exploitation, I highly recommend Azeria's excellent tutorials on ARM Assembly, ARM Shellcode and the basics of ARM exploitation.

https://azeria-labs.com/ Twitter: @Fox0x01

And these are three general purpose concepts oriented tutorials that every systems enthusiast must know:

Operating Systems - A Primer: http://www.slideshare.net/saumilshah/operating-systems-a-primer

How Functions Work: http://www.slideshare.net/saumilshah/how-functions-work-7776073

Introduction to Debuggers: http://www.slideshare.net/saumilshah/introduction-to-debuggers

EXPLOIT LABORATORY BLOG:

http://blog.exploitlab.net/

Saumil Shah @therealsaumil