Infernal: Hades v1.0.1.

Hades is a new boot2root challenge pitched at the advanced hobbyist. Solving this challenge will require skills in reverse engineering, sploit development and sound computer architecture understanding. If you've never heard of an opaque predicate, you're going to have a hard time of it!

I strongly suggest you don't start this the week before exams, important meetings, deadlines of any sort, marriages, etc.

The aim of this challenge is for you to incrementally increase your access to the box until you can escalate to root. The /root/flag.txt contains, amongst other things, a public PGP key which you can use to demonstrate victory - the private key has been given to the VulnHub.com admins.

Enjoy, Lok_Sigma

Notes

1. I have verified this challenge is completable using 'Kali 3.7-trunk-686-pae' (Kali Linux 1.0.5 x86) as my attack platform with VMware Fusion 5.
2. It's meant to be hard.
3. EDB is your friend.
4. Hades will get an IP address by DHCP.

Disclaimer

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. If something bad happens, it's not my fault. Use at your own risk!

Welcome to VulnOS !

This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!!

Your goal is to get root and find all the vulnerabilities inside the OS ! It is a ubuntu server 10.04 LTS (that's been made very buggy!!!!) DO NOT USE This Box in a production environment!!!!!!! It's a VM thas has been made with Virtualbox 4.3.8 - so it's in the .vdi format.

Networking :

This box has been made with bridged networking and uses DHCP to get an IP address (was 192.168.1.66 when I built it). So it is best to share the attack OS and the TARGET BOX to IP-Range OF 192.168.1.1/24

Maybe you could set it up with m0n0wall and setup static IP-addresses.

If you cannot find the target's IP ADRERSS, contact me @ blakrat1 AT gmail DOT com I will give you the root user and password to login....

Hope you find this useful !!!

In general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that anyone try to exploit live botnets. For these reasons, I have put together another vulnerable virtual machine, which allows for aspiring botnet hunters and security enthusiasts to try their hand at attacking a Dexter command and control panel. It can be downloaded

• Brian Wallace AKA @botnet_hunter

____   ___   ____   ___  __ ____   ___   ____     ____
`MM(   )P'  6MMMMb  `MM 6MM `MM(   )P'  6MMMMb   6MMMMb\
 `MM` ,P   6M'  `Mb  MM69 "  `MM` ,P   6M'  `Mb MM'    `
  `MM,P    MM    MM  MM'      `MM,P    MM    MM YM.
   `MM.    MMMMMMMM  MM        `MM.    MMMMMMMM  YMMMMb
   d`MM.   MM        MM        d`MM.   MM            `Mb
  d' `MM.  YM    d9  MM       d' `MM.  YM    d9 L    ,MM
_d_  _)MM_  YMMMM9  _MM_    _d_  _)MM_  YMMMM9  MYMMMM9




    xerxes v0.1
    by @barrebas

    xerxes.ova md5 4a1b5e1a984d8e01353dd32fd37554bc

    get root and read /root/flag

    tested on virtualbox 4.1.12 -- many thanks to
    TheColonial for testing!

    please share your thoughts on this vm! if you
    find any bugs, please let me know on irc
    (freenode #vulnhub)



DISCLAIMER

By using this virtual machine, you agree that in no event
will I be liable for any loss or damage including without
limitation, indirect or consequential loss or damage,  or
any  loss or  damage whatsoever arising from loss of data
or profits  arising out of  or in connection with the use
of this software.

  _               _                           ___  
 | |             (_)                         |__ \ 
 | |__  _ __ __ _ _ _ __  _ __   __ _ _ __      ) |
 | '_ \| '__/ _` | | '_ \| '_ \ / _` | '_ \    / / 
 | |_) | | | (_| | | | | | |_) | (_| | | | |  / /_ 
 |_.__/|_|  \__,_|_|_| |_| .__/ \__,_|_| |_| |____|
                         | |                       
                         |_|

                             by superkojiman  
                  http://www.techorganic.com

DISCLAIMER

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR: If something bad happens, it's not my fault.

SETUP

Brainpan has been tested and found to work on the following hypervisors: - VMware Player 6.0.1 - VMWare Fusion 6.0.2 - VirtualBox 4.3.2

Check to make sure brainpan2.ova has following checksums so you know your download is intact:

MD5: bf01f03ea0e7cea2553f74189ff35161

SHA1: b46891cda684246832f4dbc80ec6e40a997af65a

Import brainpan2.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it's recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.

     __________       .__          __  .__      .__  __
     \______   \ ____ |  | _____ _/  |_|__|__  _|__|/  |_ ___.__.
      |       _// __ \|  | \__  \\   __\  \  \/ /  \   __<   |  |
      |    |   \  ___/|  |__/ __ \|  | |  |\   /|  ||  |  \___  |
      |____|_  /\___  >____(____  /__| |__| \_/ |__||__|  / ____| ·VM·
             \/     \/          \/                        \/  -v1.0.1-
 +-----------------------------------------------------------------------+
 |  cReaTeD....: sagi-               |  DaTe......: 2013-11-29           |
 |  oS.........: Linux               |  oBJecTiVe.: Read /root/flag.txt  |
 |                                   |  GReeTZ....: g0tmi1k & l0ca1hoSt  |
 +-----------------------------------------------------------------------+

v1.0.1 ~ 2013-11-29 Fixed a few bugs when using VirtualBox (thanks to Bas van den Berg - @barrebas)

v1.0 ~ 2013-11-16 Public release

v0.0 ~ 2013-11-01 Private release - Zacon

v0.0 ~ 2013-06-29 Private release - HackFu

This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. This is the second of many to come, please feel free to supply feedback so I can make future ones more enjoyable and fulfilling.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

There are no supplied credentials, and it is intended that the network services on the VM are the attack vectors.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there). You can also ask me on Twitter(@botnet_hunter). You can also email me at bwall(at)ballastsecurity.net

----------------
bee-box - README
----------------

bee-box is a custom Linux VM pre-installed with bWAPP.

With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...

This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. 
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.

We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)

Enjoy!

Cheers

Malik Mesellem
Twitter: @MME_IT

-----------------------
bee-box - Release notes
-----------------------

v1.6
****

Release date: 2/11/2014

bWAPP version: 2.2

New features:

- Vulnerable Drupal installation (Drupageddon)

Bug fixes: /

Modifications: /


v1.5
****

Release date: 27/09/2014

bWAPP version: 2.1

New features:

- CGI support (Shellshock ready)

Bug fixes: /

Modifications: /


v1.4
****

Release date: 12/05/2014

bWAPP version: 2.0

New features:

- Lighttpd web server installed, running on port TCP/9080 and TCP/9443
- PHP SQLite module installed
- SQLiteManager 1.2.4 installed
- Vulnerable bWAPP movie network service (BOF)

Bug fixes: /

Modifications: /


v1.3
****

Release date: 19/04/2014

bWAPP version: 1.9+

New features:

- Nginx web server installed, running on port TCP/8080 and TCP/8443
- Nginx web server configured with a vulnerable OpenSSL version (heartbleed vulnerability)
- Insecure distcc (a fast, free distributed C/C++ compiler)
- Insecure NTP configuration
- Insecure SNMP configuration
- Insecure VNC configuration

Bug fixes:

- bWAPP update script checks for Internet connectivity

Modifications: /


v1.2
****

Release date: 22/12/2013

bWAPP version: 1.8

New features:

- Apache modules enabled: rewrite, include, headers, dav, action
- Apache server-status directive enabled
- Insecure anonymous FTP configuration
- Insecure WebDAV configuration
- Server-Side Includes configuration
- Vulnerable PHP CGI configuration

Bug fixes: /

Modifications:

- MySQL listening on 0.0.0.0
- New bWAPP update script


v1.1
****

Release date: 12/09/2013

bWAPP version: 1.5

New features:

- bWAPP update script

Bug fixes: /

Modifications: /


v1.0
****

Release date: 15/07/2013

bWAPP version: 1.4

New features: /

Bug fixes: /

Modifications: /

-----------------
bee-box - INSTALL
-----------------

bee-box is a custom Linux VM pre-installed with bWAPP.

With bee-box you have the opportunity to explore all bWAPP vulnerabilities!
bee-box gives you several ways to hack and deface the bWAPP website.
It's even possible to hack the bee-box to get root access...


Requirements
////////////

*/ Windows, Linux or Mac OS
*/ VMware Player, Workstation, Fusion or Oracle VirtualBox


Installation steps
//////////////////

No! I will not explain how to install VMware or VirtualBox...

*/ Extract the compressed file.

*/ Double click on the VM configuration file (bee-box.vmx), or import the VM into the VMware software.

*/ Start the VM. It will login automatically.

*/ Check the IP address of the VM.

*/ Go to the bWAPP login page. If you browse the bWAPP root directory you will be redirected.

    example: http://[IP]/bWAPP/
    example: http://[IP]/bWAPP/login.php

*/ Login with the default bWAPP credentials, or make a new user.

    default credentials: bee/bug

*/ You are ready to explore and exploit the bee!


Notes
/////

*/ Linux credentials:

    bee/bug
    root/bug

*/ MySQL credentials:

    root/bug

*/ Modify the Postfix settings (relayhost,...) to your environment.

    config file: /etc/postfix/main.cf

*/ bee-box gives you several ways to deface the bWAPP website.
   It's even possible to hack the bee-box to get root access...

   Have fun!

*/ Take a snapshot of the VM before hacking the bee-box.
   There is also a backup of the bWAPP website (/var/www/bWAPP_BAK).

*/ To reinstall the bWAPP database, delete the database with phpmyadmin (http://[IP]/phpmyadmin/).
   Afterwards, browse to the following page: https://[IP]/bWAPP/install.php

*/ Don't upgrade the Linux operating system, you will lose all fun :)


This project is part of the ITSEC GAMES project. ITSEC GAMES are a fun approach to IT security education. 
IT security, ethical hacking, training and fun... all mixed together.
You can find more about the ITSEC GAMES and bWAPP projects on our blog.

We offer a 2-day comprehensive web security course 'Attacking & Defending Web Apps with bWAPP'.
This course can be scheduled on demand, at your location!
More info: http://goo.gl/ASuPa1 (pdf)

Enjoy!

Cheers

Malik Mesellem
Twitter: @MME_IT

This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM.

The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine.

If you have questions, feel free to ask in #vulnhub on freenode(I'm bwall on there).

 _               _                         
| |__  _ __ __ _(_)_ __  _ __   __ _ _ __  
| '_ \| '__/ _` | | '_ \| '_ \ / _` | '_ \ 
| |_) | | | (_| | | | | | |_) | (_| | | | |
|_.__/|_|  \__,_|_|_| |_| .__/ \__,_|_| |_|
                        |_|                
                            by superkojiman  
                 http://www.techorganic.com

DISCLAIMER
----------
By using this virtual machine, you agree that in no event will I be liable 
for any loss or damage including without limitation, indirect or 
consequential loss or damage, or any loss or damage whatsoever arising 
from loss of data or profits arising out of or in connection with the use 
of this software.

TL;DR: If something bad happens, it's not my fault.



SETUP
-----
Brainpan has been tested and found to work on the following hypervisors:
-    VMware Player 5.0.1
-    VMWare Fusion 5.0
-    VirtualBox 4.2.8

Import Brainpan into your preferred hypervisor and configure the network 
settings to your needs. It will get an IP address via DHCP, but it's 
recommended you run it within a NAT or visible to the host OS only since it
is vulnerable to attacks.

Source: Brainpan.zip/readme.txt

MD5 (brainpan.ova) = fc0f163220b9884df5dcc9cdc45361e4

Source: Brainpan.zip/md5.txt