How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities.

Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.

How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities.

Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges.

Machine Details: Matrix is a medium level boot2root challenge Series of MATRIX Machines. The OVA has been tested on both VMware and Virtual Box.

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For walkthrough writeup permission or any other query, feel free to contact me on: Twitter: @unknowndevice64 or Email: info[@]ud64.com


Machine Size (in MB): 554 MB

Machine OS: linux

Machine Level: intermediate

The two french fans of Khaos Farbauti Ibn Oblivion are back ! Since the last attack on their server, Bob is trying to create a new, so much more secure, one. ... Well at least he thinks so. Time to prove him wrong !

Difficulty : Beginner with some little non-usual twists

Flag : No flag except for the root one, some easter eggs along the way

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinRaising is Level 2 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file, this level is all about identifying 4 pumpkin seeds (4 Flags - Seed ID’s) and gain access to root and capture final Flag.txt file.

Escalate_Linux - A intentionally developed Linux vulnerable virtual machine.The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques.

"Escalate_Linux" A Linux vulnerable virtual machine contains different features as.

  1. 12+ ways of Privilege Escalation
  2. Vertical Privilege Escalation
  3. Horizontal Privilege Escalation
  4. Multi-level Privilege Escalation

Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox.

  • Name: symfonos: 1
  • Difficulty: Beginner
  • Tested: VMware Workstation 15 Pro & VirtualBox 6.0
  • DHCP Enabled

Note: You may need to update your host file for symfonos.local

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinGarden is Level 1 of series of 3 machines under Mission-Pumpkin v1.0. The end goal of this CTF is to gain access to PumpkinGarden_key file stored in the root account.

There are many vulnerabilities on the CLAMP machine.

You need some time and patience when dealing with security vulnerabilities. The scenario is progressing through web vulnerabilities. You will feel the test air while doing them. Maybe you'il have some fun.

When sending information, the security of the protocol you use is very important. You must keep the evidence in safe places.

Good Luck!

  • Machine Name: CLAMP
  • Machine Size: 3.2GB
  • Difficulty: Low
  • Flag: /root/flag.txt
  • Tested: VMWare workstation 12 Pro
  • DHCP: Enabled
  • Author: Mehmet Kelepçe // @doskey_history

2much: 1

4ndr34z 11 Jun 2019

2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn't be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key.

The vm contains both user and root flags. If you don’t see them, you need to try harder…

Built and tested on VMWare ESXi and Fusion.

DHCP-client

Need any hints? Feel free to contact me on Twitter: @4nqr34z