Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an intermediate, real life box.

In Tempus Fugit 2, the idea is still, like in the first vm; to create something “out of the ordinary”.

The vm contains both user and root flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact me on Twitter: @4nqr34z


Tested both on Virtualbox and vmware

Health warning: Have driven people to the brink of insanity

Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities.

As this is a wordpress based lab, it is designed so that users can practice following vulnerabilities: - LFI - RFI - CSRF - File Upload - SQL

There is a total of 3 flags. Completion is only registered on exploiting all vulnerabilities and flags.

Hint: “Everything is not what it seems to be.”

Visit our website http://hackingarticles.in

Alphonse is into genes and would like to research your DNA. Is his setup secure thought?


  • /root/flag.txt
  • /home/alphonse/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate


  • Author: strider
  • Testers: Kyubai
  • Difficulty: Intermediate

Mordor CTF is a CTF-Machine with a nice story.

This VM has a small touch of lord of the rings. And tells a story during part 2 of the movies.

In this VM are 9 flags to get.

This I my first VM i've created, I hope you enjoy it.

The goal is to reach the root and readout the file /root/flag.txt

If you found other ways, to reach the goal, let me know :)

What include this VM?

  • Information Gathering
  • Enumerarion
  • Cracking
  • Webexploitation
  • Reverse Engineering
  • Binary Exploitation
  • General Linux skills
  • and more...


  • Debian 10 Buster
  • IPv4 / DHCP Autoassign

For any hints contact me here [strider007 at protonmail dot com]

If you found Bugs or you have problems with the VM, you can contact me also here [strider007 at protonmail dot com]


This VM is completely licensed under Creative Commons v3. except the elements by LOTR.

I do not own the characters and the elements of LOTR. They was used for the fanfiction story during the CTF. I do not earn money with this machine and all the other elements of this machine.

If you use parts of this machine please ensure that you remove all LOTR elements.

Hard CTF challenge.

This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam.

This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP and Hackthebox's machines are designed.

So you have a target to get root flag as well as user flag. If stuck on a point some help are given at a level of enumeration. If any extra help needed

Visit our website http://hacknpentest.com and http://hnpsecurity.com.

Some extra improvement needed to my VM please contact me on my email- suraj at hnpsecurity dot com.

About Release:

  • Name: AI: Web 2.0
  • Author: Mohammad Ariful Islam
  • Series: AI: Web


  • Difficulty: Intermediate
  • Network: DHCP (Automatically assign)
  • Network Mode: NAT

This is the second box from the series AI: Web and you will have more fun to crack this challenge. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root.

You may need to crack password. Use wordlist SecLists/rockyou-45.txt by Mr. Daniel Miessler.

For any hint please tweet on @arif_xpress

File Information:

  • Filename: AI Web 2.0.7z
  • File size: 906 MB

Virtual Machine:

  • Tested: VMWare Workstation 10 or later.
  • Operating System: Linux


  • DHCP service: Enabled
  • IP Address: Automatically assign

DC: 7

DCAU 31 Aug 2019


DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

While this isn't an overly technical challenge, it isn't exactly easy.

While it's kind of a logical progression from an earlier DC release (I won't tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. :-) If you need to resort to brute forcing or dictionary attacks, you probably won't succeed.

What you will need to do, is to think "outside" of the box.

Waaaaaay "outside" of the box. :-)

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

DC-7 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.


While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.


I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

nightfall is a born2root VM designed for beginners.

Virtualbox is strongly recommended for doing this challenge.

If you need to contact me for hints you can do it via twitter here: @whitecr0w1

This is an intermediate machine. Your goal is to get paw-sk4 user and then root flag. Try harder and share with us the flag, if you can ;).

For any need, contact us on Twitter: @sk4pwn @p4w16 and @bytevsbyt3