Name: Gemini Inc v2

Date release: 2018-07-10

Author: 9emin1

Series: Gemini Inc

Description: I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing.

Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing.

GeminiInc v2 has been created that replicate a few issues that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well.

Adding a little made-up background story to make it more interesting…

Introduction: Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof.

Tweet me your writeup @ https://twitter.com/sec_9emin1

File Information:

• Filename: Gemini-Pentest-v2.zip
• File size: 2239959453
• SHA 1: 5f210dd9a52a701bab262a9def88009b1ca46300

Virtual Machine:

• Format: Virtual Machine (VMWare)
• Operating System: Debian

Networking:

• DHCP Service : Enabled
• IP Address: Automatically Assigned

More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/

Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v2-virtual-machine-walkthrough/

The VM has been tested on the following platform and is working:

• Mac OSX VMWare Fusion
• Windows 10 VMWare Player
• Windows 10 VMWare Workstation

It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go.

Name: MinUv1

Date Release: 2018-07-10

Author: 8bitsec

Description: This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it's IP settings from DHCP. Your goal is to capture the flag on /root.

Note: Tested on VirtualBox

Network: Host-Only/DHCP (should work on bridged)

File: OVA

Difficulty: easy/intermediate

Filename: MinUv1.ova.7z

File Size: 540MB

MD5: cc3d58173a8e9ed3f7606c8d12140a68

SHA1: 8409ceb3cd959085c0249eb676af2f384da85466

Format: Virtual Machine (Virtualbox - OVA)

Operating System: Linux

DHCP service: Enabled

IP address: Automatically assign

WebSploit2018

Web Application Exploitation Environment

WebSploit2018 is a collection of vulnerable web applications packed in a virtual environment.

This VM is intended for those who want to:

• Hack Web Applications in a controlled environment
• Learn about Web Application security
• Test automatic vulnerability scanners
• Test and analyze source code

Unpack the VM and run it in your virtualization software. It gets an IP address via DHCP System Login: user:websploit2018 password:websploit2018

Before attacking this VM remotely, you should edit your Penetration Testing machine's hosts file(IP-websploit2018). Point your browser to http://websploit2018/

Happy WebApp hacking ;)

The 2018 BSidesTLV CTF competition brought together over 310 team burning the midnight oil to crack our challenged in a bout that lasted for two weeks! But you can now enjoy the same pain and suffering, using this easy to use, condensed VM that now hosts all our challenges in an easy to digest format. This VM now includes all challenges from the CTF:

• IAmBrute
• Shared Directory
• Redirect me
• Crypto2
• c1337Shell
• IH8emacs
• Into the rabbit hole
• PimpMyRide
• Wtflol
• Can you bypass the SOP?
• T.A.R.D.I.S.
• I'm Pickle Rick!
• Creative Agency
• hideinpILainsight
• DockingStation
• NoSocket
• PySandbox-Insane
• ContactUs
• GamingStore

In order to access the challenges you need to:

• run ifconfig eth0 (in the VM)
• set challenges.bsidestlv.com in hosts file with the VM IP address

Credentials:

• CTFD User access (Use if you want to play):

  • user:user

• CTFD Admin access (Use if you want to modify):

  • bsidestlv:bsidestlv

• Boot2Docker SSH:

  • docker:tcuser

CTFd URL: http://challenges.bsidestlv.com

A new Vibranium market will soon be online in the dark net. Your goal, get your hands on the root file containing the exact location of the mine.

Intermediate level

Flags: There are three flags (flag1.txt, flag2.txt, root.txt)

• DHCP: Enabled
• IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For any questions, feel free to contact me on Twitter: xMagass

Happy Hacking!

Haboob Team made this virtual machine regarding the published paper "XML External Entity Injection - Explanation and Exploitation" https://www.exploit-db.com/docs/45374 to exploit the vulnerability in a private network. We hope that you enjoy the challenge!

The challenge is right here: http://IP-ADDRESS/xxe

Description: Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For any questions, feel free to contact me on Twitter: @unknowndevice64

Gittysburg is an intermediate level boot2root vulnerable VM. There are four flags to capture. Will you be able to git root?

Typhoon Vulnerable VM

Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering and DNS attacks. Prisma trainings involve practical use of Typhoon.

MD5 (Typhoon-v1.02.ova) = 16e8fef8230343711f1a351a2b4fb695

OS: Linux

Author: PrismaCSI

Series: Typhoon

Format: VM(OVA)

DHCP service: Enabled

IP address: Automatically assign

Description

myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge. The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1.

CTF Flag Information

This CTF challenge consists of a total of 20 flags. The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host. The 1 host that is the exception has no flags. (A mistake that I made was to name 2 flags the same.)

The structure of each flag is as follows: {{tryharder:xxx}}. The xxx in the example could be a single digit or up to 4 digits.

Network Diagram

Below is a network diagram of the setup which may or may not be accurate. The virtual machine represents the firewall in the network diagram below. A total of 7 docker images/containers launch each time the virtual machine loads.

Download Information

You are able to download this file from my Google Drive at this link. The file is 2.7GB compressed with 7-zip. The file is a compressed OVF exported virtual machine from VMWorkstation 14. After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images. After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers.

Christophe is creating a web page for his resistance. Will he succeed?

Flags - /root/flag.txt - /home/christophe/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.