Kuya: 1

Ashhad 21 Dec 2018

A Boot2Root machine with hints of CTF

In total there are 3 flags and you will be required to use some CTF skills to solve it.

Name: Basilic Author: DrStache


The Basilic VM was created as part of NorzhCTF 2019.


A Python developer has put a website online. Your goal is to compromise the different users of the server and gain root privileges.

There are 4 flags to retrieve, they are in md5 format.

  • Flag 1: "Persistence is the path to success." - Charlie Chaplin
  • Flag 2: "You can always escape from a prison. But freedom?" - Jean-Christophe GrangĂ©
  • Flag 3: "The future is a door, the past is the key." - Victor Hugo
  • Flag 4: "There is no less blame for concealing a truth than for falsifying a lie." - Etienne Pasquier

Difficulty: Intermediate / Hard

Categories: Web, Jail, Crypto, PrivEsc


For any questions, feel free to contact me on Twitter: @DrStache_

This machine hopes to inspire BRAVERY in you; this machine may surprise you from the outside. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made more nefarious than the original.

If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Bravery is (#1): a positive trait in people, (#2): another way of saying "try harder", (#3): https://www.youtube.com/watch?v=k2QPJ2xGMiY

Note: There may be more than one method to obtain root privileges on this machine. Look around you!

Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.

This machine reminds us of a DEVELOPMENT environment: misconfigurations rule the roost. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made slightly more nefarious than the original.

If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Development is (#1): different from production, (#2): a mess of code, (#3): under construction.

Note: Some users report the box may seem to be "unstable" with aggressive scanning. The homepage gives a clue why.

Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.

Matrix v2.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box.

Difficulty: Intermediate

Flags: Your Goal is to get root and read /root/flag.txt

Networking:

  • DHCP: Enabled
  • IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

Replay is a sequel to Bob my first CTF. What sort of terrible redneck netsec engineering has Bob done now?

Your Goal is to get root and read /flag.txt

Note: There are three difficulties Hard: No Changelog.txt, no hex editor Mid: Read Changelog.txt, no hex editor Easy: Anything goes

Leopold is a poor adventurous little Internet user trying to find amusement.

Flags - /root/flag.txt - /home/leopold/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Beginner/Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.

Jenkins will hack you into pieces! Watch out. He usually works alone, but sometimes he tries to work with his imaginary friends.

Flags - /root/flag.txt - /home/jenkins/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.

Ike is a servant of something which also starts with "I" and has only three letters.

Flags - /root/flag.txt - /home/ike/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Intermediate

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.

Eric is trying to reach out on the Internet, but is he following best practice?

Flags - /root/flag.txt - /home/eric/flag.txt

Tested with VirtualBox

DHCP enabled

Difficulty: Beginner

Should not be as easy as to just run a MSF module to get root right away, if so please let me know.