Machine Details: Matrix is a medium level boot2root challenge Series of MATRIX Machines. The OVA has been tested on both VMware and Virtual Box.

Flags: Your Goal is to get root and read /root/flag.txt

Networking: DHCP: Enabled IP Address: Automatically assigned

Hint: Follow your intuitions ... and enumerate!

For walkthrough writeup permission or any other query, feel free to contact me on: Twitter: @unknowndevice64 or Email: info[@]ud64.com


Machine Size (in MB): 554 MB

Machine OS: linux

Machine Level: intermediate

The two french fans of Khaos Farbauti Ibn Oblivion are back ! Since the last attack on their server, Bob is trying to create a new, so much more secure, one. ... Well at least he thinks so. Time to prove him wrong !

Difficulty : Beginner with some little non-usual twists

Flag : No flag except for the root one, some easter eggs along the way

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinRaising is Level 2 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file, this level is all about identifying 4 pumpkin seeds (4 Flags - Seed ID’s) and gain access to root and capture final Flag.txt file.

Escalate_Linux - A intentionally developed Linux vulnerable virtual machine.The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques.

"Escalate_Linux" A Linux vulnerable virtual machine contains different features as.

  1. 12+ ways of Privilege Escalation
  2. Vertical Privilege Escalation
  3. Horizontal Privilege Escalation
  4. Multi-level Privilege Escalation

Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox.

  • Name: symfonos: 1
  • Difficulty: Beginner
  • Tested: VMware Workstation 15 Pro & VirtualBox 6.0
  • DHCP Enabled

Note: You may need to update your host file for symfonos.local

Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinGarden is Level 1 of series of 3 machines under Mission-Pumpkin v1.0. The end goal of this CTF is to gain access to PumpkinGarden_key file stored in the root account.

There are many vulnerabilities on the CLAMP machine.

You need some time and patience when dealing with security vulnerabilities. The scenario is progressing through web vulnerabilities. You will feel the test air while doing them. Maybe you'il have some fun.

When sending information, the security of the protocol you use is very important. You must keep the evidence in safe places.

Good Luck!

  • Machine Name: CLAMP
  • Machine Size: 3.2GB
  • Difficulty: Low
  • Flag: /root/flag.txt
  • Tested: VMWare workstation 12 Pro
  • DHCP: Enabled
  • Author: Mehmet Kelepçe // @doskey_history

2much: 1

4ndr34z 11 Jun 2019

2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn't be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key.

The vm contains both user and root flags. If you don’t see them, you need to try harder…

Built and tested on VMWare ESXi and Fusion.

DHCP-client

Need any hints? Feel free to contact me on Twitter: @4nqr34z

Oz was originally created and submitted to HackTheBox. It is a medium/hard boot2root challenge. The Oz box has 2 flags to find (user and root) and has a direct route for each, no need to bruteforce access. It is a slightly trolly box with real world vulnerabilities. The OVF has been tested on VirtualBox, VMware Fusion, and VMware Workstation.

If you have questions or concerns we can be contacted via Twitter - @incidrthreat and @ilove2pwn_

Welcome to CSRF Minefield!

CSRF Minefield is an Ubuntu Server 18.04 based virtual machine, that is heavily ridden with Cross-Site Request Forgery (CSRF) vulnerabilities. This VM hosts 11 real-world web applications that were found vulnerable to CSRF vulnerability and your aim is to find them and detonate them before they explode the target network.

What is CSRF?

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - OWASP

How to find or test for a CSRF vulnerability?

As a starting point, you can use the following resources by the OWASP Project:

OWASP Testing Guide OWASP Code Review Guide

List of Web applications included in this version of CSRF Minefield (along with access details):

  1. Bolt CMS 3.6.6
  2. http://192.168.126.162/bolt | Username:admin Password:admin123
  3. PilusCart 1.4.1
  4. http://192.168.126.162/pilus | Username:admin Password:admin123
  5. zzzphp CMS 1.6.1
  6. http://192.168.126.162/zzzphp | Admin link: http://192.168.126.162/zzzphp/admin537/login.php | Username:admin Password:admin123
  7. CMSSite 1.0
  8. http://192.168.126.162/cmssite/ | Username:victor Password:victor
  9. OOP CMS Blog 1.0
  10. http://192.168.126.162/oop/ | Admin link: http://192.168.126.162/oop/admin | Username:admin Password:123
  11. Integria IMS 5.0.83
  12. http://192.168.126.162/integriaims/ | Username:admin Password:integria
  13. ZeusCart 4.0
  14. http://192.168.126.162/zeuscart/ | Admin link: http://192.168.126.162/zeuscart/admin | Username:admin Password:admin123
  15. WSTMart 2.0.8
  16. http://192.168.126.162/wstmart/ | Admin link: http://192.168.126.162/wstmart/admin.php | Username:admin Password:admin123
  17. Simple Online Hotel Reservation System
  18. http://192.168.126.162/hotelcal | Admin link: http://192.168.126.162/hotelcal/admin | Username:admin Password:admin
  19. OrientDB 3.0.17 GA Community Edition
    • Command to start web app:/opt/orient/bin/server.sh | http://192.168.126.162:2480/studio/index.html | Username:root Password:toor
  20. Apache CouchDB 2.3.1
    • Command to start web app:/opt/couchdb/bin/couchdb | http://192.168.126.162:5984/_utils/index.html | Username:root Password:toor

How to get started?

  1. Download the VM from here and extract the Zip file.
  2. Import / Open OVF with VMWare Player or VMWare Workstation
  3. Run the VM
  4. Access the VM on IP address 192.168.126.162
  5. VM login details:
  6. Username: ptlab
  7. Password: ptlab
  8. To login as root: sudo su //(password same as above)
  9. Start hunting!
  10. There might be a few vulnerabilities of other kind. Let's see if you can find them as well.

In case you run into any troubles, contact me on @yaksas443 (twitter) or csc[at]yaksas[dot]in

May the force be with you!

---------------SPOILERS AHEAD!!--------------------

Credits (vulnerability researchers):

  1. Bolt CMS 3.6.6 - FelipeGaspar
  2. PilusCart 1.4.1 - Gionathan Reale
  3. zzzphp CMS 1.6.1 - Yang Chenglong
  4. CMSSite 1.0 - Mr Winst0n
  5. OOP CMS Blog 1.0 - Mr Winst0n
  6. Integria IMS 5.0.83 - Javier Olmedo
  7. ZeusCart 4.0 - mqt
  8. WSTMart 2.0.8 - linfeng
  9. Simple Online Hotel Reservation System - Mr Winst0n
  10. OrientDB 3.0.17 GA Community Edition - Ozer Goker
  11. Apache CouchDB 2.3.1 - Ozer Goker