djinn: 2

0xmzfr 23 Jan 2020
  • Level: Intermediate
  • flags: /root/proof.sh
  • Description: The machine is VirtualBox as well as VMWare compatible. The DHCP will assign an IP automatically. You'll see the IP right on the login screen. You have to find and read the flag which is present in /root/proof.sh. If you've done djinn1 then you'll notice some kind of similarity in services also a continuation in the storyline.
  • Format: Virtual Machine (Virtualbox - OVA)
  • Operating System: Linux

Difficulty : Intermediate ~ Hard

There is one intended way to get low privilege user and two intended ways to get root shell.

Getting root using the easier way : Use anything you have

Getting root the harder way : Only use what's in the /root/

Virtual Machine

  • OVA - Virtualbox
  • Linux

Networking

  • DHCP service: Enabled
  • IP address: Automatically assign

five86: 2

DCAU 14 Jan 2020

Description

Five86-2 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

Five86-2 is a VirtualBox VM built on Ubuntu 64 bit, but there shouldn't be any issues running it on most PCs.

Five86-2 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Credits

A big thanks goes out to the members of @m0tl3ycr3w and @syed__umar.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @Five86_x

five86: 1

DCAU 8 Jan 2020

Description

Five86-1 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

Five86-1 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

Five86-1 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Credits

A big thanks goes out to the members of @m0tl3ycr3w.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @Five86_x

Good Enumeration Skills

Difficulty: Easy to Intermediate

Flag: 2 Flag first user And the second root

Learning: Web Application | Enumeration | Privilege Escalation

Web-site: www.hacknos.com

Contact-us

Twitter: @rahul_gehlaut

Beginner real life based machine designed to teach people the importance of understanding from the interior.

Tested on VMware and Virtualbox

  • Description: The Mattermost chatting system may or may not hold sensitive information. Can you find your way in?

  • Virtual Machine: VMware

  • Operation System: Linux Ubuntu 16.04

  • Format: VMDK

  • DHCP Service: Enabled

  • IP Address: Automatically Assigned

Plot

The Stheno Corporation are planning to cause a doomsday event using an unknown doomsday device within the next 12 hours, are you able to stop them dead in their tracks?

Your Goal

Stop the doomsday from occuring by disabling the doomsday devices created by The Stheno Corporation. Once you have succeeded you can retrieve your flag from http://192.168.56.105/flag.php

================ !!! IMPORTANT !!! ================

There are two vms that need to be powered on at the same time you cannot have one open while the other is offline

The vms must be on a host-only network and must be able to use the following ips (default settings for virtualbox):

  • 192.168.56.105
  • 192.168.56.107

Settings for virtualbox: - IPv4 Address: 192.168.56.1 - IPv4 Netmask: 255.255.255.0

DHCP:

  • Server Addr: 192.168.56.100
  • Server Mask: 255.255.255.0
  • Lower Addr Bound: 192.168.56.101
  • Upper Addr Bound: 192.168.56.254

This must be setup as there are strict firewall rules on the vms

Do not worry if you cannot reach 192.168.56.107 from the host pc this is intended

DC: 9

DCAU 29 Dec 2019

Description

DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing.

The ultimate goal of this challenge is to get root and to read the one and only flag.

Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools.

For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won't give you the answer, instead, I'll give you an idea about how to move forward.

Technical Information

DC-9 is a VirtualBox VM built on Debian 64 bit, but there shouldn't be any issues running it on most PCs.

DC-9 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this.

It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP.

Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go.

Important

While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause.

In saying that, there shouldn't be any problems, but I feel the need to throw this out there just in case.

Credits

A big thanks goes out to the members of @m0tl3ycr3w.

Contact

I'm also very interested in hearing how people go about solving these challenges, so if you're up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you've DM'd me if you'd prefer).

I can be contacted via Twitter - @DCAU7

Hackable - Secret Hacker | Vulnerable Web Application Server

Web List

  • DVWA
  • BodgeIt Store
  • bWAPP
  • Commix
  • CryptOMG
  • Mutillidae 2
  • sqli-labs
  • Magical
  • WebGoat
  • WordPress 5.0
  • Git
  • Phpmyadmin

Git Tools

  • fsociety
  • the hydra
  • xbruteforcer
  • WAScan
  • wpscan
  • sqlmap

Blog Post : https://secrethackersite.blogspot.com/2019/10/hackable-secret-hacker-vulnerable-web.html