ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:

Welcome to the ZorZ VM Challenge

This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!


New VM challenge that should be fun for people trying to get into packet analysis!

There are several steps to this box. I created it with virtualbox. The VM is built on:

Ubuntu 14.04 32 bit

If you beat the box then please shoot me an email! Have fun guys!

P.S. I got the word "Fart Knocker" from watching beavis and butthead back in the day. Otherwise you kids might not understand :)

Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.

We hope you enjoy it!

Username: root
Password: toor

Username: level0
Password: warmup

ROP Primer

This VM is meant as a small introduction to 32-bit return-oriented-programming on Linux. It contains three vulnerable binaries, that must be exploited using ROP.

The machine is built and tested in VirtualBox 4.3.20. It's an Ubuntu 32 bit VM, with ASLR disabled. Useful tools like gdb-peda are installed. A description of the levels, including instructions, can be found on the webserver.

A big shout-out to my team mates of the Vulnhub CTF Team!

@barrebas, March 2015 & June 2015

MD5:  840c75497f54578497a6e44df2f96047
SHA1: 2cb14d78fd1ff7b5a7895447969fde8ca9c06ef3

Filename:  sokar.ova
MD5:  75f5c48e65fa81dc81ef3b58b7ee6bab
SHA1:  5f4aca536898bf962bfcfd2aaccb66fda1ab790a
Author:  Rasta Mouse
Testers:  Barrebas & TheColonial

DHCP (Automatically Assigned)

    Special note to VMWare users - you must manually set the
    NIC MAC address to 08:00:27:F2:40:DB

Get root, then the flag!
  • Objective: gain shell access for each level. Then reach root.
  • Note: figure out what the blips are, where they are, and how to decode each one.
-=Pandora's Box =-
              6_6 ((,
          __ -\_ __\--.
       ,-',\\` '//,\_  \
      |.----&----. \ `. \
      (__,___,__(_  \   |
  _____|        | |__`--'____
       |________|,'        hjw

Filename: pandoras_b0x.ova
MD5: bf3eb20ca837edccc7edbf627e095bbd
SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201
Author: c0ne
Testers: Barrebas / Jelle
Difficulty: Medium

Pandora's box is a Boot2Root VM focused on binary exploitation and 
reverse engineering. You have to complete all levels to r00t the box. 
Some levels come with a readme file which you should read.

Import, boot and wait 60 seconds for everything to start up before 
scanning it.

Major thanks to Barrebas and Jelle for testing the VM and challenges 
and the feedback.

  • Objective: gain shell access and root the box.
  • Hardness: intermediate-> advanced.
  • Note: The box doesn't respond to ping, so be sure to check the DHCP lease.

Pegasus: 1

Knapsy 16 Dec 2014


   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)

Underdist: 3

q3rv0 29 Nov 2014

Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).


Tr0ll: 2

Maleus 24 Oct 2014

The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! :)

Difficulty is beginner++ to intermediate.

The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address.

Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas.

If you have issues with the machine, feel free to contact me at @Maleus21 or maleus overflowsecurity.com.