Level

Intermediate.


Description

Welcome to Super Mario Host!

This VM is meant to be a simulation of a real world case scenario.

The goal is to find the 2 flags within the VM. Root is not enough (sorry!)

The VM can be exploited in various ways, but remember that Enumeration is the key.

The level of the challenge is Intermediate.

Thanks to vdbaan, kltdwd, mrb3n and GKNSB for testing.

Welcome to another boot2root / CTF this one is called Analougepond. The VM is set to grab a DHCP lease on boot. I've tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope).

Since you're not a Teuchter, I'll offer some hints to you:

Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.

To consider this VM complete, you need to have obtained:

  • Troll Flag: where you normally look for them
  • Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
  • Flag 2: It will include a final challenge to confirm you hit the jackpot.
  • Have root everywhere (this will make sense once you're in the VM)
  • User passwords
  • 2 VNC passwords

Best of luck! If you get stuck, eat some EXTRABACON

NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.

Changelog

  • v0.1b - Initial Version
  • v01.c - Fixes for flags based on feedback from mrB3n
  • v0.1d - Fixes based on shortcut to intended route
  • v0.2a - Fixes and clean up of disks for smaller OVA export
  • v0.2b - Small edit to remove copy of flag in wrong folder

SHA1SUM: D75AA2405E2DFB30C1470358EFD0767A10CF1EB1 analoguepond-0.2b.ova

Many thanks to mrB3n, Rand0mByteZ and kevinnz for testing this CTF.

A special thank you to g0tmi1k for hosting all these challenges and offering advice. A tip of the hat to mrb3n for his recent assistence.


    ______            _____ __                         __
   / ____/      __   / ___// /____  __________  __  __/ /
  / __/ | | /| / /   \__ \/ //_/ / / /_  /_  / / / / / /
 / /___ | |/ |/ /   ___/ / ,< / /_/ / / /_/ /_/ /_/ /_/
/_____/ |__/|__/   /____/_/|_|\__,_/ /___/___/\__, (_)
                                             /____/

Welcome to 'Ew Skuzzy!' - my first CTF VM.

Level: Intermediate.

"Liberamos nuestro CTF creado por y para la old school."

We released our CTF created by and for the old school.


"Nivel : medio-bajo

Tipo de CTF : lineal, una prueba te va llevando a la siguiente.

Idioma : Español

Plataforma : Raspberry pi 3

Tools para grabar la imagen : win32image o ApplePi-baker"

Level: medium-low

Type of CTF: linear, one test takes you to the next.

Spanish Language

Platform: Raspberry pi 3

Tools to burn the image: win32image or ApplePi-baker


"Descarga la imagen lista para grabar en una sd y montarla en tu raspberry pi, conectala a la corriente y a jugar!"

Download the image ready to burn to a SD and mount it on your raspberry pi, plug it into the stream and play!


"link de descarga : https://mega.nz/#!qANi1STA!tjxTAhaAA1WyoZwp-tp5OWVz8251hJw57Y0kp0skiyc"

Download link : https://mega.nz/#!qANi1STA!tjxTAhaAA1WyoZwp-tp5OWVz8251hJw57Y0kp0skiyc


"Espero que os guste.

LoRKa"

I hope you like it.

LoRKa

Welcome to Orcus

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Hard

Tips:

If youre stuck enumerate more! Seriously take each service running on the system and enumerate them more!

Goals: This machine is intended to take a lot of enumeration and understanding of Linux system.

There are 4 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box 4. There is something on this box that is different from the others from this series (Quaoar and Sedna) find why its different.

Feedback: This is my third vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected]

Special Thanks to madmantm for testing this machine

SHA-256 : 79B1D93C60E664D70D8EB3C0CDF1AD98BF2B95036C84F87EEF065FA71C1AE51E

Welcome to Sedna

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Medium

Tips:

There are multiple way to root this box, if it should work but doesn't try to gather more info about why its not working.

Goals: This machine is intended to be doable by someone who have some experience in doing machine on vulnhub

There are 4 flags on this machine One for a shell One for root access Two for doing post exploitation on Sedna

Feedback: This is my second vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected]

Special Thanks to madmantm for testing this virtual machine

SHA-256 : 178306779A86965E0361AA20BA458C71F2C7AEB490F5FD8FAAFAEDAE18E0B0BA

Welcome to Quaoar

This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/

Difficulty : Very Easy

Tips:

Here are the tools you can research to help you to own this machine. nmap dirb / dirbuster / BurpSmartBuster nikto wpscan hydra Your Brain Coffee Google :)

Goals: This machine is intended to be doable by someone who is interested in learning computer security There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box

Feedback: This is my first vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter [email protected] Special Thanks to madmantm for testing

SHA-256 DA39EC5E9A82B33BA2C0CD2B1F5E8831E75759C51B3A136D3CB5D8126E2A4753

Defenc Space CTF is our first Iso design to honor our fallen hero in the military who have fought to defend the integrity of our country Nigeria. The story line on the CTF are based on true life happening in Northern Nigeria, however we have adopted code name “Operation Lafia dole” , the cyber component of the operation to make the challenge more exciting to our players to puzzle the challenge.

Exercise start from simple information gathering which is applicable to both military and cyber based operation to complex infiltration and encryption been used by intelligence agency around the world to pass out secret. The player module uses tools in kali Linux to achieve it result. Other related information is on Open Source Data “goggle it”. It has 7 flags to be captured but so addictive said C.E.O of Silex Secure.

Author's Walkthrough: http://ctf2017.silexsecure.com/walkthrough/2017-defence-ctf-walkthrough/

"Enjoy" --- @ryanoberto

Third in a multi-part series, Breach 3.0 is a slightly longer boot2root/CTF challenge which attempts to showcase a few real-world scenarios/vulnerabilities, with plenty of twists and trolls along the way.

Difficulty: Intermediate, requires some creative thinking and persistence more so than advanced exploitation.

The VM is configured to grab a lease via DHCP.

A few things:

1) This is the culmination of the series, keep your notes close from the previous 2 challenges, they may come in handy. 2) Remember that recon is an iterative process. Make sure you leave no stone unturned. 3) The VM uses KVM and QEMU for virtualization. It is not necessary to root every host to progress. 4) There are 3 flags throughout, once you reach a flag you have achieved that intended level of access and can move on. These 3 flags are your objectives and it will be clear once you have found each and when it is time to move on.

Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as g0blin, Rand0mByteZ, mr_h4sh and vdbaan for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining Vulnhub.

If you run into any issues you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub.

Looking forward to the write-ups!

Enjoy and happy hunting!

SHA1: EBB2123E65106F161479F3067C68CFA143CA98D3