For a while now I've been maintaining a VM I with several vulnerable web apps already deployed:

• bWAPP
• Mutillidae (nowasp)
• Web for Pentester I (from pentesterlab.com)
• DVWA
• Django.nV
• Google Gruyere
• OWASP Juice Shop

The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs.

User credentials:

root // password
tux // password

Zico's Shop: A Boot2Root Machine intended to simulate a real world cenario

Disclaimer:

By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities. If something bad happens, it's not my fault.

Level: Intermediate

Goal: Get root and read the flag file

Description:

Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?

Hint: Enumerate, enumerate, and enumerate!

Thanks to: VulnHub

Author: Rafael (@rafasantos5)

Hacker House are community sponsors at this year’s BSides London 2017 and, to celebrate, we have an exploit challenge for you. A key date in the UK security scene, it offers an alternative technical conference for the hackers and tech geeks to share war stories and learn. We are providing a challenge lab designed especially for the conference that attendees can sink disassemblers into. If you aren’t at the event, you can also hack along at home, but remember that prizes for solutions can only be claimed at our stand during the event! The challenge is provided in ISO format which you can boot in VirtualBox or any similar virtualisation software, heck you can even run it on an ATM if you like, but this is unsupported. If you solve our little brain teasing conundrums and beat the system to get root, the first three successful solutions presented to us at our stand can claim one of our awesome hoodies, check them out in our shop! This challenge is open to individuals, but if you do decide to team up, then let us know as only one prize can be claimed per solution. We are also giving several t-shirts away during the raffle so make sure you get your tickets!

Our challenge will test your elite hacking skills and requires web application, reverse engineering, cryptography and exploit abilities. It shouldn’t take the competent skilled hacker too much time, but if you do struggle then watch our social media feeds during the event for some tips to this adventure. You should run the challenge in Host-Only networking mode and on successful boot you will be presented with a console, similar to the one shown at the end of this post. You should solve the challenge from a network perspective, only solutions using this route will be accepted for prizes (unless they are really cool!).

The goal of the challenge is to hack the ISO, level up your skills and get root, come and show us how you did it if you want to claim your prize! If you are struggling with the configuration of our challenge, you can check out our training course free module, which details steps for configuring a similar lab. You can find details and upcoming dates of our training here.

Happy hacking and remember sharing is caring so post (tweet us @myhackerhouse!) or email a solution and let us know about it after the event. We will share links to the best of them on this blog! May the force be with you, young padawan, and remember that hacking isn’t just a skill – it’s a survival trade.

This Virtual machine is using ubuntu (32 bit)

Other packages used: -

• PHP
• Apache
• MySQL

This virtual machine is having medium difficulty level with tricks.

One need to break into VM using web application and from there escalate privileges to gain root access

For any query ping me at https://twitter.com/IndiShell1046

Enjoy the machine

Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.

The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences.

The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function.

Currently it’s vulnerable to:

• SQL Injection (Error-based)
• SQL Injection (Blind)
• Reflected Cross-Site Scripting
• Stored Cross-Site Scripting
• Insecure Direct-Object Reference
• Username Enumeration
• Path Traversal
• Exposed phpinfo()
• Exposed Administrative Interface
• Weak Admin Credentials

Extracting the Virtual Machine

Install p7zip to unzip *.7z files on Fedora:

sudo dnf install p7zip

Install p7zip to unzip *.7z files on Debian and Ubuntu:

sudo apt-get install p7zip

Extract the archive:

7z x Seattle-0.0.3.7z

Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD

Description

=================

HOLY SCHNIKES! Tommy Boy needs your help!

The Callahan Auto company has finally entered the world of modern technology and stood up a Web server for their customers to use for ordering brake pads.

Unfortunately, the site just went down and the only person with admin credentials is Tom Callahan Sr. - who just passed away! And to make matters worse, the only other guy with knowledge of the server just quit!

You'll need to help Tom Jr., Richard and Michelle get the Web page restored again. Otherwise Callahan Auto will most certainly go out of business :-(

Objective

=================

The primary objective is to restore a backup copy of the homepage to Callahan Auto's server. However, to consider the box fully pwned, you'll need to collect 5 flags strewn about the system, and use the data inside them to unlock one final message.

Other info

=================

• Size: 1.3GB
• Hypervisor: Created with VMWare Fusion 8.1.1.
• Difficulty: ?

Special thanks to

=================

• Rand0mbytez for testing about 10 versions of this frickin' thing to get the bugs worked out.
• RobertWinkel for additional detailed testing and suggestions for tweaking the VM for a better overall experience.

Welcome to The Pentester’s 64-Bit AppSec Primer and challenge.

Here at The Pentesters, we have a passion for application security and all that goes with it. We think that application security is an extremely important part of the field of information security and have, “made it our business” so to speak to provide a means of education into modern-day application security. With modern computing becoming more and more advanced, and the requirements for understanding the functionality and security behind said computing becoming equally as challenging to understand, we figured that perhaps giving a set of challenges dedicated to learning the mere basics of 64 bit appsec would be beneficial to the security community.

The 64-Bit AppSec Primer consists of 16 challenges, increasingly more difficult than the previous one, dedicated to learning the basics of 64 bit binary exploitation and reverse engineering. The x64 instruction set, as you would expect, has many new instructions, registers, and calling conventions in comparison to the traditional x86 instruction set. Our goal, with this challenge, is to get you inside a debugger with intentionally vulnerable binaries, and get you looking at the inner-workings of a 64 bit binary. Alongside the increasing complexity of the instruction set, is an equally complexity of exploitation, which as a penetration tester and security engineer, will prove useful to understand.

The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as:

• Stack-based Buffer Overflows
• Format String Vulnerabilities
• Heap-based Buffer Overflows
• Detection of tracing
• Insecure validation of credentials
• and more… don’t want to give you all the good details eh?

As a bonus, we would like to contribute back to the security community. We are donating the VM to Vulnhub, for all to have, and we are also offering prizes to three people who gives us the most robust and complete write-up for the challenges. In order to qualify for the prizes, you must post your write-up on either your personal blog, or website (your choice), and post a link to http://thepentesters.net/challenge/ along with your username. If you are unable to solve all of the challenges, that is okay, we will still accept your write-up for judging, we still want to see what you completed and how you did it. Here are the prizes:

• 1st Place gets $150.00
• 2nd Place gets $75.00
• 3rd Place gets $25.00

The challenge ends on August 31st, 2016. All write-ups must be submitted by then, whoever has written the best write-up with the most detailed explanations wins. The judging will be done by our pentesting team.

Also, I would like to note a couple rules for the reverse engineering challenges.

• The challenge must be solved without attacking the encryption of the flag. Spoiler, I used a basic XOR encryption for most of them so they do not show up in strings. So, that is off-limits. The goal is to break the logic of the application.
• Some challenges have several ways of solving and we would like to see how you did it. My C coding skills are most certainly not expertise, but I feel as if this will prove to be a good exercise for many in regards to exploit development and reverse engineering.
• All else is fair game!

Note: ASLR must be disabled, log in as level17:madpwnage, and run “echo 0 > /proc/sys/kernel/randomize_va_space”. Also, challenge 3, is only a DoS challenge. This is the beta, so there are still glitches. If you find any, please contact me at [email protected] with your discovery.

There are a couple challenges that don’t have “flags” but you will know when you have solved those, please note your findings and take screen-shots of them as well. As for the VM, you are to ssh in as user n00b and password n00b where you will find gdb-peda installed for you to make your life easier. The VM gets its IP through DHCP and is set to host-only adapter in VMware, so it should work for you straight out of the box so to speak. That is all I have for you and I hope you enjoy.

VulnOS are a series of vulnerable operating systems packed as virtual images to enhance penetration testing skills

• This is version 2 -

Smaller, less chaotic !

As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software.

Your assignment is to pentest a company website, get root of the system and read the final flag

NOTE : current keyboard preferences is BE "pentesting is a wide concept"

If you have questions, feel free to contact me on m4db33f@gmail dot com Shout out to the Vulnhub Testing team!

Hope you enjoy.

Kevgir

by canyoupwn.me

Multi Vulnerable Virtual Machine

For Educational Purposes

Kevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that.

Have fun!

Default username:pass => user:resu

• Bruteforce Attacks
• Web Application Vulnerabilities
• Hacking with Redis
• Hacking with Tomcat, Jenkins
• Hacking with Misconfigurations
• Hacking with CMS Exploits
• Local Privilege Escalation
• And other vulnerabilities.

         _         _            _        _   _        _            _
        /\ \      /\ \         /\ \     /\_\/\_\ _   /\ \         /\ \
       /  \ \    /  \ \        \ \ \   / / / / //\_\/  \ \       /  \ \
      / /\ \ \  / /\ \ \       /\ \_\ /\ \/ \ \/ / / /\ \ \     / /\ \ \
     / / /\ \_\/ / /\ \_\     / /\/_//  \____\__/ / / /\ \_\   / / /\ \_\
    / / /_/ / / / /_/ / /    / / /  / /\/________/ /_/_ \/_/  / / /_/ / /
   / / /__\/ / / /__\/ /    / / /  / / /\/_// / / /____/\    / / /__\/ /
  / / /_____/ / /_____/    / / /  / / /    / / / /\____\/   / / /_____/
 / / /     / / /\ \ \  ___/ / /__/ / /    / / / / /______  / / /\ \ \
/ / /     / / /  \ \ \/\__\/_/___\/_/    / / / / /_______\/ / /  \ \ \
\/_/      \/_/    \_\/\/_________/       \/_/\/__________/\/_/    \_\/

Installation

1) Run the OVA in a VM and connect to the webserver 2) Have Fun!

Made by

couchsofa

Thanks to

morbidick einball sarah

I would probably have never finished', this project without you guys ;)',

mostley

For hinting me to Erik Österberg's Terminal.js

0xBEEF

For providing fuel in the form of fudge and premium grilled goods

More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer

Motivation

A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn't find anything like I had in mind. So I wrote my own.

Concept

This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser.

Goal

Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what's going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility.

Change log

v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824

The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.

The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.

If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.