BoredHackerBlog: Moriarty Corp

  • Name: BoredHackerBlog: Moriarty Corp
  • Date release: 29 Mar 2020

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 3.0 GB)

Hello Agent.

You're here on a special mission.

A mission to take down one of the biggest weapons suppliers which is Moriarty Corp.

Enter flag{start} into the webapp to get started!


  • Web panel is on port 8000 (not in scope. Don’t attack)
  • Flags are stored in #_flag.txt format. Flags are entered in flag{} format. They're usually stored in / directory but can be in different locations.
  • To temporarily stop playing, pause the VM. Do not shut it down.
  • The webapp starts docker containers in the background when you add flags. Shutting down and rebooting will mess it up.

(the story is bad. sorry for the lack of creativity)

Difficulty: Med-Hard

Tasks involved:

  • port scanning
  • webapp attacks and bug hunting
  • pivoting (meterpreter is highly recommended)
  • password guessing/bruteforcing

Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux

Networking: - DHCP Service: Enabled - IP Address Automatically assign

This works better with VirtualBox than VMware.

  • Filename: MoriartyCorp.ova
  • File size: 3.0 GB
  • MD5: 0DD96FA7FC63B0A32802642F84907F00
  • SHA1: E9874E51A2645C1B61A3AFC771AA5ABDC94BF264

  • Format: Virtual Machine (Virtualbox - OVA)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign