Exploit-Exercises: Protostar (v2)

  • Name: Exploit-Exercises: Protostar (v2)
  • Date release: 26 Nov 2011

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 274 MB)


Protostar introduces the following in a friendly way:

  • Network programming
  • Byte order
  • Handling sockets
  • Stack overflows
  • Format strings
  • Heap overflows The above is introduced in a simple way, starting with simple memory corruption and modification, function redirection, and finally executing custom shellcode.

In order to make this as easy as possible to introduce Address Space Layout Randomisation and Non-Executable memory has been disabled.

Getting started

Once the virtual machine has booted, you are able to log in as the "user" account with the password "user" (without the quotes).

The levels to be exploited can be found in the /opt/protostar/bin directory.

For debugging the final levels, you can log in as root with password "godmode" (without the quotes)

Core files

README! The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name.

Source: http://exploit-exercises.com/protostar

From v1 to v2 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files.

  • Filename: exploit-exercises-protostar-2.iso
  • File size: 274 MB
  • MD5: A4FEADEDF638744BE97DE7D2F3E06CE8
  • SHA1: D030796B11E9251F34EE448A95272A4D432CF2CE

  • Format: Disk Image (.ISO)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign

  • Apache

  • Local Challenge