GameOver: 1

  • Name: GameOver: 1
  • Date release: 14 Jun 2012

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 407 MB)


(Size: 2.0 GB)

Name: Game Over Category: Web Pentest Learning Platform File Type: VM image/iso

Author: Jovin Lobo Mentor: Murtuja Bharmal

Download URL:

Default Credentials: [username:root / password:gameover]


Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing.

GameOver has been broken down into two sections. Section 1 consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover:

  • XSS
  • CSRF
  • RFI & LFI
  • BruteForce Authentication
  • Directory/Path traversal
  • Command execution
  • SQL injection

Section 2 is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence.


  • Filename: GameOver.0.1.null.iso
  • File size: 407 MB
  • MD5: 0AF4532DB192DE917CA116A0EFEF3565
  • SHA1: 0AE3465B3B33C8E4BC62F7AF5216983DC57041FD

  • Filename: GameOver_v0.1_Null_VM.7z
  • File size: 2.0 GB
  • MD5: E4831A546EBF18EC678C064627CFFCCC
  • SHA1: A2596CC5E389628D1B5A1B8F387D6CCB659361B0

  • Format: Virtual Machine (VMware)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign

  • Remote Vulnerability
  • Web Application

  • Code Injection
  • Cross-Site Request Forgery
  • Cross-Site Scripting
  • File Inclusion
  • OS Command Injection
  • Path Traversal
  • SQL Injection
  • Weak Credentials