pWnOS: 1.0

  • Name: pWnOS: 1.0
  • Date release: 27 Jun 2008

(Size: 432 MB)

Some of you may have noticed this new pWnOS forum section. I created pWnOS as a virtual machine and Grendel was nice enough to let me post about it here. Here's a bit of information on pWnOS.

It's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. :) Currently, the virtual machine NIC is configured in bridged networking, so it will obtain a normal IP address on the network you are connected to. You can easily change this to NAT or Host Only if you desire. A quick ping sweep will show the IP address of the virtual machine. scenario/storyline with this one. I wasn't really planning to release it like this, so maybe for version 2.0 I'll be more creative. :) I'm anxious to get feedback so let me know how it goes or if you have questions. Thanks and good luck!


-- Readme

Thanks for trying pWnOS 1.0. A few things to note before getting started. pWnOS is made using VMware Workstation and can be started by downloading VMware Server or Vmware player...both of which are free! Or VMware Workstation (Windows) or VMware Fusion (OS X), which are not free.

  1. If Vmware asks whether you copied or moved this virtual machine on first boot, click MOVED! Otherwise the network settings could get messed up.
  2. The virtual machine is currently setup to use bridged networking, but you may want to change this to NAT or Host Only...depending on your preferences.
  3. All necessary tools/exploits/whatever can be found at
  4. There are multiple paths to get shell access. I created a n00b path and a more advanced path. See if you can get both of them!

I would rate the difficulty of pWnOS approximately the same as De-Ice's level 2 disk...maybe a bit more difficult. See for information on the De-Ice penetration testing disks.

I hope you enjoy it! If you have any questions or feedback, email me at bond00(at)


Source: readme.txt

  • Filename:
  • File size: 432 MB
  • MD5: 2C9DE33D0AA852F3B2E2E7D90C5F5C0E
  • SHA1: 7924910A3E5C9A69053484D998BD6729AFF3757B

  • Format: Virtual Machine (VMware)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign

  • Apache
  • MiniServ
  • OpenSSH
  • Samba

  • Local Vulnerability
  • Remote Vulnerability

  • Arbitrary File Disclosure
  • Privilege Escalation
  • Weak Credentials