UA: Literally Vulnerable

  • Name: UA: Literally Vulnerable
  • Date release: 6 Dec 2019

Please remember that VulnHub is a free community resource so we are unable to check the machines that are provided to us. Before you download, please read our FAQs sections dealing with the dangers of running unknown VMs and our suggestions for "protecting yourself and your network. If you understand the risks, please download!


(Size: 967 MB)

  • Flags: 3 (local.txt, user.txt & root.txt)
  • Difficulty Level: Initial Shell (Easy) - Privileges Escalation (Intermediate)
  • Website:
  • Hint: Maybe, you hasted and left some open holes unchecked?

Literally Vulnerable is supposed to give beginners a taste of real-world scenarios and OSCP machines at the same time! It was inspired highly by the @DC series.

You're supposed to know the big three (EEEs) Enumeration, Exploitation & Escalation of pentesting to pwn the machine. The machine is supposed to be beginner-friendly and the difficulty level is Easy-Intermediate depending on your knowledge. You need to have enough information about Linux file types & permissions for privileges escalation.

Technical Information:

  • Just download, extract and load the .vmx file in VMware Workstation (tested on VMware Workstation 15.x.x)
  • The adapter is currently NAT, networking is configured for DHCP and IP will get assigned automatically


  • You can either contact me on twitter @syed__umar or linkedin (/in/syedumararfeen/) for hints!

There are three flags in the machine: local.txt, user.txt & root.txt. You're supposed to grab all three in order to completely pwn the machine. Hope you like the machine, best of luck! :)

I'll try my best to continue with the series!

  • Filename: LiterallyVulnerable.7z
  • File size: 967 MB
  • MD5: 08DEA33CB1B1207321535F2539328101
  • SHA1: D1347C065ED7248E8F594A467B494A7658C0E5A1

  • Format: Virtual Machine (Virtualbox - VDI)
  • Operating System: Linux

  • DHCP service: Enabled
  • IP address: Automatically assign