Cloud Anti-Virus Scanner! is a cloud-based antivirus scanning service.

Currently, it's in beta mode. You've been asked to test the setup and find vulnerabilities and escalate privs.

Difficulty: Easy

Tasks involved:

  • port scanning
  • webapp attacks
  • sql injection
  • command injection
  • brute forcing
  • code analysis

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

Leave a message is a new anonymous social networking site where users can post messages for each other. They've assigned you to test their set up. They do utilize docker containers. You can conduct attacks against those too. Try to see if you can get root on the host though.

Difficulty: Med

Tasks involved:

  • port scanning
  • webapp attacks
  • code injection
  • pivoting
  • exploitation
  • password cracking
  • brute forcing

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

You've been assigned to test another social networking webapp.

You have been given access to a dev server.

The current devs use many custom tools and scripts that you'll have to review and attack.

Difficulty: Hard

Tasks involved:

  • port scanning
  • webapp attacks
  • code review
  • custom bruteforcing
  • reverse engineering
  • buffer overflow
  • exploitation

Virtual Machine:

  • Format: Virtual Machine (Virtualbox OVA)
  • Operating System: Linux

Networking:

  • DHCP Service: Enabled
  • IP Address Automatically assign

Hello Agent.

You're here on a special mission.

A mission to take down one of the biggest weapons suppliers which is Moriarty Corp.

Enter flag{start} into the webapp to get started!

Notes:

  • Web panel is on port 8000 (not in scope. Don’t attack)
  • Flags are stored in #_flag.txt format. Flags are entered in flag{} format. They're usually stored in / directory but can be in different locations.
  • To temporarily stop playing, pause the VM. Do not shut it down.
  • The webapp starts docker containers in the background when you add flags. Shutting down and rebooting will mess it up.

(the story is bad. sorry for the lack of creativity)

Difficulty: Med-Hard

Tasks involved:

  • port scanning
  • webapp attacks and bug hunting
  • pivoting (meterpreter is highly recommended)
  • password guessing/bruteforcing

Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux

Networking: - DHCP Service: Enabled - IP Address Automatically assign