-=Pandora's Box =-
               ___
             (((((\\
              6_6 ((,
          __ -\_ __\--.
       ,-',\\` '//,\_  \
      |.----&----. \ `. \
      (__,___,__(_  \   |
  _____|        | |__`--'____
       |________|,'        hjw

Filename: pandoras_b0x.ova
MD5: bf3eb20ca837edccc7edbf627e095bbd
SHA1: 52652bb5f886f1253ff43a21536bc4fe09bdd201
Author: c0ne
Testers: Barrebas / Jelle
Difficulty: Medium

About:
Pandora's box is a Boot2Root VM focused on binary exploitation and 
reverse engineering. You have to complete all levels to r00t the box. 
Some levels come with a readme file which you should read.

Usage:
Import, boot and wait 60 seconds for everything to start up before 
scanning it.

Shootout:
Major thanks to Barrebas and Jelle for testing the VM and challenges 
and the feedback.


c0ne

• Objective: gain shell access and root the box.
• Hardness: intermediate-> advanced.
• Note: The box doesn't respond to ping, so be sure to check the DHCP lease.

Pegasus

         .-.
   %%%%,/   :-.
   % `%%%, /   `\   _,
   |' )`%%|      '-' /            Filename:   pegasus.ova
   \_/\  %%%/`-.___.'             MD5:        5046e330ff42e9adee0a42b63694cbfe
    __/  %%%"--"""-.%,            SHA1:       f18b7437ca3c96f76a2e1b06f569186b63567dd5
  /`__|  %%         \%%           Difficulty: Intermediate
  \\  \   /   |     /'%,          Author:     Knaps
   \]  | /----'.   < `%,          Tester:     Mulitia
       ||       `>> >
       ||       ///`
       /(      //(

Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months.

Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag!

As with all VMs like this, think outside the box, don't jump to conclusions too early and "read between the lines" :)

The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as "Host Only" and run it. It should pick up the IP address automatically.

Enjoy! :)

Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).

Enjoy

Kvasir 1

Filename: kvasir1.ova

MD5: e987e8bbe319db072246ab749912ea91

SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4a

Author: Rasta Mouse

Testers: Barrebas & OJ

Notes to the Player

As part of the challenge, Kvasir utilises LXC to provide kernel isolation. When the host VM boots, it takes can take a little bit of time before the containers become available.

It is therefore advised to wait 30-60 seconds after the login prompt is presented, before attacking the VM.

A few other pointers:

• Not every LXC is ‘rootable’
• No SSH brute-forcing is required

 ____  __.                     __              ____  __.                     __      ____ 
|    |/ _| ____   ____   ____ |  | __         |    |/ _| ____   ____   ____ |  | __ /_   |
|      <  /    \ /  _ \_/ ___\|  |/ /  ______ |      <  /    \ /  _ \_/ ___\|  |/ /  |   |
|    |  \|   |  (  <_> )  \___|    <  /_____/ |    |  \|   |  (  <_> )  \___|    <   |   |
|____|__ \___|  /\____/ \___  >__|_ \         |____|__ \___|  /\____/ \___  >__|_ \  |___|
        \/    \/            \/     \/                 \/    \/            \/     \/

Pretty much thought of a pretty neat idea I hadn't seen done before with a VM, and I wanted to turn it into reality!

Your job is to escalate to root, and find the flag.

Since I've gotten a few PM's, remember: There is a difference between "Port Unreachable" and "Host Unreachable". DHCP is not broken ;)

Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing :)

Also, gotta thank barrebas who was able to find a way to make things easier... but of course that is fixed with this update! ;)

MD5 -- 3b6839a28b4be64bd71598aa374ef4a6 knock-knock-1-1.ova

SHA1 -- 0ec29d8baad9997fc250bda65a307e0f674e4180 knock-knock-1-1.ova

Feel free to hit me up in #vulnhub on freenode -- zer0w1re

 _______  _______  ______    _______  ___   _______  _______  _______  __    _  _______  _______ 
|       ||       ||    _ |  |       ||   | |       ||       ||       ||  |  | ||       ||       |
|    _  ||    ___||   | ||  |  _____||   | |  _____||_     _||    ___||   |_| ||       ||    ___|
|   |_| ||   |___ |   |_||_ | |_____ |   | | |_____   |   |  |   |___ |       ||       ||   |___ 
|    ___||    ___||    __  ||_____  ||   | |_____  |  |   |  |    ___||  _    ||      _||    ___|
|   |    |   |___ |   |  | | _____| ||   |  _____| |  |   |  |   |___ | | |   ||     |_ |   |___ 
|___|    |_______||___|  |_||_______||___| |_______|  |___|  |_______||_|  |__||_______||_______|

         "the fact of continuing in an opinion or course of action in spite of 
      difficulty or opposition"

                                                   by sagi- & superkojiman

DISCLAIMER

By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.

TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it's not our fault.

ABOUT

Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people:

"A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success." - Calvin Coolidge

"Energy and persistence conquer all things." - Benjamin Franklin

"Persistence and resilience only come from having been given the chance to work though difficult problems." - Gever Tulley

GOAL

Get a root shell and read the contents of /root/flag.txt to complete the challenge!

SETUP

The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors:

VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3

SHOUT OUTS

Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!

         ,' ``',
        '  (o)(o)
       `       > ;
       ',     . ...-'"""""`'.
     .'`',`''''`________:   ":
   (`'. '.;  |           ;/\;\;
  (`',.',.;  |               |
 (,'` .`.,'  |               |
 (,.',.','   |               |
(,.',.-`_____|               |
    __\_ _\_ |               |
             |_______________|

Welcome to The Owl Nest Owls are lovely but hates you :) and maybe after this one, you will hate them too.

Notes from the author: I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players :) Even if the machine was tested, maybe there are shortcuts to reach the flag.. hopefully not :)

Expect some curve balls :)

Special thanks goes to Barrebas for testing the VM

Swappage

Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.

On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The other is a vulnerable Windows client-side attack surface.

Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment.

Login Screen

Your use of Morning Catch starts with the login screen.

Boyd Jenius is the Systems Administrator and his password is ‘password’. Login as Boyd to get to the vulnerable Linux desktop.

Richard Bourne is Morning Catch’s CEO and his password is also ‘password’. Login as Richard to get to the vulnerable Windows desktop.

You can also RDP into the Morning Catch environment.

Windows Desktop

Richard’s desktop includes the Windows’ versions of Firefox, Thunderbird, Java, and putty. Open up Thunderbird to check Richard’s email.

You can send a phish to him too. This VM includes a mail server to receive email for users at the morningcatch.ph domain. Open up a terminal and find out the IP address of the VM. Make sure you relay messages through this server. Use [email protected] as the address.

Are you looking for some attacks to try? Here are a few staples:

Spin up a malicious Java Applet and visit it as Richard. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Or, generate an executable with your payload and run it as Richard. I’m sure he won’t mind. Morning Catch’s WINE environment runs post-exploitation payloads, to include Windows Meterpreter and Beacon, without too much trouble.

Linux Desktop

Boyd’s desktop is the vulnerable Linux attack surface. Boyd has the Linux versions of Firefox, Java, and Thunderbird. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Try to ssh to Metasploitable 2 as root and see what happens.

Webmail

Morning Catch also includes RoundCube webmail for all of its users. Use this as a target to clone and harvest passwords from.

Hopes and Dreams

Morning Catch isn’t a replacement for a vulnerable Windows lab. It’s a safe and freely redistributable target to experiment with phishing and client-side attacks. It’s my hope that this environment will help more people experiment with and understand these attacks better.

Are you in Las Vegas for BlackHat USA or DEF CON? Stop by the Black Hat Arsenal on Wednesday at 10am for a demo of this new environment and a Morning Catch sticker. I’m also giving away DVDs with a revised Cobalt Strike pen testing lab that uses Morning Catch. Find me at the Cobalt Strike kiosk in the Innovation City portion of the Black Hat USA Exhibitor Hall. I will also give away these DVDs at the Cobalt Strike table in the DEF CON vendor area.

Welcome to SkyTower:1

This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach and obtain the "flag".

You will require skills across different facets of system and application vulnerabilities, as well as an understanding of various services and how to attack them. Most of all, your logical thinking and methodical approach to penetration testing will come into play to allow you to successfully attack this system. Try different variations and approaches. You will most likely find that automated tools will not assist you.

We encourage you to try it our for yourself first, give yourself plenty of time and then only revert to the Walkthroughs below.

Enjoy!

Telspace Systems

@telspacesystems

Welcome to the challenge.

This VM is designed to try and entertain the more advanced information security enthusiast. This doesn't exclude beginners however and I'm sure that a few of you could meet the challenge. There is no 'one' focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts!

A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place!

Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won't get any, but I'll feel all warm and fuzzy inside knowing you're suffering.

Enjoy.

CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags.

To use CySCA2014 in a box virtual machines, players will need to have either Oracle VirtualBox or VMWare Player installed on their machines. Additionally we recommend players have at least 4GB of RAM. If you have less RAM, you can reduce the amount of RAM available to the VM down to 512MB, however it may adversely affect the speed of some of the challenges.

CAUTION The VM contains software that is deliberately vulnerable. We advise that you do not attach it to a critical network. Consider using your virtualisation softwares host-only network functionality.