| five86: 2 |
14 Jan 2020 |
DCAU |
five86 |
1.7 GB |
https://download.vulnhub.com/five86/Five86-2.zip |
Five86-2 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. Five86-2 is a VirtualBox VM built on Ubuntu 64 bit, but there shouldn’t be any issues running it on most PCs. Five86-2 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. A big thanks goes out to the members of @m0tl3ycr3w and @syed__umar. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @Five86_x |
2791B8B8489D91500AB9F0CE6C07E52E |
F9A7E0700464D07BFAA2A37C77E7506A7FD81D77 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackNos: ReconForce (v1.1) |
18 Jan 2020 |
Rahul Gehlaut |
hackNos |
1.5 GB |
https://download.vulnhub.com/hacknos/ReconForce-01.1.ova |
Good Enumeration Skills |
Difficulty: Easy to Intermediate Flag: 2 Flag first user And the second root Learning: Web Application | Enumeration | Privilege Escalation Web-site: www.hacknos.com Contact-us Twitter: @rahul_gehlaut## Changelogv1.1 - 2020-01-18v1.0 - 2020-01-11 |
BC62DC7A7B9F3ED26B1D08F9740D542B |
DF9F2E296D96BD6EE8455361FE8C92EB5046A44F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Secret Hacker: Vulnerable Web Application Server |
16 Dec 2019 |
Secret Hacker |
Secret Hacker |
2.4 GB |
https://download.vulnhub.com/secrethacker/Hackable-Secret_Hacker.rar |
Blog Post : https://secrethackersite.blogspot.com/2019/10/hackable-secret-hacker-vulnerable-web.html |
This works better with VirtualBox rather than VMware |
CB02E44050986B194AF7A6ABE2673947 |
6327A69538F944F0C3BDD65137442C7DA85DEA92 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| djinn: 2 |
23 Jan 2020 |
0xmzfr |
djinn |
1.1 GB |
https://download.vulnhub.com/djinn/djinn-2.ova |
|
|
611C7C2D1AA8E5036D3E35480C75D106 |
A5D5529D9050A5EF2C5A163122052AA7E85B1B79 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 9 |
29 Dec 2019 |
DCAU |
DC |
700 MB |
https://download.vulnhub.com/dc/DC-9.zip |
DC-9 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. DC-9 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t be any issues running it on most PCs. DC-9 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of . It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. A big thanks goes out to the members of @m0tl3ycr3w. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 |
69A5C7F9712B1A35B61CBCF7BF4A0455 |
B9A3018997C4C01FFE0994AD019E0C37FF019001 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Doomsday: 1 |
31 Dec 2019 |
c0rruptedb1t |
Doomsday |
1.7 GB |
https://download.vulnhub.com/doomsday/Doomsday.zip |
The Stheno Corporation are planning to cause a doomsday event using an unknown doomsday device within the next 12 hours, are you able to stop them dead in their tracks? |
Stop the doomsday from occuring by disabling the doomsday devices created by The Stheno Corporation. Once you have succeeded you can retrieve your flag from http://192.168.56.105/flag.php There are two vms that need to be powered on at the same time you cannot have one open while the other is offline The vms must be on a host-only network and must be able to use the following ips (default settings for virtualbox): Settings for virtualbox: - IPv4 Address: 192.168.56.1 - IPv4 Netmask: 255.255.255.0 DHCP: This must be setup as there are strict firewall rules on the vms Do not worry if you cannot reach 192.168.56.107 from the host pc this is intendedThis works better with VirtualBox rather than VMware |
F3F924A8E6E07F754CD2F34CFDFEB503 |
F7A9C3F42829DA6947E390B3C51D4D772B50D92E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| inclusiveness: 1 |
10 Feb 2020 |
h4sh5 & Richard Lee |
inclusiveness |
2.6 GB |
https://download.vulnhub.com/inclusiveness/Inclusiveness.ova |
Inclusiveness is an intermediate boot to root VM to practice your hacking skills. Can you get in? |
|
DC3A7055AE1C7CD7B8C7A2725C5B4071 |
B753DFDA6F76107382AB5323A7B61473372621EA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| EnuBox: Mattermost |
6 Jan 2020 |
Avraham Cohen |
EnuBox |
3.5 GB |
https://download.vulnhub.com/enumbox/Mattermost.7z |
|
|
CC6BF6DD876FF62C1530B9DC284490F1 |
3C5C6B323A6DB7AEB996F51FF6D875561870C010 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| WTF: 1 |
22 Nov 2019 |
pwn4magic |
WTF |
1001 MB |
https://download.vulnhub.com/wtf/wtf.rar |
beginner - intermediate machine, your goal is to read /root/flag.txt. |
Remember, good enumeration! VMware based, you may have problems with VB. |
69AFAACCF4F57064F8551D5CC32B72DD |
7B98C7A8CD5C861F9D2C868A282C5BAB7834F802 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| In Plain Sight: 1.0.1 |
2 Dec 2019 |
bzyo |
In Plain Sight |
1.6 GB |
https://download.vulnhub.com/inplainsight/inplainsight1.ova |
Level: Beginner - Intermediate |
Description: Built/Tested with VirtualBox. DHCP enabled. Need to get root to read flag## Changelog2019-12-02: v1.0.12019-11-22: v1.0 |
97ED126C3059D36256B9A03A1AC86DA7 |
ABCC0A81C31CDA533B08A7F1F08071C40A37E937 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Me and My Girlfriend: 1 |
13 Dec 2019 |
TW1C3 |
Me and My Girlfriend |
693 MB |
https://download.vulnhub.com/meandmygirlfriend/Me-and-My-Girlfriend-1.ova |
Description: This VM tells us that there are a couple of lovers namely Alice and Bob, where the couple was originally very romantic, but since Alice worked at a private company, “Ceban Corp”, something has changed from Alice’s attitude towards Bob like something is “hidden”, And Bob asks for your help to get what Alice is hiding and get full access to the company! |
Difficulty Level: Beginner Notes: there are 2 flag files Learning: Web Application | Simple Privilege Escalation |
E5BE41E7C0DA9ADE0A2D420607F05A3A |
4CD0DB2B048C53E927D2DB5CFB5F441B03966067 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| sunset: dusk |
1 Dec 2019 |
whitecr0wz |
sunset |
1.1 GB |
https://download.vulnhub.com/sunset/dusk.7z |
Description: Here is another one, enjoy. |
Difficulty: Beginner Contact: @whitecr0wzThis works better with VirtualBox rather than VMware |
080B018FB98340B347CCEBE2E0C68F30 |
5A479A65AAC98FD436548D8815C67B0BF54BD021 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackNos: Os-hackNos |
27 Nov 2019 |
Rahul Gehlaut |
hackNos |
827 MB |
https://download.vulnhub.com/hacknos/Os-hackNos-1.ova |
Difficulty : Easy to Intermediate |
Flag : 2 Flag first user And second root Learning : exploit | Web Application | Enumeration | Privilege Escalation Website : www.hackNos.com mail : |
597902F4E99775B7379EE9E4C671499E |
22511AD173136AA25F1DD5B3E3F20018E78641E8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| MyExpense: 1 |
7 Dec 2019 |
Sh4rpf0rc3 |
MyExpense |
1.2 GB |
https://download.vulnhub.com/myexpense/MyExpense-Vulnerable-Web-Application.ova |
MyExpense is a deliberately vulnerable web application that allows you to train in detecting and exploiting different web vulnerabilities. Unlike a more traditional “challenge” application (which allows you to train on a single specific vulnerability), MyExpense contains a set of vulnerabilities you need to exploit to achieve the whole scenario. |
You are “Samuel Lamotte” and you have just been fired by your company “Furtura Business Informatique”. Unfortunately because of your hasty departure, you did not have time to validate your expense report for your last business trip, which still amounts to 750 € corresponding to a return flight to your last customer. Fearing that your former employer may not want to reimburse you for this expense report, you decide to hack into the internal application called to manage employee expense reports. So you are in your car, in the company carpark and connected to the internal Wi-Fi (the key has still not been changed after your departure). The application is protected by username/password authentication and you hope that the administrator has not yet modified or deleted your access. Your credentials were: samuel/fzghn4lw Once the challenge is done, the flag will be displayed on the application while being connected with your (samuel) account. If you need to restore the database : go to http://IP/config/setup.phpThis works better with VirtualBox rather than VMware |
6CB854185924742C8B6B46C31B62CF33 |
1048B4193F449D44F00C2D7CB3008B875FCC6047 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| UA: Literally Vulnerable |
6 Dec 2019 |
Syed Umar Arfeen |
UA |
967 MB |
https://download.vulnhub.com/ua/LiterallyVulnerable.7z |
Vulnerable is supposed to give beginners a taste of real-world scenarios and OSCP machines at the same time! It was inspired highly by the @DC series. |
You’re supposed to know the big three (EEEs) Enumeration, Exploitation & Escalation of pentesting to pwn the machine. The machine is supposed to be beginner-friendly and the difficulty level is Easy-Intermediate depending on your knowledge. You need to have enough information about Linux file types & permissions for privileges escalation. There are three flags in the machine: local.txt, user.txt & root.txt. You’re supposed to grab all three in order to completely pwn the machine. Hope you like the machine, best of luck! I’ll try my best to continue with the series! |
08DEA33CB1B1207321535F2539328101 |
D1347C065ED7248E8F594A467B494A7658C0E5A1 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| FSoft Challenges VM: 1 |
28 Nov 2019 |
Akasafe Team |
FSoft Challenges VM |
1.4 GB |
https://download.vulnhub.com/fsoft/OVA-Fsoft_Hacking_Challenge.zip |
Difficulty : Intermediate |
Flag : Need to get root to read flag (root.txt) Learning : Exploit | Web Application | Digital Forensics | Enumeration | Privilege Escalation DHCP enabled Welcome to Fsoft Hacking Labs ! If during boot, you notice Apache error. Please wait one minute then reboot. Labs are designed to destroy themselves when you exploit them incorrectly - Please create a snapshot of yourself. Good luck to you as well ! Akasafe Team - FSOFT |
CFE9CF0A7A44761E1DE2E52D0DD4E2CB |
68F1F3ACF29F4FB32A67FF2CCBA303E7DC3CBD90 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackNos: Os-hackNos-2.1 |
29 Nov 2019 |
Rahul Gehlaut |
hackNos |
1.4 GB |
https://download.vulnhub.com/hacknos/Os-hackNos-2.1.ova |
Difficulty : Easy to Intermediate |
Flag : 2 Flag first user And second root Learning : Web Application | Enumeration | Password Cracking## Changelog- 2019-12-13 ~ v1.1- 2019-11-29 ~ v1.0 |
576448985771F267792497BA4C806874 |
BD0F6A35B48DFCAD19329B515FB95768AAE83EF5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Tempus Fugit: 3 |
23 Nov 2019 |
4nqr34z & theart42 |
Tempus Fugit |
3.7 GB |
https://download.vulnhub.com/tempusfugit/Tempus-Fugit-3.ova |
Tempus Fugit is a Latin phrase that roughly translated as “time flies”. |
This is an hard, real life box, created by @4nqr34z and @theart42 to be used as a CTF challenge on Bsides Newcastle 23. november 2019 and released on Vulnhub the same day. In Tempus Fugit 3, the idea is still, like in the first two challenges; to create something “out of the ordinary”. The vm contains 5 flags. If you don’t see them, you are not looking in the right place… Need any hints? Feel free to contact us on Twitter: @4nqr34z or @theart42 DHCP-Client. Tested both on Virtualbox and vmware Health warning: For external use onlyThis works better with VirtualBox rather than VMware |
564255E0E91EC8BA981A8A1491345112 |
A09A0EB8CA46B292953642375BE49C611932D00C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackNos: Os-hackNos-3 |
14 Dec 2019 |
Rahul Gehlaut |
hackNos |
1.8 GB |
https://download.vulnhub.com/hacknos/Os-hackNos-3.ova |
Difficulty: Intermediate |
Flag: 2 Flag first user And the second root Learning: Web Application | Enumeration | Privilege Escalation Web-site: www.hacknos.com Contact-us : @rahul_gehlautThis works better with VirtualBox rather than VMware |
20E94D060CAF653C6AD7223D60254858 |
A53D8360BC18C3FAFEF217E44425150C9E1DA11A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| sunset: sunrise |
6 Dec 2019 |
whitecr0wz |
sunset |
3.0 GB |
https://download.vulnhub.com/sunset/sunrise.7z |
Description: Have fun! |
Difficulty: Beginner Contact: @whitecr0wz |
D61B9F1C73F2BC78EA02A1EEF5A6D5AA |
9F6B2B8C4BFA66755FF152C712769F1DE97B659A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Dhanush |
9 Nov 2019 |
Hacking Articles |
HA |
783 MB |
https://download.vulnhub.com/ha/dhanush.zip |
The |
of the . It redefined the warfare to a new level and is mentioned in all the Mythological Accounts in the History. Choose Your Dhanush, Stretch the string and Shoot for Root!! ENUMERATION IS THE KEY!!! |
70ACF0E18AC171DE86190F18457984D4 |
BC5EE785FF19CBEDA1C51414A2BF9C97D5FCFAE2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mortal Kombat: 1 |
18 Oct 2019 |
p4w |
Mortal Kombat |
1.5 GB |
https://download.vulnhub.com/mortalkombat/MortalKombat.ova |
This is an hard machine. |
You’ll need to master and chain together multiple vulnerabilities. If you need a hint feel free to contact me on Twitter: @p4w16This works better with VirtualBox rather than VMware |
3C547FAC1BABB64994EE0D8CDC3A0E6D |
1E2243DBF26643920F867D8694C55BB10942B8AE |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Chanakya |
9 Nov 2019 |
Hacking Articles |
HA |
884 MB |
https://download.vulnhub.com/ha/chanakya.zip |
The Mastermind that took down kingdoms is back and this time he has created a puzzle that would make you scratch you brains! It’s time to face Chanakya. |
Will you be able to solve this Boot to Root and prove that you are wiser? ENUMERATION IS THE KEY!!! |
CB975BB516FB07C185080547E42C55F3 |
63A9279DA098F98EA427C49683A544A34F2A43C1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Connect The Dots: 1 |
21 Oct 2019 |
Sumit Verma |
Connect The Dots |
2.3 GB |
https://download.vulnhub.com/connectthedots/Connect-The-Dots.ova |
|
|
30B807367C47A94492BF25ED4E789462 |
C2D354487D39B91A7337FF2E2575009355553998 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackNos: Os-Hax |
1 Nov 2019 |
Rahul Gehlaut |
hackNos |
918 MB |
https://download.vulnhub.com/hacknos/Os-Hax.ova |
Difficulty : Intermediate |
Flag : boot-root Learing : exploit | web application Security | Privilege Escalation Contact … https://www.linkedin.com/in/rahulgehlaut/This works better with VirtualBox rather than VMware |
55FA67F69A481C3F71427628DE98D42E |
C6B801D3C7702898A1699CC671125234284879B6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| CyNix: 1 |
18 Nov 2019 |
Sumit Verma |
CyNix |
1.6 GB |
https://download.vulnhub.com/cynix/CyNix.ova |
|
This works better with VirtualBox rather than VMware. |
F4C85FAFABA25AFD9444D8EB61E6990D |
71DA0D6193665C51BC54A3F305F5DF561742771E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Rudra |
22 Oct 2019 |
Hacking Articles |
HA |
685 MB |
https://download.vulnhub.com/ha/rudra.zip |
This festive season witness the Mahakaal himself in this Boot to Root Challenge. Gain the Root and Get indulged in the Bliss of The Rudra. Call yourself the True Bhole Bakth on completion of this challenge. |
ENUMERATION IS THE KEY!!! |
3C432A797790B8189280239CEF0E4871 |
ACBEC196530BF65EA2D13B40B8C4FC9C5AAEFD24 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| View2aKill: 1 |
29 Oct 2019 |
creosote |
View2aKill |
4.0 GB |
https://download.vulnhub.com/view2akill/View2aKill.ova |
Mission: Millionaire psychopath Max Zorin is a mastermind behind a scheme to destroy Silicon Valley in order to gain control over the international microchip market. Get root and stop this madman from achieving his goal! |
|
7147C0C8F871B0FBCFC07383FDB73CCE |
58B95DD4668721DD10D792BCBE196D5AB11146AA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| EVM: 1 |
2 Nov 2019 |
Ic0de |
EVM |
780 MB |
https://download.vulnhub.com/evm/EVM.ova |
This is super friendly box intended for Beginner’s |
This works better with VirtualBox rather than VMware |
19D564088D642EF1A63D23A87EB4F4F7 |
94758070A7907FC4C8CD0BA39E8E2659DDE0B56E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Chakravyuh |
30 Oct 2019 |
Hacking Articles |
HA |
1.1 GB |
https://download.vulnhub.com/ha/chakravyuh.zip |
Close your eyes and feel the heat of being in the middle of the Chakravyuh. The Epic Battle formation that is said to uncrackable. Can you crack the Uncrackable? Does it have it in you? Crack this epic Challenge and Claim the Title of Arjuna of 21st Century. |
ENUMERATION IS THE KEY!!! |
2722A5EC177BAF2BB8ADA3C60CC1284A |
7A68F4B3203A26F713F073336091F85E4A2EA775 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| hackNos: Os-Bytesec |
8 Nov 2019 |
Rahul Gehlaut |
hackNos |
885 MB |
https://download.vulnhub.com/hacknos/Os-ByteSec.ova |
Difficulty : Intermediate |
Flag : 2 Flag first user And second root Learning : exploit | SMB | Enumration | Stenography | Privilege Escalation Contact … https://www.linkedin.com/in/rahulgehlaut/This works better with VirtualBox rather than VMware. |
5650899EECF15B434AE26847CD89BB8E |
414576020669441B8DE9DADCA2F875AD82109EA6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| djinn: 1 |
18 Nov 2019 |
0xmzfr |
djinn |
1.9 GB |
https://download.vulnhub.com/djinn/djinn.ova |
|
|
AC904F3C4170B0167FEA4A5A08095E10 |
96E4E858F5E7A9EAF887C15CD34555AB122D805D |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| serial: 2 |
27 Sep 2019 |
sk4 |
serial |
1.1 GB |
https://download.vulnhub.com/serial/serial2.zip |
This box has an intermediate difficulty for the user, I suggest you to enumerate it and use some tools for get the first flag. Note that if you don’t see the flag maybe you should find it in other place . |
The hard part is the privilege escalation for the root user, try hard and get the root flag (if you can;))! If you need an hint, feel free to contact me on Twitter: @sk4pwnThis works better with VirtualBox rather than VMware |
6CA2A85774D8E8079B4AB222E10DCB3C |
8C6C4E737A4695BEB062D14678107250F74A6E6A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mumbai: 1 |
25 Sep 2019 |
Dylan Barker |
Mumbai |
1.9 GB |
https://download.vulnhub.com/mumbai/Mumbai.ova |
N/A |
This works better with VirtualBox rather than VMware |
EAB28413413227DC9C8645DFD3B15B48 |
5FB5778D9C87EA1BC785F6695B430EBB7A6E514C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| bossplayersCTF: 1 |
28 Sep 2019 |
Cuong Nguyen |
bossplayersCTF |
665 MB |
https://download.vulnhub.com/bossplayers/bossplayersCTF.ova |
Aimed at Beginner Security Professionals who want to get their feet wet into doing some CTF’s. It should take around 30 minutes to root. |
This works better with VirtualBox rather than VMware |
CE49887192FEAA7C3349ACEE9551CFF7 |
5D1D96526D87096508AD50F30F9F7083F5CBB89B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SafeHarbor: 1 |
5 Oct 2019 |
Dylan Barker |
SafeHarbor |
3.2 GB |
https://download.vulnhub.com/safeharbor/SafeHarbor.ova |
A harder VM designed to train for both pentesting newer IT infrastructure methodologies as well as network pivot practice. |
You’ll need to be familiar with pivoting techniques, web app vulnerabilities, Metasploit and Meterpreter, as well as enumeration methodologies and a good bit of patience. As a note, there are two additional bonus flags that will appear in the /root directory based on pre-defined actions taken during the course of rooting the VM.This works better with VirtualBox rather than VMware. |
00CDAEE6E782FD9833DEF91FBB842FED |
F3EDD607D91023D10A210AE457C12A3EEFAAB5AD |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SiXeS: 1 |
8 Oct 2019 |
Hafidh ZOUAHI |
SiXeS |
1.5 GB |
https://download.vulnhub.com/sixes/SiXeS-1aa67eae208f9fcc3785c1e622805a35.ova |
Advanced-Hard Boot2Root machine intended to be used in a Workshop/CTF beside Shellmates Club. |
The machine has 6 flags that will guide the challenger through it. It covers web security, binary exploitation, and various misconfigurations.This works better with VirtualBox rather than VMware. |
1AA67EAE208F9FCC3785C1E622805A35 |
C086EA40BCBBFC6DEF483C3D85C18D97BB6E2325 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Bottleneck: 1 |
28 Sep 2019 |
bytevsbyte |
Bottleneck |
1.6 GB |
https://download.vulnhub.com/bottleneck/Bottleneck.ova |
Bottleneck is an intermediate boot2root machine. |
After some cyber attacks the admin hardened the system, show him that it’s not so secure. If you need a hint feel free to contact me on Twitter: @bytevsbyt3 |
819492A5B6344EF09C981D245F23CA74 |
54007FB2CBC5642F51A03F1BE1223663C422CC1B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Joker |
9 Oct 2019 |
Hacking Articles |
HA |
856 MB |
https://download.vulnhub.com/ha/joker.zip |
This lab is going to introduce a little anarchy. It will upset the established order, and everything becomes will become chaos. Get your face painted and wear that Purple suit because it’s time to channel your inner Joker. This is a boot2root lab. Getting the root flag is ultimate goal. |
ENUMERATION IS THE KEY!!! |
F34A2D25CF07D119F4E19D7D0FCC3DE2 |
380E9DABF9623901843ADE2A1D5BD567C2BD5A02 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Misdirection: 1 |
24 Sep 2019 |
FalconSpy |
Misdirection |
1.6 GB |
https://download.vulnhub.com/misdirection/Misdirection.zip |
The purpose of this machine is to grant OSCP students further develop, strengthen, and practice their methodology for the exam. |
This works better with VirtualBox rather than VMware |
6D1EF59FAFD464F04B77F1CA2AE84529 |
95238571D43DB60571129C89FDB39F7340164356 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Gears of War: EP#1 |
17 Oct 2019 |
eDu809 |
Gears of War |
1.1 GB |
https://download.vulnhub.com/gearsofwar/Gear_Of_War%231.ova |
Its a CTF machine that deals with the history of gears of war, where we must try to escape from prison and obtain root privileges. it has some rabbit holes, so you have to try to connect the tracks to get access. |
This works better with VirtualBox rather than VMware. |
1E1A0D3EB9998C8D736A6DEA72D244EE |
A11CDCD5718E1D1321583F237FB4CABAAF991F1C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Hacker Fest: 2019 |
7 Oct 2019 |
Martin Haller |
Hacker Fest |
569 MB |
https://download.vulnhub.com/hackerfest/HF2019-Linux.ova |
The machine was part of my workshop for Hacker Fest 2019 at Prague. |
Difficulty level of this VM is very “very easy”. There are two paths for exploit it.This works better with VirtualBox rather than VMware.- .OVA = VirtualBox file- .ZIP = Hyper-V VM (v5) |
98C0A9C41F779207689379D1E2E301E8 |
1D1547763D3183C8049CC3ADAC9A189A6C90965E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: ISRO |
4 Oct 2019 |
Hacking Articles |
HA |
804 MB |
https://download.vulnhub.com/ha/isro.zip |
This is our tribute to the Indian Space Research Organisation (ISRO). We as Indians are proud of ISRO and its achievements. Solve this CTF challenge and feel the work of ISRO. |
This machine contains 4 different flags to test your skills. ENUMERATION IS THE KEY!!! |
439B8D12310E319A8321DA45E7EABE8F |
E0523AA0B633B3EE3B4D55E31E6915100E6C0FD3 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| HA: Naruto |
11 Oct 2019 |
Hacking Articles |
HA |
1001 MB |
https://download.vulnhub.com/ha/naruto.zip |
Book your tickets to The Konohagakure, and train under Master Jiraiya, Hokage Uzumaki and Tsunade. Use your hacking skills to stop Orrochimaru and Rescue Sasuke. Hack this boot to root and get the title of “The Number One Hyperactive, Knucklehead Ninja” |
ENUMERATION IS THE KEY!!! |
751ABE040E0F1D23F5B921BA23BE126C |
F740033668D87ACDA998C6A0E48F271BC5437D9A |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| HA: Avengers Arsenal |
20 Sep 2019 |
Hacking Articles |
HA |
4.9 GB |
https://download.vulnhub.com/ha/HA-Avengers-Arsenal.ova |
Avengers are meant to be Earth’s Mightiest Heroes, but some heroes just aren’t mighty enough without their trusty weapon in hand. |
The Goal is to gather all the 5 mightiest weapons: ENUMERATION IS THE KEY!!! Visit our website http://hackingarticles.in |
512DCEB15F9F185D6A5C77F79E89EFBE |
FB06EEBA7E75558220FDD1DF3127A003D5779C0E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| WebGOAT: 1 |
16 Sep 2019 |
Renato Neves |
WebGOAT |
1.2 GB |
https://download.vulnhub.com/webgoat/WebGOAT.ova |
This is ubuntu 18.04 server which autostarts webgoat on |
Credentials: - user: webgoat - pass: webgoat This machine is used to practice on different types of web attacks. Enjoy!This works better with VirtualBox rather than VMware |
F144F3DA6D3BBD0122223C6A32A4B59B |
E31A5DEA43EE50E85E76C999E3D8089C189DB446 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Infinity Stones |
16 Sep 2019 |
Hacking Articles |
HA |
3.3 GB |
https://download.vulnhub.com/ha/HA-InfinityStones.zip |
Thanos thinks that if he kills half of all life in the universe, he’ll restore balance. To do so, he needs all six Infinity Stones to power his Infinity Gauntlet, which in turn will give him the ability to bend time, space, energy, and the laws of physics and reality. But the Avengers are one step ahead of Thanos this time. Avengers have hidden all the Infinity Stones all over this CTF. Help Thanos to get all the Infinity Stones and restore the balance of the universe. |
This machine contains 6 Infinity Stones with Six different flags to test your skills. Each stone can be found in a different way. ENUMERATION IS THE KEY!!! Visit our website http://hackingarticles.in |
598E5FA80F979016FBF5B659C8F9D153 |
A7E51F535B1E7B948FE1C01BC7EEFA7FF8897EF1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Wordy |
13 Sep 2019 |
Hacking Articles |
HA |
3.5 GB |
https://download.vulnhub.com/ha/ha-wordy.ova |
Wordy is design for beginners to experience real life Penetration testing. This lab is completely dedicated to Web application testing and there are several vulnerabilities that should be exploited in multiple ways. Therefore, it is not only intended as a root challenge boot, the primary agenda is proactive in exploiting tops listed web application vulnerabilities. |
As this is a wordpress based lab, it is designed so that users can practice following vulnerabilities: - LFI - RFI - CSRF - File Upload - SQL There is a total of 3 flags. Completion is only registered on exploiting all vulnerabilities and flags. Hint: “Everything is not what it seems to be.” Visit our website http://hackingarticles.in |
DC5E6DDA23847EA6A91D0BF3A952E72D |
D96B32FBEA9D684AC81552296F5B58EA027A84AC |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mordor: 1.1 |
7 Jan 2020 |
strider |
Mordor |
725 MB |
https://download.vulnhub.com/mordor/MordorCTF-1.1.ova |
Mordor-CTF |
Mordor CTF is a CTF-Machine with a nice story. This VM has a small touch of lord of the rings. And tells a story during part 2 of the movies. In this VM are 9 flags to get. This I my first VM i’ve created, I hope you enjoy it. The goal is to reach the root and readout the file /root/flag.txt If you found other ways, to reach the goal, let me know What include this VM? OS: For any hints contact me here [strider007 at protonmail dot com] If you found Bugs or you have problems with the VM, you can contact me also here [strider007 at protonmail dot com] This VM is completely licensed under Creative Commons v3. except the elements by LOTR. I do not own the characters and the elements of LOTR. They was used for the fanfiction story during the CTF. I do not earn money with this machine and all the other elements of this machine. If you use parts of this machine please ensure that you remove all LOTR elements.May work better in VIrtualBox than VMware.## Changelog:1.1 - 2020/01/071.0 - 2019/09/05 |
4B5441B04D25508CA6EB83D1390F18F0 |
53C55A7D29F7F88C9517B652861B182D0FDD0BAE |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Tempus Fugit: 2 |
10 Sep 2019 |
4ndr34z |
Tempus Fugit |
2.1 GB |
https://download.vulnhub.com/tempusfugit/Tempus-Fugit-2.ova |
Tempus Fugit is a Latin phrase that roughly translated as “time flies”. |
This is an intermediate, real life box. In Tempus Fugit 2, the idea is still, like in the first vm; to create something “out of the ordinary”. The vm contains both user and root flags. If you don’t see them, you are not looking in the right place… Need any hints? Feel free to contact me on Twitter: @4nqr34z DHCP-Client. Tested both on Virtualbox and vmware Health warning: Have driven people to the brink of insanity |
D92F65DA78C90B4043CF6A47C0FA06A6 |
925CF25D03E29593DDAAD4870EAAE2A680455E41 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Prime: 1 |
1 Sep 2019 |
Suraj Pandey |
Prime |
2.2 GB |
https://download.vulnhub.com/prime/Prime_Series_Level-1.rar |
This machine is designed for those one who is trying to prepare for OSCP or OSCP-Exam. |
This is first level of prime series. Some help at every stage is given. Machine is lengthy as OSCP and Hackthebox’s machines are designed. So you have a target to get root flag as well as user flag. If stuck on a point some help are given at a level of enumeration. If any extra help needed Visit our website http://hacknpentest.com and http://hnpsecurity.com. Some extra improvement needed to my VM please contact me on my email- suraj at hnpsecurity dot com. |
8E34566F7C05EFB4092DE9BED7DC364A |
3775288C5C02863A29B3F8F1AE42E01E7C080CA8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 8 |
8 Sep 2019 |
DCAU |
DC |
379 MB |
https://download.vulnhub.com/dc/DC-8.zip |
DC-8 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
This challenge is a bit of a hybrid between being an actual challenge, and being a “proof of concept” as to whether two-factor authentication installed and configured on Linux can prevent the Linux server from being exploited. The “proof of concept” portion of this challenge eventuated as a result of a question being asked about two-factor authentication and Linux on Twitter, and also due to a suggestion by @theart42. The ultimate goal of this challenge is to bypass two-factor authentication, get root and to read the one and only flag. You probably wouldn’t even know that two-factor authentication was installed and configured unless you attempt to login via SSH, but it’s definitely there and doing it’s job. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. |
B24EA5A4BE61B1A7BFD2774031DEC1AC |
B67F48F72B5D7D7DD7B04C8C6CA2C686934AAD80 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HA: Armour |
22 Sep 2019 |
Hacking Articles |
HA |
1.4 GB |
https://download.vulnhub.com/ha/HA-Armour.zip |
Klaw has stolen some armours from the Avengers Super-Secret Base. Falcon has checked the manifest, following things are unaccountable: |
Klaw hide all these armours and now it’s up to you. Can you use your penetration skills to recover them all? -Captain Steve Rogers P.S. Klaw has a habit of dividing his passwords into 3 parts and save them at different locations. So, if you get some combine them to move forward.This works better with VirtualBox rather than VMware |
E2EFC54507391344233C1112894566ED |
B34D4FBD71203CDFD3314D8260463F978ACE6610 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Fortress: 1 |
4 Sep 2019 |
at0mik |
The Fortress |
1.3 GB |
https://download.vulnhub.com/thefortress/The-Fortress-CTF.ova |
Hard CTF challenge. |
|
BDEA4C509A8E577FAF46BA505824E173 |
59F94A734A2098FD219C187C11751BB0B349AAC2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: alphonse (v1.3) |
18 Sep 2020 |
Daniel Solstad |
SP |
1.1 GB |
https://download.vulnhub.com/sp/alphonse-v1.3.ova |
Alphonse is into genes and would like to research your DNA. Is his setup secure thought? |
Flags: Tested with VirtualBox DHCP enabled Difficulty: Intermediate## Changelogv1.3: 2020-09-18v1.1: 2019-09-10v1.0: 2019-09-08 |
CD847FFE5ECF47368A920F116F09A3AC |
310F0A814F75327191322318867C2056A6FD5561 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Bob's Missing Cat CTF: 1.1 |
11 Oct 2019 |
ThreeWhiteHats |
Bob's Missing Cat CTF |
2.0 MB |
https://download.vulnhub.com/bobsmissingcat/BMCInstructablePT1.docx |
Bob’s Missing Cat is a three part CTF where the goal is to find your lost cat. |
Bob’s Missing Cat Pt. 1 is an introduction to the world of Linux. (This CTF is different from most, intended to be played out more like a story.) Types of Commands learned by the end of Pt. 1: , , , , , , , , , etc. Please do Bob’s Missing Cat Pt. 1 alongside the BMCInstrictable document. Download ~ https://download.vulnhub.com/bobsmissingcat/BMCInstructable.docxYou start local on this VM, not remotely. Find the starting point using the Word document!## Change Log- 1.1 = 2019-10-11- 1.0 = 2019-09-09 |
C616D2B6CF594865E7FD6E7157A046E3 |
C9B611A590DD62668983642FE32F16DF8C4E4045 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| sunset: nightfall |
29 Aug 2019 |
whitecr0wz |
sunset |
1.1 GB |
https://download.vulnhub.com/sunset/nightfall.zip |
nightfall is a born2root VM designed for beginners. |
Virtualbox is strongly recommended for doing this challenge. If you need to contact me for hints you can do it via twitter here: @whitecr0w1This works better with VirtualBox rather than VMware |
7AA556D47607926792EEB63ADBDC6EE1 |
6AE37F8117D4D52E933B561EEE1F6CC3A203BE57 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Broken: Gallery |
9 Aug 2019 |
Avraham Cohen |
Broken |
1.4 GB |
https://download.vulnhub.com/broken/Broken.7z |
The gallery is different kind of web application. You find what you are looking for like any other vulnerable web application. Try harder to fix the problem and then you will win. Privilege escalation is another method of security through obscurity. |
|
C35C1C8C0F7AC5D1D897A8A37CFC518E |
19568D6ED65BDDFDDF882868A98777A427E2D35B |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| serial: 1 |
20 Aug 2019 |
sk4 |
serial |
3.5 GB |
https://download.vulnhub.com/serial/serial.zip |
This is a simple boot2root for beginner/immediate. If you need a hint, feel free to contact me on Twitter: @sk4pwn |
This is just the hard drive. You will need to create a new VM and then attached this HDD instead of creating a new one. |
CD969E8B553987B0C0048A0F9C00456D |
A8CBD92E4CE946C0C558884DB3B9AA434CEB0D3F |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| AI: Web: 2 |
1 Sep 2019 |
Mohammad Ariful Islam |
AI: Web |
907 MB |
https://download.vulnhub.com/aiweb/AI-Web-2.0.7z |
This is the second box from the series AI: Web and you will have more fun to crack this challenge. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root. |
You may need to crack password. Use wordlist SecLists/rockyou-45.txt by Mr. Daniel Miessler. For any hint please tweet on @arif_xpress |
4C409F159C933C40A1E2349A68B3B8CE |
11DE56FC5BEFBC01A811530EED53B58D43332996 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 7 |
31 Aug 2019 |
DCAU |
DC |
939 MB |
https://download.vulnhub.com/dc/DC-7.zip |
DC-7 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
While this isn’t an overly technical challenge, it isn’t exactly easy. While it’s kind of a logical progression from an earlier DC release (I won’t tell you which one), there are some new concepts involved, but you will need to figure those out for yourself. If you need to resort to brute forcing or dictionary attacks, you probably won’t succeed. What you will need to do, is to think “outside” of the box. Waaaaaay “outside” of the box. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. DC-7 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t be any issues running it on most PCs. I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of . It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 |
B7F6186240BD5BDF8D612E3AE6D6A92B |
C40A1CB152215E154A120EB7C53E4E906353BE9A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| GrimTheRipper: 1 |
20 Aug 2019 |
Manish Chandra |
GrimTheRipper |
1.5 GB |
https://download.vulnhub.com/grimtheripper/grim.zip |
This boot2root is a linux based virtual machine and has been tested using VMware workstation. |
Goal: Get the root shell and then obtain flag under: . For any query contact me at: chandramanish900 at gmail dot com |
9B07A43E935893DC67E6C4263DB25D5B |
6877CE29AAAD0C4CEF32EE9FD5981853E059175A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| symfonos: 4 |
20 Aug 2019 |
Zayotic |
symfonos |
847 MB |
https://download.vulnhub.com/symfonos/symfonos4.7z |
OSCP-like Intermediate real life based machine designed to teach people the importance of trying harder. |
This works better with VirtualBox rather than VMware. |
F871F080D190BFC0E2FAA143CCB0AC4C |
D4B5453FDFB811FB30C679A50DD221E5BB26876E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| dpwwn: 3 |
12 Aug 2019 |
Debashis Pal |
dpwwn |
660 MB |
https://download.vulnhub.com/dpwwn/dpwwn-03.zip |
Name: dpwwn-03 |
Date release: 12 Aug 2019 Author: Debashis Pal Series: dpwwn This boot2root is a linux based virtual machine and has been tested using VMware workstation. Goal: Get the root shell and then obtain flag under /root(dpwwn-03-FLAG.txt). Filename: dpwwn-03.zip File size: 659 MB MD5: ba0e52d75803daadd29a782bdac8a22e SHA1: 3e25cb3b0f97119500979ae5cfe408bb9eeb53744a48223184e94be1426aaf0d Format: Virtual Machine (VMware) Operating System: Linux DHCP service: Enabled IP address: Automatically assign Note: NAT mode was set. |
BA0E52D75803DAADD29A782BDAC8A22E |
49B0AE3C371D75B039AF987DED2B0A0D7D8A5E02 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| scarecrow: 1.1 |
26 Aug 2019 |
sk4, p4w & bvb |
scarecrow |
1.2 GB |
https://download.vulnhub.com/scarecrow/scarecrow.1.1.zip |
This is an intermediate machine. Your goal is to get paw-sk4 user and then root flag. Try harder and share with us the flag, if you can . |
For any need, contact us on Twitter: @sk4pwn @p4w16 and @bytevsbyt3## Changelog2019-08-21: v1.02019-08-26: v1.1 - Fixed a bug with privilege escalation |
04A22B9AFCF4D9134A2D280DCAD3CA02 |
67FC1FBFF003FE7D40384E6C8CFDE79967271DEC |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Tempus Fugit: 1 |
16 Aug 2019 |
4ndr34z & DCAU |
Tempus Fugit |
1.8 GB |
https://download.vulnhub.com/tempusfugit/Tempus-Fugit.ova |
Tempus Fugit is a Latin phrase that roughly translated as “time flies”. |
It is an intermediate real life box. Created mostly by 4ndr34z with some assistance by DCAU, the idea behind Tempus Fugit was to create something “out of the ordinary” and without giving anything away, something “dynamic” and a lot like time… changing. The vm contains both user and root flags. If you don’t see them, you are not looking in the right place… Need any hints? Feel free to contact us on Twitter: @4nqr34z @DCAU7 DHCP-Client. Tested both on Virtualbox and vmware Health warning: May drive people insane## Changelog2019-08-16 ~ Beta2019-08-16 ~ Final (Same day, different release) |
DE0AC0A1326918AFFBAD63E4ED34875B |
2866CD558C50547BA3822DB7BD38A95DF924390C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| nezuko: 1 |
21 Aug 2019 |
yunaranyancat |
nezuko |
2.9 GB |
https://download.vulnhub.com/nezuko/nezuko.zip |
Creator : @yunaranyancat (Twitter) |
Difficulty : Easy ~ Intermediate OS Used: Ubuntu 18.04 Services : Webmin 1.920, Apache, SSH User : root, zenitsu, nezuko Hashes : at their home directory |
10DBD333208D012E620242276BE2F817 |
7D545A6F86532EC17157104F1952364A6AEDE2A5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| AI: Web: 1 |
21 Aug 2019 |
Mohammad Ariful Islam |
AI: Web |
823 MB |
https://download.vulnhub.com/aiweb/AI-Web-1.0.7z |
Difficulty: Intermediate |
Network: DHCP (Automatically assign) Network Mode: NAT This box is designed to test skills of penetration tester. The goal is simple. Get flag from /root/flag.txt. Enumerate the box, get low privileged shell and then escalate privilege to root. For any hint please tweet on @arif_xpress |
F7A1D2D740AD6D09647C16D7586B3D03 |
28D3BDA0D84F4302A36B8178A40156056A03A6CD |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| jigsaw: 2 |
27 Jul 2019 |
Zayotic |
jigsaw |
1.4 GB |
https://download.vulnhub.com/jigsaw/jigsaw2.7z |
Difficulty: Insane |
It has 2 flags. Certain functionality only work with VMware. |
B9D50698B642DA806F033F75B437CE2F |
52898AC143B0BBB69392BC4C6AF4BD1784FAF88E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| dpwwn: 1 |
4 Aug 2019 |
Debashis Pal |
dpwwn |
618 MB |
https://download.vulnhub.com/dpwwn/dpwwn-01.zip |
Name: dpwwn-01 |
Date release: 04 Aug 2019 Author: Debashis Pal Series: dpwwn This boot2root is a linux based virtual machine and has been tested using VMware workstation 14. The network interface of VM will take it’s IP settings from DHCP (Network Mode: NAT). Goal: Gain the root privilege and obtain the content of dpwwn-01-FLAG.txt under /root Directory. Note: Tested on VMware workstation 14. Difficulty: Easy/helpful for beginners. Format: Virtual Machine (VMware) Operating System: Linux DHCP service: Enabled IP address: Automatically assign Note: NAT mode was set. |
3C33FD411D7D7D74503F18C96740EED5 |
E7FA062AB0E9B0B121F9715040FE8859D5BCBB74 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| sunset: dawn |
3 Aug 2019 |
whitecr0wz |
sunset |
1.6 GB |
https://download.vulnhub.com/sunset/dawn.zip |
dawn is a boot2root machine with a difficulty designed to be Easy with multiple ways to be completed. It is recommended to use Virtualbox. |
If you need to contact me for hints you can do it via twitter here: @whitecr0w1 |
A60B7A68671823C26D51A77F1DC9A7DC |
B690A624BB52C64D84F0548E0895357F2A1C6435 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| ReadMe: 1 |
26 Jul 2019 |
Rob |
ReadMe |
1.2 GB |
https://download.vulnhub.com/readme/ReadMe.ova |
N/A |
|
9C60559302D106D8A6468474B15ECE51 |
C7E0C0B7F7DB4AD5A571A71BA7FC977C2DFA6CB7 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Tr0ll: 3 |
6 Aug 2019 |
Maleus |
Tr0ll |
4.0GB |
https://download.vulnhub.com/tr0ll/Tr0ll3.ova |
The latest version of the Tr0ll series. This one is a little different from the previous iterations, I would say still on the beginner++ level. I hope everyone has fun, be sure to tag @Maleus21 with screen shots of the flag. |
You will need to login with : Type: Boot 2 Root Goal: Obtain flag.txt Difficulty: Beginner++ Fun level: Over 9000 |
E264031F36FEECE381A655F2D1937F69 |
8FE19E4A0D3FB50BE7324843586D96A36812DB9F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| symfonos: 3.1 |
7 Apr 2020 |
Zayotic |
symfonos |
979 MB |
https://download.vulnhub.com/symfonos/symfonos3v2.7z |
Intermediate real life based machine designed to test your skill at enumeration. If you get stuck remember to try different wordlist, avoid rabbit holes and enumerate everything thoroughly. SHOULD work for both VMware and Virtualbox. |
For hints you’re welcome to contact me via Twitter @zayotic## Changelogv3.1 - 2020-04-07v3.0 - 2019-07-20 |
18B52E45E2E0B23A118A8122306BF250 |
86E77ACA2BACEDD0BDE23292718B0365BC9847D6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Library: 1 |
22 Jul 2019 |
Avraham Cohen |
The Library |
1.2 GB |
https://download.vulnhub.com/thelibrary/Library.7z |
The library is a sophisticated web application which has few advanced vulnerabilities. You will have to think out of the box to be able to compromised successfully this machine. If you can’t you can just enjoy countries history |
|
309AE8BEBE72F3F227F1CDB363F3D7FB |
2F15B68B9C0CEE131A8EA0571187683A68C6241A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Library: 2 |
25 Jul 2019 |
Avraham Cohen |
The Library |
1.2 GB |
https://download.vulnhub.com/thelibrary/Library-2.7z |
The library is a sophisticated web application which has few advanced vulnerabilities. You will have to think out of the box to be able to compromised successfully this machine. If you can’t you can just enjoy countries history |
Hint: PHP $_REQUEST |
737911917B4C40C3C047C80F34B65082 |
B9BA3E7D5720D9532512E5AA317C30D20DDEB982 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| sunset: 1 |
29 Jul 2019 |
whitecr0wz |
sunset |
843 MB |
https://download.vulnhub.com/sunset/sunset.zip |
N/A |
|
A4EC1CFB0F5DF080002C71F8207A2525 |
A4EC1CFB0F5DF080002C71F8207A2525 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| MinU: v2 |
18 Jul 2019 |
8BitSec |
MinU |
53 MB |
https://download.vulnhub.com/minu/MinUv2.ova.7z |
This boot2root is a linux based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it’s IP settings from DHCP. |
Your goal is to capture the flag on /root. : Tested on VirtualBox : Host-Only, NAT (not required) : OVA : easy/intermediateThis works better with VirtualBox than VMware. |
ED68CE401725058989A844DDD143EE86 |
27345775AF82B5152D8A9DE4A1B1396A28E5B3FA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| dpwwn: 2 |
8 Aug 2019 |
Debashis Pal |
dpwwn |
1.4 GB |
https://download.vulnhub.com/dpwwn/dpwwn-02.zip |
Name: dpwwn-02 |
Date release: 09 Aug 2019 Author: Debashis Pal Series: dpwwn This boot2root is a linux based virtual machine and has been tested using VMware workstation. Difficulty: Intermediate++ and fun. Goal: Get the root shell i.e.( :~#) and then obtain flag under /root(dpwwn-02-FLAG.txt). Filename: dpwwn-02.zip File size: 1.37 GB MD5: 0ebd0bd68d651e65608a17310ca567e2 SHA1: 41856ebd27341fc9300a65724c47476f63edccbaaae30dced0c50cf1b4e52645 Format: Virtual Machine (VMware) Operating System: Linux DHCP service: Disabled Static IP address: 10.10.10.10 Note: Host only network adapter set (VM IP: 10.10.10.10/24) |
0EBD0BD68D651E65608A17310CA567E2 |
AD1AED8C03296C029D5B2DC3FBDDD1DB3EDAE019 |
Virtual Machine (VMware) |
Linux |
Disabled |
10.10.10.10 |
| WestWild: 1.1 |
29 Jul 2019 |
Hashim Alsharef |
WestWild |
642 MB |
https://download.vulnhub.com/westwild/West-Wild-v1.1.ova |
West Wild v1 1 is a beginner level CTF series, created by Hashim This CTF series is for people who have basic knowledge of penetration Testing tools and techniques , and this machine is include of |
1- System Testing Level = intermediate and i hope you all will Have F0n ## Changelogv1.1 - 2019-08-08 ~ Fix DHCPv1 - 2019-07-29 |
7047F9AA30DCB5F3938EB65B903D4CC2 |
6ADCDDFE8847643ADE930F2B08034D2799D7ED32 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Ted: 1 |
16 Jul 2019 |
Avraham Cohen |
Ted |
1.6 GB |
https://download.vulnhub.com/ted/Ted.7z |
How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities. |
Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges. |
5EF03E7346ABA7B66A0E384C248789FB |
E72BAD7609476F2CCDDA9B4DD5EABCDAF75CC48D |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| CLAMP: 1.0.1 |
14 Jul 2019 |
Mehmet Kelepçe |
CLAMP |
2.3 GB |
https://download.vulnhub.com/clamp/CLAMP-Machine-v1.0.1.zip |
There are many vulnerabilities on the CLAMP machine. |
You need some time and patience when dealing with security vulnerabilities. The scenario is progressing through web vulnerabilities. You will feel the test air while doing them. Maybe you’il have some fun. When sending information, the security of the protocol you use is very important. You must keep the evidence in safe places. Good Luck!## Changelog- v1.0.1 ~ 14/07/2019- v1.0.0 ~ 13/06/2019 |
268B8A8947F25E4E47DE3A9A30DDFD04 |
8F7A880342377D16C60D5CC6864E448F5C51781A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackme: 1 |
18 Jul 2019 |
x4bx54 |
hackme |
3.1 GB |
https://download.vulnhub.com/hackme/hackme.ova |
‘hackme’ is a beginner difficulty level box. The goal is to gain limited privilege access via web vulnerabilities and subsequently privilege escalate as root. The lab was created to mimic real life environment. |
‘hackme’ uses DHCP and in the possible event that the mysqld shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently.This works better with VirtualBox rather than VMware |
52D0FE633959338AB762A91946BBE8FA |
970D01C7079DCD6C699EB20EFF8E15CD419CDFAA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Matrix: 3 |
9 Jul 2019 |
Ajay Verma |
Matrix |
554 MB |
https://download.vulnhub.com/matrix/Machine_Matrix_v3.ova |
: Matrix is a medium level boot2root challenge Series of MATRIX Machines. The OVA has been tested on both VMware and Virtual Box. |
[Flags: Your Goal is to get root and read /root/flag.txt Networking: DHCP: Enabled IP Address: Automatically assigned Hint: Follow your intuitions … and enumerate! For walkthrough writeup permission or any other query, feel free to contact me on: Twitter: @unknowndevice64 or Email: info@]ud64.com : 554 MB : linux : intermediate |
23C9BCF1C187549C9DB3EB973A9AF36A |
4276F80E54141B02D16E3D1FCCFF357178E7F4A7 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DomDom: 1 |
11 Jul 2019 |
Avraham Cohen |
DomDom |
2.1 GB |
https://download.vulnhub.com/domdom/DomDom.7z |
How well do you understand PHP programs? How familiar are you with Linux misconfigurations? This image will cover advanced Web attacks, out of the box thinking and the latest security vulnerabilities. |
Please note that this is capture the flag machine which means it is not real life scenario but will challenge you hard before you can obtain root privileges. |
EB35ECAA5650E282133D2F6CC9D696D3 |
71A28748B3504E7DD7BD957B01268BF185832BE3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| CTF KFIOFan: 2 |
1 Jun 2019 |
Khaos Farbauti Ibn Oblivion |
CTF KFIOFan |
872 MB |
https://download.vulnhub.com/kfiofan/CTF-KFIOFan2.ova |
The two french fans of Khaos Farbauti Ibn Oblivion are back ! Since the last attack on their server, Bob is trying to create a new, so much more secure, one. … Well at least he thinks so. Time to prove him wrong ! |
Difficulty : Beginner with some little non-usual twists Flag : No flag except for the root one, some easter eggs along the wayThis works better with VirtualBox rather than VMware. |
F01385F030D14C81FB322625071B7CFE |
FB4E234823503001CC79DE36A1590F8A0F3CA8FA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mission-Pumpkin v1.0: PumpkinRaising |
2 Jul 2019 |
Jayanth |
Mission-Pumpkin v1.0 |
844 MB |
https://download.vulnhub.com/missionpumpkin/PumpkinRaising.ova |
Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinRaising is Level 2 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file, this level is all about identifying |
(4 Flags - Seed ID’s) and gain access to root and capture final file. |
3096B85001AEAA7620A3A82EA1858A82 |
7CD4AD889BE6CE5C83FFA954C31ECDEBDF0121F0 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Escalate_Linux: 1 |
30 Jun 2019 |
Manish Gupta |
Escalate_Linux |
2.3 GB |
https://download.vulnhub.com/escalatelinux/Escalate_Linux.ova |
Escalate_Linux - A intentionally developed Linux vulnerable virtual machine.The main focus of this machine is to learn Linux Post Exploitation (Privilege Escalation) Techniques. |
“Escalate_Linux” A Linux vulnerable virtual machine contains different features as. |
EE35F30696C88FE5BB3138ADB40F17C7 |
BD731E9483947A1C3BDAC81F496F9E76B31EAAAC |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| symfonos: 1 |
29 Jun 2019 |
Zayotic |
symfonos |
739 MB |
https://download.vulnhub.com/symfonos/symfonos1.7z |
Beginner real life based machine designed to teach a interesting way of obtaining a low priv shell. SHOULD work for both VMware and Virtualbox. |
Note: You may need to update your host file for |
A26759752F413FCD6BA7BE31B0D7862D |
126D57358E7B9AD713CF269A7F38E66B5D798744 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mission-Pumpkin v1.0: PumpkinGarden |
28 Jun 2019 |
Jayanth |
Mission-Pumpkin v1.0 |
773 MB |
https://download.vulnhub.com/missionpumpkin/PumpkinGarden.ova |
Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. PumpkinGarden is Level 1 of series of 3 machines under Mission-Pumpkin v1.0. The end goal of this CTF is to gain access to |
file stored in the root account. |
8ED5015BDC5E1A00A7BC86F979254EAC |
73F72BC5440258EB9AE2D8D05BFD31764A576B0A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mission-Pumpkin v1.0: PumpkinFestival |
17 Jul 2019 |
Jayanth |
Mission-Pumpkin v1.0 |
841 MB |
https://download.vulnhub.com/missionpumpkin/PumpkinFestival.ova |
Mission-Pumpkin v1.0 is a beginner level CTF series, created by keeping beginners in mind. This CTF series is for people who have basic knowledge of hacking tools and techniques but struggling to apply known tools. I believe that machines in this series will encourage beginners to learn the concepts by solving problems. |
PumpkinFestival is Level 3 of series of 3 machines under Mission-Pumpkin v1.0. The Level 1 ends by accessing PumpkinGarden_Key file. Level 2 is about identifying pumpkin seeds. In this level (Level 3) it is time for Pumpkin Festival, the goal is to reach root and access and collect on the way. |
B1CB13BF860D20D149E306FFAE9F4C66 |
848FD03D47B464293AA40ED149D70EA1A2461FC6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| symfonos: 2 |
18 Jul 2019 |
Zayotic |
symfonos |
1.1 GB |
https://download.vulnhub.com/symfonos/symfonos2.7z |
OSCP-like Intermediate real life based machine designed to teach the importance of understanding a vulnerability. SHOULD work for both VMware and Virtualbox. |
|
DD95AAB0BEC0D9E8DC2CC244D4FF23B9 |
9A36FAD87B0A81149391F11430C9218BBB0A853B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| CSRF Minefield: 1 |
15 May 2019 |
Uday Mittal |
CSRF Minefield |
3.0 GB |
https://download.vulnhub.com/csrfminefield/CSRF-Minefield-V1.0.zip |
CSRF Minefield is an Ubuntu Server 18.04 based virtual machine, that is heavily ridden with Cross-Site Request Forgery (CSRF) vulnerabilities. This VM hosts 11 real-world web applications that were found vulnerable to CSRF vulnerability and your aim is to find them and detonate them before they explode the target network. |
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. - As a starting point, you can use the following resources by the OWASP Project: In case you run into any troubles, contact me on @yaksas443 (twitter) or csc[at]yaksas[dot]in May the force be with you! Credits (vulnerability researchers): |
8978E6940110D281904EA95E37F100BF |
A6CCA2E12DA89975E49CAE427F23A60D3FB780AB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 5 |
21 Apr 2019 |
DCAU |
DC |
521 MB |
https://download.vulnhub.com/dc/DC-5.zip |
DC-5 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
The plan was for DC-5 to kick it up a notch, so this might not be great for beginners, but should be ok for people with intermediate or better experience. Time will tell (as will feedback). As far as I am aware, there is only one exploitable entry point to get in (there is no SSH either). This particular entry point may be quite hard to identify, but it is there. You need to look for something a little out of the ordinary (something that changes with a refresh of a page). This will hopefully provide some kind of idea as to what the vulnerability might involve. And just for the record, there is no phpmailer exploit involved. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. But if you’re really, really stuck, you can watch this video which shows the first step. DC-5 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t be any issues running it on most PCs. I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 |
AB856B4F43F829F8235F4EA701DD22FD |
C6881E15881F056248D7E6B7FAFE4F1E77641C17 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 6 |
26 Apr 2019 |
DCAU |
DC |
619 MB |
https://download.vulnhub.com/dc/DC-6.zip |
DC-6 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
This isn’t an overly difficult challenge so should be great for beginners. The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. DC-6 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t be any issues running it on most PCs. I have tested this on VMWare Player, but if there are any issues running this VM in VMware, have a read through of this. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. NOTE: I’ve used 192.168.0.142 as an example. You’ll need to use your normal method to determine the IP address of the VM, and adapt accordingly. This is VERY important. And yes, it’s another WordPress based VM (although only my second one). While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 OK, this isn’t really a clue as such, but more of some “we don’t want to spend five years waiting for a certain process to finish” kind of advice for those who just want to get on with the job. cat /usr/share/wordlists/rockyou.txt | grep k01 > passwords.txt That should save you a few years. |
8F873D9D6FB28711F7A475ECE6F678B3 |
21B782C260F0E20FFE39DF762CD6B90B3F3888A2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 2 |
22 Mar 2019 |
DCAU |
DC |
847 MB |
https://download.vulnhub.com/dc/DC-2.zip |
Much like DC-1, DC-2 is another purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. |
As with the original DC-1, it’s designed with beginners in mind. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. Just like with DC-1, there are five flags including the final flag. And again, just like with DC-1, the flags are important for beginners, but not so important for those who have experience. In short, the only flag that really counts, is the final flag. For beginners, Google is your friend. Well, apart from all the privacy concerns etc etc. I haven’t explored all the ways to achieve root, as I scrapped the previous version I had been working on, and started completely fresh apart from the base OS install. DC-2 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs. While I haven’t tested it within a VMware environment, it should also work. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go. Please note that you will need to set the hosts file on your pentesting device to something like: Obviously, replace 192.168.0.145 with the actual IP address of DC-2. It will make life a whole lot simpler (and a certain CMS may not work without it). If you’re not sure how to do this, instructions are here. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. This is the second vulnerable lab challenge that I’ve created, so feel free to let me know what you think of it. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 |
F66A5E3AA422A20A526DD4D1018F599B |
906D1930E008BBA5DBA06BBC2E59B2D6E908BEC5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Silky-CTF: 0x01 |
27 Apr 2019 |
Silky |
Silky-CTF |
2.5 GB |
https://download.vulnhub.com/silky/Silky-CTF_0x01.ova |
Simple Boot2root for beginner/immediate. This challenge is made for the Security Hackadeny (https://www.security-hackademie.de/). Made for virtualbox |
|
3664D8EFBAEDED2CE75088E7AE8BB133 |
5A89FB96D955FADE75CD2DC0EAC183A96A55BDA4 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Oz: 1 |
29 May 2019 |
inCIDRthreat & Mumbai |
Oz |
1.9 GB |
https://download.vulnhub.com/oz/Oz.zip |
Oz was originally created and submitted to HackTheBox. It is a medium/hard boot2root challenge. The Oz box has 2 flags to find (user and root) and has a direct route for each, no need to bruteforce access. It is a slightly trolly box with real world vulnerabilities. The OVF has been tested on VirtualBox, VMware Fusion, and VMware Workstation. |
If you have questions or concerns we can be contacted via Twitter - @incidrthreat and @ilove2pwn_ |
8D840CA1C92FEA9C1BC6E13653476361 |
7C697328955A45EB2671C08A8D2B7F618FA37142 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Silky-CTF: 0x02 |
27 Apr 2019 |
Silky |
Silky-CTF |
2.3 GB |
https://download.vulnhub.com/silky/Silky-CTF_0x02.ova |
This is the second Simple Boot2root for the Security Hackadeny (https://www.security-hackademie.de/) and for virtualbox. Try to break in and get the User and root Flag |
|
E00F10E0D0D043AB1F6BE024B26E9253 |
0A3FE9CE86E29F26E78CFEB91ED36BA811941D23 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 3.2 |
25 Apr 2020 |
DCAU |
DC |
1005 MB |
https://download.vulnhub.com/dc/DC-3-2.zip |
DC-3 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
As with the previous DC releases, this one is designed with beginners in mind, although this time around, there is only one flag, one entry point and no clues at all. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. For those with experience doing CTF and Boot2Root challenges, this probably won’t take you long at all (in fact, it could take you less than 20 minutes easily). If that’s the case, and if you want it to be a bit more of a challenge, you can always redo the challenge and explore other ways of gaining root and obtaining the flag. DC-3 is a VirtualBox VM built on Ubuntu 32 bit, so there should be no issues running it on most PCs. Please note: There was an issue reported with DC-3 not working with VMware Workstation. To get around that, I recommend using VirtualBox, however, I have created a separate DC-3 VMware edition for those who can only use VMware. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7This works better with VirtualBox rather than VMware## Changelogv3.2 - 2020-04-25v3.0 - 2019-03-26 |
3DD0C0B4E96D593FBEADEC1EFC6B50C8 |
63FB4EFCE0D347CA5BAA39F949FD92FFEA212589 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| jigsaw: 1 |
10 May 2019 |
Zayotic |
jigsaw |
931 MB |
https://download.vulnhub.com/jigsaw/jigsaw.7z |
Name: jigsaw: 1 |
Difficulty: Hard Tested: VMware Workstation 15 Pro & VirtualBox 6.0 DHCP Enabled This works better with VirtualBox than VMware.Note, Check for ARP rather than port scans. |
517AAA2B3D59CD0A82B0F70E5B7D12D3 |
8FFC1A904FE3D1B9BD08A9D247C30BDE5934295E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 4 |
7 Apr 2019 |
DCAU |
DC |
617 MB |
https://download.vulnhub.com/dc/DC-4.zip |
DC-4 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. |
Unlike the previous DC releases, this one is designed primarily for beginners/intermediates. There is only one flag, but technically, multiple entry points and just like last time, no clues. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. DC-4 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs. If there are any issues running this VM in VMware, have a read through of this. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @DCAU7 |
20BEE5882154CCD447602F757D3B7423 |
184ECEDF85492AADCA84A8E7E2AD5CAE13CE4B19 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| A Get A Post: 1 |
28 Apr 2019 |
Fl3x |
A Get A Post |
1.8 GB |
https://download.vulnhub.com/agetapost/ctf_a_get_a_post_v1_by_Fl3x.zip |
After the hacking of their french website, the website is under maintenance with restricted access to admins … Multiple bugs and flaws are still present on the website and hackers can penetrate and take control of the server … Difficulty : educative challenge for beginner… Seven flags to collect… Good luck and happy hacking !! |
|
6AF224E826AC305E58D2387ED9B1B6EB |
AA9DA0174A8619C6B832E7BC09C9235BE013578E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| 2much: 1 |
11 Jun 2019 |
4ndr34z |
2much |
4.5 GB |
https://download.vulnhub.com/2much/2much.tar.gz |
2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn’t be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key. |
The vm contains both user and root flags. If you don’t see them, you need to try harder… Built and tested on VMWare ESXi and Fusion. DHCP-client Need any hints? Feel free to contact me on Twitter: @4nqr34zThis works better with VirtualBox rather than VMware. |
7E0B8B96BF6E5F50FBBCFA1C9C6970D6 |
6C16AA98D4B112B0FB6CA6535063384BFEB66096 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| digitalworld.local: JOY |
31 Mar 2019 |
Donavan |
digitalworld.local |
3.3GB |
https://download.vulnhub.com/digitalworld/JOY.7z |
Does penetration testing spark joy? If it does, this machine is for you. |
This machine is full of services, full of fun, but how many ways are there to align the stars? Perhaps, just like the child in all of us, we may find joy in a playground such as this. This is somewhat OSCP-like for learning value, but is nowhere as easy to complete with an OSCP exam timeframe. But if you found this box because of preparation for the OSCP, you might as well try harder. If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Joy is (#1): https://www.youtube.com/watch?v=9AvWs2X-bEA, (#2): something that should be replicated, (#3): what happens when you clean out seemingly “hidden” closets. Note: There are at least two reliable ways of obtaining user privileges and rooting this machine. Have fun. Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment. |
134B6D5F6844439352671AECA38DA84D |
11D09686EC959F9D5E5A1CBFF335648E80D2E58C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Sputnik: 1 |
4 Apr 2019 |
Ameer Pornillos |
Sputnik |
1.7 GB |
https://download.vulnhub.com/sputnik/Sputnik.ova |
Sputnik is an easy level boot2root machine designed to be a challenge for security enthusiasts to learn and practice compromising machines and penetration testing. |
The vulnerable machine was made as a boot2root CTF challenge for an InfoSec community wherein CTF challenges were made by hackstreetboys (a CTF team from Philippines). |
3A904C30947A3BE9F4DB3C6EB4E2D7E0 |
54AD6E9CEE41703CFA941019AB5993031217A7D4 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: harrison |
14 Apr 2019 |
Daniel Solstad |
SP |
1.2GB |
https://download.vulnhub.com/sp/harrison-v1.0.0.7z |
Can you break free from Harrison’s prison? |
Flags - /root/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Doesn’t always get an IP address nicely with DHCP. |
E25FA54CD19FED0D205CB925B7AAE00C |
57164344416E5AECC52D8F16669A88CB6C179972 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| unknowndevice64: 2 |
26 Mar 2019 |
Ajay Verma |
unknowndevice64 |
1.7 GB |
https://download.vulnhub.com/unknowndevice64/unknowndevice64-V2.0.ova |
: unknowndevice64 v2.0 is a beginner level boot2root challenge. The OVA has been tested on both VMware (with some fix provided in this video https://www.youtube.com/watch?v=scRpxo8fra4) and Virtual Box. |
: Beginner : Your Goal is to get root and read flag.txt with at least two different ways. : - DHCP: Enabled - IP Address: Automatically assigned : Follow your intuitions … and enumerate! and for any questions, feel free to contact me on Twitter: @unknowndevice64 Happy Hacking…!!!You may need to add nomodeset to GRUB with VMware. Afterwards, wait a little longer (30 seconds) |
9CEBD322AF81541F04608B0CACBD201E |
DE3DAA174FB224CE13512AB36C1A3E31A5350B7B |
Virtual Machine (Virtualbox - OVA) |
Android |
Enabled |
Automatically assign |
| HackInOS: 1 |
9 Mar 2019 |
Fatih Çelik |
HackInOS |
3.1 GB |
https://download.vulnhub.com/hackinos/HackInOS.ova |
HackinOS is a beginner level CTF style vulnerable machine. I created this VM for my university’s cyber security community and all cyber security enthusiasts. I thank to Mehmet Oguz Tozkoparan, Ömer Faruk Senyayla and Tufan Gungor for their help during creating this lab. |
: is meant to be there! |
BBDCFD18C41CC69C2EA13D92D49516FD |
C29FD5676BCD1A3FB7343A4F910FFD4E3AE572B7 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Overflow: 1 |
1 Apr 2019 |
Fred Wemeijer |
Overflow |
494 MB |
https://download.vulnhub.com/overflow/Overflow.ova |
A new machine works in VirtualBox. Two flags: user and root. Some easy overflow stuff. |
Doesn’t get a NIC out of the box with VMware. Recommend VirtualBox |
4D2AD7DB8E706B7479B7E66CA2A35702 |
EE0BC569C159284578A09393E502A2CB2E3DA0ED |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Zeus: 1 |
20 Apr 2019 |
Vasile Revnic |
Zeus |
1.4 GB |
https://download.vulnhub.com/zeus/zeus-ovf.zip |
: Zeus is an intermediate level boot2root VM. Your goal is to get root and read the flags. Tested on VMware. |
: Medium : user.txt and root.txt : Static IP ~ |
35871511556871F51C91955B6ADE32C6 |
ED9C4AEA7862AE153E039ED579182B14B9C98FD6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.131.170 |
| Cybero: 1 |
23 Apr 2019 |
Ramal H-ev |
Cybero |
691 MB |
https://download.vulnhub.com/cybero/Cybero.ova |
middle-class lab |
There are different tasks in the lab. It is very joyful. |
5C80FF36054C3DBE57AD1E15DE19429E |
0990A4ED5C43DF3115358A2ABD1395FCAB275341 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| digitalworld.local: TORMENT |
31 Mar 2019 |
Donavan |
digitalworld.local |
2.5 GB |
https://download.vulnhub.com/digitalworld/TORMENT.7z |
This is the evil twin of JOY. Unlike JOY, this machine is designed to drive you crazy. Stephen Hawking once mentioned, “God plays dice and throws them into places where they cannot be seen.” |
The dice for the machine can all be found on the Internet. Like all other machines built by me, you should not torment yourself by brute force. But perhaps, JOY and TORMENT are two sides of the same coin of satisfaction? Can we really spark joy if we can’t first be tormented to endure sufferance? This machine guarantees to teach you some new ways of looking at enumeration and exploitation. Unlike all the other OSCP-like machines written by me, this machine will be mind-twisting and maybe mind-blowing. You may lose your mind while at it, but we will still nudge you to… try harder! This is NOT an easy machine and you should not feel discouraged if you spend a few days headbanging on this machine. At least three competent pentesters I have asked to test this machine report days (thankfully not weeks) of head banging and nerve wrecking. Do this machine if you enjoy being humbled. If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Torment is (#1): what happens when you can’t find your answer on Google, even though it’s there, (#2): what happens when you plead for mercy, but do not succeed, (#3): https://www.youtube.com/watch?v=7ge1yWot4cE Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment. |
7B55B079A859D8FA0ADC4DBEDC87C0BD |
117E303FE35E4ACB68219271104275D384617400 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HappyCorp: 1 |
5 Mar 2019 |
Zayotic |
HappyCorp |
913 MB |
https://download.vulnhub.com/happycorp/happycorp1.7z |
|
This works better with VirtualBox rather than VMware |
AB3FB85176DCF9A81BEFCBA0D90A87DE |
AB53409425E030ED60F63C89C6EF9706DB84D031 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: jerome (v1.0.1) |
25 Jun 2019 |
Daniel Solstad |
SP |
1.6 GB |
https://download.vulnhub.com/sp/jerome-v1.0.1.7z |
Jerome has created some awesome recipes. Can you find them? |
Flags - /root/flag.txt - /home/jerome/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Doesn’t always get an IP address nicely with DHCP.## Changelogv1.0.1 - 2019-06-25v1.0.0 - 2019-04-19 |
C7EB7CE96D6CA78130F40180AE128115 |
EEE41F0D777907CA24CC5D41BBDBF11F70E1E09F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| unknowndevice64: 1 |
9 Mar 2019 |
Ajay Verma |
unknowndevice64 |
283 MB |
https://download.vulnhub.com/unknowndevice64/unknowndevice64-V1.0.ova |
: unknowndevice64 v1.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. |
: Intermediate : Your Goal is to get root and read /root/flag.txt : : Follow your intuitions … and enumerate! and for any questions, feel free to contact me on Twitter: @unknowndevice64 Happy Hacking…!!! |
63D05E2943258D47C296C03AFFD28839 |
21AAEC6CF3E1D298F8883F2212ACE5ABDC9663D4 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Chatty: 1 & 2 (v5) |
9 Aug 2018 |
Hélvio Junior |
Chatty |
6.3 GB |
https://download.vulnhub.com/chatty/chatty1_v5.ova |
N/A |
## Changelogv5 - 2018-08-09 - Auto discover, FDE, GRUB and other misc fixesv1 - 2018-08-09 |
26FDD4C740E49353D234331B519C21B4 |
43044130FDC29E6388A68C9ADF0BAFE20DAE9137 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Stack Overflows for Beginners: 1.0.1 |
16 Jun 2019 |
Jack Barradell-Johns |
Stack Overflows for Beginners |
5.7 GB |
https://download.vulnhub.com/stackoverflow/IntroToStackOverflow_v1.0.1.ova |
A series of challenges to test basic stack overflow skills, originally developed for the Sheffield University Ethical Hacking Society. |
Starting as level0 exploit a binary owned by the next user to get the flag. There are 5 flags to collect: Each flag is the corresponding users password, so once you exploit the binary owned by level1 and get the level1 flag, you can su to level1 and take on the next challenge To start boot the machine and login as: You’ll find the first binary to exploit is: You may want to increase the resources allocated to the machine## Changelogv1.0.1 - 2019-06-16 ~ Bug fixesv1.0.0 - 2019-02-26 |
841359863B0E577F536CC2D712FB8024 |
A30FB1A203AEF3245FDD3B252A4D0ED981FB3F27 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Kuya: 1 |
21 Dec 2018 |
Ashhad |
Kuya |
692 MB |
https://download.vulnhub.com/kuya/Kuya.ova |
A Boot2Root machine with hints of CTF |
In total there are 3 flags and you will be required to use some CTF skills to solve it. |
5A3412C99D5D02556055655F5ABB6BF9 |
385106DFFBF6F82797583D08E386E55C19F0B715 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Born2Root: 2 |
28 Feb 2019 |
Hadi Mene |
Born2Root |
3.0 GB |
https://download.vulnhub.com/born2root/Born2rootv2.ova |
N/A |
|
542A01824EE985B86A33AE632FA96BDB |
7E5C3F63FA127B79CC5E5E6CA14147031A1EC0B5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| NorzhCTF: 2019 (Basilic) |
26 Jan 2019 |
DrStache |
NorzhCTF |
635 MB |
https://download.vulnhub.com/norzhctf/Basilic.ova |
Name: Basilic Author: DrStache |
The Basilic VM was created as part of NorzhCTF 2019. A Python developer has put a website online. Your goal is to compromise the different users of the server and gain root privileges. There are 4 flags to retrieve, they are in md5 format. Difficulty: Intermediate / Hard Categories: Web, Jail, Crypto, PrivEsc For any questions, feel free to contact me on Twitter: @DrStache_ |
0EF9BD1D542F291FF652205AD3C136EE |
B7E66C99B72955FB1144D0D09D80480EE3B61043 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Beast: 2 |
8 Feb 2019 |
Avraham Cohen |
The Beast |
4.6 GB |
https://download.vulnhub.com/thebeast/TheBeast.zip |
The Beast 2 is an intermediate level boot2root VM. Capture the flag event, can you follow the hints?. Can you still breach The Beast? |
|
4583229DCA3B1C8895FEC7531477D696 |
DD77233E6BCDB891E69EC86EC041CBF6ADACC17C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Web Developer: 1 |
5 Nov 2018 |
Fred Wemeijer |
Web Developer |
1.3 GB |
https://download.vulnhub.com/webdeveloper/WebDeveloper.ova |
A machine using the newest |
Server, the newest and containing some …## Changelogv1 - 2018/11/05Beta - 2018/9/22 |
A54D454764A61C8E18B1BE5995918B94 |
552F63BB245A390268BD7EE26623F86CE0F8962C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| MEA-CTF: 1 |
28 Jan 2019 |
SecuritySura |
MEA-CTF |
1.1 GB |
https://download.vulnhub.com/mea/MEA-CTF-1.zip |
DHCP service: Enabled |
IP address: Automatically assign Ultimate goal : find the /root/root.txt Difficulty for user: Medium Difficulty for root: Easy/MediumFull Disk Encryption (FDE) is enabled.Enter the username/password from the README to fully boot up the VM. |
A6699378F441E9E4F1DE5A06B41BA396 |
AAAEA2B6514DCEE64EAD5AD9C7D8F75500525E81 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC: 1 |
28 Feb 2019 |
DCAU |
DC |
733 MB |
https://download.vulnhub.com/dc/DC-1.zip |
DC-1 is a purposely built vulnerable lab for the purpose of gaining experience in the world of penetration testing. |
It was designed to be a challenge for beginners, but just how easy it is will depend on your skills and knowledge, and your ability to learn. To successfully complete this challenge, you will require Linux skills, familiarity with the Linux command line and experience with basic penetration testing tools, such as the tools that can be found on Kali Linux, or Parrot Security OS. There are multiple ways of gaining root, however, I have included some flags which contain clues for beginners. There are five flags in total, but the ultimate goal is to find and read the flag in root’s home directory. You don’t even need to be root to do this, however, you will require root privileges. Depending on your skill level, you may be able to skip finding most of these flags and go straight for root. Beginners may encounter challenges that they have never come across previously, but a Google search should be all that is required to obtain the information required to complete this challenge. DC-1 is a VirtualBox VM built on Debian 32 bit, so there should be no issues running it on most PCs. While I haven’t tested it within a VMware environment, it should also work. It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. This is the first vulnerable lab challenge that I’ve created, so feel free to let me know what you think of it. I can be contacted via Twitter - @DCAU7 |
D052D37F7C819A2B5488FE2BFF4571D8 |
BDDCADF7E8CFA1FF8BE04E446886EAD50B33761D |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Casino Royale: 1 |
23 Feb 2019 |
creosote |
Casino Royale |
2.6 GB |
https://download.vulnhub.com/casinoroyale/CasinoRoyale.ova |
Will you gain your status as a 00 agent? |
|
E071600B7D60E476CA9A9C5D777A8DF4 |
B93AD21074619CB60B6976C3BBB78684B5C297D9 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| myHouse7: 1 |
2 Nov 2018 |
thepcn3rd |
myHouse7 |
2.6 GB |
https://download.vulnhub.com/myhouse7/myhouse7-exported.7z |
myHouse7 is a vulnerable virtual machine with multiple docker images setup to be a capture-the-flag (CTF) challenge. The goal of this vulnerable virtual machine is to present a lab where you can learn and practice to pivot through the subnets to be able to compromise all of the hosts/containers except 1. |
This CTF challenge consists of a total of 20 flags. The virtual machine that is provided contains 2 flags and each docker image/container when running contains 3 additional flags with exception to 1 host. The 1 host that is the exception has no flags. (A mistake that I made was to name 2 flags the same.) The structure of each flag is as follows: {{tryharder:xxx}}. The xxx in the example could be a single digit or up to 4 digits. Below is a network diagram of the setup which may or may not be accurate. The virtual machine represents the firewall in the network diagram below. A total of 7 docker images/containers launch each time the virtual machine loads. You are able to download this file from my Google Drive at this link. The file is 2.7GB compressed with 7-zip. The file is a compressed OVF exported virtual machine from VMWorkstation 14. After importing the virtual machine, the first time that it loads will take upwards of 15 minutes due to building the environment and decompressing the docker images. After the first time you load the virtual machine it will be quicker due to only having to load the docker images into containers. |
1194A465B839602CFAA9C06DA6F1071C |
FFEFA2283D48C98BAACE90FB1ED93C1AA464C925 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Replay: 1 |
10 Dec 2018 |
c0rruptedb1t |
Replay |
2.5 GB |
https://download.vulnhub.com/replay/Replay_CTF.ova |
Replay is a sequel to Bob my first CTF. What sort of terrible redneck netsec engineering has Bob done now? |
Your Goal is to get root and read /flag.txt Note: There are three difficulties Hard: No Changelog.txt, no hex editor Mid: Read Changelog.txt, no hex editor Easy: Anything goes |
217E18ABFFEEE1DDB817C7AC77430B6C |
E89C937094F0817B139529B21608C871020497C8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Raven: 2 |
9 Nov 2018 |
William McCann |
Raven |
765 MB |
https://download.vulnhub.com/raven/Raven2.ova |
Raven 2 is an intermediate level boot2root VM. There are four flags to capture. After multiple breaches, Raven Security has taken extra steps to harden their web server to prevent hackers from getting in. Can you still breach Raven? |
|
00AEF24C4524650724124F5827E4F757 |
B671E6788C02EAC577D45525DC4413B74F1BB2F1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: eric |
9 Dec 2018 |
Daniel Solstad |
SP |
501 MB |
https://download.vulnhub.com/sp/eric-v1.0.0.7z |
Eric is trying to reach out on the Internet, but is he following best practice? |
Flags - /root/flag.txt - /home/eric/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Beginner Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Doesn’t always get an IP address nicely with DHCP. |
C17D4AA800EBDD540D3A710AF978BACF |
694121663C4050574C7914BBAB30602CE6FF155A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| digitalworld.local: DEVELOPMENT |
28 Dec 2018 |
Donavan |
digitalworld.local |
2.7 GB |
https://download.vulnhub.com/digitalworld/devt-improved.7z |
This machine reminds us of a DEVELOPMENT environment: misconfigurations rule the roost. This is designed for OSCP practice, and the original version of the machine was used for a CTF. It is now revived, and made slightly more nefarious than the original. |
If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Development is (#1): different from production, (#2): a mess of code, (#3): under construction. Note: Some users report the box may seem to be “unstable” with aggressive scanning. The homepage gives a clue why. Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment. |
673C85EF71F8B9DF5625848BBB4E0AC4 |
FD8AEAE22C7A9F368E6D0A200AB9411A7A2753CA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: christophe (v1.0.2) |
9 Dec 2018 |
Daniel Solstad |
SP |
709 MB |
https://download.vulnhub.com/sp/christophe-v1.0.2.7z |
Christophe is creating a web page for his resistance. Will he succeed? |
Flags - /root/flag.txt - /home/christophe/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Doesn’t always get an IP address nicely with DHCP.## Changelogv1.0.2 = 2019-04-14v1.0.1 = 2019-03-30v1.0.0 = 2018-12-09 |
9ED59A6EAD4F7089520C92DF1074140C |
65D631463489D41B79399F7B4628F71E6DA5F7A2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Gittysburg: 1 |
22 Oct 2018 |
William McCann |
Gittysburg |
3.4 GB |
https://download.vulnhub.com/gittysburg/Gittysburg.ova |
Gittysburg is an intermediate level boot2root vulnerable VM. There are four flags to capture. Will you be able to git root? |
Doesn’t always get an IP address nicely with DHCP. |
C6C50E777AC6D86A739E37745FA6FF5C |
C01646395807763CF8B77488E109908E6A983CA2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: leopold (v1.2) |
21 Sep 2019 |
Daniel Solstad |
SP |
767 MB |
https://download.vulnhub.com/sp/leopold-v1.2.ova |
Leopold is a poor adventurous little Internet user trying to find amusement. |
Flags - /root/flag.txt - /home/leopold/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Beginner/Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Didn’t like to be imported to VMware.## Changelog2019-09-21 ~ v1.22018-12-09 ~ v1 |
A0AE73598D4D47E828E263F9CDAF1742 |
88B7BF2BF6A774F03F4E7A5E71D045871BFA429E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| RootThis: 1 |
5 Dec 2018 |
Fred Wemeijer |
RootThis |
866 MB |
https://download.vulnhub.com/rootthis/RootThis.ova |
N/A |
|
8356CADA7930749D8FD737FA8DE229CB |
7782386B599873689A3F660BD7948D8F0034FD00 |
Virtual Machine (Virtualbox - OVA) |
BSD |
Enabled |
Automatically assign |
| SP: ike (v1.0.1) |
9 Dec 2018 |
Daniel Solstad |
SP |
672 MB |
https://download.vulnhub.com/sp/ike-v1.0.1.7z |
Ike is a servant of something which also starts with “I” and has only three letters. |
Flags - /root/flag.txt - /home/ike/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know.Doesn’t always get an IP address nicely with DHCP.## Changelog- v1.0.1 - 2019-02-02- v1 - 2018-12-09 |
E586C81EA4B01BD0C2561F300D8C1C8E |
AF597A78A7AC3F78B081F728F053DE5AF61B38A8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Matrix: 2 |
21 Dec 2018 |
Ajay Verma |
Matrix |
394 MB |
https://download.vulnhub.com/matrix/matrix2-Unknowndevice64.ova |
Matrix v2.0 is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. |
Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt Networking: Hint: Follow your intuitions … and enumerate! |
700E7735532EC91FF067D76310AD2A99 |
B48D78F4D7423863170E5AA2770D63C23FDEBE93 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SP: jenkins |
9 Dec 2018 |
Daniel Solstad |
SP |
1.3 GB |
https://download.vulnhub.com/sp/jenkins-v1.0.0.7z |
Jenkins will hack you into pieces! Watch out. He usually works alone, but sometimes he tries to work with his imaginary friends. |
Flags - /root/flag.txt - /home/jenkins/flag.txt Tested with VirtualBox DHCP enabled Difficulty: Intermediate Should not be as easy as to just run a MSF module to get root right away, if so please let me know. |
DB0B45141AA4D04B850FAC8193FF911C |
662DD938806256274A1F3F2D5E3DCDA7F2CB30C6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| W34kn3ss: 1 |
14 Aug 2018 |
askar |
W34kn3ss |
865 MB |
https://download.vulnhub.com/w34kn3ss/W34KN3SS.ova |
The matrix is controlling this machine, neo is trying to escape from it and take back the control on it , your goal is to help neo to gain access as a “root” to this machine , through this machine you will need to perform a hard enumration on the target and understand what is the main idea of it , and exploit every possible “weakness” that you can found , also you will be facing some upnormal behaviours during exploiting this machine. |
This machine was made for Jordan’s Top hacker 2018 CTF , we tried to make it simulate a real world attacks “as much as possible” in order to improve your penetration testing skills , also we but a little tricky techniques on it so you can learn more about some unique skills. The machine was tested on vmware (player / workstation) and works without any problems , so we recommend to use VMware to run it , Also works fine using virtualbox. Difficulty: Intermediate , you need to think out of the box and collect all the puzzle pieces in order to get the job done. The machine is already got DHCP enabled , so you will not have any problems with networking. Happy Hacking ! |
10ACFB3E7D3C99EEFB177FDB64E7375B |
53883DCA9631618F7C4248B47D51C0150955DC02 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| RSA: 1 |
14 Aug 2018 |
Fred Wemeijer |
RSA |
227 MB |
https://download.vulnhub.com/rsa/RSAfun2018.ova |
N/A |
|
0808C18EC8A2A44357C7A53F95F993E5 |
8C0E711C803F18C094CE63AA7FF70891E647BFC2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| digitalworld.local: MERCY v2 |
28 Dec 2018 |
Donavan |
digitalworld.local |
1.8GB |
https://download.vulnhub.com/digitalworld/MERCY-v2.zip |
MERCY is a machine dedicated to Offensive Security for the PWK course, and to a great friend of mine who was there to share my sufferance with me. |
MERCY is a name-play on some aspects of the PWK course. It is NOT a hint for the box. If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): Mercy is: (#1): what you always plead for but cannot get, (#2): a dubious machine, (#3): https://www.youtube.com/watch?v=c-5UnMdKg70 Note: Some report a kernel privilege escalation works on this machine. If it does, try harder! There is another vector that you should try! Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment.## ChangelogMERCY v2 - 2018-12-28MERCY v1 - 2018-09-28 |
A61E0381CAA57B06096B4FFAB2875307 |
2CF1BA89616DDCA3AE021440255068D9490BC90C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| XXE Lab: 1 |
8 Aug 2018 |
Haboob Team |
XXE Lab |
1.4 GB |
https://download.vulnhub.com/xxe/XXE.zip |
Haboob Team made this virtual machine regarding the published paper “XML External Entity Injection - Explanation and Exploitation” https://www.exploit-db.com/docs/45374 to exploit the vulnerability in a private network. We hope that you enjoy the challenge! |
The challenge is right here: |
246EE46CD256E269DCEE10336B1963CE |
B903B6C46FAC360C8AE42C311FA6F75464A47966 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pinky's Palace: v4 |
15 Oct 2018 |
Pink_Panther |
Pinky's Palace |
7.4 GB |
https://download.vulnhub.com/pinkyspalace/Pinkys-Palacev4.7z |
Pinky has setup a development environment to develop and test new software. He thinks his dev environment is pretty locked down security wise, what do you think? |
Network (DHCP) Bridged Difficulty for user: Hard/Expert Difficulty for root: Hard/Expert Tested in VirtualBox |
96142459801510153ED2B00888231B97 |
41D61CAEEB3BA7541805ED3EEBEADEB2EA1C76A8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| CTF KFIOFan: 1 |
27 Aug 2018 |
Khaos Farbauti Ibn Oblivion |
CTF KFIOFan |
558 MB |
https://download.vulnhub.com/kfiofan/CTF-KFIOFan.ova |
Description : Two french people want to start the very first fanclub of the youtuber Khaos Farbauti Ibn Oblivion. But they’re not very security aware ! (IMPORTANT NOTE : The whole challenge is in french, including server conf. Which may add to the difficulty if you are non-native or using a non-azerty keyboard) |
Difficulty : Beginner with some little non-usual twists Flag : There are four flags to find, not all of them on the solution path |
5BB96EE05BBAAEA1FB9327698D9CD30F |
86646C0D67D26F25D079434AA1851FFED0D4E5A1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Matrix: 1 |
19 Aug 2018 |
Ajay Verma |
Matrix |
552 MB |
https://download.vulnhub.com/matrix/Machine_Matrix.zip |
Description: Matrix is a medium level boot2root challenge. The OVA has been tested on both VMware and Virtual Box. |
Difficulty: Intermediate Flags: Your Goal is to get root and read /root/flag.txt Networking: DHCP: Enabled IP Address: Automatically assigned Hint: Follow your intuitions … and enumerate! For any questions, feel free to contact me on Twitter: @unknowndevice64 |
9ECF22AD48AFE814A1F68B808DF706A9 |
1A9EBF12AD012FE79E620A34047914F71DF5E711 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Typhoon: 1.02 |
31 Oct 2018 |
PrismaCSI |
Typhoon |
2.4 GB |
https://download.vulnhub.com/typhoon/Typhoon-v1.02.ova |
Typhoon Vulnerable VM |
Typhoon VM contains several vulnerabilities and configuration errors. Typhoon can be used to test vulnerabilities in network services, configuration errors, vulnerable web applications, password cracking attacks, privilege escalation attacks, post exploitation steps, information gathering and DNS attacks. Prisma trainings involve practical use of Typhoon. MD5 (Typhoon-v1.02.ova) = 16e8fef8230343711f1a351a2b4fb695 OS: Linux Author: PrismaCSI Series: Typhoon Format: VM(OVA) DHCP service: Enabled IP address: Automatically assign |
16E8FEF8230343711F1A351A2B4FB695 |
EEE0EFC7CB362CB55E1449D14AD2EC88E797AAFB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| FourAndSix: 2.01 |
28 Oct 2018 |
Fred Wemeijer |
FourAndSix |
447 MB |
https://download.vulnhub.com/fourandsix/FourAndSix2.ova |
Task is to become root and read /root/flag.txt. |
|
A84647510A01387E1B18F298B8CC5F14 |
4FE47B70D38A4DDBFF33D17C1F42BEDB2B3DB557 |
Virtual Machine (Virtualbox - OVA) |
BSD |
Enabled |
Automatically assign |
| Moonraker: 1 |
14 Oct 2018 |
creosote |
Moonraker |
2.4 GB |
https://download.vulnhub.com/moonraker/Moonraker.ova |
You’ve received intelligence of a new Villain investing heavily into Space and Laser Technologies. Although the Villian is unknown we know the motives are ominous and apocalyptic. |
Hack into the Moonraker system and discover who’s behind these menacing plans once and for all. Find and destroy the Villain before it’s too late! – Difficulty: Challenging – Flag is /root/flag.txt – Tested on VMware – DCHP enabled – No extra tools besides what’s on Kali by default – Learning Objectives: Client-side Attacks, NoSQL, RESTful, NodeJS, Linux Enumeration and Google-fu. Thanks to /u/limbernie on Reddit for testing! Good luck and have fun! |
020A93868C223AEA5BB254FBE45D64A7 |
927FBF73DDC1A0CE5D3183CCA49D268361F5B32B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Fowsniff: 1 |
27 Sep 2018 |
berzerk0 |
Fowsniff |
767 MB |
https://download.vulnhub.com/fowsniff/Fowsniff_CTF_ova.7z |
I created this boot2root last year to be hosted on Peerlyst.com It’s beginner level, but requires more than just an exploitdb search or metasploit to run. |
It was created in (and is intended to be used with) VirtualBox, and takes some extra configuration to set up in VMWare. |
01867069CEB2B3B470F85C9F1EC52BC9 |
14F19D24D13BD86591B6BEBC319A9B6827F31BD0 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Raven: 1 |
14 Aug 2018 |
William McCann |
Raven |
1.4 GB |
https://download.vulnhub.com/raven/Raven.ova |
Raven is a Beginner/Intermediate boot2root machine. There are four flags to find and two intended ways of getting root. Built with VMware and tested on Virtual Box. Set up to use NAT networking. |
|
045162F15E6387FF06A41C6D85CA6731 |
199836C80BACFEDAACC86FA8BDA759B5BE5E53EE |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SolidState: 1 |
12 Sep 2018 |
Ch33z_plz |
SolidState |
1.9 GB |
https://download.vulnhub.com/solidstate/SolidState.zip |
It was originally created for HackTheBox |
|
073F821217CA153B35FE74C598F9BF63 |
02F8709513E07EA4F8BDFD6A98C6758237226B31 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| ch4inrulz: 1.0.1 |
31 Jul 2018 |
askar |
ch4inrulz |
577 MB |
https://download.vulnhub.com/ch4inrulz/CH4INRULZ_v1.0.1.ova |
Frank has a small website and he is a smart developer with a normal security background , he always love to follow patterns , your goal is to discover any critical vulnerabilities and gain access to the system , then you need to gain root access in order to capture the root flag. |
This machine was made for Jordan’s Top hacker 2018 CTF , we tried to make it simulate a real world attacks in order to improve your penetration testing skills. The machine was tested on vmware (player / workstation) and works without any problems , so we recommend to use VMware to run it , Also works fine using virtualbox. Difficulty: Intermediate , you need to think out of the box and collect all the puzzle pieces in order to get the job done. The machine is already got DHCP enabled , so you will not have any problems with networking. Happy Hacking ! ## Changelogv1 - 25/07/2018v1.0.1 - 31/07/2018 Fixes DHCP Issue |
472D24353036DC523D82AD923ABA76F5 |
D9427C908FCD3A88FB0E74C6C6C1E05AB3A33D2F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Blacklight: 1 |
8 Jun 2018 |
Carter B |
Blacklight |
1.1 GB |
https://download.vulnhub.com/blacklight/BLACKLIGHT.ova |
N/A |
This works better with VirtualBox rather than VMware |
3914D9120416BFAA3DDC2DA7EDBF26EF |
39CAE32E761E8E0A1C64B62D75AA29B189DE0320 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Node: 1 |
7 Aug 2018 |
Rob |
Node |
1.5 GB |
https://download.vulnhub.com/node/Node.ova |
Description: Node is a medium level boot2root challenge, originally created for HackTheBox. There are two flags to find (user and root flags) and multiple different technologies to play with. The OVA has been tested on both VMware and Virtual Box. |
|
834B7BD03C73DC7B9005F62D7A4E586C |
1A8DF8B6366FAC5F9405B47102F3DC4307863AD1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| WebSploit2018: 1 |
27 Jun 2018 |
c4b3rw0lf |
WebSploit2018 |
1.7GB |
https://download.vulnhub.com/websploit2018/WebSploit2018.7z |
WebSploit2018 is a collection of vulnerable web applications packed in a virtual environment. |
This VM is intended for those who want to: Unpack the VM and run it in your virtualization software. It gets an IP address via DHCP System Login: user:websploit2018 password:websploit2018 Before attacking this VM remotely, you should edit your Penetration Testing machine’s hosts file(IP-websploit2018). Point your browser to http://websploit2018/ Happy WebApp hacking |
69665D15437BF779BA02A6451B73D8F6 |
23F5F818E6EF77ABA04FE4E0C68442D59A3CCF74 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| BSidesTLV: 2018 CTF |
28 Jul 2018 |
Tomer ZaitBSidesTLV CTF Team |
BSidesTLV |
6.4 GB |
https://download.vulnhub.com/bsidestlv2018/BSidesTLV-2018-CTF.ova |
The 2018 BSidesTLV CTF competition brought together over 310 team burning the midnight oil to crack our challenged in a bout that lasted for two weeks! But you can now enjoy the same pain and suffering, using this easy to use, condensed VM that now hosts all our challenges in an easy to digest format. This VM now includes all challenges from the CTF: |
In order to access the challenges you need to: Credentials: CTFd URL: |
2389C3D88B9C420D8E1CA0B88DCB1651 |
D075907EDA45048AEB1F4A126770103FE12ED0C6 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Temple of Doom: 1 |
8 Jun 2018 |
0katz |
Temple of Doom |
2.8 GB |
https://download.vulnhub.com/templeofdoom/temple-of-DOOM-v1.ova |
[+] A CTF created by https://twitter.com/0katz |
[+] Difficulty: Easy/Intermediate [+] Tested in VirtualBox [+] Note: 2 ways to get root! |
24922956EB4C322DA4511021A20F5C2C |
74DB3835835DB2F563E27C84993C15FBA64351EF |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Toppo: 1 |
12 Jul 2018 |
Hadi Mene |
Toppo |
558 MB |
https://download.vulnhub.com/toppo/Toppo.zip |
The Machine isn’t hard to own and don’t require advanced exploitation . |
Level : Beginner DHCP : activated Inside the zip you will find a vmdk file , and I think you will be able to use it with any usual virtualization software ( tested with Virtualbox) . If you have any question : my twitter is @h4d3sw0rm Happy Hacking ! |
D6FDABBB6EE4260BDA9DB7FF438A4B9C |
0A41156E81DCB5631FDC194CAAF1B90773225508 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Lin.Security: 1 |
11 Jul 2018 |
In.security |
Lin.Security |
1.6 GB |
https://download.vulnhub.com/linsecurity/lin.security_v1.0.ova |
Here at in.security we wanted to develop a Linux virtual machine that is based, at the time of writing, on an up-to-date Ubuntu distro (18.04 LTS), but suffers from a number of vulnerabilities that allow a user to escalate to root on the box. This has been designed to help understand how certain built-in applications and services if misconfigured, may be abused by an attacker. |
We have configured the box to simulate real-world vulnerabilities (albeit on a single host) which will help you to perfect your local privilege escalation skills, techniques and toolsets. There are a number challenges which range from fairly easy to intermediate level and we’re excited to see the methods you use to solve them! The image is just under 1.7 GB and can be downloaded using the link above. On opening the OVA file a VM named lin.security will be imported and configured with a NAT adapter, but this can be changed to bridged via the the preferences of your preferred virtualisation platform. To get started you can log onto the host with the credentials: bob/secret |
F1154AE5C62AE78B35FED9AE7233869C |
46096AC3F32D92FA849B3732023D7765EE9128C8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| wakanda: 1 |
5 Aug 2018 |
xMagass |
wakanda |
638 MB |
https://download.vulnhub.com/wakanda/wakanda-1.ova |
A new Vibranium market will soon be online in the dark net. Your goal, get your hands on the root file containing the exact location of the mine. |
Intermediate level Flags: There are three flags (flag1.txt, flag2.txt, root.txt) Hint: Follow your intuitions … and enumerate! For any questions, feel free to contact me on Twitter: xMagass Happy Hacking! |
37357504835EAF14E276F5EE90DD8807 |
347667B69BEC293048DCC95AA8FA548E2FBF2827 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Rotating Fortress: 1.0.1 |
30 Jul 2018 |
c0rruptedb1t |
Rotating Fortress |
2.2 GB |
https://download.vulnhub.com/rotatingfortress/rotating_fortress_v1.0.1.ova |
Difficulty: Intermediate/Hard |
Rotating Fortress has been serveral months in the making and has a unique feature that sets it apart from other vms Zeus the admin of the server is retiring from Project: Rotating Fortress, but he doesn’t want the project to die with his retirment. To find the successor to the project he has created a challenge. Will you be able to get in, rotate the fortress, escape isolation and reach root? Your Goal is to get root and read /flag.txt Note: This isn’t a short VM and may take several hours to complete.## Changelogv1.0.1 - 30/07/2018v1 - 28/07/2018 |
8BD7158B7D24624F16E39D073B1A7287 |
06C8AADF938BD21B6491522F8FB41C7375DD0626 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Bulldog: 2 |
18 Jul 2018 |
Nick Frichette |
Bulldog |
1.7 GB |
https://download.vulnhub.com/bulldog/Bulldog2.ova |
Three years have passed since Bulldog Industries suffered several data breaches. In that time they have recovered and re-branded as Bulldog.social, an up and coming social media company. Can you take on this new challenge and get root on their production web server? |
This is a Standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you! Difficulty: Intermediate, there are some things you may have never seen before. Think everything through very carefully Made by Nick Frichette (https://frichetten.com) Twitter: @frichette_n I’d highly recommend running this on VirtualBox. Additionally DHCP is enabled so you shouldn’t have any troubles getting it onto your network. It defaults to bridged mode but feel free to change that if you like. |
251CFEC82E29EB9D439DB21EFCD1C921 |
10FFAE636E165F6AA24ED7CA5F5174DBF9521500 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Lampião: 1 |
28 Jul 2018 |
Tiago Tavares |
Lampião |
669 MB |
https://download.vulnhub.com/lampiao/Lampiao.zip |
Would you like to keep hacking in your own lab? |
Try this brand new vulnerable machine! “Lampião 1”. Get root! Level: Easy |
7437D6FB83B63A7E14BB00F9C7A758B9 |
B5CDBF07E78557C19555E26715B99E0DCF2400D5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| WinterMute: 1 |
5 Jul 2018 |
creosote |
WinterMute |
2.4 GB |
https://download.vulnhub.com/wintermute/Wintermute-v1.zip |
A new OSCP style lab involving 2 vulnerable machines, themed after the cyberpunk classic Neuromancer - a must read for any cyber-security enthusiast. This lab makes use of pivoting and post exploitation, which I’ve found other OSCP prep labs seem to lack. The goal is the get root on both machines. All you need is default Kali Linux. |
I’d rate this as Intermediate. No buffer overflows or exploit development - any necessary password cracking can be done with small wordlists. It’s much more related to an OSCP box vs a CTF. I’ve tested it quite a bit, but if you see any issues or need a nudge PM me here. Virtual Box Lab setup instructions are included in the zip download, but here’s a quick brief: Straylight - simulates a public facing server with 2 NICS. Cap this first, then pivot to the final machine. Neuromancer - is within a non-public network with 1 NIC. Your Kali box should ONLY be on the same virtual network as Straylight.This works better with VirtualBox rather than VMware |
4BFABB5021B33C2A4AB7A5DB1F17A9ED |
643D14EDCADA7EEF08C66DBD4CF89AABFD6097A3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Basic Pentesting: 2 |
10 Jul 2018 |
Josiah Pierce |
Basic Pentesting |
1.3 GB |
https://download.vulnhub.com/basicpentesting/basic_pentesting_2.tar.gz |
This is a boot2root VM and is a continuation of the Basic Pentesting series. This series is designed to help newcomers to penetration testing develop pentesting skills and have fun exploring part of the offensive side of security. |
VirtualBox is the recommended platform for this challenge (though it also work with VMware – however, I haven’t tested that). This VM is a moderate step up in difficulty from the first entry in this series. If you’ve solved the first entry and have tried a few other beginner-oriented challenges, this VM should be a good next step. Once again, this challenge contains multiple initial exploitation vectors and privilege escalation vulnerabilities. Your goal is to remotely attack the VM, gain root privileges, and read the flag located at /root/flag.txt. Once you’ve finished, try to find other vectors you might have missed! If you’d like to send me a link to your writeup, enjoyed the VM or have questions or feedback, feel free to contact me at: If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. There were lots of wonderful writeups for Basic Pentesting: 1, and I look forward to reading the writeups for this challenge. |
3863E0E81AA7F2B6BE2713DEF8AD9677 |
8819E9C589F0E3659B5756954AC36F983E46D2D3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pinky's Palace: v3 |
15 May 2018 |
Pink_Panther |
Pinky's Palace |
689 MB |
https://download.vulnhub.com/pinkyspalace/PinkysPalacev3.ova |
N/A |
|
3496701AE9290B642EBD27D5EE0310AC |
5C0B3ED4442DBB3A9CC0F93AF7C7B9CD809FA92D |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| MinU: 1 |
2 May 2018 |
8BitSec |
MinU |
516 MB |
https://download.vulnhub.com/minu/MinUv1.ova.7z |
: MinUv1 |
: 2018-07-10 : 8bitsec : This boot2root is an Ubuntu Based virtual machine and has been tested using VirtualBox. The network interface of the virtual machine will take it’s IP settings from DHCP. Your goal is to capture the flag on /root. : Tested on VirtualBox : Host-Only/DHCP (should work on bridged) : OVA : easy/intermediate : MinUv1.ova.7z : 540MB : cc3d58173a8e9ed3f7606c8d12140a68 : 8409ceb3cd959085c0249eb676af2f384da85466 : Virtual Machine (Virtualbox - OVA) : Linux : Enabled : Automatically assignThis works better with VirtualBox rather than VMware |
CC3D58173A8E9ED3F7606C8D12140A68 |
8409CEB3CD959085C0249EB676AF2F384DA85466 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| BSides Vancouver: 2018 (Workshop) |
21 Mar 2018 |
abatchy |
BSides Vancouver |
1.1 GB |
https://download.vulnhub.com/bsidesvancouver2018/BSides-Vancouver-2018-Workshop.ova |
Boot2root challenges aim to create a safe environment where you can perform real-world penetration testing on an (intentionally) vulnerable target. |
This workshop will provide you with a custom-made VM where the goal is to obtain root level access on it. This is a great chance for people who want to get into pentesting but don’t know where to start. * If this sounds intimidating, don’t worry! During the workshop, we’ll be discussing various methodologies, common pitfalls and useful tools at every step of our pentest. Requirements: |
FC995817DFE08BA08111CF9A8DBAD5FC |
1816EA190D808AD6C7DAFF2C7868FDE0D90F9E2B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Trollcave: 1.2 |
21 Mar 2018 |
David Yates |
Trollcave |
884 MB |
https://download.vulnhub.com/trollcave/trollcave-v1-2.ova |
is a vulnerable VM, in the tradition of |
and in general. You start with a virtual machine which you know nothing about – no usernames, no passwords, just what you can see on the network. In this instance, you’ll see a simple community blogging website with a bunch of users. From this initial point, you enumerate the machine’s running services and general characteristics and devise ways to gain complete control over it by finding and exploiting vulnerabilities and misconfigurations. Your first goal is to abuse the services on the machine to gain unauthorised shell access. Your ultimate goal is to read a text file in the user’s home directory ). This VM is designed to be holistic and fairly down to earth. I wanted to simulate a real attack on a real website rather than just presenting a puzzle box of disparate elements, and I wanted to avoid the more esoteric vulnerable VMisms, like when you have to do signal processing on an MP3 you found to discover a port-knocking sequence. Of course there are always tradeoffs between what’s realistic and what’s optimally fun/challenging, but I’ve tried to keep the challenges grounded. Because this is a VM that you’re downloading, importing and booting, one way to achieve this goal would be to mount the VM’s hard disk. I haven’t encrypted the disk or done anything to prevent this, so if you want to take that route, go ahead. I’m also not offering a prize or anything for completing this VM, so know that it will be entirely pointless. Because this is a VM running a real operating system with real services, there may be ways to get to that I did not intend. Ideally, this should be part of the fun, but if they make the box entirely trivial I’d like to know about and fix them – within reason. As of this release, I’ve installed all the updates available for Ubuntu Server 16.04 LTS, but I cannot and will not attempt to patch this VM against every new Linux kernel exploit that comes out in the future. So there’s a hint – you don’t have to use a kernel exploit to root this box. What you will need is a good HTTP intercepting proxy – I recommend – and a couple of network tools like and . You’ll also need some virtualisation software – will be easiest for most people, but KVM and VMWare should also be able to import the file after a bit of fiddling. Once you’ve imported the VM, put it on the same network as your attacking system ( ) and start hacking! You can grab the file here ( ) (updated 2018-03-19). Let me know .Doesn’t work with VMware.Changelogv1.1 - 19/03/2018v1.2 - 21/03/2018 |
48C974555C34224567D0F8F9DA30ADD2 |
DFD1375DB5D5089CE6E657942F2BADB0A91EB7B3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Gemini Inc: 2 |
29 Apr 2018 |
9emin1 |
Gemini Inc |
2.1 GB |
https://download.vulnhub.com/geminiinc/Gemini-Pentest-v2.zip |
: Gemini Inc v2 |
: 2018-07-10 : 9emin1 : Gemini Inc : I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing. Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing. GeminiInc v2 has been created that replicate a few issues that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well. Adding a little made-up background story to make it more interesting… : Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof. Tweet me your writeup @ https://twitter.com/sec_9emin1 : : : More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/ Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v2-virtual-machine-walkthrough/ The VM has been tested on the following platform and is working: It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go. |
DD8D53A11B76166D75631559ED0353F9 |
5F210DD9A52A701BAB262A9DEF88009B1CA46300 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Jarbas: 1 |
3 Apr 2018 |
Tiago Tavares |
Jarbas |
1.1 GB |
https://download.vulnhub.com/jarbas/Jarbas.zip |
If you want to keep your hacking studies, please try out this machine! |
Jarbas 1.0 – A tribute to a nostalgic Brazilian search engine in the end of 90’s. Objective: Get root shell! |
85A1698DB39908E101317ECD9BCA4322 |
91FC13F42E1E3D470F4C66A0B73B28EC973AE6AC |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| FourAndSix: 1 |
6 May 2018 |
Fred Wemeijer |
FourAndSix |
371 MB |
https://download.vulnhub.com/fourandsix/FourAndSix-vbox.ova |
N/A |
|
70281B234D0BE8CB6A8B5917EDE0F051 |
72680ECDCC844C2676B0A0CFEE3E972A05BCC049 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| GoldenEye: 1 |
4 May 2018 |
creosote |
GoldenEye |
805 MB |
https://download.vulnhub.com/goldeneye/GoldenEye-v1.ova |
I recently got done creating an OSCP type vulnerable machine that’s themed after the great James Bond film (and even better n64 game) GoldenEye. The goal is to get root and capture the secret GoldenEye codes - flag.txt. |
I’d rate it as Intermediate, it has a good variety of techniques needed to get root - no exploit development/buffer overflows. After completing the OSCP I think this would be a great one to practice on, plus there’s a hint of CTF flavor. I’ve created and validated on VMware and VirtualBox. You won’t need any extra tools other than what’s on Kali by default. Will need to be setup as Host-Only, and on VMware you may need to click “retry” if prompted, upon initially starting it up because of formatting.## ChangelogBeta - 2018-05-02v1 - 2018-05-04 |
76C4A898F4BF0D9071C6B7E0A49D7BA8 |
B2A736B84A013B5FAB7F8C016C1D29D26F3A6D23 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Android4: 1 |
4 Apr 2018 |
Touhid Shaikh |
Android4 |
815 MB |
https://download.vulnhub.com/android4/Android4.ova |
Name : Android4 |
OS : Android v4.4 Description : This is my Second booT2Root CTF VM…I hope you enjoy it. if you run into any issue you can find me on Twitter: @touhidshaikh22 Flag : /data/root/ (in this Directory) Level: Beginner. Contact: Touhid M.Shaikh aka Agent22 <- Feel Free to write mail Website: http://www.touhidshaikh.com Try harder!: If you are confused or frustrated don’t forget that enumeration is the key! Feedback: This is my Second boot2root - CTF VM. please give me feedback ( ) Tested: This VM was tested with: Virtual Box 5.X Walkthrough : https://www.youtube.com/channel/UC7lxfIwNnSIE7ei9O2K8ZKw (Walkthrough playlist) Networking: DHCP service: Enabled IP address: Automatically assign |
12427B60675486FDE168DFA3D266C0F7 |
E9146B9434EF4ED81C41BD0B305151E39C2AC678 |
Virtual Machine (Virtualbox - OVA) |
Android |
Enabled |
Automatically assign |
| billu: b0x 2 |
10 Jun 2018 |
Manish Kishan Tanwar |
billu |
2.8 GB |
https://download.vulnhub.com/billu/billu-b0x2.7z |
Machine Name: - Billi_b0x 2 |
Author Name: - Manish Kishan Tanwar (@indishell1046) ========= This Virtual machine is using ubuntu (32 bit) Other packages used: - PHP Apache MySQL Apache tomcat This virtual machine is having intermediate to medium difficulty level. One need to break into VM using web application and from there escalate privileges to gain root access. Gaining low or root privilege shell can be done in two ways (for both) |
C5D27EBE699636CA115113BB974B1973 |
AEF0FE02A769F509E921AFE5D87720DAA00D88EA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Nineveh: v0.3 |
20 Feb 2018 |
Yas3r |
Nineveh |
857 MB |
https://download.vulnhub.com/hackthebox/NinevehV0.3.ova |
It was a part of HackTheBox platform. |
Static IP of: 192.168.0.150 |
41A16F158A1930BB1301771576CE5141 |
5BCDE16B7DF9C8A0391525D0D263D7143775FE8C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.0.150 |
| W1R3S: 1.0.1 |
5 Feb 2018 |
SpecterWires |
W1R3S |
3.6 GB |
https://download.vulnhub.com/w1r3s/w1r3s.v1.0.1.zip |
You have been hired to do a penetration test on the W1R3S.inc individual server and report all findings. They have asked you to gain root access and find the flag (located in /root directory). |
Difficulty to get a low privileged shell: Beginner/Intermediate Difficulty to get privilege escalation: Beginner/Intermediate About: This is a vulnerable Ubuntu box giving you somewhat of a real world scenario and reminds me of the OSCP labs. If you need any hints, pointers or have questions feel free to email me: specterinthewires at gmail dot com Virtual Machine: VMware Workstation## Changelogv1.0.0 - 05/02/2018v1.0.1 - 08/03/2018 |
E5C0405762CF90D8175F7287350D6B03 |
E6ABE85FA8212500A5DCE2BFC9D6611846F9ABF6 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| USV: 2017 |
17 Dec 2017 |
Suceava University |
USV |
900 MB |
https://download.vulnhub.com/usv-2017/ctf-usv_2017_qualifications.ova |
: Beginner/Intermediate |
: This is the VM used in the online qualifications phase of the CTF-USF 2017 (Capture the Flag - Suceava University) contest which addresses to universities students. The VM was created by Oana Stoian (@gusu_oana) and Teodor Lupan (@theologu) from Safetech Innovations, the technical partner of the contest. : The CTF is a virtual machine and has been tested in Virtual Box. The network interface of the virtual machine will take it’s IP settings from DHCP. : There are 5 flags that should be discovered in form of: Country_name Flag: [md5 hash]. In CTF platform of the CTF-USV competition there was a hint available for each flag, but accessing it would imply a penalty. If you need any of those hints to solve the challenge, send me a message on Twitter @gusu_oana and I will be glad to help. The countries that should be tracked for flags are: Croatia, France, Italy, Laos, Phillippines |
AB13E07721B094C61AFB81593E2193F7 |
7DE9EB172ACE1CE491106E6BBEC90BB72B2F2D5A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pinky's Palace: v2 |
18 Mar 2018 |
Pink_Panther |
Pinky's Palace |
1.1 GB |
https://download.vulnhub.com/pinkyspalace/Pinkys-Palace2.zip |
: A realistic Boot2Root. Gain access to the system and read the /root/root.txt |
: Only works in VMware : Bridged/DHCP : Tweeeeeeter @Pink_P4nther : OVF : easy/intermediate : intermediate/hard : Wordpress will not render correctly. You will need to alter your host file with the IP shown on the console: |
6FA469C3930D3731804912776019CDC2 |
30449669776FF319ABB3C0E37D7059F9B37EE3D2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DerpNStink: 1 |
9 Feb 2018 |
Bryan Smith |
DerpNStink |
1.8 GB |
https://download.vulnhub.com/derpnstink/VulnHub2018_DeRPnStiNK.ova |
Beginner |
Mr. Derp and Uncle Stinky are two system administrators who are starting their own company, DerpNStink. Instead of hiring qualified professionals to build up their IT landscape, they decided to hack together their own system which is almost ready to go live… This is a boot2root Ubuntu based virtual machine. It was tested on VMware Fusion and VMware Workstation12 using DHCP settings for its network interface. It was designed to model some of the earlier machines I encountered during my OSCP labs also with a few minor curve-balls but nothing too fancy. Stick to your classic hacking methodology and enumerate all the things! Your goal is to remotely attack the VM and find all 4 flags eventually leading you to full root access. Don’t forget to #tryharder Example: flag1(AB0BFD73DAAEC7912DCDCA1BA0BA3D05). Do not waste time decrypting the hash in the flag as it has no value in the challenge other than an identifier. Hit me up if you enjoy this VM! Twitter: @securekomodo Email: |
949E2F8A7D63FABDC55C675C95EFE022 |
6D46A5C68FF93467921DA74B58B6FE8C914AE9FC |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Gemini Inc: 1 |
9 Jan 2018 |
9emin1 |
Gemini Inc |
3.1 GB |
https://download.vulnhub.com/geminiinc/Gemini-Pentest-v1.zip |
Name: Gemini Inc v1 |
Date release: 2018-01-09 Author: 9emin1 Series: Gemini Inc I have decided to create vulnerable machines that replicate the vulnerabilities and difficulties I’ve personally encountered during my last year (2017) of penetration testing. Some of the vulnerabilities require the “Think out of the box (fun)” mentality and some are just plain annoyance difficulties that require some form of automation to ease the testing. GeminiInc v1 has been created that replicate an issue that I’ve encountered which was really interesting and fun to tackle, I hope it will be fun for you guys as well. Adding a little made-up background story to make it more interesting… Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has a web application that is meant for employees to export their profile to a PDF. Identify any vulnerabilities possible with the goal of complete system compromise with root privilege. To demonstrate the level of access obtained, please provide the content of flag.txt located in the root directory as proof. Tweet me your writeup @ https://twitter.com/sec_9emin1 Filename: Gemini-Pentest-v1.zip File size: 3283684247 SHA 1: 47ca8fb27b9a4b59aa6c85b8b1fe4df564c19a1e Format: Virtual Machine (VMWare) Operating System: Debian DHCP Service : Enabled IP Address: Automatically Assigned More information can be obtained from my blog post on this vulnerable machine: https://scriptkidd1e.wordpress.com/ Intended solution will be provided some time after this has been published: https://scriptkidd1e.wordpress.com/geminiinc-v1-vm-walkthrough/ The VM has been tested on the following platform and is working: It should work with any virtual machine player as well. It will be able to obtain an I.P Address with DHCP so no additional configuration is required. Simply import the downloaded VM and you are good to go. |
7D43FB4087F9D0311957E47722B4E029 |
47CA8FB27B9A4B59AA6C85B8B1FE4DF564C19A1E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pinky's Palace: v1 |
6 Mar 2018 |
Pink_Panther |
Pinky's Palace |
646 MB |
https://download.vulnhub.com/pinkyspalace/Pinkys-Palace.ova |
Box Info: Tested on VirtualBox using DHCP Host-only & Bridged Adapter types. |
File Type: OVA Pinky is creating his very own website! He has began setting up services and some simple web applications A realistic Boot2Root box. Gain access to the system and read the root.txt. Difficulty to get user: Easy/Intermediate Difficulty to get root: Easy/Intermediate If you need a hint or have a question contact me on twitter: @Pink_P4ntherThis works better with VirtualBox rather than VMware |
E107B510F36A1B1ED7AA457D47BEE8D9 |
D8B0D5763AE75733CF4F26495A51C16145DFE781 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Damn Vulnerable ARM Router (DVAR): tinysploitARM |
13 Jan 2018 |
Saumil Shah |
Damn Vulnerable ARM Router (DVAR) |
47MB |
https://download.vulnhub.com/dvar/tinysploitARM.zip |
DVAR is an emulated Linux based ARM router running a vulnerable web server that you can sharpen your ARM stack overflow skills with. |
DVAR runs in the tinysploitARM VMWare VM under a fully emulated QEMU ARM router image. Simply extract the ZIP file and launch the VM via tinysploitARM.vmx. After starting up, the VM’s IP address and default URL shall be displayed on the console. Using your host computer’s browser, navigate to the URL and follow the instructions and clues. The virtual network adapter is set to NAT mode. Your goal is to write a working stack overflow exploit for the web server running on the DVAR tinysploitARM target. SHA256: 1f2bdd9ae4e44443dbb4bf9062300f1991c47f609426a1d679b8dcd17abb384c DVAR started as an optional preparatory exercise for the ARM IoT Exploit Lab. RECON Brussels 2018 (4 day) January 29-Feb 1 https://recon.cx/2018/brussels/training/trainingexploitlab.html Offensivecon Berlin 2018 (4 day) February 12-15 https://www.offensivecon.org/trainings/2018/the-arm-iot-exploit-laboratory-saumil-shah.html Cansecwest Vancouver 2018 (4 day) March 10-13 https://cansecwest.com/dojos/2018/exploitlab.html SyScan360 Singapore 2018 (4 day) March 18-21 https://www.coseinc.com/syscan360/index.php/syscan360/details/SYS1842#regBox If you are new to the world of ARM exploitation, I highly recommend Azeria’s excellent tutorials on ARM Assembly, ARM Shellcode and the basics of ARM exploitation. https://azeria-labs.com/ Twitter: @Fox0x01 And these are three general purpose concepts oriented tutorials that every systems enthusiast must know: Operating Systems - A Primer: http://www.slideshare.net/saumilshah/operating-systems-a-primer How Functions Work: http://www.slideshare.net/saumilshah/how-functions-work-7776073 Introduction to Debuggers: http://www.slideshare.net/saumilshah/introduction-to-debuggers http://blog.exploitlab.net/ Saumil Shah @therealsaumil |
B688FD60876680CF489CFB5DE49A5BA2 |
5403106687717748AC44CB0E5DEC2C73A366E995 |
Virtual Machine (Virtualbox - OVA) |
ARM |
Enabled |
Automatically assign |
| ARM Lab: 1 |
17 Nov 2017 |
Azeria |
ARM Lab |
4.7 GB |
https://download.vulnhub.com/azeria/Azeria-Lab-v1.7z |
Let’s say you got curious about ARM assembly or exploitation and want to write your first assembly scripts or solve some ARM challenges. For that you either need an Arm device (e.g. Raspberry Pi), or you set up your lab environment in a VM for quick access. |
This page contains 3 levels of lab setup laziness. If you have the time and nerves to set up the lab environment yourself, I’d recommend doing it. You might get stuck, but you might also learn a lot in the process. Knowing how to emulate things with QEMU also enables you to choose what ARM version you want to emulate in case you want to practice on a specific processor. . Welcome on laziness level 1. I see you don’t have time to struggle through various linux and QEMU errors, or maybe you’ve tried setting it up yourself but some random error occurred and after spending hours trying to fix it, you’ve had enough. Don’t worry, here’s a solution: (aka creator of GEF) released ready-to-play Qemu images for architectures like ARM, MIPS, PowerPC, SPARC, AARCH64, etc. to play with. All you need is . Then download the link to your image, and unzip the archive. Let me guess, you don’t want to bother with any of this and just want a ready-made Ubuntu VM with all QEMU stuff setup and ready-to-play. Very well. The first Azeria-Labs VM is ready. It’s a naked Ubuntu VM containing an emulated ARMv6l. This VM is also for those of you who tried emulating ARM with QEMU but got stuck for inexplicable linux reasons. I understand the struggle, trust me. Download here: : azerialabs I’ve included a Lab VM Starter Guide and set it as the background image of the VM. It explains how to start up QEMU, how to write your first assembly program, how to assemble and disassemble, and some debugging basics. Enjoy! |
C0EA2F16179CF813D26628DC792C5DE6 |
1BB1ABF3C277E0FD06AF0AECFEDF7289730657F2 |
Virtual Machine (Virtualbox - OVA) |
ARM |
Enabled |
Automatically assign |
| Bob: 1.0.1 |
9 Mar 2018 |
c0rruptedb1t |
Bob |
1.7 GB |
https://download.vulnhub.com/bob/Bob_v1.0.1.ova |
Difficulty: Beginner/Intermediate |
Bob is my first CTF VM that I have ever made so be easy on me if it’s not perfect. The Milburg Highschool Server has just been attacked, the IT staff have taken down their windows server and are now setting up a linux server running Debian. Could there a few weak points in the new unfinished server? Your Goal is to get the flag in / Hints: Remember to look for hidden info/files## Changelogv1.0 ~ 2018-03-07v1.0.1 ~ 2018-03-09 |
0A4FA396B6852E7187F29BDBC4293155 |
2C37E8860F8E47D3341BAF0DCE46B4DFEBED68BD |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| JIS-CTF: VulnUpload |
8 Mar 2018 |
Mohammad Khreesha |
JIS-CTF |
1.3GB |
https://download.vulnhub.com/jisctf/JIS-CTF-VulnUpload-CTF01.ova |
VM Name: JIS-CTF : VulnUpload |
Difficulty: Beginner Description: There are five flags on this machine. Try to find them. It takes 1.5 hour on average to find all flags.This works better with VirtualBox rather than VMware |
254C357D31D42B3C45DE4D9C13879557 |
20250FA44C65F9422605D66C3D7989AC96455808 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| BlackMarket: 1 |
28 Feb 2018 |
AcEb0mb3R |
BlackMarket |
965 MB |
https://download.vulnhub.com/blackmarket/BlackMarket.zip |
BlackMarket |
BlackMarket VM presented at Brisbane SecTalks BNE0x1B (28th Session) which is focused on students and other InfoSec Professional. This VM has total 6 flag and one r00t flag. Each Flag leads to another Flag and flag format is flag{blahblah}. Shoutout to @RobertWinkel and @dooktwit for hosting at SecTalk Brisbane If you get stuck in rabbit hole and need hints hit me up on twitter. Have fun! Beginner/Intermediate Learn about how to enumerate your target and join dots in order to pwn this VM. VMware Player VirtualBox DHCP Enabled AcEb0mb3R Twitter: @Acebomber911 |
74A48C517B7BB8C7728CF3851E456475 |
665BFA5A4934C528AB98C5B4F7CB4030CCF2F7AE |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Bulldog: 1 |
28 Aug 2017 |
Nick Frichette |
Bulldog |
761 MB |
https://download.vulnhub.com/bulldog/bulldog.ova |
Bulldog Industries recently had its website defaced and owned by the malicious German Shepherd Hack Team. Could this mean there are more vulnerabilities to exploit? Why don’t you find out? |
This is a standard Boot-to-Root. Your only goal is to get into the root directory and see the congratulatory message, how you do it is up to you! Difficulty: Beginner/Intermediate, if you get stuck, try to figure out all the different ways you can interact with the system. That’s my only hint Made by Nick Frichette (frichetten.com) Twitter: @frichette_n I’d highly recommend running this on Virtualbox, I had some issues getting it to work in VMware. Additionally DHCP is enabled so you shouldn’t have any troubles getting it onto your network. It defaults to bridged mode, but feel free to change that if you like. |
7073036C6A749714FDEFB47E0E2BF9AA |
CC4C750C1BB547A35F21EF1D66EB51B0ED9B83AE |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Homeless: 1 |
6 Dec 2017 |
Creatigon |
Homeless |
508 MB |
https://download.vulnhub.com/homeless/Homeless.zip |
I’m really interesting about security, love to learn new technologies and play CTF sometime. I’ve been enjoying creating hacking challenges for the security community. This is my first Challenge of boot2root, I was created some web challenge and solved others.I hope you will get some knowledges about my challenge. Thanks u Laiwon . I love you. |
Difficulty level to get limited shell: Intermediate or advanced Difficulty level for privilege escalation: Depend on You. You will be required to break into target server,exploit and root the machine, and retrieve the flag. The flag will contain more information about my private info… This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, If you got big stuck, Try with Password start with “sec*” with nice wordlist. Ok… Try Harder!.. ~Happy Hacking!.. |
0B4C730F5C7C607DDE8C7040AB9FAFF2 |
990BD58F2993AC57A3526DDA425EA554F4DD5C07 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| zico2: 1 |
19 Jun 2017 |
Rafael |
zico2 |
828 MB |
https://download.vulnhub.com/zico/zico2.ova |
Zico’s Shop: A Boot2Root Machine intended to simulate a real world cenario |
Disclaimer: By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. TL;DR - You are about to load up a virtual machine with vulnerabilities. If something bad happens, it’s not my fault. Level: Intermediate Goal: Get root and read the flag file Description: Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea? Hint: Enumerate, enumerate, and enumerate! Thanks to: VulnHub Author: Rafael (@rafasantos5)Doesn’t work with VMware. Virtualbox only. |
19A5D894D32270875BA6565583BB750B |
75FA4171A28B4B6F7CEB2EBA1B47A46EA97418E5 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Xtreme Vulnerable Web Application (XVWA): 1 |
23 Aug 2017 |
Sanoop Thomas & Samandeep Singh |
Xtreme Vulnerable Web Application (XVWA) |
528MB |
https://download.vulnhub.com/xvwa/xvwa.iso |
XVWA is a badly coded web application written in PHP/MySQL that helps security enthusiasts to learn application security. It’s not advisable to host this application online as it is designed to be “Xtremely Vulnerable”. We recommend hosting this application in local/controlled environment and sharpening your application security ninja skills with any tools of your own choice. It’s totally legal to break or hack into this. The idea is to evangelize web application security to the community in possibly the easiest and fundamental way. Learn and acquire these skills for good purpose. How you use these skills and knowledge base is not our responsibility. |
XVWA is designed to understand following security issues. |
0A15DF7E0054E5EDA720BBD62E09CFBA |
4CAD85825491BBBDAEC80E26AC641608E9839316 |
Virtual Machine (VMware) |
Unix |
Enabled |
Automatically assign |
| RickdiculouslyEasy: 1 |
21 Sep 2017 |
Luke |
RickdiculouslyEasy |
761 MB |
https://download.vulnhub.com/rickdiculouslyeasy/RickdiculouslyEasy.zip |
This is a fedora server vm, created with virtualbox. |
It is a very simple Rick and Morty themed boot to root. There are 130 points worth of flags available (each flag has its points recorded with it), you should also get root. It’s designed to be a beginner ctf, if you’re new to pen testing, check it out! |
18D572461E1A5B28E77EE9D0439116FA |
CC6C387C91AB62FAE687DF96AE5C02FF9AAC3B6C |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| g0rmint: 1 |
3 Nov 2017 |
Noman Riffat |
g0rmint |
835 MB |
https://download.vulnhub.com/g0rmint/g0rmint.zip |
It is based on a real world scenario I faced while testing for a client’s site. Dedicated to Aunty g0rmint who is fed up of this government (g0rmint). |
Does anyone need to know about that Aunty to root the CTF? No The CTF is tested on Vmware and working well as expected. Difficulty level to get limited shell: Intermediate or advanced Difficulty level for privilege escalation: No idea Give me feed back @nomanriffat |
0BA9B712CCB45398B67996B750EC7097 |
8EAE24B977946FD70B0B0C2DEDE434B2235F480C |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| The Ether: EvilScience (v1.0.1) |
30 Oct 2017 |
f1re_w1re |
The Ether |
2.6 GB |
https://download.vulnhub.com/theether/theEther_1.0.1.zip |
Lately, I’ve been enjoying creating hacking challenges for the security community. This new challenge encapsulates a company, entitled – The Ether, who has proclaimed an elixir that considerably alters human welfare. The CDC has become suspicious of this group due to the nature of the product they are developing. |
The goal is to find out what The Ether is up to. You will be required to break into their server, root the machine, and retrieve the flag. The flag will contain more information about The Ether’s ominous operations regarding this medicine. This challenge is not for beginners. There is a relevant file on this machine that plays an important role in the challenge, do not waste your time trying to de-obfuscate the file, I say this to keep you on track. This challenge is designed test you on multiple areas and it’s not for the feint of heart! Whatever you do, do not give up! Exhaust all of your options! Looking forward to have OSCPs take this challenge. As always, good luck, have fun, God bless, and may the s0urce be with you.## Changelogv1.0.1 - 30/10/2017v1.0.0 - 26/10/2017 |
6C9C8AF9C57CD61E4DB9280D92557181 |
7947C93BD7AD47B6412F180393D9BD966F4E5DD7 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Cyberry: 1 |
9 Dec 2017 |
Cyberry |
Cyberry |
1.9 GB |
https://download.vulnhub.com/cyberry/cyberry.ova |
The boot2root is a Debian virtual machine and has been fully tested using VMWare Workstation 12. The network interface of the virtual machine will take it’s IP settings from DHCP. |
Beginner to Intermediate. Cyberry are eagerly anticipating the release of their new “Berrypedia” website, a life-long project which offers knowledge and insight into all things Berry! The challenge is to get root. Rooting this box will require a wide variety of skills and techniques, and you may find that there is more than one way to achieve this. Whilst the boot2root itself can technically be completed offline, you will almost certainly require some form of internet access (Search engine) at your disposal to move forward past some of the challenges. If you get completely stuck please tweet us @cyberrysec for a hint. We really look forward to reading the walkthroughs on vulnhub of how you achieved root |
BFD418D911893DD7872C4A53986301A4 |
6446D59801056C82F91147F1845BE6D1FAAD05F3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Vulnerable Docker: 1 |
27 Sep 2017 |
NotSoSecure |
Vulnerable Docker |
717 MB |
https://download.vulnhub.com/vulnerabledocker/vulnerable_docker_containement.ova |
Ever fantasized about playing with docker misconfigurations, privilege escalation, etc. within a container? |
Download this VM, pull out your pentest hats and get started We have 2 Modes: - HARD: This would require you to combine your docker skills as well as your pen-testing skills to achieve host compromise. - EASY: Relatively easier path, knowing docker would be enough to compromise the machine and gain root on the host machines. We have planted 3 flag files across the various machines / systems that are available to you. Your mission if you choose to accept would be as following: |
329E2B9677751C6F0AA78D8ED840796C |
3B9D5D610972C9FC564F928ACADA2A3C1EE01D39 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Basic Pentesting: 1 |
8 Dec 2017 |
Josiah Pierce |
Basic Pentesting |
2.6 GB |
https://download.vulnhub.com/basicpentesting/basic_pentesting_1.ova |
This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally. |
This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right. Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed! If you enjoyed the VM or have questions, feel free to contact me at: If you finished the VM, please also consider posting a writeup! Writeups help you internalize what you worked on and help anyone else who might be struggling or wants to see someone else’s process. I look forward to reading them! |
D1FB9419D73D26AB0C88D8DDB7C10A02 |
F207A5CED5369A4BA29971B932B8C683C4AA14C2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: S2-052 |
15 Sep 2017 |
Pentester Lab |
Pentester Lab |
95MB |
https://download.vulnhub.com/pentesterlab/s2-052.iso |
This exercise covers the exploitation of the Struts S2-052 vulnerability |
|
5857D27D60E95CFC2976C6293B7D8DAF |
632454542DA283E4D8A688ED7D8DADDCA769FBFA |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Depth: 1 |
27 Oct 2017 |
Dan Lawson |
Depth |
1.2 GB |
https://download.vulnhub.com/depth/DepthB2R.ova |
Many times while conducting a pentest, I need to script something up to make my life easier or to quickly test an attack idea or vector. Recently I came across an interesting command injection vector on a web application sitting on a client’s internet-facing estate. There was a page, running in Java, that allowed me to type arbitrary commands into a form, and have it execute them. While developer-provided webshells are always nice, there were a few caveats. The page was expecting directory listing style output, which was then parsed and reformatted. If the output didn’t match this parsing, no output to me. Additionally, there was no egress. ICMP, and all TCP/UDP ports including DNS were blocked outbound. |
I was still able to leverage the command injection to compromise not just the server, but the entire infrastructure it was running on. After the dust settled, the critical report was made, and the vulnerability was closed, I thought the entire attack path was kind of fun, and decided to share how I went about it. Since I enjoy being a free man and only occasionally visit prisons, I’ve created a simple boot2root style VM that has a similar set of vulnerabilities to use in a walkthrough. |
47975764E3A6AAD07749C35072C1B025 |
6516163F84ACDDD846981C94262EC3538A18970E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Game of Thrones CTF: 1 |
8 Sep 2017 |
OscarAkaElvis |
Game of Thrones CTF |
2.4GB |
https://download.vulnhub.com/gameofthrones/Game-of-Thrones-CTF-1.0.ova |
: |
Get the 7 kingdom flags and the 4 extra content flags (3 secret flags + final battle flag). There are 11 in total. : : : |
EE5D6C1F8DFBBF95D51B9BE354BC3504 |
4672EEFA5714D45889F2C982344B4D8F94C915E3 |
Virtual Machine (VMware) |
Unix |
Enabled |
Automatically assign |
| Dina: 1.0.1 |
17 Oct 2017 |
Touhid Shaikh |
Dina |
1.1 GB |
https://download.vulnhub.com/dina/Dina-1-0-1.ova |
Welcome to Dina 1.0.1 |
This is my first Boot2Root - CTF VM. I hope you enjoy it. if you run into any issue you can find me on Twitter: @touhidshaikh22 : touhidshaikh22 at gmaill.com <- Feel Free to write mail : http://www.touhidshaikh.com : /root/flag.txt : Beginner (IF YOU STUCK ANYwhere PM me for HINT, But I don’t think need any help). : https://drive.google.com/file/d/0B1qWCgvhnTXgNUF6Rlp0c3Rlb0k/view : If you are confused or frustrated don’t forget that enumeration is the key! : This is my first boot2root - CTF Virtual Machine, please give me feedback on how to improve! : This VM was tested with: : DHCP service: Enabled :Doesn’t work with VMware. Virtualbox only.v1 - 10/07/2017v1.0.1 - 17/10/2017 |
17D1FD065BD8167E8F82ECD142714284 |
EEEDE57F0357BBEEFCBDD8506DF9388BCB55AA0E |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Born2Root: 1 |
10 Jun 2017 |
Hadi Mene |
Born2Root |
803MB |
https://download.vulnhub.com/born2root/born2root.ova |
When you see the ascii text that mean Born2Root’s CTF challenge Is UP |
I hope you will enjoy it !!Doesn’t work with VMware. Virtualbox only. |
AF6C96E11FF099A87D421A22809FB1FD |
16B330787070F98C85D7F7D94FDB9032B970D115 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| BTRSys: v2.1 |
31 Jul 2017 |
ismailonderkaya |
BTRSys |
795 MB |
https://download.vulnhub.com/btrsys/BTRSys2.1.rar |
Machine Name: BTRSys2 |
IP : DHCP Difficulty : Beginner / Intermediate Format : Virtual Machine (VMware) Description : This is a boot2root machine particularly educational for beginners. Follow us for next BTRSys systems. We hope you enjoy it! twitter: btrisk## Changelogv2.0 - 08/June/2017v2.1 - 31/July/2017 |
055AB697E7BA9299D29DFBCB494D4679 |
D0FCB5C8B50EE570AAE5841C3BA73D5FE1F37C48 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| DEFCON Toronto: Galahad |
1 Jun 2017 |
Dolev |
DEFCON Toronto |
1.7 GB |
https://download.vulnhub.com/dc416-2016-1/DC416-Galahad.zip |
Dolev |
One of the VMs used in the online CTF hosted back in September 2016 by Defcon Toronto, slightly modified to suit boot2root challenges. Difficulty: Easy Information: Overall 7 flags to collect, id 0 is the final step. Details: For any issues you can shoot an email to: dolev at dc416.com or DM me @dolevfarhi |
6A779F52E887009A7CA6A1DD6163B84C |
44568A2C5C81A6E8D9D359120A0F376A72C15983 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HackerHouse: BSides London 2017 |
7 Jun 2017 |
Hacker House |
HackerHouse |
478 MB |
https://download.vulnhub.com/hackerhouse/bsidesldn2017.iso |
Hacker House are community sponsors at this year’s BSides London 2017 and, to celebrate, we have an exploit challenge for you. A key date in the UK security scene, it offers an alternative technical conference for the hackers and tech geeks to share war stories and learn. We are providing a challenge lab designed especially for the conference that attendees can sink disassemblers into. If you aren’t at the event, you can also hack along at home, but remember that prizes for solutions can only be claimed at our stand during the event! The challenge is provided in ISO format which you can boot in VirtualBox or any similar virtualisation software, heck you can even run it on an ATM if you like, but this is unsupported. If you solve our little brain teasing conundrums and beat the system to get root, the first three successful solutions presented to us at our stand can claim one of our awesome hoodies, check them out in our shop! This challenge is open to individuals, but if you do decide to team up, then let us know as only one prize can be claimed per solution. We are also giving several t-shirts away during the raffle so make sure you get your tickets! |
Our challenge will test your elite hacking skills and requires web application, reverse engineering, cryptography and exploit abilities. It shouldn’t take the competent skilled hacker too much time, but if you do struggle then watch our social media feeds during the event for some tips to this adventure. You should run the challenge in Host-Only networking mode and on successful boot you will be presented with a console, similar to the one shown at the end of this post. You should solve the challenge from a network perspective, only solutions using this route will be accepted for prizes (unless they are really cool!). The goal of the challenge is to hack the ISO, level up your skills and get root, come and show us how you did it if you want to claim your prize! If you are struggling with the configuration of our challenge, you can check out our training course free module, which details steps for configuring a similar lab. You can find details and upcoming dates of our training here. Happy hacking and remember sharing is caring so post (tweet us @myhackerhouse!) or email a solution and let us know about it after the event. We will share links to the best of them on this blog! May the force be with you, young padawan, and remember that hacking isn’t just a skill – it’s a survival trade. |
A9DE76F91DFAE1347E1FD3A1C4BA6AF6 |
FBA1BCAEDC91A211C0AA80D3A289794A8FEADBB9 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| BTRSys: v1 |
8 Jun 2017 |
ismailonderkaya |
BTRSys |
776 MB |
https://download.vulnhub.com/btrsys/BTRSys1.rar |
Machine Name: BTRSys1 |
IP : DHCP Difficulty : Beginner / Intermediate Format : Virtual Machine (VMware) Description : This is a boot2root machine particularly educational for beginners. Follow us for next BTRSys systems. We hope you enjoy it! |
7C63774B2B4AF9FF7CD9A4CF28EE6363 |
4599A5BD08C226D24DF86DE0851A38BE9E7B32DF |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| /dev/random: k2 |
26 Jul 2017 |
Sagi- |
/dev/random |
958MB |
https://download.vulnhub.com/devrandom/K2.ova |
|
|
5B59F1C23193A7DFE7434811355A5391 |
B4B61E2FE3C81FB81897426DAE6BBD89CBC81247 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| LazySysAdmin: 1 |
20 Sep 2017 |
Togie Mcdogie |
LazySysAdmin |
479 MB |
https://download.vulnhub.com/lazysysadmin/Lazysysadmin.zip |
Name: LazySysAdmin 1.0 |
Author: Togie Mcdogie Twitter: @TogieMcdogie [Description] Difficulty: Beginner - Intermediate Boot2root created out of frustration from failing my first OSCP exam attempt. Aimed at: Special thanks to @RobertWinkel @dooktwit for hosting LazySysAdmin at Sectalks Brisbane BNE0x18 [Lore] LazySysadmin - The story of a lonely and lazy sysadmin who cries himself to sleep [Tested with] [Preffered setup] Host only networking [Hints] [Other] [Checksum] |
96FADD9A1B81594A07898937BC708DC8 |
033449E6B3A2ED9BCDD4D1A6102E348E524CA227 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| C0m80: 1 |
23 Sep 2017 |
3mrgnc3 |
C0m80 |
2.6 GB |
https://download.vulnhub.com/c0m80/C0m80_3mrgnc3_v1.0.ova |
https://3mrgnc3.ninja/2017/09/c0m80/ |
[This is my third public Boot2Root, This one is intended to be quite difficult compared to the last two. But again, that being said, it will depend on you how hard it is The theme with this one is all about ‘enumeration, enumeration, enumeration’, lateral thinking, and how to “combine” vulnerabilities in order to exploit a system. Once you have an IP insert it into your attack system /etc/hosts like this: This VM will probably be different to other challenges you may have come across. With C0m80 You will be required to log in locally in the VirtualBox console window at some point. This, I know, may ‘rile’ some of the purists out there that say you should be able to compromise a boot2root fully remotely over a network. I agree to that in principle, and in this case I had intended to allow vnc or xrdp access. Alas, due to compatibility problems I had to make a compromise in this area in order to get the challenge published sooner rather than later. It should be obvious at what point you need to log in. So when that time comes just pretend you are using remote desktop. ;D Sorry, I hope you can forgive me. Difficult] but depends on you really There is only one goal here. Become God on the system and read the root flag. I Hope You Enjoy It. https://3mrgnc3.ninja/files/C0m80_3mrgnc3_v1.0.ova Please leave feedback and comments below. Including any info on walkthroughs anyone wishes to publish, or bugs people find in the VM Image. Alternatively email me at 3mrgnc3 at techie dot com |
8BC388317D66F07475775C46B01E2AE2 |
C690141E5ED78C1C27D7C6E6F923BE8B4E1B0F30 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| H.A.S.T.E: 1 |
13 Sep 2017 |
f1re_w1re |
H.A.S.T.E |
1.7GB |
https://download.vulnhub.com/haste/HASTEVM.zip |
This vulnerable-by-design box depicts a hacking company known as H.A.S.T.E, or Hackers Attack Specific Targets Expeditiously, capable of bringing down any domains on their hit list. |
I would like to classify this challenge with medium difficulty, requiring some trial and error before a successful takeover can be attained. |
D8F377BE528AAA0F1EC6F9FEA3659588 |
CDBAD978D4D27762C47B055A1717500FD547CDFF |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| covfefe: 1 |
19 Sep 2017 |
Tim Kent |
covfefe |
471 MB |
https://download.vulnhub.com/covfefe/covfefe.ova |
Covfefe is my Debian 9 based B2R VM, originally created as a CTF for SecTalks_BNE. It has three flags. |
It is intended for beginners and requires enumeration then [spoiler]! |
74315076AD526AB3117A59961B599683 |
1A28C6ADC7181F82B3AE1E0A473476600DAC2702 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Super Mario Host: 1.0.1 |
19 Apr 2017 |
mr_h4sh |
Super Mario Host |
3.4 GB |
https://download.vulnhub.com/supermariohost/Super-Mario-Host-v1.0.1.ova |
Intermediate. |
Welcome to Super Mario Host! This VM is meant to be a simulation of a real world case scenario. The goal is to find the 2 flags within the VM. Root is not enough (sorry!) The VM can be exploited in various ways, but remember that Enumeration is the key. The level of the challenge is Intermediate. Thanks to vdbaan, kltdwd, mrb3n and GKNSB for testing. |
5F34371E396F8D8EA3EC1B695B8D9075 |
C810E114BA3F10D962B5724BEBF95AB3C9982A12 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Ew_Skuzzy: 1 |
17 Mar 2017 |
vortexau |
Ew_Skuzzy |
943 MB |
https://download.vulnhub.com/ewskuzzy/Ew_Skuzzy.ova.tgz |
Welcome to ‘Ew Skuzzy!’ - my first CTF VM. |
Level: Intermediate.This works better with VirtualBox rather than VMware |
C7E13C22F03CA00547A3FF8955A5235A |
605497ECA42D73DF475D15808BCA7ACDC18670AC |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Thr0nes CTF: 1 |
16 Mar 2017 |
pax0r |
Thr0nes CTF |
1.9 GB |
https://download.vulnhub.com/thr0nes/thr0nesCTF-02.img |
“Liberamos nuestro CTF creado por y para la old school.” |
We released our CTF created by and for the old school. "Nivel : medio-bajo Tipo de CTF : lineal, una prueba te va llevando a la siguiente. Idioma : Español Plataforma : Raspberry pi 3 Tools para grabar la imagen : o " Level: medium-low Type of CTF: linear, one test takes you to the next. Spanish Language Platform: Raspberry pi 3 Tools to burn the image: or “Descarga la imagen lista para grabar en una sd y montarla en tu raspberry pi, conectala a la corriente y a jugar!” Download the image ready to burn to a SD and mount it on your raspberry pi, plug it into the stream and play! "link de descarga : " Download link : “Espero que os guste. LoRKa” I hope you like it. LoRKa |
7A4FE06B3214A68C90702C0CDD28C4C0 |
8C8ECD44CB51E21DF077FFF37F639523A3E68871 |
Disk Image (.IMG) |
ARM |
Enabled |
Automatically assign |
| MMMLAGOS: 1.1 |
30 May 2017 |
silexsecure |
MMMLAGOS |
1.6 GB |
https://download.vulnhub.com/mmmctf/MMMCTF-v1.1.ova |
MMMLAGOS is a vulnerable ponzing scheme with lot of vulnerabilities , the flags are high tech stenography Flag to be puzzled by player to solve critical challenge |
twitter : @silexsecureThis works better with VirtualBox than VMware.## Changelog03/06/2017 - v1.130/05/2017 - v1.0 |
F2120DFDF623A520D11F130DE056D23A |
FC27E6874A8F4FF8E2A241519E303C361152E03E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Analougepond: 1 |
16 Apr 2017 |
knightmare |
Analougepond |
1.8 GB |
https://download.vulnhub.com/analougepond/analoguepond-0.2b.ova |
Welcome to another boot2root / CTF this one is called Analougepond. The VM is set to grab a DHCP lease on boot. I’ve tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope). |
Since you’re not a Teuchter, I’ll offer some hints to you: Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way. To consider this VM complete, you need to have obtained: Best of luck! If you get stuck, eat some EXTRABACON NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack. Changelog SHA1SUM: D75AA2405E2DFB30C1470358EFD0767A10CF1EB1 analoguepond-0.2b.ova Many thanks to mrB3n, Rand0mByteZ and kevinnz for testing this CTF. A special thank you to g0tmi1k for hosting all these challenges and offering advice. A tip of the hat to mrb3n for his recent assistence.This works better with VirtualBox than VMware. |
8A73E0BD1100B4C0E1C3C9560BA51722 |
D75AA2405E2DFB30C1470358EFD0767A10CF1EB1 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Lab26: 1.1 |
27 Jun 2017 |
Marius |
Lab26 |
1.6 GB |
https://download.vulnhub.com/lab26/Lab26v1.1.zip |
For a while now I’ve been maintaining a VM I with several vulnerable web apps already deployed: |
The VM has Burp Suite free, chromium with a few extensions (including a proxy switcher) and sqlmap. The browser home page contains links to some exercises and walkthroughs. User credentials:## Changelogv1.0 - 23/04/2017v1.1 - 27/06/2017 |
374F0B8D2B9B9E63D20BD3A58C98396C |
58A965BABEAC983DAE7AC4F32D361B74C29A4FA0 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Proteus: 1 |
7 Jun 2017 |
Ivanvza |
Proteus |
779 MB |
https://download.vulnhub.com/proteus/Proteus.ova |
“A bacterium found in the intestines of animals and in the soil.” |
An IT Company implemented a new malware analysis tool for their employees to scan potentially malicious files. This PoC could be a make or break for the company. It is your task to find the bacterium. Goal: Get root, and get flag… This VM was written in a manner that does not require . NB: VMWare might complain about the .ovf specification. If this does come accross your path, click the retry button and all should be well. |
961E676AC235B1F254462784C26A4B93 |
DED378C2584B980D70A53C4EFA3CAE27C25E8B76 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| billu: b0x |
21 Apr 2017 |
Manish Kishan Tanwar |
billu |
518 MB |
https://download.vulnhub.com/billu/Billu_b0x.zip |
This Virtual machine is using ubuntu (32 bit) |
Other packages used: - This virtual machine is having medium difficulty level with tricks. One need to break into VM using web application and from there escalate privileges to gain root access For any query ping me at https://twitter.com/IndiShell1046 Enjoy the machine |
EBCB435522917A67B54274900B37C6AF |
6658256BA68A200BFA3862340EE7DD31DC19BD4E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| d0not5top: 1.2 |
24 Apr 2017 |
3mrgnc3 |
d0not5top |
693 MB |
https://download.vulnhub.com/d0not5top/D0Not5top_3mrgnc3_v1.2.ova |
D0Not5top Boot2Root |
This is my second public Boot2Root, It’s intended to be a little more difficult that the last one I made. That being said, it will depend on you how hard it is It’s filled with a few little things to make the player smile. Again there are a few “Red Herrings”, and enumeration is key. DIFFICULTY ??? CAPTURE THE FLAGS There are 7 flags to collect, designed to get progressively more difficult to obtain DETAILS SUPPORT Any support issues can be directed to ## Changelogv1.0 - 2017-04-08 (Initial release)v1.1 - 2017-04-08 (Typo fix)v1.2 - 2017-04-22 (Removed shortcut) |
DF6F3C4A9B333568F14AA2401788C023 |
416712847D56FD245DCC3E585E1F96E0FBD8CD15 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Moria: 1.1 |
29 Apr 2017 |
abatchy |
Moria |
1.6 GB |
https://download.vulnhub.com/moria/Moria1.1.rar |
|
## Changelog29/04/2017 - v1.120/04/2017 - v1.0 |
2789BCA41A7B8F5CC48E92C635EB83CB |
2789BCA41A7B8F5CC48E92C635EB83CB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DonkeyDocker: 1 |
22 Apr 2017 |
Dennis Herrmann |
DonkeyDocker |
1.2 GB |
https://download.vulnhub.com/donkeydocker/DonkeyDocker_v1.0.zip |
-----BEGIN PGP SIGNED MESSAGE----- |
Hash: SHA512 Welcome to This is my first boot2root - CTF VM. I hope you enjoy it. if you run into any issue you can find me on Twitter: @dhn_ or feel free to write me a mail to: Level: I think the level of this boot2root challange is hard or intermediate. Try harder!: If you are confused or frustrated don’t forget that enumeration is the key! Thanks: Special thanks to @1nternaut for the awesome CTF VM name! Feedback: This is my first boot2root - CTF VM, please give me feedback on how to improve! Tested: This VM was tested with: Networking: DHCP service: Enabled IP address: Automatically assign Looking forward to the write-ups! |
17DBF8C6A05B7AD21DC539F3FB26B6F9 |
35188CBCD76F6ECD2572D10FB0324284BEAA7D27 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| hackfest2016: Orcus |
15 Mar 2017 |
Viper |
hackfest2016 |
2.5 GB |
https://download.vulnhub.com/hackfest2016/Orcus.ova |
Welcome to Orcus |
This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/ Difficulty : Hard Tips: If youre stuck enumerate more! Seriously take each service running on the system and enumerate them more! Goals: This machine is intended to take a lot of enumeration and understanding of Linux system. There are 4 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box 4. There is something on this box that is different from the others from this series (Quaoar and Sedna) find why its different. Feedback: This is my third vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter Special Thanks to madmantm for testing this machine SHA-256 : 79B1D93C60E664D70D8EB3C0CDF1AD98BF2B95036C84F87EEF065FA71C1AE51E |
81D4A6B94B1DE51B09EFB3B621790B26 |
3D4F9BF41A7C3A23914C20FD18BD3A8CC9B2A0A8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Wallaby's: Nightmare (v1.0.2) |
22 Dec 2016 |
Waldo |
Wallaby's |
1.3 GB |
https://download.vulnhub.com/wallabys/wallabysnightmare102.rar |
This is my first boot2root machine. It’s begginer-intermediate level. |
It’s been tested in VBox and VMware and seems to work without issues in both. A tip, anything can be a vector, really think things through here based on how the machine works. Make a wrong move though and some stuff gets moved around and makes the machine more difficult! This is part one in a two part series. I was inspired by several vms I found on vulnhub and added a bit of a twist to the machine. Good luck and I hope you guys enjoy! This is my first CTF/Vulnerable VM ever. I created it both for educational purposes and so people can have a little fun testing their skills in a legal, pentest lab environment. Some notes before you download! This is a Boot2Root machine. The goal is for you to attempt to attempt to gain root privileges in the VM. Do not try to get the root flag through a recovery iso etc, this is essentially cheating! The idea is to get through by pretending this machine is being attacked over a network with no physical access. I themed this machine to make it feel a bit more realistic. You are breaking into a fictional characters server (named Wallaby) and trying to gain root without him noticing, or else the difficulty level will increase if you make the wrong move! Good luck and I hope you guys enjoy!## Changelogv1.0 - 2016-12-22 - First Release.v1.0.1 - 2016-12-29 - VM was made harder with various fixes.v1.0.2 - 2016-12-30 - Removed a left over temp file that could be used as a shortcut. |
1D65299A8E0E95BFFCAAADC87011408A |
B1A8CA03D67B97C603C12C95D65A360CD345D29E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| DC416: 2016 |
5 Dec 2016 |
VulnHub CTF Team |
DC416 |
873 MB |
https://download.vulnhub.com/dc416-2016/dc416-baffle.ova |
These four virtual machines were created by members of the |
for first offline CTF. They have been tested with VirtualBox, and will obtain an IP address via DHCP upon bootup. Difficulty ranges from beginner to intermediate. Each machine has a landing page on port 80 which describes the number of flags it has, along with any additional rules or hints. Enjoy!Dick Dastardly requires a DHCP in a class C range. |
8CB9608EDB8E0145B37520DDBD7D03A1 |
2C970DC7CECC9F19357A32B9647E3F532C14FC78 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackfest2016: Sedna |
14 Mar 2017 |
Viper |
hackfest2016 |
1.3 GB |
https://download.vulnhub.com/hackfest2016/Sedna.ova |
Welcome to Sedna |
This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/ Difficulty : Medium Tips: There are multiple way to root this box, if it should work but doesn’t try to gather more info about why its not working. Goals: This machine is intended to be doable by someone who have some experience in doing machine on vulnhub There are 4 flags on this machine One for a shell One for root access Two for doing post exploitation on Sedna Feedback: This is my second vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter Special Thanks to madmantm for testing this virtual machine SHA-256 : 178306779A86965E0361AA20BA458C71F2C7AEB490F5FD8FAAFAEDAE18E0B0BA |
563E4A1C2D85614E3409434A1246EFD4 |
D4FD0FCA5B0DB0BF0C249B5793D69291A6EF09BB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| USV: 2016 (v1.0.1) |
9 Dec 2016 |
Suceava University |
USV |
1.4 GB |
https://download.vulnhub.com/usv-2016/USV-CTF101.ova |
: Beginner/Intermediate |
Instructions: The CTF is a virtual machine and has been tested in Virtual Box. It has all required drivers if you want it to run on VMware or KVM (virtio). The network interface of the virtual machine will take it`s IP settings from DHCP. : There are 7 flags that should be discovered in form of: Country_name Flag: [md5 hash]. In CTF platform of the CTF-USV competition there was a hint available for each flag, but accessing it would imply a penalty. If you need any of those hints to solve the challenge, send me a message on Twitter @gusu_oana and I will be glad to help. : CTF-USV 2016 was the first International Students Contest in Information Security organized in Romania by Suceava University. Security challenges creation, evaluation of results and building of CTF environment was provided by Safetech Tech Team: Oana Stoian (@gusu_oana), Teodor Lupan (@theologu) and Ionut Georgescu (@ionutge1) SHA1: f401e4e9084f937a674356dd4fa2144e10b8471a If you are having issues with networking in VMware, switch to virtualbox. As long as it says “Success” on the login screen, networking should be okay. Any other errors can be ignored## Change logv1.0 - 09/12/2016v1.0.1 - 02/01/2017 |
7D8A2AD241805461B183D5A72999733F |
2B32F073CE274984C48CADD983CDD66DCAF4BF1E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| pluck: 1 |
11 Mar 2017 |
Ryan Oberto |
pluck |
609 MB |
https://download.vulnhub.com/pluck/pluck.ova.zip |
“Enjoy” — @ryanoberto |
|
91EFB062561BB43145FE8975C5BBDA96 |
4A24F4B98BA50A9B5D6F564DD303CFDEC15F2A8B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| hackfest2016: Quaoar |
13 Mar 2017 |
Viper |
hackfest2016 |
1.3 GB |
https://download.vulnhub.com/hackfest2016/Quaoar.ova |
Welcome to Quaoar |
This is a vulnerable machine i created for the Hackfest 2016 CTF http://hackfest.ca/ Difficulty : Very Easy Tips: Here are the tools you can research to help you to own this machine. nmap dirb / dirbuster / BurpSmartBuster nikto wpscan hydra Your Brain Coffee Google Goals: This machine is intended to be doable by someone who is interested in learning computer security There are 3 flags on this machine 1. Get a shell 2. Get root access 3. There is a post exploitation flag on the box Feedback: This is my first vulnerable machine, please give me feedback on how to improve ! @ViperBlackSkull on Twitter Special Thanks to madmantm for testing SHA-256 DA39EC5E9A82B33BA2C0CD2B1F5E8831E75759C51B3A136D3CB5D8126E2A4753This works better with VirtualBox rather than VMware |
341E9951301200115C6D01D4BDB2F34D |
CEF54D35738CC4D041709EC664D5B8EB0BF9CE79 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| HackDay: Albania |
18 Nov 2016 |
R-73eN |
HackDay |
1.6 GB |
https://download.vulnhub.com/hackday/HackDay-Albania.ova |
This was used in HackDay Albania’s 2016 CTF. |
The level is beginner to intermediate . It uses DHCP.Note: VMware users may have issues with the network interface doing down by default. We recommend (for once!) using Virtualbox. |
183C4563B98E10CB6C82931682F7E90D |
E4875224BD7CB4A4F1F9F79E9D63F1F43DB7654C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Padding Oracle |
9 Dec 2016 |
Pentester Lab |
Pentester Lab |
25 MB |
https://download.vulnhub.com/pentesterlab/padding_oracle.iso |
This course details the exploitation of a weakness in the authentication of a PHP website. The website uses Cipher Block Chaining (CBC) to encrypt information provided by users and use this information to ensure authentication. The application also leaks if the padding is valid when decrypting the information. We will see how this behaviour can impact the authentication and how it can be exploited. |
Source: |
E1CC3F89F8204749F25F3ABEAB6665AB |
C72AF418218F82C07F607E5522C4EF747BCF9AF9 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Breach: 3.0.1 |
10 Mar 2017 |
mrb3n |
Breach |
2.2 GB |
https://download.vulnhub.com/breach/Breach-3.0.1.zip |
Third in a multi-part series, Breach 3.0 is a slightly longer boot2root/CTF challenge which attempts to showcase a few real-world scenarios/vulnerabilities, with plenty of twists and trolls along the way. |
Difficulty: Intermediate, requires some creative thinking and persistence more so than advanced exploitation. The VM is configured to grab a lease via DHCP. A few things: 1) This is the culmination of the series, keep your notes close from the previous 2 challenges, they may come in handy. 2) Remember that recon is an iterative process. Make sure you leave no stone unturned. 3) The VM uses KVM and QEMU for virtualization. It is not necessary to root every host to progress. 4) There are 3 flags throughout, once you reach a flag you have achieved that intended level of access and can move on. These 3 flags are your objectives and it will be clear once you have found each and when it is time to move on. Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as g0blin, Rand0mByteZ, mr_h4sh and vdbaan for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining Vulnhub. If you run into any issues you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub. Looking forward to the write-ups! Enjoy and happy hunting! SHA1: EBB2123E65106F161479F3067C68CFA143CA98D3For the time being, there will not be HTTP download links - only a torrent.v3.0 - 23/02/2017v3.0.1 - 10/03/2017 |
31D031E4699E1A04082655A7EFD18AC7 |
E98C51BF9C54FFDA2120ABDC9CD4927CDC7A4436 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| 64Base: 1.0.1 |
7 Dec 2016 |
3mrgnc3 |
64Base |
1.5 GB |
https://download.vulnhub.com/64base/64Base_3mrgnc3.ova |
This is my very first public Boot2Root, It’s intended to be more of a fun game than a serious hacking challenge. Hopefully anyone interested enough to give it a try will enjoy the story with this one. |
It is based on the StarWars storyline and is designed to . Just be warned, it’s littered with more than a few “Red Herrings” ;D [BEGINNER - INTERMEDIATE] There are 6 flags to collect. Each in the format of flag1{ZXhhbXBsZSBmbGFnCg==} Beat the Empire and steal the plans for the Death Star before its too late. I Hope You Enjoy It.## Changelogv1.0 - 05/12/2016v1.0.1 - 07/12/2016 |
3BA24F70485D82FBBDCAFCF54EB310EA |
2F8981FC3EB8C02D390FBDE5FF1E45087053DFFB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SkyDog: 2016 - Catch Me If You Can |
9 Nov 2016 |
James Bower |
SkyDog |
1.5 GB |
https://download.vulnhub.com/skydog/SkyDogConCTF2016VBoxV10.ova |
: Beginner/Intermediate |
: The CTF is a virtual machine and works best in Virtual Box. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above make sure that USB 2.0 is disabled before booting up the VM. The networking is setup for a Host-Only Adapter by default but you can change this before booting up depending on your networking setup. The Virtual Machine Server is configured for DHCP. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help. The eight flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533 Flag #1 Don’t go Home Frank! There’s a Hex on Your House. Flag #2 Obscurity or Security? Flag #3 Be Careful Agent, Frank Has Been Known to Intercept Traffic Our Traffic. Flag #4 A Good Agent is Hard to Find. Flag #5 The Devil is in the Details - Or is it Dialogue? Either Way, if it’s Simple, Guessable, or Personal it Goes Against Best Practices Flag #6 Where in the World is Frank? Flag #7 Frank Was Caught on Camera Cashing Checks and Yelling - I’m The Fastest Man Alive! Flag #8 Franks Lost His Mind or Maybe it’s His Memory. He’s Locked Himself Inside the Building. Find the Code to Unlock the Door Before He Gets Himself Killed! |
3DBD900E8A3C9D236EBF6459ECCB8220 |
BDE9EE18CC7F4CB6323098BB896FE45AE7CCC901 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Defence Space CTF: 2017 |
12 Mar 2017 |
silexsecure |
Defence Space CTF |
1.4 GB |
https://download.vulnhub.com/defencectf2017/DEFENCESPACECTF-2017.ova |
Defenc Space CTF is our first Iso design to honor our fallen hero in the military who have fought to defend the integrity of our country Nigeria. The story line on the CTF are based on true life happening in Northern Nigeria, however we have adopted code name “Operation Lafia dole” , the cyber component of the operation to make the challenge more exciting to our players to puzzle the challenge. |
Exercise start from simple information gathering which is applicable to both military and cyber based operation to complex infiltration and encryption been used by intelligence agency around the world to pass out secret. The player module uses tools in kali Linux to achieve it result. Other related information is on Open Source Data “goggle it”. It has 7 flags to be captured but so addictive said C.E.O of Silex Secure. Author’s Walkthrough: This works better with VirtualBox rather than VMware |
4433D8F548821FF3776A703724065439 |
AC26DBD76DE8E85C8AE74832DCF42D2990A28DB5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
0.0.0.0 |
| Breach: 1 |
30 Jun 2016 |
mrb3n |
Breach |
1.9 GB |
https://download.vulnhub.com/breach/Breach-1.0.zip |
First in a multi-part series, Breach 1.0 is meant to be beginner to intermediate boot2root/CTF challenge. Solving will take a combination of solid information gathering and persistence. Leave no stone unturned. |
The VM is configured with a static IP address (192.168.110.140) so you will need to configure your host-only adaptor to this subnet. Many thanks to knightmare and rastamouse for testing and providing feedback. Shout-out to g0tmi1k for maintaining #vulnhub and hosting my first challenge. If you run into any issues, you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub. Looking forward to the write-ups, especially any unintended paths to local/root. Note, you may need to use 7zip to extract the ZIP. |
F15490856100B3164D4E6807CFF744C5 |
812D56D6071A1859F03446FEE34532AC6A785414 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.110.140 |
| Teuchter: 0.3 |
3 Nov 2016 |
knightmare |
Teuchter |
905 MB |
https://download.vulnhub.com/teuchter/Teuchter_0.3.ova |
Welcome to another boot2root / CTF this one is called Teuchter. The VM is set to grab a DHCP lease on boot. As with my previous VMs, there is a theme, and you will need to snag the flag in order to complete the challenge. Less hochmagandy and more studying is needed for this one! |
A word of warning: The VM has a small HDD so please set the disk to non persistent so you can always revert. You may need to set the MAC to 00:0C:29:65:D0:A0 too. Hints for you: SHA1SUM: b5a89761b0a0ee9f0c5e1089b2fde9649ba76b3f Teuchter_0.3.ova## Change Logv0.2 - 2016-11-02v0.3 - 2016-11-03 (Fix for VirtualBox users) |
DB91E8EC8F71C190429E1930B5B7FAEA |
B5A89761B0A0EE9F0C5E1089B2FDE9649BA76B3F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Violator: 1 |
4 Jul 2016 |
knightmare |
Violator |
1.1 GB |
https://download.vulnhub.com/violator/violator.ova |
Welcome to another boot2root / CTF this one is called Violator. The VM is set to grab a DHCP lease on boot. As with my previous VMs, there is a theme, and you will need to snag the flag in order to complete the challenge. |
A word of warning: The VM has a small HDD so you can brute force, but please set the disk to non persistent so you can always revert. Some hints for you: SHA1SUM: 47F68241E95E189126E94A38CB4AD461DD58EE88 violator.ova Many thanks to BenR and GKNSB for testing this CTF. Special thanks and shout-outs go to BenR, Rasta_Mouse and g0tmi1k for helping me to learn a lot creating these challenges. |
3C5FC44961C814D2A300779089C2EFF7 |
47F68241E95E189126E94A38CB4AD461DD58EE88 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| IMF: 1 |
30 Oct 2016 |
Geckom |
IMF |
1.6 GB |
https://download.vulnhub.com/imf/IMF.ova |
Welcome to “IMF”, my first Boot2Root virtual machine. IMF is a intelligence agency that you must hack to get all flags and ultimately root. The flags start off easy and get harder as you progress. Each flag contains a hint to the next flag. I hope you enjoy this VM and learn something. |
Difficulty: Beginner/Moderate Can contact me at: geckom at redteamr dot com or on Twitter: @g3ck0m |
9B9201C7E33C850C641055DA2CE0D26E |
E1016E6FB29A5F5A6E83050760F0C8495CE1F716 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Tommy Boy: 1 |
27 Jul 2016 |
Brian Johnson |
Tommy Boy |
1.4 GB |
https://download.vulnhub.com/tommyboy/TommyBoy1dot0.ova |
================= |
HOLY SCHNIKES! Tommy Boy needs your help! The Callahan Auto company has finally entered the world of modern technology and stood up a Web server for their customers to use for ordering brake pads. Unfortunately, the site just went down and the only person with admin credentials is Tom Callahan Sr. - who just passed away! And to make matters worse, the only other guy with knowledge of the server just quit! You’ll need to help Tom Jr., Richard and Michelle get the Web page restored again. Otherwise Callahan Auto will most certainly go out of business ================= The primary objective is to restore a backup copy of the homepage to Callahan Auto’s server. However, to consider the box fully pwned, you’ll need to collect 5 flags strewn about the system, and use the data inside them to unlock one final message. ================= ================= |
E7CBE794995EA7C0344A354F339495D1 |
E26272DB76CA014BA8FD523D8AFC06E2C18F847C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Necromancer: 1 |
6 Jul 2016 |
Xerubus |
The Necromancer |
330 MB |
https://download.vulnhub.com/necromancer/necromancer.ova |
Title: The Necromancer |
File: necromancer.ova md5sum: 6c4cbb7776acac8c3fba27a0c4c8c98f sha1sum: 712d4cfc19199dea92792e64a43ae7ac59b1dd05 Size: 345MB Hypervisor: Created with VirtualBox 5.0.20. Tested with virtualbox and vmware player. Author: @xerubus Test Bunnies: @dooktwit and @RobertWinkel Difficulty: Beginner The Necromancer boot2root box was created for a recent SecTalks Brisbane CTF competition. There are 11 flags to collect on your way to solving the challenging, and the difficulty level is considered as beginner. The end goal is simple… destroy The Necromancer! |
6C4CBB7776ACAC8C3FBA27A0C4C8C98F |
712D4CFC19199DEA92792E64A43AE7AC59B1DD05 |
Virtual Machine (Virtualbox - OVA) |
BSD |
Enabled |
Automatically assign |
| Billy Madison: 1.1 |
14 Sep 2016 |
Brian Johnson |
Billy Madison |
1.6 GB |
https://download.vulnhub.com/billymadison/BillyMadison1dot1.zip |
: do not use host-only mode, as issues have been discovered. Set the Billy Madison VM to “auto-detect” to get a regular DHCP address off your network. |
: Help Billy Madison stop Eric from taking over Madison Hotels! Sneaky Eric Gordon has installed malware on Billy’s computer right before the two of them are set to face off in an academic decathlon. Unless Billy can regain control of his machine and decrypt his 12th grade final project, he will not graduate from high school. Plus, it means Eric wins, and he takes over as head of Madison Hotels! : The primary objective of the VM is to figure out how Eric took over the machine and then undo his changes so you can recover Billy’s 12th grade final project. You will need to root the box to complete this objective. : : :## Changelog2016-09-09 - v1.0 (Initial release)2016-09-14 - v1.1 (Fix for VirtualBox users - Thanks @CRWhiteHat) |
3E284F68E734A717BB87964734863962 |
4C907598C0C522C6D2AA20653699198F15C46009 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
