| The Pentesters: 64-Bit AppSec Primer (Beta) |
1 Jul 2016 |
Austin Wile |
The Pentesters |
1.3 GB |
https://download.vulnhub.com/64bitprimer/64bitprimer.ova |
Here at The Pentesters, we have a passion for application security and all that goes with it. We think that application security is an extremely important part of the field of information security and have, “made it our business” so to speak to provide a means of education into modern-day application security. With modern computing becoming more and more advanced, and the requirements for understanding the functionality and security behind said computing becoming equally as challenging to understand, we figured that perhaps giving a set of challenges dedicated to learning the mere basics of 64 bit appsec would be beneficial to the security community. |
The 64-Bit AppSec Primer consists of 16 challenges, increasingly more difficult than the previous one, dedicated to learning the basics of 64 bit binary exploitation and reverse engineering. The x64 instruction set, as you would expect, has many new instructions, registers, and calling conventions in comparison to the traditional x86 instruction set. Our goal, with this challenge, is to get you inside a debugger with intentionally vulnerable binaries, and get you looking at the inner-workings of a 64 bit binary. Alongside the increasing complexity of the instruction set, is an equally complexity of exploitation, which as a penetration tester and security engineer, will prove useful to understand. The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as: As a bonus, we would like to contribute back to the security community. We are donating the VM to Vulnhub, for all to have, and we are also offering prizes to three people who gives us the most robust and complete write-up for the challenges. In order to qualify for the prizes, you must post your write-up on either your personal blog, or website (your choice), and post a link to http://thepentesters.net/challenge/ along with your username. If you are unable to solve all of the challenges, that is okay, we will still accept your write-up for judging, we still want to see what you completed and how you did it. Here are the prizes: The challenge ends on August 31st, 2016. All write-ups must be submitted by then, whoever has written the best write-up with the most detailed explanations wins. The judging will be done by our pentesting team. Also, I would like to note a couple rules for the reverse engineering challenges. There are a couple challenges that don’t have “flags” but you will know when you have solved those, please note your findings and take screen-shots of them as well. As for the VM, you are to ssh in as user n00b and password n00b where you will find gdb-peda installed for you to make your life easier. The VM gets its IP through DHCP and is set to host-only adapter in VMware, so it should work for you straight out of the box so to speak. That is all I have for you and I hope you enjoy. |
A61B36DAA7ADBCF57E8DD499E82695CB |
26E74509F7C869BB146727BEE85782D3243328F9 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| PwnLab: init |
1 Aug 2016 |
Claor |
PwnLab |
785 MB |
https://download.vulnhub.com/pwnlab/pwnlab_init.ova |
Wellcome to “PwnLab: init”, my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read de flag. |
Can contact me at: or on Twitter: @Chronicoder |
CE8AB26DE76E5883E67D6DE04C0F6E43 |
575F19216A3FA3E377EFE69D5BF715913F294A3B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Mr-Robot: 1 |
28 Jun 2016 |
Leon Johnson |
Mr-Robot |
704MB |
https://download.vulnhub.com/mrrobot/mrRobot.ova |
Based on the show, Mr. Robot. |
This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. The VM isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate. |
BC02C42815EAC4E872D753E1FD12DDC8 |
DC0EB84DA4C62284C688590EE092868CE84A09AB |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| 6Days Lab: 1.1 |
25 Jul 2016 |
CanYouPwn.Me |
6Days Lab |
682 MB |
https://download.vulnhub.com/6daylab/6Days_Lab-v1.0.1.ova |
Boot2root machine for educational purposes |
Our first boot2root machine, execute /flag to complete the game. Try your skills against an environment protected by IDS and sandboxes! “Our product Rashomon IPS is so good, even we use it!” they claim. Hope you enjoy. v1.0 - 2016-07-12 v1.1 - 2016-07-25 |
98DE1E26447B2BFF260DF10441225820 |
C56F6774F51A22571E6F0D7033639AC86DC822C0 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Breach: 2.1 |
15 Aug 2016 |
mrb3n |
Breach |
1.3 GB |
https://download.vulnhub.com/breach/Breach-2_final2.1.zip |
Second in a multi-part series, Breach 2.0 is a boot2root/CTF challenge which attempts to showcase a real-world scenario, with plenty of twists and trolls along the way. |
The VM is configured with a static IP (192.168.110.151) so you’ll need to configure your host only adaptor to this subnet. Sorry! Last one with a static IP A hint: Imagine this as a production environment during a busy work day. Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as rastamouse, twosevenzero and g0blin for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining #vulnhub. VirtualBox users: if the screen goes black on boot once past the grub screen make sure to go to settings —> general, and make sure it says Type: Linux Version: Debian 64bit If you run into any issues, you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub. Looking forward to the write-ups, especially any unintended paths to local/root. Happy hunting! SHA1:D8F33A9234E107CA745A8BEC853448408AD4773F Note: v2.1 fixes a few issues. ## Changelog+ 2016-08-22 - v2.1+ 2016-08-15 - v2.0 |
90E8871E8EB68ADBEB82659FE1F11831 |
069B529B6701FDF9F82840F9918842921FFB7A1E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.110.151 |
| SecTalks: BNE0x02 - Fuku |
9 Oct 2015 |
Robert Winkel |
SecTalks |
2.0GB |
https://download.vulnhub.com/sectalks/Fuku.ova |
Fuku (pronounced “far queue”) CTF is designed to fuck with people. |
[This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the 192.168.56.0/24 range. It only likes having an IP address in that range. Treat the box as if it was on the network. Don’t try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader. There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell. “Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place.” The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 File size: 2GB] Contact @RobertWinkel for more hints. |
F27CB4A2E792805C8B93F99CFA852D69 |
4524CA5DDCE06C09E5EDB4F94802B02476AC7D6F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.56.0 |
| Sidney: 0.2 |
3 Jun 2016 |
knightmare |
Sidney |
921MB |
https://download.vulnhub.com/sidney/Sidney0.2.ova |
Welcome to my third boot2root / CTF this one is called Sidney. The VM is set to grab a DHCP lease on boot. As before, gaining root is not the end of this VM. You will need to snag the flag, and being me, it’s never where they normally live… |
If you are having trouble with the NIC, make sure the adapter is set to use the MAC 00:0C:29:50:14:56 Some hints for you: SHA1SUM: 114ABA151B77A028AA5CFDAE66D3AEC6EAF0751A sidney.ova Many thanks to Rasta_Mouse and GKNSB for testing this CTF. Special thanks and shout-outs go to GKNSB and Rasta_Mouse, hopefully he streams this one live too! Also a shout-out to g0tmi1k for #vulnhub and offering to host my third CTF. |
4725E5ABABA7F840B56C5F4AE67F35CB |
114ABA151B77A028AA5CFDAE66D3AEC6EAF0751A |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Gibson: 0.2 |
15 May 2016 |
knightmare |
Gibson |
642 MB |
https://download.vulnhub.com/gibson/gibson.ova |
Welcome to another boot2root / CTF this one is called Gibson. The VM is set to grab a DHCP lease on boot. It doesn’t matter what your local subnet is, as long as you keep away from the 192.168.122.0/24 subnet. You will see why soon enough… |
Once again, I’ll offer some hints to you: SHA1SUM: Many thanks to g0blin and GKNSB for testing this CTF. Special thanks and shout-outs go to Barrebas and Rasta_Mouse. and g0tmi1k for more advice and offering to host my second CTF. Kudos to g0blin for adivsing on how to use this in Vi Virtual box users can run: |
06464F2A6C5D755CBFB1471D757BB420 |
F4601F62B7011CC6AD403553CB8A9375E43CB0B5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Stapler: 1 |
8 Jun 2016 |
g0tmi1k |
Stapler |
707 MB |
https://download.vulnhub.com/stapler/Stapler.zip |
|
Slides: https://download.vulnhub.com/stapler/slides.pdf |
A30EA8F606102F2F929AAFB198D8B019 |
18165C527DF1EC7B2B80CC82E5BEBE88A9323013 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Droopy: v0.2 |
17 Apr 2016 |
knightmare |
Droopy |
455 MB |
https://download.vulnhub.com/droopy/DroopyCTF.ova |
Welcome to Droopy. This is a beginner’s boot2root/CTF VM. |
The VM is set to grab a DHCP lease on boot. There’s 2 hints I would offer you: 1.) Grab a copy of the rockyou wordlist. 2.) It’s fun to read other people’s email. SHA1SUM: e6862fa5ebc9c2a8e582e77f440510062afe47ba droopyctf.ova Special thanks and shout-outs go to Barrebas and Rasta_Mouse for testing, and g0tmi1k for advice and offering to host my first CTF. |
2961AD42C047F9DC8C0E3D9CAA952696 |
E6862FA5EBC9C2A8E582E77F440510062AFE47BA |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| VulnOS: 2 |
17 May 2016 |
c4b3rw0lf |
VulnOS |
763 MB |
https://download.vulnhub.com/vulnos/VulnOSv2.7z |
Smaller, less chaotic ! |
As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software. NOTE : current keyboard preferences is BE “pentesting is a wide concept” If you have questions, feel free to contact me on dot com Shout out to the Vulnhub Testing team! Hope you enjoy. |
0C84AE77AE3C47F84E8B0F830D3C43B4 |
A77E312E8A3900C9FDA61421C3C9F2FB78F819BD |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SecTalks: BNE0x03 - Simple |
9 Oct 2015 |
Robert Winkel |
SecTalks |
593 MB |
https://download.vulnhub.com/sectalks/Simple.ova |
Simple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal. |
[I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP. https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 File size: 600MB] Contact @RobertWinkel for more hints.Requires VirtualBox Extension Pack. |
6D452F0A658B453706F41A5A694D99A1 |
8E1D16D500E7BBC218D150F8A199B3C14D730B2C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SkyDog: 1 |
2 Nov 2015 |
James Bower |
SkyDog |
580 MB |
https://download.vulnhub.com/skydog/SkyDogCTF.ova |
http://bit.ly/SkyDogConCTF |
The CTF is a virtual machine and works best in Virtual Box. This OVA was created using Virtual Box 4.3.32. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above it is best to disable the USB 2.0 setting before booting up the VM. The networking is setup for a NAT Network but you can change this before booting up depending on your networking setup. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help. The purpose of this CTF is to find all six flags hidden throughout the server by hacking network and system services. This can be achieved without hacking the VM file itself. The six flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533 Flag #1 Home Sweet Home or (A Picture is Worth a Thousand Words) Flag #2 When do Androids Learn to Walk? Flag #3 Who Can You Trust? Flag #4 Who Doesn’t Love a Good Cocktail Party? Flag #5 Another Day at the Office Flag #6 Little Black BoxYou may need to disable the USB device in VirtualBox for it to start up. |
DF6B5201C29C9157B852C383D4760643 |
EA2DCACC68837D3E24DE32C88CD2FC4EE026030F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Seattle: v0.3 |
4 Oct 2016 |
HollyGraceful |
Seattle |
580 MB |
https://download.vulnhub.com/seattle/Seattle-0.0.3.7z |
Graceful’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future. |
The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences. The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function. Currently it’s vulnerable to: Install p7zip to unzip *.7z files on Fedora: Install p7zip to unzip *.7z files on Debian and Ubuntu: Extract the archive: Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD |
0175A804BB4FCBB2F3DC341C0668AFE4 |
41434C47FE48584621EE724A0CD541CDFB71CEC8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SickOs: 1.2 |
27 Apr 2016 |
D4rk |
SickOs |
664 MB |
https://download.vulnhub.com/sickos/sick0s1.2.zip |
|
Need to use VMware. You may have issue with VirtualBox. Possible solution: Open the .ovf file and replace all instances of “ElementName” with “Caption” and replace “vmware.sata.ahci” with “AHCI”. Also removethe .mf file and then import as per normal. |
B013BA76F50C15890554632A40B697BD |
9F45F7C060E15DC6BB93C1CF39EFDD75125E30A0 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SecTalks: BNE0x00 - Minotaur |
9 Oct 2015 |
Robert Winkel |
SecTalks |
676 MB |
https://download.vulnhub.com/sectalks/minotaur_CTF_BNE0x00.ova |
Minotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal. |
[I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly. The VM will assign itself a specific IP address (in the 192.168.56.0/24 range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X. If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a “Host Only” network adapter. You can see the machine from VMWare Workstation by: - Going into Virtual Network Editor and changing the VMnet0 network to “Bridged to: VirtualBox Host-Only Ethernet Adapter”. - Setting your VMWare network adapter to Custom (VMnet0) - If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a 192.168.56.0/24 address. The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 File size: 691MB] Contact @RobertWinkel for more hints. |
5CB751E8A017EB13702377E86D07CA86 |
E2656937662CBB8DE23E92E0D3346A8A0A19C2C2 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Disabled |
192.168.56.0 |
| Milnet: 1 |
1 Jun 2016 |
Warrior |
Milnet |
835MB |
https://download.vulnhub.com/milnet/milnet-1.0-ova.tgz |
Welcome to 1989! |
And welcome to Germany! This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it. This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques! Just a solid and simple advanced persistent threat (admins) So the level is clearly: beginner (as intended). For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM. I made the effort to throw some very basic story/polish into it. Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console! -No, I dont consider finding the VM in your own network a real challenge - If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub! Hope you enjoy this VM! Gonna enjoy reading some writeups and hope you might find other ways then the intended ones! Best Regards WarriorTo convert the VM so it works with Virtualbox:qemu-img convert |
0EFD13A81D071B9350DDA805CFE0F39F |
A5FC8F453BB0E6F9DED7FE2FA280A92E47D0893B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| NETinVM: November 3, 2016 |
3 Nov 2016 |
Carlos Perez & David Perez |
NETinVM |
2.2 GB |
https://download.vulnhub.com/netinvm/netinvm_2016-11-03_vmware.zip |
A tool for teaching and learning about systems, networks and security |
Authors: Carlos Perez & David Perez Date: 2016-11-03 NETinVM is a VMware virtual machine image that provides the user with a complete computer network. For this reason, NETinVM can be used for learning about operating systems, computer networks and system and network security. In addition, since NETinVM is a VMware image, it can be used for demonstrations (i.e. in classrooms) that can be reproduced by students either in a laboratory or on their own laptop and thus, at home, at the library… For these reasons we present NETinVM as an educational tool. NETinVM is a VMware virtual machine image that contains, ready to run, a series of User-mode Linux (UML) virtual machines. When started, the UML virtual machines create a whole computer network; hence the name NETinVM, an acronym for NETwork in Virtual Machine. This virtual network has been called ‘example.net’ and has fully qualified domain names defined for the systems: ‘base.example.net’, ‘fw.example.net’, etc. All of the virtual machines use the Linux operating system. The VMware virtual machine is called ‘base’ and it runs openSUSE 13.2. User-mode Linux machines use Debian 6.0 and they have different names depending on their network location, because they are grouped into three different subnets: corporate, perimeter and external. The subnetworks are named ‘int’ (for internal network), ‘dmz’ (for DMZ or demilitarized zone, usually used as a synonym for perimeter network) and ‘ext’ (for external network). One of the UML machines, ‘fw’, interconnects the three networks ('int, ‘dmz’ and ‘ext’), allowing for communication and packet filtering. The rest of the UML machines have only one network interface, connected to the network they are named after: + UMLs connected to the internal network. + UMLs connected to the perimeter network (DMZ). They are supposed to be bastion nodes. Two preconfigured bastion nodes are provided, each one with its appropriate alias: + ‘dmza’ is aliased as ‘www.example.net’ and it offers HTTP and HTTPS services. + ‘dmzb’ is aliased as ‘ftp.example.net’ and it offers FTP. + UMLs connected to the external network (ie: Internet). Because a picture paints a thousand words, or so they say, the following figure shows NETinVM with all of the virtual machines running inside. All of the elements referenced before are shown in the image with their IP and ethernet addresses. The following rules have been used for assigning addresses: In addition to the computers and networks already described, the figure also shows the real computer where NETinVM runs (‘REAL COMPUTER’) and VMware Player’s typical network interface (‘vmnet8’), which optionally interconnects NETinVM’s networks with the external word. When they boot, all UML virtual machines get their network configuration from ‘base’, which provides DHCP and DNS services to the three NETinVM networks through its interfaces ‘tap0’, ‘tap1’ and ‘tap2’. Routing works as follows: Communication between ‘base’ and any UML machine, in both directions, is direct, without going through ‘fw’. (When the communication is started from a UML machine, the IP address of the interface of ‘base’ in the corresponding network must be used.) This configuration permits access from ‘base’ to all UML machines using SSH independently of the packet filtering configuration at ‘fw’. As an additional consideration, please note that the SNAT configuration in ‘fw’ described above is necessary for responses to outgoing connections to the Internet originating from the internal or perimeter networks to come back through ‘fw’. Otherwise they would be routed directly from ‘base’ to the UML machine through ‘tap1’ or ‘tap2’ without traversing ‘fw’. |
3396D92F07D52471FA65B614086DE396 |
5EFBDEB2AD825BAFB838C8B11978F9ED32A67D8D |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| SmashTheTux: 1.0.1 |
1 Apr 2016 |
CanYouPwn.Me |
SmashTheTux |
616 MB |
https://download.vulnhub.com/smashthetux/SmashTheTux_v1.0.1.7z |
SmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation. This VM consists of 9 challenges, each introducing a different type of vulnerability. SmashTheTux covers basic exploitation of the following weaknesses: |
Credentials => : , : Have fun!SmashTheTux v1.0 (18/03/2016)“It appears that we’ve forgot to set permissions necessary on 0x02, sorry about that Use the root credentials and set the executable file’s ownership to root and then add a suid bit. Sorry for inconvenience.sudo chown root.tux /home/tux/0x02/pwnme && sudo chmod u+s /home/tux/0x02/pwnme…Else get v1.0.1” |
63FEDA288163D9155B1BF84D1C6C2814 |
01DCB1AB85B139A386AD97B41190731509612F59 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SpyderSec: Challenge |
4 Sep 2015 |
SpyderSec |
SpyderSec |
2.4 GB |
https://download.vulnhub.com/spydersec/SpyderSecChallenge.ova |
You are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find the second flag (a text file). Look, read and maybe even listen. You will need to use basic web application recon skills as well as some forensics to find both flags. |
: Intermediate The virtual machine comes in an OVA format, and is a generic 32 bit CentOS Linux build with a single available service (HTTP) where the challenge resides. Feel free to enable bridged networking to have the VM automatically be assigned a DHCP address. This VM has been tested in VMware Workstation 12 Player (choose “Retry” if needed), and VirtualBox 4.3. : f60f497f3f8fda0d0aeccfc84dad8e19ad164f55 Challenge.ova : @SpyderSec |
C3370138A79E68C2F00BDF3A31F7809B |
F60F497F3F8FDA0D0AECCFC84DAD8E19AD164F55 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| The Wall: 1 |
27 Nov 2015 |
Xerubus |
The Wall |
286 MB |
https://download.vulnhub.com/thewall/thewall.ova |
This boot2root box is exclusive to VulnHub. If you have a crack at the challenge, please consider supporting VulnHub for the great work they do for our offsec community. |
In 1965, one of the most influential bands of our times was formed… Pink Floyd. This boot2root box has been created to celebrate 50 years of Pink Floyd’s contribution to the music industry, with each challenge giving the attacker an introduction to each member of the Floyd. You challenge is simple… set your controls for the heart of the sun, get root, and grab the flag! Rock on!This works better with VirtualBox than VMware.Note, there is more to this than port scanning… |
A5E6EBDE160239BCE605CCA8E1CF207D |
A2520E21CF28752FB317F9DDB4143229702BC21B |
Virtual Machine (Virtualbox - OVA) |
BSD |
Enabled |
Automatically assign |
| Lord Of The Root: 1.0.1 |
23 Sep 2015 |
KookSec |
Lord Of The Root |
1.6 GB |
https://download.vulnhub.com/lordoftheroot/LordOfTheRoot_1.0.1.ova |
I created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP. |
This is a boot-to-root machine will not require any guest interaction. There are two designed methods for privilege escalation. If you are having issues with VirtualBox, try the following: Source: https://twitter.com/dooktwit/status/646840273482330112 |
BDDA2E8D966E014FE9301A2FEA81F37C |
98FB6280820278D54EE3D62F2DDAAD27A725934E |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Kevgir: 1 |
15 Feb 2016 |
CanYouPwn.Me |
Kevgir |
1.3 GB |
https://download.vulnhub.com/kevgir/Kevgir-VM.ova |
Kevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that. |
Have fun! Default username:pass => : |
75DAD90BC1B57A166D640B83C7BAA7DC |
38E12F8DC93F519C6F716EAC6BEE1632BC199811 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Csharp: VulnJson |
4 Jan 2016 |
Brandon Perry |
Csharp |
1.9 GB |
https://download.vulnhub.com/csharp/CsharpVulnJson.ova |
The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections. |
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques. If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap. |
D3939E812102368EC34F92C30EA2CBED |
F3FD7B4C043681EFDFE3F6B70964A2B8F2E86FF7 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| FristiLeaks: 1.3 |
14 Dec 2015 |
Ar0xA |
FristiLeaks |
668 MB |
https://download.vulnhub.com/fristileaks/FristiLeaks_1.3.ova |
|
VMware users will need to manually edit the VM’s MAC address to: 08:00:27:A5:A6:76 |
206C9D1C0F29248CB3EC1873A56E4940 |
4AB71D307E6D9AA3CEFE7547DDC1F987D738C596 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| PRIMER: 1.0.1 |
15 Jan 2016 |
Arne Rick |
PRIMER |
640MB |
https://download.vulnhub.com/primer/PRIMER.tar |
1) Run the OVA in a VM and connect to the webserver 2) Have Fun! |
couchsofa morbidick einball sarah I would probably have never finished’, this project without you guys ', mostley For hinting me to Erik Österberg’s Terminal.js 0xBEEF For providing fuel in the form of fudge and premium grilled goods More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn’t find anything like I had in mind. So I wrote my own. This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser. Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what’s going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility. v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824Username: nievePassword: PRIMER |
D0233F6D0FDE41A56925E8FEF29902CA |
5315D9856A1F52E491D65F10417015CB1986C60C |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SickOs: 1.1 |
11 Dec 2015 |
D4rk |
SickOs |
623 MB |
https://download.vulnhub.com/sickos/sick0s1.1.7z |
|
|
396E46897C54DA6DED6604B861C806B7 |
3578A10BA92F860C2F0D8934EC5A9BBFFC4C7859 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Acid: Reloaded |
1 Sep 2015 |
Avinash Kumar Thapa |
Acid |
1006 MB |
https://download.vulnhub.com/acid/Acid-Reloaded.7z |
The named of the Virtual machine is “Acid-Reloaded”. This Virtual Machine contains both network logics and web logics. I have added new concept here and let’s see how many of you think more logically. |
You need to extract the rar and run the vmx using VMplayer . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Escalate the privileges to root user and capture the flag. Once any one able to beat the box then shoot me a mailNote, do not use any local methods - including logging in as the ‘Guest’ user on the guest OS. |
9EF7460E94A59D9F4553B3DA364F82B5 |
5FF8EC8F44394FF9CAB9D3A9670B27DC1054157D |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Csharp: VulnSoap |
4 Jan 2016 |
Brandon Perry |
Csharp |
1.8GB |
https://download.vulnhub.com/csharp/CsharpVulnSoap.ova |
The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections. |
The vulnerable SOAP service is available on http:///Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically. The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques. If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap. |
C4E9BC90C4B25014C99A545B69DDCC3F |
3CDBFA9ABB24F2FC69AA1A556C9A2B4DFA24DA44 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| NullByte: 1 |
1 Aug 2015 |
ly0n |
NullByte |
954 MB |
https://download.vulnhub.com/nullbyte/NullByte.ova.zip |
Codename: NB0x01 |
Download: ly0n.me/nullbyte/NullByte.ova.zip Objetcive: Get to /root/proof.txt and follow the instructions. Level: Basic to intermediate. Description: Boot2root, box will get IP from dhcp, works fine with virtualbox&vmware. Hints: Use your lateral thinking skills, maybe you’ll need to write some code. |
1D38B727B359B38466580839790C428F |
1AA5CC0618EE33B43E5B65ACD0467901898CF53B |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| TopHatSec: Freshly |
18 Feb 2015 |
TopHatSec |
TopHatSec |
863 MB |
https://download.vulnhub.com/tophatsec/Freshly.ova |
The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. |
There are a couple of different ways that you can go with this one. Good luck! Simply download and import the OVA file into virtualbox!You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/. |
7F9B6DEFEF069D44031D1FAE2FDC461A |
D84D70645B35B81B6566577933A610F899D26229 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| TopHatSec: FartKnocker |
6 Mar 2015 |
TopHatSec |
TopHatSec |
593 MB |
https://download.vulnhub.com/tophatsec/FartKnocker.ova |
New VM challenge that should be fun for people trying to get into packet analysis! |
There are several steps to this box. I created it with virtualbox. The VM is built on: Ubuntu 14.04 32 bit If you beat the box then please shoot me an email! Have fun guys! P.S. I got the word “Fart Knocker” from watching beavis and butthead back in the day. Otherwise you kids might not understand You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/. |
0640BEAB0D41BA88FB98337AEDF0E2F9 |
44202E69FAB428EE13039D274037CF8C9DDD6832 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Acid: Server |
15 Aug 2015 |
Avinash Kumar Thapa |
Acid |
1.1 GB |
https://download.vulnhub.com/acid/Acid.rar |
Welcome to the world of Acid. |
Fairy tails uses secret keys to open the magical doors. The named of the Virtual machine is " r". This Virtual Machine is completely . I have added little new concept here and hope people will enjoy solving this.You need to extract the and run the using . The machine has active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Escalate the privileges to root and capture the flag. Once anyone able to beat the machine then please let me know. Twitter: LinkedIn: |
96A4E4D0F9BDCADB4A0011DA1D5ED64F |
C31DA966F12AC18457FBC1BFA2B02ED1DF0E16E3 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Flick: 2 |
20 Aug 2015 |
Leonjza |
Flick |
566 MB |
https://download.vulnhub.com/flick/flickII.zip |
Welcome! |
Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live. You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider. The .apk may be installed on a phone (though I wont be offended if you don’t trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html). Good Luck! $ shasum * e74061c5348fef33d00f5f4f2aee9e921c591129 flick-check-dist.apk e6fbcd5aab5ed95c54d02855fdfbad74587f3db7 flickII-dist.ova Note: Vmware will complain about the OVF specification. Just click retry on the import and everything should be ok! Shouts:Exclusive to VulnHub! |
ED794C697A2F5681DC60DCE14759897F |
2DBC54908862CB5B0D43C613AFB7E5100DA5DE02 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Brainpan: 3 |
27 Jul 2015 |
superkojiman |
Brainpan |
647 MB |
https://download.vulnhub.com/brainpan/brainpan3.zip |
By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. |
TL;DR: If something bad happens, it’s not my fault. Brainpan 3 has been tested and found to work with VMware Player, VMware Fusion, and Virtual Box. Check to make sure Brainpan_III.ova has following checksums so you know your download is intact: MD5 : 170e0d8b26ab721587537fcde69087a0 SHA1: ed9ae53c556a1ce6988b3a54621dd6469c8b8aa5 Import Brainpan_III.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it’s recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks. Get root and get the flag. Exclusive to VulnHub! |
50DCAB37A3767B055E7CB09F06C739FE |
F25EE3545F4B51914660195FF4CF791BD35470C8 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| TopHatSec: ZorZ |
18 Feb 2015 |
TopHatSec |
TopHatSec |
645 MB |
https://download.vulnhub.com/tophatsec/Zorz.ova |
ZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file: |
Welcome to the ZorZ VM Challenge This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/. |
05262CC7348EA21D78AFE97B3894BE96 |
B19F01A69380AB141705921880BBA23DBF26D25F |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| ROP Primer: 0.2 |
13 Jun 2015 |
Bas |
ROP Primer |
598 MB |
https://download.vulnhub.com/rop-primer/rop-primer-v0.2.ova |
Our resident ROP ninja |
recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at . We hope you enjoy it!Exclusive to VulnHub!**Release dates:**v0.1 = 04/03/2015v0.2 = 13/06/2015_Don’t forget to check the web server for more information!_ |
840C75497F54578497A6E44DF2F96047 |
2CB14D78FD1FF7B5A7895447969FDE8CA9C06EF3 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| /dev/random: Pipe |
2 Oct 2015 |
Sagi- |
/dev/random |
572 MB |
https://download.vulnhub.com/devrandom/pipe.ova |
|
|
3D54F3D0DCE62A00B8F152E8C1513E07 |
43688498287762221A3DBAE0F264B9503064DBB4 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| /dev/random: Sleepy |
2 Oct 2015 |
Sagi- |
/dev/random |
699 MB |
https://download.vulnhub.com/devrandom/sleepy.ova |
|
Exclusive to VulnHub!You will need to use your own Windows XP .ISO to create the target in order to attack. You can use any version of Windows to generate the image, but you need to supply it a valid Windows XP CD during the creation stage.Please see https://blog.vulnhub.com/introducing-vulninjector/ for more information.VulnInjector requires .NET framework version 4 or higher to be installed. |
2B8B09800A157E4E912F370F5DA03D5D |
9BA1A0366A53073CF4C7CF5B221313FDE6D1126F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Play XML Entities |
7 Apr 2015 |
Pentester Lab |
Pentester Lab |
295 MB |
https://download.vulnhub.com/pentesterlab/play_xxe.iso |
This exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanism |
|
E25EF4BCF32F0C8A8763410AAB92AFDC |
A2825FE28A6CC30FFE2FA5F1CD6023F3ECC50C4F |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Darknet: 1.0 |
2 May 2015 |
q3rv0 |
Darknet |
328 MB |
https://download.vulnhub.com/darknet/Darknet.rar |
Darknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers. |
As the target gets used will read the file contents /root/flag.txt obviously once climbed the privileges necessary to accomplish the task. The image can be mounted with VirtualBox . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Good luck !. If you want to send in pdf format solucionarios can do so at the following address: s3csignal [at] gmail [dot] comThe hard disk may quickly fill up if you’re using automate tools, making the virtual machine defunct.May have issues importing into VMware. |
1875810592F2F5354486FBFEACBA3A6C |
014B32B2C0E2BEEF09DCE8AA0FFE4111A6E7FA3A |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Underdist: 3 |
29 Nov 2014 |
q3rv0 |
Underdist |
532 MB |
https://download.vulnhub.com/underdist/Underdist-3.zip |
Underc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php). |
Enjoy |
AA672F50EF2FDDAE5B3B6E9B9E7B4655 |
AA672F50EF2FDDAE5B3B6E9B9E7B4655 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Tr0ll: 2 |
24 Oct 2014 |
Maleus |
Tr0ll |
350 Mb |
https://download.vulnhub.com/tr0ll/Tr0ll2.rar |
The next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! |
Difficulty is beginner++ to intermediate. The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address. Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas. If you have issues with the machine, feel free to contact me at @Maleus21 or maleus -Maleus www.overflowsecurity.comTr0ll2.rar = VMware, Tr0ll2_vbox.rar = VirtualBox |
A6E6DDD130AC78EAC2AA1B0BF425C333 |
F7536D74820924B5E3E148E60B7DAFCE25341A27 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| OwlNest: 1.0.2 |
1 Sep 2014 |
Swappage |
OwlNest |
633 MB |
https://download.vulnhub.com/owlnest/OwlNest_v1.0.2.ova |
Welcome to The Owl Nest Owls are lovely but hates you and maybe after this one, you will hate them too. |
Notes from the author: I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players Even if the machine was tested, maybe there are shortcuts to reach the flag… hopefully not Expect some curve balls Special thanks goes to Barrebas for testing the VM SwappageWas used at ESC 2014 CTF |
769455FC71081955FBCBA3BE291E7A6D |
24B3C3BA430223207CF81DABF7D738B3F9238E4D |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pandora's Box: 1 |
4 Jan 2015 |
c0ne |
Pandora's Box |
497 MB |
https://download.vulnhub.com/pandora/pb0x_ova.rar |
|
|
027CD0F768D32D854AA6BF8573A5D742 |
D0897CDC48220B2DB408AB557FD31D81F317DB74 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2014-6271: ShellShock |
25 Sep 2014 |
Pentester Lab |
Pentester Lab |
20 MB |
https://download.vulnhub.com/pentesterlab/cve-2014-6271.iso |
Quickly created an exercise for cve-2014-6271: |
Source: |
1050E29F4A3FC7266FC5888A202F516B |
5F4AF13036F09DDE4A4512198F2A795B471ECC78 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| The Frequency: 1 |
7 Jan 2015 |
strata |
The Frequency |
296 MB |
https://download.vulnhub.com/thefrequency/TheFrequency.ova |
|
Note, you may have issues running this depending on your host hardware.This is due to the guest OS being OpenBSD, and it being a bit more ‘picky’ on what it will run on when its been virtualized. |
F14F49F8F8DDF6752C9FB6F9740ECFA4 |
45798DB52BFED342DC91A05A444434ACA1514698 |
Virtual Machine (Virtualbox - OVA) |
BSD |
Enabled |
Automatically assign |
| The Purge: 1 |
3 Jan 2015 |
strata |
The Purge |
527 MB |
https://download.vulnhub.com/thepurge/ThePurge.ova |
|
|
0F31214DA7CCBA8B91B53764EA2FC09C |
5C357BC7FDCC4F9C7BD4280ECDC375C32310103F |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Persistence: 1 |
7 Sep 2014 |
Sagi- & superkojiman |
Persistence |
553 MB |
https://download.vulnhub.com/persistence/persistence-1.0.tgz |
By using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. |
TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it’s not our fault. Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people: “A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success.” - Calvin Coolidge “Energy and persistence conquer all things.” - Benjamin Franklin “Persistence and resilience only come from having been given the chance to work though difficult problems.” - Gever Tulley Get a root shell and read the contents of /root/flag.txt to complete the challenge! The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors: VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3 Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2014/09/competition-persistence.html |
0C68A77ABD4A9A35BB89340343816089 |
D38FD05178E889FAAC75C39FA5A5B937B8117D60 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Sokar: 1 |
30 Jan 2015 |
Rasta Mouse |
Sokar |
351 MB |
https://download.vulnhub.com/sokar/sokar.tar.gz |
|
Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2015/01/competition-sokar.html |
4FB5A6054E5D1E97D73A4820CC9B6FE4 |
0DDC099FCC50A5F9D2D31EAF3918D3373AECAA33 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Knock-Knock: 1.1 |
12 Oct 2014 |
zer0w1re |
Knock-Knock |
620 MB |
https://download.vulnhub.com/knockknock/knock-knock-1-1.ova |
Pretty much thought of a pretty neat idea I hadn’t seen done before with a VM, and I wanted to turn it into reality! |
Your job is to escalate to root, and find the flag. Since I’ve gotten a few PM’s, remember: There is a difference between “Port Unreachable” and “Host Unreachable”. DHCP is not broken Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing Also, gotta thank barrebas who was able to find a way to make things easier… but of course that is fixed with this update! MD5 – 3b6839a28b4be64bd71598aa374ef4a6 knock-knock-1-1.ova SHA1 – 0ec29d8baad9997fc250bda65a307e0f674e4180 knock-knock-1-1.ova Feel free to hit me up in #vulnhub on freenode – zer0w1re |
3B6839A28B4BE64BD71598AA374EF4A6 |
0EC29D8BAAD9997FC250BDA65A307E0F674E4180 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Kvasir: I |
17 Oct 2014 |
Rasta Mouse |
Kvasir |
1.8 GB |
https://download.vulnhub.com/kvasir/kvasir1.tar |
Kvasir 1 |
Filename: kvasir1.ova MD5: e987e8bbe319db072246ab749912ea91 SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4a Author: Rasta Mouse Testers: Barrebas & OJ Notes to the Player As part of the challenge, Kvasir utilises LXC to provide kernel isolation. When the host VM boots, it takes can take a little bit of time before the containers become available. It is therefore advised to wait 30-60 seconds after the login prompt is presented, before attacking the VM. A few other pointers: |
2ED49BB79F9FB71976B6E8EEC78C7E6D |
9C725DA9FC6013A5EB376AF85F14287DCF18F527 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pegasus: 1 |
16 Dec 2014 |
Knapsy |
Pegasus |
844 MB |
https://download.vulnhub.com/pegasus/pegasus.ova |
Pegasus |
Welcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months. Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag! As with all VMs like this, think outside the box, don’t jump to conclusions too early and “read between the lines” The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as “Host Only” and run it. It should pick up the IP address automatically. Enjoy! |
5046E330FF42E9ADEE0A42B63694CBFE |
F18B7437CA3C96F76A2E1B06F569186B63567DD5 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| SkyTower: 1 |
26 Jun 2014 |
Telspace |
SkyTower |
290 MB |
https://download.vulnhub.com/skytower/SkyTower.zip |
Welcome to SkyTower:1 |
This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach and obtain the “flag”. You will require skills across different facets of system and application vulnerabilities, as well as an understanding of various services and how to attack them. Most of all, your logical thinking and methodical approach to penetration testing will come into play to allow you to successfully attack this system. Try different variations and approaches. You will most likely find that automated tools will not assist you. We encourage you to try it our for yourself first, give yourself plenty of time and then only revert to the Walkthroughs below. Enjoy! Telspace Systems @telspacesystems |
4A3352251DEE384B4E4775CE35201856 |
462801C374CF77F600ED7F4C06D683F230B71748 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Morning Catch: Phishing Industries |
6 Aug 2014 |
Strategic Cyber LLC |
Morning Catch |
1.4 GB |
https://download.vulnhub.com/morningcatch/morningcatch.zip |
Morning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation. |
[On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The other is a vulnerable Windows client-side attack surface. Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment. Your use of Morning Catch starts with the login screen. Boyd Jenius is the Systems Administrator and his password is ‘password’. Login as Boyd to get to the vulnerable Linux desktop. Richard Bourne is Morning Catch’s CEO and his password is also ‘password’. Login as Richard to get to the vulnerable Windows desktop. You can also RDP into the Morning Catch environment. Richard’s desktop includes the Windows’ versions of Firefox, Thunderbird, Java, and putty. Open up Thunderbird to check Richard’s email. You can send a phish to him too. This VM includes a mail server to receive email for users at the morningcatch.ph domain. Open up a terminal and find out the IP address of the VM. Make sure you relay messages through this server. Use email protected] as the address. Are you looking for some attacks to try? Here are a few staples: Spin up a malicious Java Applet and visit it as Richard. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Or, generate an executable with your payload and run it as Richard. I’m sure he won’t mind. Morning Catch’s WINE environment runs post-exploitation payloads, to include Windows Meterpreter and Beacon, without too much trouble. Boyd’s desktop is the vulnerable Linux attack surface. Boyd has the Linux versions of Firefox, Java, and Thunderbird. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Try to ssh to Metasploitable 2 as root and see what happens. Morning Catch also includes RoundCube webmail for all of its users. Use this as a target to clone and harvest passwords from. Morning Catch isn’t a replacement for a vulnerable Windows lab. It’s a safe and freely redistributable target to experiment with phishing and client-side attacks. It’s my hope that this environment will help more people experiment with and understand these attacks better. |
FE3BC7CD22317A40339BDC1375532C9FE5C85243 |
FD8DB0224AD98697F1BF9DB04677219F |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Hell: 1 |
7 Jul 2014 |
Peleus |
Hell |
385 MB |
https://download.vulnhub.com/hell/hell.ova |
Welcome to the challenge. |
This VM is designed to try and entertain the more advanced information security enthusiast. This doesn’t exclude beginners however and I’m sure that a few of you could meet the challenge. There is no ‘one’ focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts! A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place! Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won’t get any, but I’ll feel all warm and fuzzy inside knowing you’re suffering. Enjoy. |
2B79041B5A155D1F5DEEF6CD705387DB |
5C04A633BFB7B8CEDAEA9B655DD272F979E2F8B7 |
|
Linux |
Enabled |
Automatically assign |
| Tr0ll: 1 |
14 Aug 2014 |
Maleus |
Tr0ll |
434 MB |
https://download.vulnhub.com/tr0ll/Tr0ll.rar |
Tr0ll was inspired by the constant trolling of the machines within the OSCP labs. |
The goal is simple, gain root and get Proof.txt from the /root directory. Not for the easily frustrated! Fair warning, there be trolls ahead! Difficulty: Beginner ; Type: boot2root Special thanks to @OS_Eagle11 and @superkojiman for suffering through the testing all the way to root! The machine should pull an IP using DHCP, if you have any problems, contact me for a password to get it to working. Feedback is always appreciated! @maleus21 MD5SUM (Tr0ll.rar): 318fe0b1c0dd4fa0a8dca43edace8b20 |
318FE0B1C0DD4FA0A8DCA43EDACE8B20 |
9C459ED10166ACAB9B7D880414A9B0FDDB51F037 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| xerxes: 2.0.1 |
4 Aug 2014 |
Bas |
xerxes |
576 MB |
https://download.vulnhub.com/xerxes/xerxes2.0.1.tar.gz |
|
## Changelogv2.0.1: 18/08/2014 - Fixes a few typos.v2: 04/08/2014 |
194FFB610792777F1F83F9BA7B90F4C2 |
6514215637A8792A79E65B6037AF0DDF541C25F9 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| LAMPSecurity: CTF7 |
7 Jan 2013 |
madirish2600 |
LAMPSecurity |
709 MB |
https://download.vulnhub.com/lampsecurity/CTF7plusDocs.zip |
This is the latest of several releases that are part of the LAMP Security project. The other exercises can be found under the ‘Capture the Flag’ folder. Note the PDF doesn’t include the target image. Download the CTF7plusDocs.zip to get the target image as well as the documentation (in PDF format). |
|
F5502DBC73D1BF42ED29346CABA8D4A3 |
010722F7AC2D29919C7916BF8DF234D4F2302998 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| LAMPSecurity: CTF8 |
3 Jun 2013 |
madirish2600 |
LAMPSecurity |
953 MB |
https://download.vulnhub.com/lampsecurity/ctf8.zip |
ctf8.zip contains the compressed virtual machine target (ctf8.vmdk) as well as the PDF walk through instructions. |
The latest release fixes some issues with the user cron jobs that check their mail. Earlier versions were prone to memory leaks that would cause the virtualmachine to crash unexpectedly. |
0A785E840CDBF713B6AAF25E4E9F6A25 |
F076CE00EEE8F70CEB0D18D28D0A508CA8DB4B5D |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| CySCA: CySCA2014-in-a-Box |
4 Jun 2014 |
ASD |
CySCA |
367 MB |
https://download.vulnhub.com/cysca/CySCA2014InABox.7z |
CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags. |
To use CySCA2014 in a box virtual machines, players will need to have either Oracle VirtualBox or VMWare Player installed on their machines. Additionally we recommend players have at least 4GB of RAM. If you have less RAM, you can reduce the amount of RAM available to the VM down to 512MB, however it may adversely affect the speed of some of the challenges. |
70309E43FDCBC8180DE7DEC5573B41F4 |
CAFA867EB5A072BE5EE7A23D36165415735B4648 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| SecOS: 1 |
12 May 2014 |
PaulSec |
SecOS |
599 MB |
https://download.vulnhub.com/secos/SecOS-1.tar.gz |
Not too tired after BSides London? Still want to solve challenges? Here is the VM I told about during my talk where you’ll have to practice some of your skills to retrieve the precious flag located here: /root/flag.txt. This VM is an entry-level boot2root and is web based. |
This VM is the first of a series which I’m currently creating where there will be links between all of them. Basically, each machine in the series will rely/depend on each other, so keep the flags for the next VMs. This has been tested on VirtualBox and gets its IP from the DHCP server. Moreover, if you find yourself bruteforcing, you’re doing something wrong. It is not needed and it wasn’t designed to be done this way. Instead, focus on exploiting web bugs! If you have any questions, feel free to ask me on Twitter @PaulWebSec or throw me a mail: paulwebsec(at)gmail(dot)com |
E8C01AB49B98926A37F79E2EA414CFC5 |
F542F7B1DD925D7B21327CAC6524AFAB088CD7ED |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Bot Challenges: LoBOTomy |
5 Jun 2014 |
bwall |
Bot Challenges |
1.5 GB |
https://download.vulnhub.com/botchallenges/LoBOTomy.zip |
I always enjoy creating and releasing vulnerable virtual machines so readers can get a first hand feel of attacking these command and control panels without doing anything illegal. The objective of this vulnerable virtual machine is to get a root shell. The root credentials (for network configuration purposes) are root:password. These credentials are not part of a solution and it is intended that the vulnerable virtual machine be attacked remotely. You can download the LoBOTomy vulnerable virtual machine here. |
|
2E33DD5F37BE9FFE366FF579F5DC2E4D |
B1F04642CA917A154CF921D29C44B958C0988C74 |
|
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Play Session Injection |
14 Jul 2014 |
Pentester Lab |
Pentester Lab |
99 MB |
https://download.vulnhub.com/pentesterlab/play_session_injection.iso |
Beginner |
This exercise covers the exploitation of a session injection in the Play framework |
6B459DD8BBDC10DBA6CB3D3E69B1502F |
619C9F16B54BCB672D9BD9341DB5CC3B2331B040 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Flick: 1 |
8 Aug 2014 |
Leonjza |
Flick |
884 MB |
https://download.vulnhub.com/flick/flick.tar.gz |
|
VMware import will work, after clicking “retry” to relax the ova format.If after the retry VMware crashes, simply run “ovftool --lax flick.ova flick.vmx” to convert the ova to a VMware format and import the resultant vmx. |
FE2AB06A7EF99BC15E1BA3FE0E94890E |
488D6BE83F61F244AFEB40CA5970C7A490E40A51 |
Virtual Machine (Virtualbox - OVA) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2007-1860: mod_jk double-decoding |
17 Apr 2014 |
Pentester Lab |
Pentester Lab |
191 MB |
https://download.vulnhub.com/pentesterlab/cve-2007-1860_i386.iso |
Beginner |
This exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss. |
0A06A7C4521B4B5C842E90F2DE9E4F3C |
F059274CC6E03C7C5CFDDB1E181C1F15EBAF32CF |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| LAMPSecurity: CTF6 |
29 Jun 2009 |
madirish2600 |
LAMPSecurity |
425 MB |
https://download.vulnhub.com/lampsecurity/ctf6.zip |
The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/). |
These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools. |
36208CE8AF7EF9A04541FCD8EF2E8D7A |
ABEE9A3017D576C54A3FBD2E0D6DA10F42332C83 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Introduction to Linux Host Review |
22 Oct 2012 |
Pentester Lab |
Pentester Lab |
184 MB |
https://download.vulnhub.com/pentesterlab/linux_host_review_i386.iso |
Beginner |
This exercice explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog. |
A78AC9FE2B2081370108B23CBE9FCDB0 |
48AAF03CB8F57E2018FEC132A45C276F21EEBF6F |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| LAMPSecurity: CTF5 |
10 May 2009 |
madirish2600 |
LAMPSecurity |
1017 MB |
https://download.vulnhub.com/lampsecurity/ctf5.zip |
This is the fifth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT net |
The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/). These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools. |
159A25442061DB6F82F1B873F04E2375 |
E629F854BB1A823F9611DB5FA720174DE3AE2E69 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: From SQL injection to Shell |
13 Sep 2012 |
Pentester Lab |
Pentester Lab |
169 MB |
https://download.vulnhub.com/pentesterlab/from_sqli_to_shell_i386.iso |
Beginner |
This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system. |
9221158D81B826034B3B8E3D3FC8EC68 |
F1BE03CACE56F7951AC5A91BF43353289BE90813 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Command Injection ISO: 1 |
7 Apr 2014 |
Pentester Academy |
Command Injection ISO |
1.5 GB |
https://download.vulnhub.com/commandinjectioniso/Command_Injection_OS.zip |
We’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 |
All the best!Username: securitytubePassword: 123321 |
35747567C885BC72080F1107D3205A57 |
80FAA5DED0F892DC786D4463DE8694CC82577A61 |
|
Linux |
Enabled |
Automatically assign |
| Pentester Lab: PHP Include And Post Exploitation |
19 Apr 2012 |
Pentester Lab |
Pentester Lab |
172 MB |
https://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation_i386.iso |
Beginner |
This exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks. PHP include Reverse shell with netcat TCP redirection with socat |
A5413A548CF80D56D117C0C3AB47CCCA |
DE23E5B7A92FC69F41851C43B6398CFB092DDA72 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| LAMPSecurity: CTF4 |
10 Mar 2009 |
madirish2600 |
LAMPSecurity |
491 MB |
https://download.vulnhub.com/lampsecurity/ctf4.zip |
Updated to set default runlevel to 3 (no X windows) and fixed DHCP. |
This is the fourth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT net. The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/). These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools. |
8DBE28D5F886BBDE6103317C4B1C195F |
3680FB770282ECDD90168C484E61B635079E6C48 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: From SQL injection to Shell: PostgreSQL edition |
7 Dec 2012 |
Pentester Lab |
Pentester Lab |
161 MB |
https://download.vulnhub.com/pentesterlab/from_sqli_to_shell_pg_edition_i386.iso |
Beginner |
This exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system. If you didn’t go through From SQL injection to shell, you should start there and move to this exercise later. |
D6C1AA6F437ED2D5C0F66CCB2BC896B0 |
A88E1E1217D2D3743F7737BBA7C47CE68125BCC3 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2012-1823: PHP CGI |
29 May 2012 |
Pentester Lab |
Pentester Lab |
172 MB |
https://download.vulnhub.com/pentesterlab/cve-2012-1823.iso |
Beginner |
This exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution. Exploiting CVE-2012-1823 Details on PHP security features |
302299AB1AFDCAB3BB26D88D0D3FF9C4 |
ED9C2E8A778AF226D6908EB560ACF5038B4F88E5 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2012-2661: ActiveRecord SQL injection |
12 Jun 2012 |
Pentester Lab |
Pentester Lab |
330 MB |
https://download.vulnhub.com/pentesterlab/cve-2012-2661_i386.iso |
Advanced |
This exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database. |
45F7408ED83F5C152CEE983134C2343E |
4C4DA9968C1D4C07A462CD1AF48EC350B9B87A57 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Rack Cookies and Commands Injection |
2 Oct 2012 |
Pentester Lab |
Pentester Lab |
317 MB |
https://download.vulnhub.com/pentesterlab/rack_cookies_and_commands_injection_i386.iso |
Intermediate |
After a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution. |
3AB2F16009BFE8F37AA45EDA636E5FE8 |
E5C8DD2C48B608AACF3BAC8F291872092BFBACE2 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability |
7 Dec 2012 |
Pentester Lab |
Pentester Lab |
170 MB |
https://download.vulnhub.com/pentesterlab/cve-2008-1930_i386.iso |
Beginner |
This exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation. |
D5C658FE22878E9EEECDB3AE33EE8B62 |
4890C6595FD2B8B0348CE17D3DD926DA9DC42415 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: CVE-2012-6081: MoinMoin code exec |
24 Apr 2013 |
Pentester Lab |
Pentester Lab |
162 MB |
https://download.vulnhub.com/pentesterlab/cve-2012-6081_i386.iso |
Advanced |
This exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian’s wiki and Python documentation website |
F860AA584C355F5E91E21E2519AB4A74 |
EFA569E0183D5668A163784AD7279BAB38DF4DF9 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: XSS and MySQL FILE |
29 Jan 2014 |
Pentester Lab |
Pentester Lab |
178 MB |
https://download.vulnhub.com/pentesterlab/xss_and_mysql_file_i386.iso |
Beginner |
This exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator’s cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it. |
C9C7A31AB9BF79B82B72B58BB0A3A657 |
8B8D7019194A14DADC16A605D9731A080E9E0C6A |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Web For Pentester |
26 Mar 2013 |
Pentester Lab |
Pentester Lab |
172 MB |
https://download.vulnhub.com/pentesterlab/web_for_pentester_i386.iso |
Beginner |
This exercise is a set of the most common web vulnerabilities:More information: http://web-for-pentester.pentesterlab.com/ |
71F87B676AD51B541AA23EABB95F9A57 |
375080138AC2AD438FA66F0088A16A6D66C1F5A6 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Kioptrix: 2014 (#5) |
6 Apr 2014 |
Kioptrix |
Kioptrix |
787 MB |
https://download.vulnhub.com/kioptrix/kiop2014.tar.bz2 |
|
As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard. Also, before powering on the VM I suggest you . For some oddball reason it doesn’t get its IP (well I do kinda know why but don’t want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go. This was created using ESX 5.0 and tested on Fusion, but shouldn’t be much of a problem on other platforms. Kioptrix VM 2014 download 825Megs MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432 Waist line 32"Works out of the box with VMware workstation 10, player 6, fusion 6(Can edit the vmx file to force a downgrade for an older version - see ‘kiop2014_fix.zip’).Has been known to work with Virtualbox 4.3 or higher…First thing: try setting it to a x64 machine.Then check: http://download.vulnhub.com/kioptrix/kiop2014_fix.zip. |
1F802308F7F9F52A7A0D973FBDA22C0A |
116EB311B91B28731855575A9157043666230432 |
Virtual Machine (VMware) |
BSD |
Enabled |
Automatically assign |
| Exploit-Exercises: Mainsequence (v1) |
29 Jan 2013 |
Exploit-Exercises.com |
Exploit-Exercises |
593 MB |
https://download.vulnhub.com/exploitexercises/exploit-exercises-mainsequence-fabled-scorpion.iso |
The Main Sequence images were used as the Ruxcon 2012 CTF challenge. They covered a variety of situations such as: |
For more information, see here: http://exploit-exercises.com/mainsequence/setup |
CE3F9D113571B4E48B218EEB598862DC |
D8B25DE5CFA599BCBD5C3783759E4113467472FB |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Axis2 Web service and Tomcat Manager |
15 Jan 2013 |
Pentester Lab |
Pentester Lab |
221 MB |
https://download.vulnhub.com/pentesterlab/axis2_and_tomcat_manager_i386.iso |
Intermediate |
This exercice explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution. |
2136A9D0118CAB84B2D1B6CDBAEC01A0 |
40E6FA8F918CA36FCB65E1D2C0156434524D1C01 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| No Exploiting Me: 1 |
2 Sep 2013 |
bwall |
No Exploiting Me |
365 MB |
https://download.vulnhub.com/noexploitingme/NoExploitingMe.vdi.7z |
Vulnerable VM with some focus on NoSQL |
This vulnerable VM is meant to act as a practice virtual machine for security researchers to start looking at identifying and exploiting vulnerabilities in NoSQL, PHP and the underlying OS (Debian). |
6415AA6E4E50FD60C520C705348A881B |
82DE1AF01F9E67F7BE1897E68040CD580A41C270 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: From SQL injection to Shell II |
12 Jun 2013 |
Pentester Lab |
Pentester Lab |
170 MB |
https://download.vulnhub.com/pentesterlab/from_sqli_to_shell_II_i386.iso |
Intermediate |
This exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system. Blind SQL injection exploitation using time-based exploitation Gaining code execution using a PHP webshell |
8434D28A36562B2A2F94B4753036DF7F |
9013F8B035C751D29EE20A704F5E5B65C1856719 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Electronic CodeBook (ECB) |
18 Nov 2013 |
Pentester Lab |
Pentester Lab |
169 MB |
https://download.vulnhub.com/pentesterlab/ecb_i386.iso |
Beginner |
This exercise explains how you can tamper with an encrypted cookies to access another user’s account. |
A7114704FE356B9538DAB4E2274F7981 |
B9CE6932CEB90B1885FB8CF1CDBA2657BB8BB9A3 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Pentester Lab: Web For Pentester II |
15 Jul 2013 |
Pentester Lab |
Pentester Lab |
355 MB |
https://download.vulnhub.com/pentesterlab/web_for_pentester_II_i386.iso |
Beginner |
This exercise is a set of the most common web vulnerabilities: |
048A318B9F4F496BC632E4B89F57832F |
F193A7589A92F178BA0B15880FF12E5819BD800A |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Web Security Dojo: 2 |
26 Jul 2012 |
Maven Security |
Web Security Dojo |
1.4 GB |
https://download.vulnhub.com/websecdojo/Web_Security_Dojo-2.0.ova |
A free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo |
[Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use. The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation. Download Web Security Dojo from http://sourceforge.net/projects/websecuritydojo/files/ . To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox. As of version 1.0 a VMware version is also provided, as well as video install instructions Sponsored by Maven Security Consulting Inc (performing web app security testing & training since 1996). Also, could be you! Web Security Dojo is an open source and fully transparent project, with public build scripts and bug trackers on Sourceforge . Look for Dojo videos on our YouTube channel at http://www.youtube.com/user/MavenSecurity Hack your way to fame and glory 1 with our security challenges posted at Reddit (http://www.reddit.com/r/WebSecChallenges/). 1. Fame and glory not included; void where prohibited by law] |
67312CD0F991F5AA09FBAAFC3D318BD9 |
8A0F5159BCBF9018819836D9B5954AD6486710E5 |
|
Linux |
Enabled |
Automatically assign |
| Bot Challenges: Flipping Bitbot |
20 Aug 2013 |
bwall |
Bot Challenges |
359 MB |
https://download.vulnhub.com/botchallenges/Bitbot.VulnVM-disk1.vmdk.7z |
This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. This is the second of many to come, please feel free to supply feedback so I can make future ones more enjoyable and fulfilling. |
The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine. There are no supplied credentials, and it is intended that the network services on the VM are the attack vectors. If you have questions, feel free to ask in #vulnhub on freenode(I’m bwall on there). You can also ask me on Twitter(@botnet_hunter). You can also email me at bwall(at)ballastsecurity.netThere is an update to ‘bot.py’ that is found on the VM. You can find the updated version, here: https://gist.github.com/bwall/7106245 |
52AC771CE8703D9B35090D8826990118 |
AFF4B8F59ACB2C8C34C7B322C06F1A02 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Bot Challenges: RA1NXing Bots |
7 Jul 2013 |
bwall |
Bot Challenges |
547 MB |
https://download.vulnhub.com/botchallenges/RA1NXing_Bots.zip |
This is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. |
The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine. If you have questions, feel free to ask in #vulnhub on freenode(I’m bwall on there). |
0806DDAE7C34447ED590A5358F33DC70 |
DDF943AC009B73314FEDD55D43D9CBDA6D7784C3 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| HackLAB: VulnVPN |
8 Feb 2013 |
Reboot User |
HackLAB |
1.2 KB |
https://download.vulnhub.com/hacklab/client.7z |
The idea behind VulnVPN is to exploit the VPN service to gain access to the sever and ‘internal’ services. Once you have an internal client address there are a number of ways of gaining root (some easier than others). |
I have created/uploaded the relevant files which can be obtained from the compressed file here. You’ll need to configure Openswan/xd on your system, if you’re using an Ubuntu based Linux variant you can follow the below steps – please note that I’ve used Backtrack 5r3 for all client testing (mentioned as I know it works well): Note: If you change your configuration/IP settings etc you’ll need to reload the relevant configuration files i.e. /etc/init.d/ipsec restart and/or /etc/init.d/xd restart I realise that VPN’s can be very troublesome (setting this challenge up was bad enough), so I have allowed access to auth and ufw logs. These should help highlight issues you may be experiencing and can be found at http://192.168.0.10:81 (note port 81). Please note that hacking this page and associated scripts are not part of the challenge, rather they have been provided for assistance. A useful config reference can also be found here: https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup Architecture: x86 Format: VMware (vmx & vmdk) compatibility with version 4 onwards RAM: 1GB Network: NAT – Static IP 192.168.0.10 (no G/W or DNS configured) Extracted size: 1.57GB Compressed (download size): 368MB – 7zip format – 7zip can be obtained from here Download VulnVPN from -HERE- MD5 Hash of VulnVPN.7z: 9568aa4c94bf0b5809cb0a282fffa5c2 Download Client files from -HERE- MD5 Hash of client.7z: e598887f2e4b18cd415ea747606644f6 As per usual, I shall add a related solutions post shortly. Until then, enjoy Source: |
E598887F2E4B18CD415EA747606644F6 |
B4396A556E8879E4189B504F6B12F6064A2FA91A |
Virtual Machine (Virtualbox - VDI) |
Linux |
Disabled |
192.168.0.10 |
| bWAPP: bee-box (v1.6) |
2 Nov 2014 |
Malik Mesellem |
bWAPP |
1.2 GB |
https://download.vulnhub.com/bwapp/bee-box_v1.6.7z |
|
Training page: http://www.mmeit.be/en/bwapp_training.htmBlog page: http://itsecgames.blogspot.co.uk/2013/07/bee-box-hack-and-deface-bwapp.htmlThe original release of ‘bee-box (v1.3)’ came out on the 2014-April-19, however, there was an issue extracting it: https://twitter.com/MME_IT/status/457980827281158144.Replacement release came out on the 2014-April-21 (same filename). |
305AB48FB11BCFD662B0E2F1771DB1DA |
4D87BC5F105B0372E95BC4623941323AC9EFF525 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| /dev/random: relativity (v1.0.1) |
16 Nov 2013 |
Sagi- |
/dev/random |
612 MB |
https://download.vulnhub.com/devrandom/relativity_1.0.1.zip |
v1.0.1 ~ 2013-11-29 Fixed a few bugs when using VirtualBox (thanks to Bas van den Berg - @barrebas) |
v1.0 ~ 2013-11-16 Public release v0.0 ~ 2013-11-01 Private release - Zacon v0.0 ~ 2013-06-29 Private release - HackFuExclusive to VulnHub!v1.0.1MD5: 0592CAA80495B4A7B3F6CE2DBCEA3776SHA1: 3C3BD6F5FA32EF43AD71CF699FDEE603DBD0913Cv1.0MD5: 3D141EE6A9087A1C2D01078B041B167ASHA1: D1335602963871B1283199EACAA62EAF28ABB17D |
0592CAA80495B4A7B3F6CE2DBCEA3776 |
3C3BD6F5FA32EF43AD71CF699FDEE603DBD0913C |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| xerxes: 1 |
27 Dec 2013 |
Bas |
xerxes |
443 MB |
https://download.vulnhub.com/xerxes/xerxes.tar.gz |
|
Exclusive to VulnHub!** (Private) beta release information **Date: 2013-12-20Size: 434MMD5: 00e656b5cca5131c5606c72ab682b7fbSHA1: 7281e779e134a63f2addeebb81f36573f947ba30 |
22B49B2B8FDE59680197BBD009E174A9 |
63D9DB7444E9B1114D00D4BE633DFC540DAECE9B |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| VulnOS: 1 |
22 Mar 2014 |
c4b3rw0lf |
VulnOS |
1.3 GB |
https://download.vulnhub.com/vulnos/VulnOS.vdi-vbox.7z |
Welcome to VulnOS ! |
This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!! Your goal is to get root and find all the vulnerabilities inside the OS ! It is a ubuntu server 10.04 LTS (that’s been made very buggy!!!) DO NOT USE This Box in a production environment!!! It’s a VM thas has been made with Virtualbox 4.3.8 - so it’s in the .vdi format. Networking : This box has been made with bridged networking and uses DHCP to get an IP address (was 192.168.1.66 when I built it). So it is best to share the attack OS and the TARGET BOX to IP-Range OF 192.168.1.1/24 Maybe you could set it up with m0n0wall and setup static IP-addresses. If you cannot find the target’s IP ADRERSS, contact me @ blakrat1 AT gmail DOT com I will give you the root user and password to login… Hope you find this useful !!!Exclusive to VulnHub! |
022A4223ADB2ECDC7FE696A1B791BF7A |
3248559627AF4837A3689444E0537EB272DA6AE9 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Brainpan: 1 |
20 Mar 2013 |
superkojiman |
Brainpan |
809 MB |
https://download.vulnhub.com/brainpan/Brainpan.zip |
Source: Brainpan.zip/readme.txt |
Source: Brainpan.zip/md5.txtExclusive to VulnHub! |
0F99E72F0703E4619B5E08604778F673 |
E424613FD0137C0688A865623CCBB4D92DFE8209 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Bot Challenges: Dexter |
25 Mar 2014 |
bwall |
Bot Challenges |
512 MB |
https://download.vulnhub.com/botchallenges/MurderingDexter.zip |
In general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that anyone try to exploit live botnets. For these reasons, I have put together another vulnerable virtual machine, which allows for aspiring botnet hunters and security enthusiasts to try their hand at attacking a Dexter command and control panel. It can be downloaded |
|
FBB7386A5B7562C88B6DB16DA95B9B4C |
CB63ECF589BB3BA1C18C015F02E36A84B62A2E7A |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| The Infernal: Hades (v1.0.1) |
9 Jun 2014 |
Lok_Sigma |
The Infernal |
435 MB |
https://download.vulnhub.com/infernal/Hades_v1.0.1.7z |
Infernal: Hades v1.0.1. |
Hades is a new boot2root challenge pitched at the advanced hobbyist. Solving this challenge will require skills in reverse engineering, sploit development and sound computer architecture understanding. If you’ve never heard of an opaque predicate, you’re going to have a hard time of it! I strongly suggest you don’t start this the week before exams, important meetings, deadlines of any sort, marriages, etc. The aim of this challenge is for you to incrementally increase your access to the box until you can escalate to root. The /root/flag.txt contains, amongst other things, a public PGP key which you can use to demonstrate victory - the private key has been given to the VulnHub.com admins. Enjoy, Lok_Sigma By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2014/04/competition-hades.htmlv1 = 08/04/2014v1.0.1 = 09/06/2014 |
B30D98E093E6ACCDECCF0553BF085C89 |
3D6D901813B8A5871EEFF3EB83F39ADD241DAF34 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Brainpan: 2 |
20 Nov 2013 |
superkojiman |
Brainpan |
403 MB |
https://download.vulnhub.com/brainpan/brainpan2.zip |
By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. |
TL;DR: If something bad happens, it’s not my fault. Brainpan has been tested and found to work on the following hypervisors: - VMware Player 6.0.1 - VMWare Fusion 6.0.2 - VirtualBox 4.3.2 Check to make sure brainpan2.ova has following checksums so you know your download is intact: MD5: bf01f03ea0e7cea2553f74189ff35161 SHA1: b46891cda684246832f4dbc80ec6e40a997af65a Import brainpan2.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it’s recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2013/11/competition-brainpan-2.html |
55954FCA220801EA90CFB134DDE81E27 |
9CCD84837E7041594B21AA4DC7D981F5EF3AD248 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Exploit KB Vulnerable Web App: 1 |
28 Jan 2013 |
Shai |
Exploit KB Vulnerable Web App |
212 MB |
https://download.vulnhub.com/exploitkb/exploit-wa-vm.7z |
During my SQL Injection learning journey I needed a vulnerable web application for practice. |
[I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL. I must confess, I am not a programmer and I have never coded in PHP before, I thought it would be a good practice to develop a PHP based site from scratch in order to learn the basic of PHP and MySQL. exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques and it is a fully functional web site with a content management system based on fckeditor. I thought some of you may find it useful so i decided to share it via a SourceForge project page i created for it at : https://sourceforge.net/projects/exploitcoilvuln Please notice! this web app is extremely vulnerable to SQLi attack and its poorly coded and configured intentionally. It is not recommended to use this WebApp as live site on the net neither set it up on your local machine with access to it from the web. Please use it in your internal LAN only, Set it up in a virtual environment such as VMware or Virtual Box. This is a fully functional web site with a content management system based on fckeditor. I hope you will find this web app useful in your SQLi and web app security studies or demonstrations. Visit the Vulnerable Web Site by browsing to its IP address Admin interface can be found at: http://localhost/admin Username: admin Password: Database Name: exploit Database contains 8 tables: articles authors category downloads links members news videos I have only tested the web app for SQLi, but i am sure you will find some more interesting vulnerabilities Please try to avoid using automated tools to find the vulnerabilities and try doing it manually Feel free to discuss this web app by visiting http://exploit.co.il and commenting on the relevant post. You can send solutions, videos and ideas to shaiat]exploit.co.il and i will post them on my blog. Good Luck! Source: |
22FE5240E8C0347F7DF02828FC8636B5 |
87724AE4E514A2A6286C02502B54E58F04E30659 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| VulnImage: 1 |
22 Dec 2010 |
Lars Baumgaertner |
VulnImage |
350 MB |
https://download.vulnhub.com/vulnimage/vulnimage.zip |
“Created for Lars’s students” |
Source: |
8CB0E628AEB3C7E1F771764D07280655 |
3739B679A7D469F455A7412F61ACAF22EF175D99 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Vicnum: 1.4 |
30 Dec 2009 |
Mordecai Kraushar |
Vicnum |
448 MB |
https://download.vulnhub.com/vicnum/VMvicnum14.zip |
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’. |
Source: |
114D09578674DA13C1CA396AE534BD33 |
BC36B166CC3D2E53C0F93A6CE075207153301999 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| HackLAB: VulnVoIP |
31 Oct 2012 |
Reboot User |
HackLAB |
553 MB |
https://download.vulnhub.com/hacklab/vulnVoIP.7z |
VulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail. |
Just to keep things interesting this particular disto also suffers from a known exploit from which it is relatively easy to gain a root shell. Once you’ve found the easy way, can you get root using a different method? I’ve created these basic VoIP hacking training exercises as I found very limited resources online. Hopefully VulnVoIP will help others learn the basic fundamentals of VoIP hacking in a safe environment. Source: |
1411BC06403307D5CA2ECAE47181972A |
DBF4A51899EF94A744B4FB47FDA902430BC5F5E5 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| HackLAB: Vulnix |
10 Sep 2012 |
Reboot User |
HackLAB |
195 MB |
https://download.vulnhub.com/hacklab/Vulnix.7z |
Here we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!) |
The host is based upon Ubuntu Server 12.04 and is fully patched as of early September 2012. The details are as follows: The goal; boot up, find the IP, hack away and obtain the trophy hidden away in /root by any means you wish – excluding the actual hacking of the vmdk Free free to contact me with any questions/comments using the comments section below. Enjoy! Source: |
0BF19D11836F72D22F30BF52CD585757 |
3A4C3E9599FFBACE23387B368184E23E1F10F65C |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| /dev/random: scream |
10 Nov 2012 |
Sagi- |
/dev/random |
156 MB |
https://download.vulnhub.com/devrandom/scream.exe |
Source: readme.nfo |
VulnInjector requires .NET framework version 4 or higher to be installed.Exclusive to VulnHub!Please see https://github.com/g0tmi1k/VulnInjector (Will need to generator your own ISO from the EXE). |
55170BC0410741BFCC374ABD7B8D3DC1 |
8FFAF13758C6449024AA86DA1E2B7E7F1986865B |
Disk Image (.ISO) |
Windows |
Enabled |
Automatically assign |
| OWASP Broken Web Applications Project: 1.2 |
3 Aug 2015 |
OWASP |
OWASP Broken Web Applications Project |
1.7 GB |
https://download.vulnhub.com/owaspbwa/OWASP_Broken_Web_Apps_VM_1.2.7z |
The Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: |
all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch. Source: Release notes for the Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products. More information about the project can be found at http://www.owaspbwa.org/. The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems. !!! This VM has many serious security issues. We strongly recommend that you run it only on the “host only” or “NAT” network in the virtual machine settings !!! Version 1.2 - 2015-08-03 Version 1.2rc1 - 2015-06-24 Version 1.1.1 - 2013-09-27 Version 1.1 - 2013-07-30 Version 1.1beta1 - 2013-07-10 Version 1.0 - 2012-07-24 Version 1.0rc2 - 2012-07-14 Version 1.0rc1 - 2012-04-04 Version 0.94 - 2011-07-24 Version 0.94rc3 - 2011-07-14 Version 0.94rc2 - 2011-07-13 Version 0.94rc1 - 2011-07-11 Version 0.93rc1 - 2011-01-19 Version 0.92rc2 - 2010-11-15 Version 0.92rc1 - 2010-11-10 Version 0.91rc1 - 2010-03-24 Version 0.9 - 2009-11-11 |
5FF063FE3D01887DAB49A5903C27C8FE |
6EBA081CBB54FE5804C8B2BD4B17AC9A053E4153 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Damn Vulnerable Web Application (DVWA): 1.0.7 |
2 Oct 2011 |
RandomStorm |
Damn Vulnerable Web Application (DVWA) |
480 MB |
https://download.vulnhub.com/dvwa/DVWA-1.0.7.iso |
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. |
Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Source: |
9484D8E2154D4E01FBD742CD7C10AFFD |
E190DE8F6BC61D6596F21A8A6A9DA9E19DA3C0BF |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Badstore: 1.2.3 |
24 Feb 2004 |
Badstore |
Badstore |
4.6 MB |
https://download.vulnhub.com/badstore/BadStore_123s.iso |
Welcome to Badstore.net |
Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques. Source: v1.0 – Original version for 2004 RSA Show v1.1 – Added: v1.2 – Version presented at CSI 2004 Added: Source: BadStore_Manual.pdf |
B0F3BA0C4BF1EC0D82170B0552E25B7E |
6861B9DF1919D69EA198B1BEB509005D830890A8 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Bobby: 1 |
7 Dec 2011 |
TheXero |
Bobby |
5 MB |
https://download.vulnhub.com/bobby/bobby.exe |
Source: readme.txt |
Exclusive to VulnHub!You will need to use your own Windows XP .ISO to create the target in order to attack. You can use any version of Windows to generate the image, but you need to supply it a valid Windows XP CD during the creation stage.Please see https://blog.vulnhub.com/introducing-vulninjector/ for more information.VulnInjector requires .NET framework version 4 or higher to be installed. |
C3F02A6ADAED5AC4DF906F3269700F54 |
48E50E9173E26A6D2AD9A76FFD5D1FA344D23E68 |
Disk Image (.ISO) |
Windows |
Disabled |
192.168.1.11 |
| Vicnum: 1.3 |
18 Oct 2009 |
Mordecai Kraushar |
Vicnum |
303 MB |
https://download.vulnhub.com/vicnum/VMvicnum13.zip |
A flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’. |
Source: Note: ‘Bad virtual machine file’. You’ll need to create a new virtual machine & attach the existing hard drive |
DB4E6598ECC978BCF5DE0DE48A1B1FA0 |
0C03C9BCEEA57D86205881DC30781380485E9F19 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| GoatseLinux: 1 |
27 Jun 2009 |
neutronstar |
GoatseLinux |
555 MB |
https://download.vulnhub.com/goatselinux/GoatseLinux_1.0_VM.rar |
GoatseLinux v1.0 pentest lab Virtual Machine |
Steve Pordon 2009.06.27 Feel free to distribute this far and wide under the gnu license. This is specifically built for VMware 6.5 compatibility. WARNING: GoatseLinux is intentionally unsecure. It was designed as a laboratory box to practice penetration testing on. Due to the wide open nature of nearly every program installed on it, I would strongly advise against setting your VM network to anything other than “host-based,” unless you enjoy your VMs being used as zombie spamboxes. Notes: Built on the Slax 5.0.7 distro. Source: readme.txt |
00E4240F1440105DD14FF2F5F03AAE82 |
E07D183622DC8BF8694B545C92D7F00550DED88A |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Rattus: Loophole |
10 Apr 2011 |
Rattus |
Rattus |
436 MB |
https://download.vulnhub.com/rattus/Loophole.iso |
Hi everyone! |
Recently I’ve created my own Live CD and would like to get some feedback from you. This Live CD, codename Loophole, is meant to show you how important it is to keep your software up to date and properly configured. There’s more than one way into the system and each one of them will teach you different network/computer security related topics. We suspect that someone inside Rattus labs is working with known terrorist group. Your mission is to infiltrate into their computer network and obtain encrypted document from one of their servers. Our inside source has told us that the document is saved under the name of Private.doc.enc and is encrypted using OpenSSL encryption utility. Obtain the document and decrypt it to complete the mission. Source: |
F883D42170442E50E5310D16BE5A62B9 |
84D356F7DEBA7280F674F81D2DD3B02EA3A52A0D |
Disk Image (.ISO) |
Linux |
Disabled |
10.8.7.2 |
| Lab In A Box: 1 |
3 Jun 2012 |
PenTest Laboratory |
Lab In A Box |
2.4 GB |
https://download.vulnhub.com/labinabox/laboratory_BT5r2-PTEv1.7z |
The BackTrack Linux 5r2-PenTesting Edition lab is an all-in-one penetration testing lab environment that includes all of the hosts, network infrastructure, tools, and targets necessary to practice penetration testing. It includes: |
This lab has some of the most popular penetration testing tools pre-installed and a number of vulnerabilities to discover and exploit. This all-in-one solution is the easiest and fastest method of building a full penetration testing lab environment for practicing your skills! Source: |
3D6CA80B7E6AB74CF5EB31B92852FB2D |
218A5A6E579330128D16A64D10A74B976E37F21C |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| UltimateLAMP: 0.2 |
15 May 2006 |
ARABX Pty Ltd |
UltimateLAMP |
860 MB |
https://download.vulnhub.com/ultimatelamp/UltimateLAMP-0.2.zip |
UltimateLAMP includes a long list of popular LAMP stack applications. For more information take a look a the UltimateLAMP products list. |
With the success of this first product, research has already commenced in our next two products UltimateLAMJ (Open Source Java Based Applications) and UltimateLAMR (Open Source Ruby Applications). Source: |
3C4BA8CF727B8021925F20AE42F4D7AE |
CD0AA1783E3A63D9BEAFC67E68BB63A1DF6E4F9A |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| pWnOS: 1.0 |
27 Jun 2008 |
pWnOS |
pWnOS |
432 MB |
https://download.vulnhub.com/pwnos/pWnOS_v1.0.zip |
Some of you may have noticed this new pWnOS forum section. I created pWnOS as a virtual machine and Grendel was nice enough to let me post about it here. Here’s a bit of information on pWnOS. |
It’s a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. Currently, the virtual machine NIC is configured in bridged networking, so it will obtain a normal IP address on the network you are connected to. You can easily change this to NAT or Host Only if you desire. A quick ping sweep will show the IP address of the virtual machine. Sorry…no scenario/storyline with this one. I wasn’t really planning to release it like this, so maybe for version 2.0 I’ll be more creative. I’m anxious to get feedback so let me know how it goes or if you have questions. Thanks and good luck! Source: Thanks for trying pWnOS 1.0. A few things to note before getting started. pWnOS is made using VMware Workstation and can be started by downloading VMware Server or Vmware player…both of which are free! Or VMware Workstation (Windows) or VMware Fusion (OS X), which are not free. I would rate the difficulty of pWnOS approximately the same as De-Ice’s level 2 disk…maybe a bit more difficult. See http://www.de-ice.net for information on the De-Ice penetration testing disks. I hope you enjoy it! If you have any questions or feedback, email me at bond00(at)gmail.com bond00 Source: pWnOS_v1.0.zip/pWnOS readme.txt |
2C9DE33D0AA852F3B2E2E7D90C5F5C0E |
7924910A3E5C9A69053484D998BD6729AFF3757B |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Kioptrix: Level 1.3 (#4) |
8 Feb 2012 |
Kioptrix |
Kioptrix |
210 MB |
https://download.vulnhub.com/kioptrix/Kioptrix4_Hyper_v.rar |
Again a long delay between VMs, but that cannot be helped. Work, family must come first. Blogs and hobbies are pushed down the list. These things aren’t as easy to make as one may think. Time and some planning must be put into these challenges, to make sure that: |
[ Edit: sorry not what I meant ] 1a. It’s possible to remotely compromise the machine I also had lots of troubles exporting this one. So please take the time to read my comments at the end of this post. Keeping in the spirit of things, this challenge is a bit different than the others but remains in the realm of the easy. Repeating myself I know, but things must always be made clear: These VMs are for the beginner. It’s a place to start. I’d would love to code some small custom application for people to exploit. But I’m an administrator not a coder. It would take too much time to learn/code such an application. Not saying I’ll never try doing one, but I wouldn’t hold my breath. If someone wants more difficult challenges, I’m sure the Inter-tubes holds them somewhere. Or you can always enroll in Offsec’s PWB course. – A few things I must say. I made this image using a new platform. Hoping everything works but I can’t test for everything. Initially the VM had troubles getting an IP on boot-up. For some reason the NIC wouldn’t go up and the machine was left with the loopback interface. I hope that I fixed the problem. Don’t be surprised if it takes a little moment for this one to boot up. It’s trying to get an IP. Be a bit patient. Someone that tested the image for me also reported the VM hung once powered on. Upon restart all was fine. Just one person reported this, so hoping it’s not a major issue. If you plan on running this on vmFusion, you may need to convert the imagine to suit your fusion version. – Also adding the VHD file for download, for those using Hyper-V. You guys may need to change the network adapter to “Legacy Network Adapter”. I’ve test the file and this one seems to run fine for me… If you’re having problems, or it’s not working for any reason email comms[=]kioptrix.com Thanks to @shai_saint from www.n00bpentesting.com for the much needed testing with various VM solutions. Thanks to Patrick from Hackfest.ca for also running the VM and reporting a few issues. And Swappage & @Tallenz for doing the same. All help is appreciated guys So I hope you enjoy this one. The Kioptrix Team Source: Note: Just a virtual hard drive. You’ll need to create a new virtual machine & attach the existing hard drive |
1CBF24D1CA5BCB6651FE64EEE651928F |
0A309696CD2F591DBEA36F295B538EA6322775CF |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| pWnOS: 2.0 (Pre-Release) |
4 Jul 2011 |
pWnOS |
pWnOS |
286 MB |
https://download.vulnhub.com/pwnos/pWnOS_v2.0.7z |
pWnOS v2.0 (PRE-RELEASE!) |
pWnOS v2.0 is a Virutal Machine Image which hosts a server to pratice penetration testing. It will test your ability to exploit the server and contains multiple entry points to reach the goal (root). It was design to be used with WMWare Workstation 7.0, but can also be used with most other virtual machine software. For example the ip of 10.10.10.200 with the netmask of 255.255.255.0 is what I statically set my BackTrack 5 network adapter to. You may need to change VMWare’s Network Adapter to NAT or Host-Only depending on your setup The server’s ip is staticaly set to 10.10.10.100 v2.0 - 07/04/2011 - Pre-Release copy for initial testing Source: pWnOS_v2.0.7z/pWnOS v2.0/pWnOS_INFO-v2_0.txt |
1EB0960C0BA29335230ADA1DF80CD22C |
A3FDBE0449363D1CB844D865FE7BD6EE8968567D |
Virtual Machine (VMware) |
Linux |
Disabled |
10.10.10.100 |
| Exploit-Exercises: Nebula (v5) |
5 Dec 2011 |
Exploit-Exercises.com |
Exploit-Exercises |
451 MB |
https://download.vulnhub.com/exploitexercises/exploit-exercises-nebula-5.iso |
Nebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at + SUID files + Permissions + Race conditions + Shell meta-variables + $PATH weaknesses + Scripting language weaknesses + Binary compilation failures At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible. |
Have a look at the levels available on the side bar, and log into the virtual machine as the username “levelXX” with a password of “levelXX” (without quotes), where XX is the level number. Some levels can be done purely remotely. In case you need root access to change stuff (such as key mappings, etc), you can do the following: Log in as the “nebula” user account with the password “nebula” (both without quotes), followed by “sudo -s” with the password “nebula”. You’ll then have root privileges in order to change whatever needs to be changed. Source: From v4 to v5 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files. |
276DAA8E00499E9C2D8AF7B15E4ACC3D |
E82F807BE06100BF3E048F82E899FB1FECC24E3A |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Metasploitable: 2 |
12 Jun 2012 |
Metasploit |
Metasploitable |
833 MB |
https://download.vulnhub.com/metasploitable/metasploitable-linux-2.0.0.zip |
Some folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment. |
For download links and a walkthrough of some of the vulnerabilities (and how to exploit them), please take a look at the Metasploitable 2 Exploitability Guide. Have fun! Source: The VulnHub mirror has had a few edits done to the original - allowing for more VMware features. |
8825F2509A9B9A58EC66BD65EF83167F |
84133002EF79FC191E726D41265CF5AB0DFAD2F0 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Moth: 0.6 |
5 May 2009 |
Andresriancho |
Moth |
397 MB |
https://download.vulnhub.com/moth/moth-v0.6.7z |
Moth is a downloadable VMWare image based on Ubuntu. It was set up to test the functionality of w3af and it includes various web application vulnerabilities. Most howto’s use Moth as an example for a web page under test. |
Source: Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: Testing Web Application Security Scanners Testing Static Code Analysis tools (SCA) Giving an introductory course to Web Application Security The motivation for creating this tool came after reading “anantasec-report.pdf” which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools. For almost every web application vulnerability that exists in the wild, there is a test script available in moth. There are three different ways to access the web applications and vulnerable scripts included in moth: Directly Through mod_security Through PHP-IDS (only if the web application is written in PHP) Both mod_security and PHP-IDS have their default configurations and they show a log of the offending request when one is found. This is very useful for testing web application scanners, and teaching students how web application firewalls work. The beauty is that a user may access the same vulnerable script using the three methods; which helps a lot in the learning process. Source: http://www.bonsai-sec.com/en/research/moth.php |
15BA966590D9D09D7FFE0950B9D4404D |
CEAFCFCA50E9DF0627B70CD4389B2F0136E2E947 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Metasploitable: 1 |
19 May 2010 |
Metasploit |
Metasploitable |
545 MB |
https://download.vulnhub.com/metasploitable/Metasploitable.zip |
One of the questions that we often hear is “What systems can i use to test against?” Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes. |
Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. You can use most VMware products to run it, and you’ll want to make sure it’s configured for Host-only networking unless it’s in your lab - no need to throw another vulnerable machine on the corporate network. It’s configured in non-persistent-disk mode, so you can simply reset it if you accidentally ‘rm -rf’ it. Source: |
E54089BA72FE0127D06528DECAD9A6AE |
1F6698611068FAD4D9661C336B5D888A0A880FE9 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| The Hacker Games: 1 |
4 Apr 2012 |
Script Junkie |
The Hacker Games |
75 MB |
https://download.vulnhub.com/thehackergames/scriptjunkie-Hacker-Games-Evil-VM-0e98c9c.zip |
Welcome, welcome! The time has come to select one courageous young hacker for the honor of representing District 12 in the 74th annual Hacker Games! And congratulations, for you have been selected as tribute! |
Hacking games and CTF’s are a lot of fun; who doesn’t like pitting your skills against the gamemakers and having a free pass to break into things? But watch out, as you will find out, some games are more dangerous than others. I have talked about counterattacks here before, and this system has implemented a number of aggressive anti-hacker measures. In fact, this VM is downright evil. I am probably legally obligated to tell you that . So if a calculator or message declaring your pwnedness pops up or shows up on your desktop, you asked for it. But don’t worry, it won’t steal your docs or rm you, it will just demonstrate compromise for the game. To save precious bandwidth, this has been implemented in a minimal tinycore-based VM, and will require VirtualBox to run. But vbox is free – you can download it here: https://www.virtualbox.org/wiki/Downloads Unfortunately, I didn’t have the time to add nearly all the things I wanted to, so there are really just a few challenges, a couple of counterhacks, and about 10 memes to conquer. Depending on your skill level, you could pwn (or be pwned) in just a few minutes or in a few hours. So hack it before it hacks you! No sponsors are necessary, so don’t light yourself on fire. Simply download the evil VM here: TheHackerGames.zip, start it, and open up http://localhost:3000/ to begin. Now, you can totally cheat since you own the VM, but see if you can beat the challenges without cheating. Then you can go ahead and cheat, which should also be fun – you’re probably comfortable with many physical access attacks involving the hard disk, but this system doesn’t use a hard disk. So enjoy and remember… May the odds be ever in your favor! Source: |
5EC6F47BCCFE226AE002B0587FE140EE |
1F077500891B8C31BCFF95DB4A9F7ED70A638225 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Exploit-Exercises: Protostar (v2) |
26 Nov 2011 |
Exploit-Exercises.com |
Exploit-Exercises |
274 MB |
https://download.vulnhub.com/exploitexercises/exploit-exercises-protostar-2.iso |
Protostar introduces the following in a friendly way: |
In order to make this as easy as possible to introduce Address Space Layout Randomisation and Non-Executable memory has been disabled. Once the virtual machine has booted, you are able to log in as the “user” account with the password “user” (without the quotes). The levels to be exploited can be found in the /opt/protostar/bin directory. For debugging the final levels, you can log in as root with password “godmode” (without the quotes) The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name. Source: From v1 to v2 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files. |
A4FEADEDF638744BE97DE7D2F3E06CE8 |
D030796B11E9251F34EE448A95272A4D432CF2CE |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| De-ICE: S2.100 |
16 Jan 2008 |
De-ICE |
De-ICE |
254 MB |
https://download.vulnhub.com/deice/De-ICE_S2.100_%28de-ice.net-2.100-1.0%29.iso |
The scenario for this LiveCD is that you have been given an assignment to test a company’s 192.168.2.xxx network to identify any vulnerabilities or exploits. The systems within this network are not critical systems and recent backups have been created and tested, so any damage you might cause is of little concern. The organization has had multiple system administrators manage the network over the last couple of years, and they are unsure of the competency previous (or current) staff2 |
PenTest Lab Disk 2.100: This LiveCD is configured with an IP address of 192.168.2.100 - no additional configuration is necessary. Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 2.100 can be found on the BackTrack Disk. No additional installations will be necessary. The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values: LAN TCP/IP: + IP Address: 192.168.2.1 + IP Subnet Mask: 255.255.255.0 Source: Disk 2.100 version 1.1: http://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso http://heorot.net/instruction/tutorials/iso/iso_hashes http://remote-exploit.org/backtrack_download.html Warning: BackTrack v. 3 beta is known to NOT work. Please use version 2 Network configuration: 192.168.2.xxx = http://forums.heorot.net/viewtopic.php?f=18&t=91 Source: Original filename: de-ice-2.100-1.0.isoAlso known as ‘De-ICE Level 2 - Disk 1’ |
09798F85BF54A666FBAB947300F38163 |
B30A2CAD38EB0923DEBDA26498178E46601EFD6E |
Disk Image (.ISO) |
Linux |
Disabled |
192.168.2.100 |
| Kioptrix: Level 1 (#1) |
17 Feb 2010 |
Kioptrix |
Kioptrix |
186 MB |
https://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rar |
This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges. |
Source: Source: |
6DF1A7DFA555A220054FB98BA87FACD4 |
98CA3F4C079254E6B272265608E7D22119350A37 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Hackademic: RTB2 |
6 Sep 2011 |
mr.pr0n |
Hackademic |
951 MB |
https://download.vulnhub.com/hackademic/Hackademic.RTB2.zip |
This is the second realistic hackademic challenge (root this box) by mr.pr0n |
Download the target and get root. After all, try to read the contents of the file 'key.txt’ in the root directory. Enjoy! Source: |
5F96E7BB53B47D9AFE17752F5ACA7E1F |
5782DD334C4C8281A64EF79037864FAD67E5D173 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Hackademic: RTB1 |
6 Sep 2011 |
mr.pr0n |
Hackademic |
838 MB |
https://download.vulnhub.com/hackademic/Hackademic.RTB1.zip |
This is the first realistic hackademic challenge (root this box) by mr.pr0n |
Download the target and get root. After all, try to read the contents of the file 'key.txt’ in the root directory. Enjoy! Source: |
C972E899A8B5A745963BEF78FBCAEC6F |
E1D82E32D3A0353DA3C35AA91716B711907AC826 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Drunk Admin Web Hacking Challenge: 1 |
2 Apr 2012 |
Bechtsoudis |
Drunk Admin Web Hacking Challenge |
539 MB |
https://download.vulnhub.com/drunkadminhackingchallenge/drunk_admin_hacking_challenge.zip |
The network is configured to obtain an IP address via DHCP by default. Although if you want to further configure the virtual machine you can login as user root and password toor. The apache web server is configured to run on port 8880. |
The challenge includes an image hosting web service that has various design vulnerabilities. You must enumerate the various web service features and find an exploitable vulnerability in order to read system hidden files. The web application is 100% custom so do not try to search google for relative PoC exploit code. FINAL GOAL: Reveal the hidden message for a date arrange that Bob sent to Alice. Source: |
EDF9BCD28049ED85312510D5872EA463 |
78AE803F76417D0531CAAE9210DB98426440EB15 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| GameOver: 1 |
14 Jun 2012 |
Jovin Lobo |
GameOver |
407 MB |
https://download.vulnhub.com/gameover/GameOver.0.1.null.iso |
: Game Over |
[: Web Pentest Learning Platform : VM image/iso : Jovin Lobo : Murtuja Bharmal : http://sourceforge.net/projects/null-gameover/files : username:root / password:gameover] Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing. GameOver has been broken down into two sections. consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover: is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence. Source: |
0AF4532DB192DE917CA116A0EFEF3565 |
0AE3465B3B33C8E4BC62F7AF5216983DC57041FD |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Kioptrix: Level 1.2 (#3) |
18 Apr 2011 |
Kioptrix |
Kioptrix |
442 MB |
https://download.vulnhub.com/kioptrix/KVM3.rar |
It’s been a while since the last Kioptrix VM challenge. Life keeps getting the way of these things you know. |
After the seeing the number of downloads for the last two, and the numerous videos showing ways to beat these challenges. I felt that 1.2 (or just level 3) needed to come out. Thank you to all that downloaded and played the first two. And thank you to the ones that took the time to produce video solutions of them. Greatly appreciated. As with the other two, this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being the realm of the beginner I must add. The same as the others, there’s more then one way to “pwn” this one. There’s easy and not so easy. Remember… the sense of “easy” or “difficult” is always relative to ones own skill level. I never said these things were exceptionally hard or difficult, but we all need to start somewhere. And let me tell you, making these vulnerable VMs is not as easy as it looks… thing with this challenge. Once you find the IP (DHCP Client) edit your hosts file and point it to Under Windows, you would edit to look something like this: Under Linux that would be There’s a web application involved, so to have everything nice and properly displayed you really need to this. Hope you enjoy Kioptrix VM Level 1.2 challenge. 452 Megs MD5 Hash : d324ffadd8e3efc1f96447eec51901f2 Have fun Source: |
D324FFADD8E3EFC1F96447EEC51901F2 |
121348AA8DD5F83640145D4F8E042C8DE0A78F3F |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Exploit-Exercises: Fusion (v2) |
8 Apr 2012 |
Exploit-Exercises.com |
Exploit-Exercises |
794 MB |
https://download.vulnhub.com/exploitexercises/exploit-exercises-fusion-2.iso |
Fusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as: + Address Space Layout Randomisation + Position Independent Executables + Non-executable Memory + Source Code Fortification (_DFORTIFY_SOURCE=) + Stack Smashing Protection (ProPolice / SSP) |
In addition to the above, there are a variety of other challenges and things to explore, such as: + Cryptographic issues + Timing attacks + Variety of network protocols (such as Protocol Buffers and Sun RPC) + At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations. Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of “fusion” (without quotes), and password “godmode” (again, without quotes). To get root for debugging purposes, do “sudo -s” with the password of “godmode”. Source: From v1 (Alpha?) to v2 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files. |
62E504AD9A19FE1974568904673DB9C9 |
B89ABCDDA58EDF68465F36B4F7A94FE34F0050F1 |
Disk Image (.ISO) |
Linux |
Enabled |
Automatically assign |
| Holynix: v2 |
8 Dec 2010 |
Holynix |
Holynix |
307 MB |
https://download.vulnhub.com/holynix/holynix-v2.tar.bz2 |
Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you’re having trouble, or there are any problems, it can be discussed here. |
Source: Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. The object of the challenge v1 is just to root the box. Register on the forums to receive an email update when a new challenge is released. Holynix v2 is set with static ip and requires some network configuration in order to run. Homepage: http://pynstrom.com/ Project Page: http://pynstrom.com/holynix.php Forums: http://pynstrom.com/forum/ Bugs can be reported using sourceforge’s bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at Source: holynix-v2.tar.bz2/README.txt Source: |
0EE76D70342EED68F298D10AB483A9E0 |
DEB7EEAB03C3381A14FFFBE97011F1451DC36E79 |
Virtual Machine (VMware) |
Linux |
Disabled |
192.168.1.88 |
| Holynix: v1 |
27 Nov 2010 |
Holynix |
Holynix |
239 MB |
https://download.vulnhub.com/holynix/holynix-v1.tar.bz2 |
Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you’re having trouble, or there are any problems, it can be discussed here. |
Source: Similar to the de-ice and pWnOS pentest cds, Holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example. The object of the challenge is to gain root level privileges and access to personal client information. Homepage: http://pynstrom.com/ Project Page: http://pynstrom.com/holynix.php Forums: http://pynstrom.com/forum/ Bugs or can be reported using sourceforge’s bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at pynstrom AT pynstrom DOT com Source: holynix-v1.tar.bz2/README.txt Source: Source: Beta MD5: D19306C6C2305005C72A7811D2B72B51 Beta SHA1: 0C5B7D37FECD39C52BC2C8C2EE66A617BB576A90 Final MD5: EBB8EF2544559D72A052687497F78341 Final SHA1: 967F3DB6D97CCC615EB5758AC75387D46C3D1199 |
EBB8EF2544559D72A052687497F78341 |
967F3DB6D97CCC615EB5758AC75387D46C3D1199 |
Virtual Machine (Virtualbox - VDI) |
Linux |
Enabled |
Automatically assign |
| Kioptrix: Level 1.1 (#2) |
11 Feb 2011 |
Kioptrix |
Kioptrix |
404 MB |
https://download.vulnhub.com/kioptrix/archive/Kioptrix_Level_2-original.rar |
This Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges. |
Source: Source: 2012/Feb/09: Re-releases 2011/Feb/11: Original Release |
1CCC14189E530F9231ACF62E6FC8AF2D |
8E767C68D3884DB13F84A607E5366434E3FA0858 |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
| Hackxor: 1 |
14 Oct 2012 |
Albinowax |
Hackxor |
587 MB |
https://download.vulnhub.com/hackxor/hackxor1.7z |
Hackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etc |
Features: If you can’t edit the hosts file for some reason, you could use the ‘Override hostname resolution’ option in Burp proxy You play a professional blackhat hacker hired to track down another hacker by any means possible. Start by checking your email on wraithmail, and see how far down the rabbit hole you can get. The key websites in this game are http://wraithmail:8080 http://cloaknet:8080 http://gghb:8080 and http://hub71:8080 so if you don’t feel like tracking down your target you may hack them in any order. Each website will be properly introduced through the plot. Source: |
F276B7A7E421182473D86E9C8204A484 |
136DD44851CBA5ECBC25A2104DE9D31FF633959B |
Virtual Machine (VMware) |
Linux |
Enabled |
Automatically assign |
