Description : Training machine of the SecuriTech challenge. This image is a Debian Linux containing a website accessible on the port 8080. All the challenge can’t be enabled at the same time.
Game duration : 180 min.
Description : Windows-XP-pro-01 is a Microsoft Windows XP SP2 desktop station.
Game duration : 90 min.
Description : Virtual machine provided by nightrang3r. No hints.
Game duration : 240 min.
Description : Virtual machine provided by pynStrom. No hints.
Game duration : 240 min.
Description : Kioptrix’s second level.
Game duration : 240 min.
Description : Kioptrix’s third level.
Game duration : 180 min.
Description : Kioptrix’s fourth level.
Game duration : 240 min.
Description : The first challenge provided by LAMPsec.
Game duration : 120 min.
Description : The second challenge provided by LAMPsec.
Game duration : 240 min.
Description : The third challenge provided by LAMPsec.
Game duration : 240 min.
Description : Metasploitable is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of tomcat, distcc, tikiwiki, twiki, and a MySQL database server.
Game duration : 60 min.
Description : Second metasploitable virtual machine provided by Offensive Security.
Game duration : 60 min.
Description : Virtual machine provided by Bonsai Information Security exposing w3af’s test website. Learning platform where you’re guided.
Game duration : 240 min.
Description : Virtual machine provided by g0tmi1k. No hints.
Game duration : 240 min.
Description : Ubuntu-8.04-weak is a Ubtuntu Linux 8.04 LAMP server.
Game duration : 120 min.
Description : Ultimate LAMP is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of apache, postfix, and a MySQL database server.
Game duration : 180 min.
Description : vm VoIP based on old asterisk version
Game duration : 240 min.
Description : Virtual machine provided by RebootUser.
Game duration : 180 min.
Description : The eighth challenge provided by LAMPsec.
Game duration : 120 min.
Description : LAMPsec’s challenge #7
Game duration : 240 min.
Description : The first realistic hackademic challenge (root this box) by mr.pr0n.
Game duration : 120 min.
Description : Vulnerable VM with some focus on NoSQL.
Game duration : 120 min.
Description : Administrator
Game duration : 120 min.
Description : Exploiting many CVE
Game duration : 240 min.
Description : A Linux based VM to start with a simple botnet.
Game duration : 240 min.
Description : A botnet to gain control !
Game duration : 240 min.
Description : Just a simple botnet infected by Madness Pro to exploit.
Game duration : 240 min.
Description : A virtual machine to compromise. By Reboot User.
Game duration : 240 min.
Description : A virtual machine to exploit. By barrebas.
Game duration : 120 min.
Description : A virtual machine for advanced users to exploit.
Game duration : 350 min.
Description : A virtual machine designed by Telspace Systems.
Game duration : 120 min.
Description : Pentest Microsoft environment starting from a webservice on the Internet until the total compromise of the Active Directory domain of the company.
Final goal: get an access to the web application http://srvstaff.bs.corp under the identity of Emmanuel Goldstein (CEO).
Game duration : 240 min.
Description : This Virtual Machine contains both network logics and web logics. I have added new concept here and let’s see how many of you think more logically. 
Game duration : 240 min.
Description : This Virtual Machine is completely web based. I have added little new concept here and hope people will enjoy solving this.
Game duration : 240 min.
Description : The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration : 240 min.
Description : The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.
The vulnerable SOAP service is available on http://Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration : 240 min.
Description : Root the machine to access /passwd
Game duration : 300 min.
Description : A virtual machine to root. By sagi- (@ s4gi_)
Game duration : 120 min.
Description : A virtual machine to root. By sagi- (@ s4gi_)
Game duration : 120 min.
Description : brainpan1
Game duration : 120 min.
Description : Root the machine in order to find your precious.
Game duration : 300 min.
Description : Completing "flick" will require some sound thinking, good enumeration skills & time !
Game duration : 240 min.
Description : Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live.
You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider.
The .apk may be installed on a phone (though I wont be offended if you don’t trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html).
Game duration : 240 min.
Description : A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..
Game duration : 240 min.
Description : This is a hard piece to root!
Game duration : 300 min.
Description : This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.
Game duration : 240 min.
Description : Before you lies the mainframe of XERXES. Compromise the subsystems and gain root access.
Game duration : 240 min.
Description : The company BS-CORP decided to have an ERP to fulfils its potential.
However, they wondered whether the data are safe.
To verify this, you are mandated to perform a pentest on their new application.
Get the flag in the file /passwd to validate this CTF.
The challenges "SAP Pentest 007" and "SAP Pentest 000" on RootMe give you more goals.
Game duration : 240 min.
Description : Based on the show "Mr. Robot". Your goal is to retrieve the 3 hidden flags. You can validate the CTF-ATD with the last flag.
Game duration : 120 min.
Description : The JZ company and its subsudiary corporation BS ask you a pentest to see how far can dig a skilled hacker on Internet. Only the ctfxx.root-me.org fqdn is provided.
The CTF-ATD validation password is on DC1 in C:\passwd
Some useful informations about the company JZ:
The Active Directory implies a strong password policy. Bruteforcing the Windows Administrator account is pointless.
Don’t forget :
It’s a CTF made of several machines;
Only one of these machines is accessible through Internet.
Game duration : 240 min.
Description : Your goal is simple: compromise the virtual environment "SamBox v3".
This environment consists of 2 servers of which only 1 is accessible from the Internet.
The validation password is in the /root directory of the 2nd server.
Game duration : 120 min.
Description : A new site offers some tools for image processing, the site is still in development but some tools are already online!
Game duration : 120 min.
Description : I’ve tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope).
Since you’re not a Teuchter, I’ll offer some hints to you:
Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.
To consider this VM complete, you need to have obtained:
Troll Flag: where you normally look for them
Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
Flag 2: It will include a final challenge to confirm you hit the jackpot.
Have root everywhere (this will make sense once you’re in the VM)
User passwords
2 VNC passwords
Best of luck! If you get stuck, eat some EXTRABACON
NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.
Game duration : 240 min.
Description : Virtual machine created for the Hackfest 2016.
Game duration : 240 min.
Description : Virtual machine created for the Hackfest 2016.
Game duration : 240 min.
Description : A machine that will challenge your skills (web, dev exploit, cracking,..).
Game duration : 240 min.
Description : The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as:
- Stack-based Buffer Overflows
- Format String Vulnerabilities
- Heap-based Buffer Overflows
- Detection of tracing
- Insecure validation of credentials
- and more… don’t want to give you all the good details eh?
Note: ASLR must be disabled, log in as level17:madpwnage, and run “echo 0 > /proc/sys/kernel/randomize_va_space”. Also, challenge 3, is only a DoS challenge. This is the beta, so there are still glitches.
Full description : https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/
Game duration : 240 min.
Description : Welcome to Droopy. This is a beginner’s boot2root/CTF VM.
There’s 2 hints I would offer you:
- Grab a copy of the rockyou wordlist.
- It’s fun to read other people’s email.
Game duration : 240 min.
Description : Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
Username: level0
Password: warmup
Game duration : 240 min.
Description : Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?
Hint: Enumerate, enumerate, and enumerate!
Game duration : 240 min.
Description : Hack it, reach root and capture the flag.
Enumeration is the key.
Game duration : 240 min.
Description : After some network troubles, our administrator has written a script that monitors the processes that have a SYN Backlog full. For the moment, this script just write the relevant information on stdout.
- Log into SSH on the machine (user / password) and get root permissions by exploiting a vulnerability in the script.
- The challenge validation password is in the file /srv/syn_backlog/passwd.
- The CTF-ATD validation password is in the file /passwd.
Game duration : 120 min.
Description : Welcome to Quaoar
This is a vulnerable machine created for the Hackfest 2016 CTF : http://hackfest.ca/
Goal: This machine is intended to be doable by someone who is interested in learning computer security. Get a shell and get root to get the flag in the file /passwd.
Game duration : 240 min.
Description : Fuku (pronounced "far queue") CTF is designed to fuck with people.
There are a few flag.txt files to grab. The final one is in the /passwd file. However, the ultimate goal is to get a root shell.
Scenario
"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."
Hints
Some scripting will probably be needed to find a useful port.
If the machine seems to go down after a while, it probably hasn’t. This CTF isn’t called Fuku for nothing!
Author: Robert Winkel
Game duration : 240 min.
Description : There are a few flag.txt files around to grab. /passwd is your ultimate goal.
Hints:
This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.
Author: Robert Winkel
Game duration : 240 min.
Description : My company asked me to develop a small FTP server for an IOT project. I found one on Github that should do the trick. Why reinvent the wheel?
If you can, find vulnerabilities on the FTP service and exploit them to get a shell on the machine, then find the way to get root privileges.
- The FTP service is running on the TCP/2121 port.
- Challenge validation password is in the /passwd-challenge file.
- The CTF-ATD validation password is in the /passwd file.
Game duration : 240 min.
Description : After being hacked several times on their windows infrastructures, BS Corp decides to create his own SOC.
The team worked to migrate some services under linux environement.Show them that it is not enough !
- Highway to shell challenge flag is located in /root folder
- CTF AD password is located in /passwd file
Game duration : 240 min.
Description : Your goal is simple: compromise the virtual environment "SSRF Box".
The validation password of challenge (Realist) is in the /root directory.
Game duration : 240 min.
Description : Your goal is simple: compromise the virtual environment "Bozobe Hospistal".
Game duration : 240 min.
Description : We found this Linux machine that was running in 2003. At the time, we suspected an infection but we had never managed to find the origin.
Show us your skills by analyzing the running machine. Your goal is to recover the password of the stolen user and the PID of the malicious process.
This machine is associated with the "Forensic / Cold case" challenge.
Game duration : 120 min.
Description : You have just arrived on the team and your sysadmin colleague refuses to give you root rights because "it’s too early".
You tell him that you will find the way to elevate your privileges to get the root account of the machine. Your colleague laughs and tells you that he will regularly go to the server to wish you good luck!
Credentials : admin / admin
Game duration : 60 min.
|