Description
Training machine of the SecuriTech challenge. This image is a Debian Linux containing a website accessible on the port 8080. All the challenge can’t be enabled at the same time.
Game duration
180 min.
Description
Windows-XP-pro-01 is a Microsoft Windows XP SP2 desktop station.
Game duration
90 min.
Description
Virtual machine provided by nightrang3r. No hints.
Game duration
240 min.
Description
Virtual machine provided by pynStrom. No hints.
Game duration
240 min.
Description
Kioptrix’s second level.
Game duration
240 min.
Description
Kioptrix’s third level.
Game duration
180 min.
Description
Kioptrix’s fourth level.
Game duration
240 min.
Description
The first challenge provided by LAMPsec.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Root them->challenge177]"
The second challenge provided by LAMPsec.
Game duration
240 min.
Description
The third challenge provided by LAMPsec.
Game duration
240 min.
Description
Metasploitable is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of tomcat, distcc, tikiwiki, twiki, and a MySQL database server.
Game duration
60 min.
Description
Second metasploitable virtual machine provided by Offensive Security.
Game duration
60 min.
Description
Virtual machine provided by Bonsai Information Security exposing w3af’s test website. Learning platform where you’re guided.
Game duration
240 min.
Description
Virtual machine provided by g0tmi1k. No hints.
Game duration
240 min.
Description
Ubuntu-8.04-weak is a Ubuntu Linux 8.04 LAMP server.
Game duration
800 min.
Description
Ultimate LAMP is an Ubuntu 8.04 server install. A number of vulnerable packages are included, including an install of apache, postfix, and a MySQL database server.
Game duration
180 min.
Description
Attention : this CTF-ATD is linked to the challenge "[IPBX - call me maybe->challenge305]"
vm VoIP based on old asterisk version
Game duration
240 min.
Description
Virtual machine provided by RebootUser.
Game duration
180 min.
Description
The eighth challenge provided by LAMPsec.
Game duration
120 min.
Description
LAMPsec’s challenge #7
Game duration
240 min.
Description
The first realistic hackademic challenge (root this box) by mr.pr0n.
Game duration
120 min.
Description
Vulnerable VM with some focus on NoSQL.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v1->challenge447]"
Administrator
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v2->challenge645]"
Exploiting many CVE
Game duration
240 min.
Description
A Linux based VM to start with a simple botnet.
Game duration
240 min.
Description
A botnet to gain control !
Game duration
240 min.
Description
Just a simple botnet infected by Madness Pro to exploit.
Game duration
240 min.
Description
A virtual machine to compromise. By Reboot User.
Game duration
240 min.
Description
A virtual machine to exploit. By barrebas.
Game duration
120 min.
Description
A virtual machine for advanced users to exploit.
Game duration
350 min.
Description
A virtual machine designed by Telspace Systems.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bluebox - Pentest->challenge956]"
Pentest Microsoft environment starting from a webservice on the Internet until the total compromise of the Active Directory domain of the company.
Final goal: get an access to the web application http://srvstaff.bs.corp under the identity of Emmanuel Goldstein (CEO).
Game duration
240 min.
Description
This Virtual Machine contains both network logics and web logics. I have added new concept here and let’s see how many of you think more logically. 🙂
Game duration
240 min.
Description
This Virtual Machine is completely web based. I have added little new concept here and hope people will enjoy solving this.
Game duration
240 min.
Description
The CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration
240 min.
Description
The CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.
The vulnerable SOAP service is available on http://Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically.
The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques.
If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the —proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.
Game duration
240 min.
Description
Root the machine to access /passwd
Game duration
300 min.
Description
A virtual machine to root. By sagi- (@ s4gi_)
Game duration
120 min.
Description
A virtual machine to root. By sagi- (@ s4gi_)
Game duration
120 min.
Description
brainpan1
Game duration
120 min.
Description
Root the machine in order to find your precious.
Game duration
300 min.
Description
Completing "flick" will require some sound thinking, good enumeration skills & time !
Game duration
240 min.
Description
Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live.
You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider.
The .apk may be installed on a phone (though I wont be offended if you don’t trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html).
Game duration
240 min.
Description
A small VM made for a Dutch informal hacker meetup called Fristileaks. Meant to be broken in a few hours without requiring debuggers, reverse engineering, etc..
Game duration
240 min.
Description
This is a hard piece to root!
Game duration
300 min.
Description
This CTF gives a clear analogy how hacking strategies can be performed on a network to compromise it in a safe environment. This vm is very similar to labs I faced in OSCP. The objective being to compromise the network/machine and gain Administrative/root privileges on them.
Game duration
240 min.
Description
Before you lies the mainframe of XERXES. Compromise the subsystems and gain root access.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SAP Pentest 000->challenge1338]" and "[SAP Pentest 007->challenge1334]"
The company BS-CORP decided to have an ERP to fulfils its potential.
However, they wondered whether the data are safe.
To verify this, you are mandated to perform a pentest on their new application.
Get the flag in the file /passwd to validate this CTF.
The challenges "SAP Pentest 007" and "SAP Pentest 000" on RootMe give you more goals.
Game duration
240 min.
Description
Based on the show "Mr. Robot". Your goal is to retrieve the 3 hidden flags. You can validate the CTF-ATD with the last flag.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bluebox 2 - Pentest->challenge1523]"
The JZ company and its subsudiary corporation BS ask you a pentest to see how far can dig a skilled hacker on Internet. Only the ctfxx.root-me.org fqdn is provided.
The CTF-ATD validation password is on DC1 in C:\passwd
Some useful informations about the company JZ:
– The Active Directory implies a strong password policy. Bruteforcing the Windows Administrator account is pointless.
Don’t forget :
– It’s a CTF made of several machines;
– Only one of these machines is accessible through Internet.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[SamBox v3->challenge1539]"
Your goal is simple: compromise the virtual environment "SamBox v3".
This environment consists of 2 servers of which only 1 is accessible from the Internet.
The validation password is in the /root directory of the 2nd server.
Game duration
120 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Imagick->challenge1554]"
A new site offers some tools for image processing, the site is still in development but some tools are already online!
Game duration
120 min.
Description
I’ve tried to mix things up a little on this one, and have used the feedback from #vulnhub to make this VM a little more challenging (I hope).
Since you’re not a Teuchter, I’ll offer some hints to you:
Remember TCP is not the only protocol on the Internet My challenges are never finished with root. I make you work for the flags. The intended route is NOT to use forensics or 0-days, I will not complain either way.
To consider this VM complete, you need to have obtained:
– Troll Flag: where you normally look for them
– Flag 1: You have it when you book Jennifer tickets to Paris on Pan Am.
– Flag 2: It will include a final challenge to confirm you hit the jackpot.
– Have root everywhere (this will make sense once you’re in the VM)
– User passwords
– 2 VNC passwords
Best of luck! If you get stuck, eat some EXTRABACON
NB: Please allow 5-10 minutes or so from powering on the VM for background tasks to run before proceeding to attack.
Game duration
240 min.
Description
Virtual machine created for the Hackfest 2016.
Game duration
240 min.
Description
Virtual machine created for the Hackfest 2016.
Game duration
240 min.
Description
A machine that will challenge your skills (web, dev exploit, cracking,..).
Game duration
240 min.
Description
The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as:
- Stack-based Buffer Overflows
- Format String Vulnerabilities
- Heap-based Buffer Overflows
- Detection of tracing
- Insecure validation of credentials
- and more… don’t want to give you all the good details eh?
SSH access :
- User: n00b
- Password: n00b
Note: ASLR must be disabled, log in as level17:madpwnage, and run “echo 0 > /proc/sys/kernel/randomize_va_space”. Also, challenge 3, is only a DoS challenge. This is the beta, so there are still glitches.
Full description : https://www.vulnhub.com/entry/the-pentesters-64-bit-appsec-primer-beta,155/
Game duration
240 min.
Description
Welcome to Droopy. This is a beginner’s boot2root/CTF VM.
There’s 2 hints I would offer you:
- Grab a copy of the rockyou wordlist.
- It’s fun to read other people’s email.
Game duration
240 min.
Description
Our resident ROP ninja barrebas recently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at https://speakerdeck.com/barrebas/rop-primer.
Username: level0
Password: warmup
Game duration
240 min.
Description
Zico is trying to build his website but is having some trouble in choosing what CMS to use. After some tries on a few popular ones, he decided to build his own. Was that a good idea?
Hint: Enumerate, enumerate, and enumerate!
Game duration
240 min.
Description
Hack it, reach root and capture the flag.
Enumeration is the key.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bash/Awk - netstat parsing->challenge1681]"
After some network troubles, our administrator has written a script that monitors the processes that have a SYN Backlog full. For the moment, this script just write the relevant information on stdout.
- Log into SSH on the machine (user / password) and get root permissions by exploiting a vulnerability in the script.
- The challenge validation password is in the file /srv/syn_backlog/passwd.
- The CTF-ATD validation password is in the file /passwd.
Game duration
120 min.
Description
Welcome to Quaoar
This is a vulnerable machine created for the Hackfest 2016 CTF : http://hackfest.ca/
Goal: This machine is intended to be doable by someone who is interested in learning computer security. Get a shell and get root to get the flag in the file /passwd.
Game duration
240 min.
Description
Fuku (pronounced "far queue") CTF is designed to fuck with people.
There are a few flag.txt files to grab. The final one is in the /passwd file. However, the ultimate goal is to get a root shell.
Scenario
"Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place."
Hints
Some scripting will probably be needed to find a useful port.
If the machine seems to go down after a while, it probably hasn’t. This CTF isn’t called Fuku for nothing!
Author: Robert Winkel
Game duration
240 min.
Description
There are a few flag.txt files around to grab. /passwd is your ultimate goal.
Hints:
This CTF has a couple of fairly heavy password cracking challenges, and some red herrings.
One password you will need is not on rockyou.txt or any other wordlist you may have out there. So you need to think of a way to generate it yourself.
Author: Robert Winkel
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[ARM FTP Box->challenge1689]"
My company asked me to develop a small FTP server for an IOT project. I found one on Github that should do the trick. Why reinvent the wheel?
If you can, find vulnerabilities on the FTP service and exploit them to get a shell on the machine, then find the way to get root privileges.
- The FTP service is running on the TCP/2121 port.
- Challenge validation password is in the /passwd-challenge file.
- The CTF-ATD validation password is in the /passwd file.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Highway to shell->challenge1775]"
After being hacked several times on their windows infrastructures, BS Corp decides to create his own SOC.
The team worked to migrate some services under linux environement.Show them that it is not enough !
- Highway to shell challenge flag is located in /root folder
- CTF AD password is located in /passwd file
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Server Side Request Forgery->challenge1783]"
Your goal is simple: compromise the virtual environment "SSRF Box".
The validation password of challenge (Realist) is in the /root directory.
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[Bozobe Hospital->challenge1785]"
Your goal is simple: compromise the virtual environment "Bozobe Hospistal".
Game duration
240 min.
Description
We found this Linux machine that was running in 2003. At the time, we suspected an infection but we had never managed to find the origin.
Show us your skills by analyzing the running machine. Your goal is to recover the password of the stolen user and the PID of the malicious process.
This machine is associated with the "Forensic / Cold case" challenge.
Game duration
120 min.
Description
You have just arrived on the team and your sysadmin colleague refuses to give you root rights because "it’s too early".
You tell him that you will find the way to elevate your privileges to get the root account of the machine. Your colleague laughs and tells you that he will regularly go to the server to wish you good luck!
Credentials : admin / admin
Game duration
60 min.
Description
This is my very first public Boot2Root, It’s intended to be more of a fun game than a serious hacking challenge. Hopefully anyone interested enough to give it a try will enjoy the story with this one.
It is based on the StarWars storyline and is designed to Troll you in a fun way.
Just be warned, it’s littered with more than a few “Red Herrings” ;D
There are 6 flags to collect. Each in the format of flag1ZXhhbXBsZSBmbGFnCg== Beat the Empire and steal the plans for the Death Star before its too late.
I Hope You Enjoy It.
Game duration
240 min.
Description
This is a small boot2root VM I created for my university’s cyber security group. It contains multiple remote vulnerabilities and multiple privilege escalation vectors. I did all of my testing for this VM on VirtualBox, so that’s the recommended platform. I have been informed that it also works with VMware, but I haven’t tested this personally.
This VM is specifically intended for newcomers to penetration testing. If you’re a beginner, you should hopefully find the difficulty of the VM to be just right.
Your goal is to remotely attack the VM and gain root privileges. Once you’ve finished, try to find other vectors you might have missed!
Game duration
120 min.
Description
Get the flag
Game duration
240 min.
Description
Attention : this CTF-ATD is linked to the challenge "[BBQ Factory - Back To The Grill->challenge2049]" and "[BBQ Factory - First Flirt->challenge2047]"
King Heenok is convinced of the security of his online sales platform, convince the contrary by retrieving the contents of the flags files placed at the root of the different servers.
Game duration
600 min.
Description
Boot2root machine for educational purposes
Our first boot2root machine, execute /flag to complete the game.
Try your skills against an environment protected by IDS and sandboxes!
“Our product Rashomon IPS is so good, even we use it!” they claim.
Game duration
240 min.
Description
The Milburg Highschool Server has just been attacked, the IT staff have taken down their windows server and are now setting up a linux server running Debian. Could there a few weak points in