Vulnerable VMs I have made alone or with friends.

Vulnhub

infovore 1

This is an easy to intermediate box that shows you how you can exploit innocent looking php functions and lazy sys admins.

There are 4 flags in total to be found, and you will have to think outside the box and try alternative ways to achieve your goal of capturing all flags.

VM has been tested on VirtualBox 6.1.10 and VMWare (Fusion)

Enjoy! @theart42 and @4nqr34z

2Much

2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn't be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key.

Built and tested on VMWare ESXi and Fusion.

DHCP-client

Tempus Fugit

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

It is an intermediate real life box.

Created mostly by me with some assistance by @DCAU7, the idea behind Tempus Fugit was to create something “out of the ordinary” and without giving anything away, something “dynamic” and a lot like time... changing.

The vm contains both user and root flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact us on Twitter: @4nqr34z @DCAU7

DHCP-Client.

Tested both on Virtualbox and vmware

Health warning: May drive people insane

Tempus Fugit 2

This is an intermediate, real life box.

In Tempus Fugit 2, the idea is still, like in the first vm; to create something “out of the ordinary”. The vm contains both user and root flags. If you don’t see them, you are not looking in the right place... Need any hints? Feel free to contact me on Twitter: @4nqr34z

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: Have driven people to the brink of insanity

Tempus Fugit 3

This is an intermediate, real life box.

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, real life box, created by @4nqr34z and @theart42 to be used as a CTF challenge on Bsides Newcastle 23. november 2019 and released on Vulnhub the same day.

In Tempus Fugit 3, the idea is still, like in the first two challenges; to create something “out of the ordinary”.

The vm contains 5 flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: For external use only

Tempus Fugit 4

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, real life box.

As in the former Tempus Fugits, the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client.

Tested and works both on Virtualbox and vmware

Story

After being hacked multiple times, the company decides to do things differently this time. They left Linux and choose another operating system that claimed to be more secure. Realising they could have resources inside the company that are > > willing to help the relative small IT department (originally only web-designers) and the fact (according to Hugh Janus) there are safety in numbers, they start a internal crowdsourcing project. Allowing internal employees to request access to the > new server.

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: For external use only

Tempus Fugit 5

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, probably insane, real life box, created by @4nqr34z and @theart42.

As in the former Tempus Fugits, #5 the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client.

Tested and works both on Virtualbox and vmware

Health warning: May cause loss of hair, severe self doubt and enlarged imposter syndrome

Story

Recovered from the security disaster that was Tempus Fugit 4, our friends at Mofo company returned to the warm bosom of Linux. They have developed a sensational Internet application and have protected it with all sorts of fancy tooling. > Deploying new technology and cool security features, they are confident that they can now withstand the worst of the worst. But, being hacked so many times, may the real danger be lurking from within?? Hack TF5 and find out for yourself!, @theart42 and @4nqr34z

Worst Western Hotel

Important: This box probably needs to be run in an isolated environment (Host-Only network), or it might disrupt your internal network. You should of course always run downloaded vm that way.

Hint:

Foothold is inspired by one of these vulnerabilities:

https://www.exploit-db.com/exploits/39171

DHCP-Client.

Tested and works both on Virtualbox and vmware

Story

Haven't you always wanted to be a hotel pwner?:-)

Health warning: Safety Googles recomended ;-)

Try Hack Me

Tempus Fugit Durius

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

Durius is also latin and means "harder".

This is a remake of Tempus Fugit 1. A bit harder and different from the first one.

It is an intermediate/hard, real life box.

Carpe Diem 1

Story

One of your clients has been hacked by the Carpe Diem cyber gang and all their important files have been encrypted. They have hired you to help them recover an important file that they need to restore their backups. They have contacted the carpe diem cybergang and paid a ransom but have not heard anything back.

The countdown timer is ticking since they visited and they are now running out of time to recover their data before the keys are deleted on the server. Can you retrieve the keys and help your client restore their data before time runs out?

Happy Hacking!

@theart42 and @4nqr34z

Erit Securus I

Learn to exploit the BoltCMS software by researching exploit-db.

Happy Hacking!

@theart42 and @4nqr34z

Ra 1

Story

You have gained access to the internal network of WindCorp, the multibillion dollar company, running an extensive social media campaign >claiming to be unhackable (ha! so much for that claim!). Next step would be to take their crown jewels and get full access to their internal network. You have spotted a new windows machine that >may lead you to your end goal. Can you conquer this end boss and own their internal network?

Happy Hacking!

@theart42 and @4nqr34z

Set

Story

Once again you find yourself on the internal network of the Windcorp Corporation. This tasted so good last time you were there, you came back for more.

However, they managed to secure the Domain Controller this time, so you need to find another server and on your first scan discovered "Set".

Set is used as a platform for developers and has had some problems in the recent past. They had to reset a lot of users and restore backups (maybe you were not the only hacker on their network?). So they decided to make sure all users used proper passwords and closed of some of the loose policies. Can you still find a way in? Are some user more privileged than others? Or some more sloppy? And maybe you need to think outside the box a little bit to circumvent their new security controls…

Happy Hacking!

@theart42 and @4nqr34z

Ra 2

Just when they thought their hashes where safe... Ra 2 - The sequel

Story

WindCorp recently had a security-breach. Since then they have hardened their infrastructure, learning from their mistakes. But maybe not enough? You have managed to enter their local network...

Happy Hacking!

@theart42 and @4nqr34z

Osiris

Story

As a final blow to Windcorp's security, you intend to hack the laptop of the CEO, Charlotte Johnson. You heard she has a boatload of Bitcoin, and those seem mighty tasty to you. But they have learned from the previous hacks and have introduced strict security measures.

However, you dropped a wifi RubberDucky on her driveway. Charlotte and her personal assistant Alcino, just drove up to her house and he picks up the bait as they enter the building. Sitting in your black van, just outside her house, you wait for them to plug in the RubberDucky (curiosity kills cats, remember?) and once you see the Ducky’s Wifi network pop up, you make a connection to the RubberDucky and are ready to send her a payload…

This is where your journey begins. Can you come up with a payload and get that sweet revshell? And if you do, can you bypass the tightened security? Remember, antivirus tools aren’t the sharpest tools in the shed, sometimes changing the code a little bit and recompiling the executable can bypass these simplest of detections.

As a final hint, remember that you have pwned their domain controller. You might need to revisit Ra or Ra2 to extract a key component to manage this task, you will need the keys to the kingdom...

Happy Hacking!

@theart42 and @4nqr34z

HackTheBox

Anubis

WindCorp recently experienced a devastating breach. There was even proof of hackers having exfiltrated the Domain DPAPI Backup key. With this knowledge, they had no other options, than to reinstall their entire Active Directory.

Rebuilt with focus on security, they have hired you as a pentester to make sure this won’t happen again.

Hathor

Hathor was amongst other also a goddess of destruction in her role as the Eye of Ra – defender of the sun god. According to legend, people started to criticize Ra when he ruled as Pharaoh. Ra decided to send his “eye” against them (in the form of Sekhmet). She began to slaughter people by the hundred. When Ra relented and asked her to stop she refused as she was in a blood lust.

The only way to stop the slaughter was to colour beer red (to resemble blood) and pour the mixture over the killing fields. When she drank the beer, she became drunk and drowsy, and slept for three days. When she awoke with a hangover she had no taste for human flesh and mankind was saved. Ra renamed her Hathor and she became a goddess of love and happiness.

Sekhmet

Sekhmet was the daughter of the sun god, Ra, and was among the more important of the goddesses who acted as the vengeful manifestation of Ra's power, the Eye of Ra. Sekhmet was said to breathe fire, and the hot winds of the desert were likened to her breath. She was also believed to cause plagues (which were called as her servants or messengers)