Vulnerable VMs

Vulnhub

infovore 1

This is an easy to intermediate box that shows you how you can exploit innocent looking php functions and lazy sys admins.

There are 4 flags in total to be found, and you will have to think outside the box and try alternative ways to achieve your goal of capturing all flags.

VM has been tested on VirtualBox 6.1.10 and VMWare (Fusion)

Enjoy! @theart42 and @4nqr34z

2Much was made for pen-testing practice. When I worked on it, it hit me; Wouldn't be great to have an extra vulnerability on the host itself? As an extra bonus? It is at medium level difficulty. Enumeration is the key.

Built and tested on VMWare ESXi and Fusion.

DHCP-client

Tempus Fugit

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

It is an intermediate real life box.

Created mostly by me with some assistance by @DCAU7, the idea behind Tempus Fugit was to create something “out of the ordinary” and without giving anything away, something “dynamic” and a lot like time... changing.

The vm contains both user and root flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact us on Twitter: @4nqr34z @DCAU7

DHCP-Client.

Tested both on Virtualbox and vmware

Health warning: May drive people insane

Tempus Fugit 2

This is an intermediate, real life box.

In Tempus Fugit 2, the idea is still, like in the first vm; to create something “out of the ordinary”. The vm contains both user and root flags. If you don’t see them, you are not looking in the right place... Need any hints? Feel free to contact me on Twitter: @4nqr34z

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: Have driven people to the brink of insanity

Tempus Fugit 3

This is an intermediate, real life box.

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, real life box, created by @4nqr34z and @theart42 to be used as a CTF challenge on Bsides Newcastle 23. november 2019 and released on Vulnhub the same day.

In Tempus Fugit 3, the idea is still, like in the first two challenges; to create something “out of the ordinary”.

The vm contains 5 flags. If you don’t see them, you are not looking in the right place...

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: For external use only

Tempus Fugit 4

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, real life box.

As in the former Tempus Fugits, the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client.

Tested and works both on Virtualbox and vmware

Story:

After being hacked multiple times, the company decides to do things differently this time. They left Linux and choose another operating system that claimed to be more secure. Realising they could have resources inside the company that are > > willing to help the relative small IT department (originally only web-designers) and the fact (according to Hugh Janus) there are safety in numbers, they start a internal crowdsourcing project. Allowing internal employees to request access to the > new server.

DHCP-Client. Tested both on Virtualbox and vmware

Health warning: For external use only

Tempus Fugit 5

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

This is an hard, probably insane, real life box, created by @4nqr34z and @theart42.

As in the former Tempus Fugits, #5 the idea is still to create something “out of the ordinary”.

Need any hints? Feel free to contact us on Twitter: @theart42 and @4nqr34z

DHCP-Client.

Tested and works both on Virtualbox and vmware

Health warning: May cause loss of hair, severe self doubt and enlarged imposter syndrome

Story:

Recovered from the security disaster that was Tempus Fugit 4, our friends at Mofo company returned to the warm bosom of Linux. They have developed a sensational Internet application and have protected it with all sorts of fancy tooling. > Deploying new technology and cool security features, they are confident that they can now withstand the worst of the worst. But, being hacked so many times, may the real danger be lurking from within?? Hack TF5 and find out for yourself!, @theart42 and @4nqr34z

Try Hack Me

Tempus Fugit Durius

Tempus Fugit is a Latin phrase that roughly translated as “time flies”.

Durius is also latin and means "harder".

This is a remake of Tempus Fugit 1. A bit harder and different from the first one.

It is an intermediate/hard, real life box.

Carpe Diem 1

Story

One of your clients has been hacked by the Carpe Diem cyber gang and all their important files have been encrypted. They have hired you to help them recover an important file that they need to restore their backups. They have contacted the carpe diem cybergang and paid a ransom but have not heard anything back.

The countdown timer is ticking since they visited and they are now running out of time to recover their data before the keys are deleted on the server. Can you retrieve the keys and help your client restore their data before time runs out?

Erit Securus I

Learn to exploit the BoltCMS software by researching exploit-db.