| 名称 | 发布日期 | 作者名称 | 系列 | 镜像大小 | 下载地址 | 描述1 | 描述2 | MD5 | SHA1 | 虚拟机格式 | 操作系统 | DHCP服务 | IP地址 |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Empire: LupinOne | 21 Oct 2021 | icex64 & Empire Cybersecurity | Empire | 922 MB | https://download.vulnhub.com/empire/01-Empire-Lupin-One.zip | Difficulty: Medium | This box was created to be medium, but it can be hard if you get lost. CTF like box. You have to enumerate as much as you can. For hints discord Server ( https://discord.gg/7asvAhCEhe ) | 2A8A9F31DE8030C196123023187F63BD | FDB766DD7129C78FE08DDEC850C860EFB1C3AB6F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Noob: 1 | 22 Sep 2021 | VIEH Group | Noob | 3.1 GB | https://download.vulnhub.com/noob/Noob.ova | N/A | BC71D24EAA92D992AFC87194A7AF789F | 4E563DA3D986079B9FA73E82C4D3E1EA5578B0DA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Red: 1 | 27 Oct 2021 | hadrian3689 | Red | 1.7 GB | https://download.vulnhub.com/red/Red.ova | Red has taken over your system, are you able to regain control? | This works better on VirtualBox rather than VMware | 8C08C51DAEE2314A07033F86E97F60B1 | 8DFA23F9DE63B32FE19565291BF5B50C2C148ED6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Napping: 1.0.1 | 22 Oct 2021 | hadrian3689 | Napping | 2.0 GB | https://download.vulnhub.com/napping/napping-1.0.1.ova | Even Admins can fall asleep on the job | This works better with VirtualBox rather than VMware## Changelogv1.0.1 - 2021-10-30v1.0.0 - 2021-10-22 | D2CDF58FACB576407CF564064E8D554D | CADB7B6A524718EA366B5BE5753E0AC622FC8973 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Empire: Breakout | 21 Oct 2021 | icex64 & Empire Cybersecurity | Empire | 1013 MB | https://download.vulnhub.com/empire/02-Breakout.zip | Difficulty: Easy | This box was created to be an Easy box, but it can be Medium if you get lost. For hints discord Server ( https://discord.gg/7asvAhCEhe ) | C87BC1DB9BD51205B1E9EA441F8222AB | 164DF36D136E5DA83FCCCF503D36A59B0D26E14A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Matrix-Breakout: 2 Morpheus | 11 Jul 2022 | Jay Beale | Matrix-Breakout | 805 MB | https://download.vulnhub.com/matrix-breakout/matrix-breakout-2-morpheus.ova | This is the second in the Matrix-Breakout series, subtitled Morpheus:1. It’s themed as a throwback to the first Matrix movie. You play Trinity, trying to investigate a computer on the Nebuchadnezzar that Cypher has locked everyone else out from, which holds the key to a mystery. | Difficulty: Medium-Hard | 610A65443B11D2929E848BAA1899CCFB | 2E5AF8A2482E83E55B3AE8684EB14C7189680D78 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| digitalworld.local: electrical | 22 Sep 2021 | Donavan | digitalworld.local | 12 GB | https://download.vulnhub.com/digitalworld/ELECTRICAL.7z | Good Tech Inc. has realised its machines were vulnerable. They have decided to deploy a permanent VAPT machine within their network, where contractors can remotely access to perform the necessary vulnerability assessment scans. | However, this has not been the most secure deployment. Can you root this machine? If you MUST have hints for this machine: ELECTRICAL is (#1): well-intentioned but horrible in execution, (#2): has multiple paths to privilege escalation, (#3): how you should not configure vendor configurations for VAPT work. | 52A1BA392DAD4E47FAF3AC29C32A624F | 6A0785D226BD311318648129BC53B7E136A5455D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| The Planets: Earth | 2 Nov 2021 | SirFlash | The Planets | 2.0 GB | https://download.vulnhub.com/theplanets/Earth.ova | Difficulty: Easy | Earth is an easy box though you will likely find it more challenging than “Mercury” in this series and on the harder side of easy, depending on your experience. There are two flags on the box: a user and root flag which include an md5 hash. This has been tested on VirtualBox so may not work correctly on VMware. Any questions/issues or feedback please email me at: SirFlash at protonmail.com, though it may take a while for me to get back to you. | 7577F9CB54D024FD2283C998BCC8C173 | 6476ACC056C32E09377B5403126FB0B34DBEA0A7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| ICA: 1 | 25 Sep 2021 | onurturali | ICA | 1.3 GB | https://download.vulnhub.com/ica/ica1.zip | According to information from our intelligence network, ICA is working on a secret project. We need to find out what the project is. Once you have the access information, send them to us. We will place a backdoor to access the system later. You just focus on what the project is. You will probably have to go through several layers of security. The Agency has full confidence that you will successfully complete this mission. Good Luck, Agent! | Difficulty: EasyThis works better with VirtualBox rather than VMware | B9557A43B55C2304996E6A66604DA4CE | 56F2CA1C6694D8856A8BD132CB2BE9A0666B7044 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Jangow: 1.0.1 | 4 Nov 2021 | Jangow | Jangow | 828 MB | https://download.vulnhub.com/jangow/jangow-01-1.0.1.ova | Difficulty: easy | The secret to this box is enumeration! Inquiries This works better with VirtualBox rather than VMware## Changelog2021-11-04 - v1.0.12021-11-01 - v1.0.0 | B9E912D79CC304676E1A07558284B8AB | 3E50B4168FA2D83AA10F05D2F66C5A7071F3C927 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Web Machine: (N7) | 3 Nov 2021 | Duty Mastr | Web Machine | 5.7 GB | https://download.vulnhub.com/webmachine/Web-Machine-N7.ova | Difficulty: Medium | This may work better with VirtualBox rather than VMware | 0E793E913D740C42993D47BC964399A6 | 67E4452646B3F3B3FC518A900FD0363DFE55F6F4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Thales: 1 | 16 Oct 2021 | MachineBoy | Thales | 2.2 GB | https://download.vulnhub.com/thales/Thales.zip | Description : Open your eyes and change your perspective | includes 2 flags:user.txt and root.txt. Telegram: @machineboy141 (for any hint)This works better with VIrtualBox rathe than VMware | 3645DD82FF243CE57F245EBEB83055DC | 8BC1B7E6D435ED3584151345D118161DBE1DF8BE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| doubletrouble: 1 | 11 Sep 2021 | tasiyanci | doubletrouble | 979 MB | https://download.vulnhub.com/doubletrouble/doubletrouble.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware | F56544B46DC149ECA71F948E9F10772F | B17C92DF8F73E391AFC90EA583243566DF3381EC | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Chronos: 1 | 9 Aug 2021 | AL1ENUM | Chronos | 1.7 GB | https://download.vulnhub.com/chronos/Chronos.ova | Difficulty : medium | This works better with VirtualBox rather than VMware | 30DAD56028D2AAAD047391E76BE64F9C | 73392A63F0C1662793907982CC1E1CB745703DF3 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| digitalworld.local: snakeoil | 23 Aug 2021 | Donavan | digitalworld.local | 3.4 GB | https://download.vulnhub.com/digitalworld/SNAKEOIL.7z | Recently, Good Tech Inc. has decided to change their application development process. However, their applications look broken and too basic. Is this an application full of snakeoil, or are they insecure too? This goes beyond PEN-200, and some web application development expertise could be helpful. | If you MUST have hints for this machine: SNAKEOIL is (#1): a hint by itself, (#2): full of disallowed methods, (#3): a single file full of problems. | 02D98B7F7EDA76966BEDC5DF3EECA376 | 14C61B16D22BC30DB6823461906EB4F01DC5486A | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| EvilBox: One | 16 Aug 2021 | Mowree | EvilBox | 712 MB | https://download.vulnhub.com/evilbox/EvilBox—One.ova | Difficulty: Easy | This works better with VirtualBox rather than VMware | C3A65197B891713731E6BB791D7AD259 | EE44F1720A5D80B389AAA8207FE99F8C8C48C509 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Corrosion: 2 | 21 Sep 2021 | Proxy Programmer | Corrosion | 5.1 GB | https://download.vulnhub.com/corrosion/Corrosion2.ova | Difficulty: Medium | Hint: Enumeration is key. | CFE23EC5FFE4359AFE34A13C4006451E | 80B39AD58F786F205E6ECACFF6C734B02204E006 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Thoth Tech: 1 | 3 Aug 2021 | pwnlab.me | Thoth Tech | 1.9 GB | https://download.vulnhub.com/thothtech/Thoth-Tech.ova | n/a | This works better with VirtualBox rather than VMware | 77A02BA60C1A9651BC16C0716324DEB8 | 06D976BAA68031D59EE63AE2C7DB741F97E0BA69 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Vulnerable Pentesting Lab Environment: 1 | 19 Aug 2021 | Adityaraj | Vulnerable Pentesting Lab Environment | 2.5 GB | https://download.vulnhub.com/vple/VPLE.zip | VPLE (Vulnerable Pentesting Lab Environment) | VPLE is an intentionally vulnerable Linux virtual machine. This VM can be used to conduct security training, test security tools, and practice common penetration testing Labs. In VPLE bunch of labs Available. (only run in VMWare Pls Don’t run in VirtualBox) List Of All Labs:- | 308C56733B4E905DEE4514038704F0E2 | 272CEFA10B2F644A6EA48645CB307099FF8C00FB | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| Deathnote: 1 | 4 Sep 2021 | HWKDS | Deathnote | 658 MB | https://download.vulnhub.com/deathnote/Deathnote.ova | Level - easy | Description : don’t waste too much time thinking outside the box . It is a Straight forward box . This works better with VirtualBox rather than VMware | D5F6A19BBEA617D7C7C46E21C518F698 | BDAAB12DE17BB6696ECA324A0BB4027B62D44A49 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Beelzebub: 1 | 8 Sep 2021 | Shaurya Sharma | Beelzebub | 4.1 GB | https://download.vulnhub.com/beelzebub/Beelzebub.zip | Difficulty: Easy | You have to enumerate as much as you can and don’t forget about the Base64. For hints add me on Twitter- ShauryaSharma05 | BAC51D7645855EB6A45F90F5273A34F2 | C033AEB91D81E08640EDB0B163CBDC27AE75D98E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DarkHole: 2 | 3 Sep 2021 | Jehad Alqurashi | DarkHole | 3.3 GB | https://download.vulnhub.com/darkhole/darkhole_2.zip | Difficulty:Hard | This works better with VMware rather than VirtualBox Hint: Don’t waste your time For Brute-Force | 391404A3E18AD0CE91397C6C065FBEC9 | 2849280B2AA098A140117B91031A69A9AD1F1977 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Dripping Blues: 1 | 19 Sep 2021 | tasiyanci | Dripping Blues | 2.8 GB | https://download.vulnhub.com/drippingblues/drippingblues.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions. | 0C024E6396FE1F9D85E980B4630A6ACD | AC6824EF1A51FBF4D25C68681DEE3EBA827E5B99 | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| Vikings: 1 | 4 Sep 2021 | lucky thandel | Vikings | 1.7 GB | https://download.vulnhub.com/vikings/Vikings.ova | A CTF machine with full of challenges | Do what is visible, no rabbit holes Learn new things, and make sure that you enum first then hack. Discord- luckythandel#6053 {for any-hint}This works better with VirtualBox rather than VMware | 84F72C38E2458E01D00DB920A40D51EA | 1C8AC7A6C7454C8C8081CD65AF305C2A3EE803D4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hack Me Please: 1 | 31 Jul 2021 | Saket Sourav | Hack Me Please | 4.1 GB | https://download.vulnhub.com/hackmeplease/Hack_Me_Please.rar | Difficulty: Easy | Description: An easy box totally made for OSCP. No bruteforce is required. Aim: To get root shell | 787498429EACAE29B53594E74D8B7176 | EBD08CDE98442E526D21D5D00BE45C0CBFF517E1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| digitalworld.local: FALL | 6 Sep 2021 | Donavan | digitalworld.local | 2.3 GB | https://download.vulnhub.com/digitalworld/FALL.7z | To celebrate the fifth year that the author has survived his infosec career, a new box has been born! This machine resembles a few different machines in the PEN-200 environment (making it yet another OSCP-like box). More enumeration practice indeed! | If you MUST have hints for this machine: FALL is (#1): what happens when one gets careless, (#2): important in making sure we can get up, (#3): the author’s favourite season since it is a season of harvest. | 975E463FE748DFA3C10A025DE835F61E | 8917485F68374FAD627C4AFB450AA881F5C5BB6E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Looz: 1 | 2 Aug 2021 | mhz_cyber & Zamba | Looz | 2.1 GB | https://download.vulnhub.com/looz/Looz.zip | Not that hard and not that easy, it’s always straightforward if you can imagine it inside your mind. | If you need any help you can find me on Twitter @mhz_cyber , and I will be happy to read your write-ups guy send it on Twitter too Follow us: Twitter: @mhz_cyber , @I_ma7amd LinkedIn: mhzcyber, muhammadokasha cya with another machine.This works better with VirtualBox rather than VMware. | 3975FEBBCF7773E8824C3AE6B55A7220 | B0F222D828E12FA62E76003F5000F67878282BBB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DarkHole: 1 | 18 Jul 2021 | Jehad Alqurashi | DarkHole | 2.9 GB | https://download.vulnhub.com/darkhole/DarkHole.zip | Difficulty: Easy | It’s a box for beginners, but not easy, Good Luck Hint: Don’t waste your time For Brute-Force | 19C9D9A6542D363C3185214C90C9D9A3 | 634B8E67DE40637ECC355634790998A794EB5AC9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| doli: 1 | 5 Jul 2021 | c3p0d4y | doli | 1.2 GB | https://download.vulnhub.com/doli/doli-vulnhub-fixed.ova | Your boss told you to do a quick pentesting engagement on their new ERP/CRM Software that was recently setup and modded by junior developers . Can you find what mistakes did the developers made ? | This machine Is Based Of A Realistic Engagement When it comes to the web part Difficulty : hard | 0A5EF55FF604ED4C8F83456BF94E26FB | D672DED9057A210A51CC20A5D01CE7D76E143C54 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Corrosion: 1 | 31 Jul 2021 | Proxy Programmer | Corrosion | 7.8 GB | https://download.vulnhub.com/corrosion/Corrosion.ova | Difficulty: Easy | A easy box for beginners, but not too easy. Good Luck. Hint: Enumerate Property. | 052E16A1A948C77CB98C77CDF1C33C20 | F3D7CC157FCF02DB06E30D617F506E56F11D81FC | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: Thor | 3 Aug 2021 | Vishal Waghmare | hacksudo | 1.2 GB | https://download.vulnhub.com/hacksudo/hacksudo—Thor.zip | Box created by vishal Waghmare This box should be easy to medium . This machine was created for the InfoSec Prep | Discord Server ( https://discord.gg/kDyAKtJs ) Website (https://hacksudo.com) This box created for improvement of Linux privileged escalation, I hope so you guys enjoy. The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address you can check ip on grab page . This is the target address based on whatever settings you have. You should verify the address just incase. Find the root.txt flag submit it to the flagsubmit channel on Discord and get chance to get hacksudo machine hacking course free .This works better with VirtualBox rather than VMware | D1216820513FD7F96BCA40C1459861C2 | 70B7FB9A523BA559D3437CD1F0AE7F1CDBD77578 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hms?: 1 | 28 Jul 2021 | niveK | Hms? | 2.9 GB | https://download.vulnhub.com/hms/niveK.ova | easy | This works better with VirtualBox rather than VMware | 4CD7EE999F091D51361DE04BE99E049E | 3FB321BD2BDECDD5F443BE7FAB62C0F131CEF2EE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Scriptkiddie | 20 Jul 2021 | 0815R2d2 | Funbox | 1.3 GB | https://download.vulnhub.com/funbox/Funbox11.ova | As always, it’s a very easy box for beginners. | Add to your /etc/hosts: funbox11This works better with VirtualBox rather than VMware. | C7B3B5B218733E426A9E5978330763C4 | 2CB46DDC95353824809B30C8D37063ED833DBD57 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Pwn The Tron: 1 | 2 Jul 2021 | Sachin Sharma & Manjunathan | Pwn The Tron | 2.3 GB | https://download.vulnhub.com/pwnthetron/Pwn-the-Tron.ova | Type: Linear CTF | Level: EasyThis works better with VirtualBox rather than VMware. | 9478F99A28702355FFAC146C2D56F413 | BB3845428AFC097891887414AFE0D0591FD20A67 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Grotesque: 3.0.1 | 25 Aug 2021 | tasiyanci | Grotesque | 641 MB | https://download.vulnhub.com/grotesque/grotesque3.zip | get flags difficulty: medium | about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware.## Changelog- v3.0.1 - 20221-08-25- v3.0.0 - 20221-07-11 | 5CF2368F990AC745DDB078E996F8B402 | 617DA4266194D3BEC11577832A73BCB99C932FB8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| ContainMe: 1 | 29 Jul 2021 | IT Security Works | ContainMe | 2.2 GB | https://download.vulnhub.com/containme/THM-ContainMe-v4.ova | The difficulty is easy. It’s a CTF. | 979ED9EA52B3510641AF59A79514C522 | 3AD0F835914D3C1C3E03756F51DF8BE919FD23EE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| VulnCMS: 1 | 13 Jun 2021 | tombstoneGhost (Simardeep Singh) | VulnCMS | 1.4 GB | https://download.vulnhub.com/vulncms/VulnCMS.ova | This box is all about CMS as its name suggests. You need to enumerate the box, find the CMS, and exploit in order to gain access to other and finally get the user and root flag. | Hint: Proceed in the given order 😛 | F5DD00AFE5A44B302C28A8773206F0BA | 64882B730C7674B57CFEF8075812C040B0B52B5A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: ProximaCentauri | 8 Jun 2021 | Vishal Waghmare | hacksudo | 808 MB | https://download.vulnhub.com/hacksudo/hacksudo-ProximaCentauri.zip | Box created by hacksudo team members vishal Waghmare , Soham Deshmukh This box should be easy to medium . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/tsEQqDJh) and Website (https://hacksudo.com) | This box created for improvement of Linux privileged escalation and CMS skill , I hope so you guys enjoy. The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address you can check ip on grab page . This is the target address based on whatever settings you have. You should verify the address just incase. Find the root.txt flag submit it to the flagsubmit channel on Discord and get chance to get hacksudo machine hacking course free .This works better with VirtualBox rather than VMware | 58F08CAD839497600347E6CD6D0DEFD8 | BABE933A8C5426AA17CA7C4B23AB70827C747AE5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hackable: II | 15 Jun 2021 | Elias Sousa | Hackable | 1.4 GB | https://download.vulnhub.com/hackable/hackableII.ova | difficulty: easy | This works better with VirtualBox rather than VMware | EE4F408BA953E626E3852CFEC7ACEFA3 | 89B1FDF9FCDCC5D2FBB736318CCC77E9F25D1C06 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hackable: III | 2 Jun 2021 | Elias Sousa | Hackable | 1.6 GB | https://download.vulnhub.com/hackable/hackable3.ova | Focus on general concepts about CTF | Difficulty: MediumThis works better with VirtualBox rather than VMware. | 11855876A01867E9B79D6D5536F89DC0 | F5F200B85774430E0437F786DE11D20A5A022D33 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Tech_Supp0rt: 1 | 7 Jun 2021 | Krish Pandey | Tech_Supp0rt | 2.8 GB | https://download.vulnhub.com/techsupp0rt/TechSupport-Clone.vmdk | Difficulty: Easy | Background: The machine acts as a server setup by pop-up scammers which is under maintenance. | 79ACD60A585F972A9389334906D09987 | 4472F4EEDBD086A6E5ABC70FD71CEA164C28D7C5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| IA: Keyring (1.0.1) | 30 Jul 2021 | InfoSec Articles | IA | 1.1 GB | https://download.vulnhub.com/ia/keyring-v1.01.ova | This works better with VirtualBox rather than VMware.## Changelog- 2021-06-30 - v1.0.1 (issue with privesec)- 2021-06-29 - v1.0.0 | 6D2D5FE706E4F53FFF7D74364C2CFAC4 | F0C38200ADB58A289F86DB5FCCB0F942FA1FC847 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Hacker's Blog: 1 | 23 Jun 2021 | Shriyanss | Hacker's Blog | 734 MB | https://download.vulnhub.com/hackersblog/Hackers-Blog.ova | Aim: To spawn root shell. | Description: This is a beginner level machine based on real life situations.This works better with VirtualBox rather than VMware. | ABE179A98374D404283BCEEDC6034A69 | B93B54ECD5DB96F099C5F7CC918B4A4C929FA41E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hacker kid: 1.0.1 | 2 Aug 2021 | Saket Sourav | Hacker kid | 5.0 GB | https://download.vulnhub.com/hackerkid/Hacker_Kid-v1.0.1.ova | Difficulty: Easy/Medium (Intermediate) | This box is OSCP style and focused on enumeration with easy exploitation.The goal is to get root.No guessing or heavy bruteforce is required and proper hints are given at each step to move ahead.## Changelog2021-08-01 - v1.0.12021-06-30 - v1.0 | 70F5E0EAA87F9C23A9F9633344AFE6F1 | 831BF36A030B70A2A538A3F26FD79B4B28FE1F6E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BuffEMR: 1.0.1 | 31 Aug 2021 | Sanjay Babu (san3ncrypt3d) | BuffEMR | 4.6 GB | https://download.vulnhub.com/buffemr/BuffEMR-v1.0.1.ova | This is a vulnerable linux box for testing your web application exploitation skills and you will learn basics of binary exploitation. | This works better with VirtualBox rather than VMware.## Changelogv1.0.1 - 2021-08-31v1.0.0 - 2021-07-29 | 02EB0D17A755EC65DE748BF8E5004720 | 230FE34F02FA807516F89A6605FA058CEC08DF18 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HackathonCTF: 2 | 20 Jun 2021 | somu sen | HackathonCTF | 2.6 GB | https://download.vulnhub.com/hackathonctf/Hackathon2.zip | Difficulty: Easy | This is a basic level BootToRoot machine for beginners. There are two flags. After finding the flag, tag me on Twitter(@Markme_1). | 74A8C09292AA07DBE1CB9F3ADD2C99FE | ABA71A136695AE061F1F4976B984DAA9FC4B5986 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Under Construction! | 19 Jul 2021 | 0815R2d2 | Funbox | 1.3 GB | https://download.vulnhub.com/funbox/Funbox10.ova | As always, it’s a very easy box for beginners. | This works better on VitualBox rather than VMware | 2514B7B532DE5B47862482928363EB78 | 38FA7B9DF048179CABAF4F5FA0D07519215A93FA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: GaoKao | 6 Jun 2021 | 0815R2d2 | Funbox | 1.3 GB | https://download.vulnhub.com/funbox/FunboxGaoKao.ova | It’s a box for beginners, but not easy. Gather careful !!! | Hint: Don’t waste your time ! Every BruteForce-Attack at all ports can be stopped after 1500 trys per account. Enjoy the game and WYSIWYG ! This works better with VirtualBox rather than VMware | A2A73C821F30F0AFF9D535F057CB126B | B78A76625C7EA43A88979EF18717AE5C257C23FA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Lunchbreaker | 22 May 2021 | 0815R2d2 | Funbox | 1.6 GB | https://download.vulnhub.com/funbox/FunboxLunchbreaker.ova | It’s a box for beginners and can be pwned in the lunch break. | This works better with VirtualBox rather than VMware | CEB3A6E22EED7A83FBAACC80C1409D08 | 65FCBDDF748F737956AD368EFE1FB26BDD4BCA3C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Venom: 1 | 24 May 2021 | Ayush Bawariya & Avnish Kumar | Venom | 3.3 GB | https://download.vulnhub.com/venom/venom.zip | This machine was created for the OSCP Preparation.This box was created with virtualbox. For any queries please contact me on twitter: @avi0813. Enumeration is the Key. | E02F7781D4EC766D4F5B22C3DDE59AAB | 9811194076C50717A9A31B5A1FD73195D3DA09B2 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| DriftingBlues: 9 (final) | 9 May 2021 | tasiyanci | DriftingBlues | 738 MB | https://download.vulnhub.com/driftingblues/driftingblues9.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions. | DB7D1B48224F802666B07693ACD7CDB4 | CD8C690150B48AC4AB9E6A3D56A4F12F110C78C1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Ripper: 1 | 4 Jun 2021 | Sanjay Babu (san3ncrypt3d) | Ripper | 3.2 GB | https://download.vulnhub.com/ripper/Ripper.ova | This is a vulnerable linux box focused on web application testing along with showing the importance of enumeration. There are three users you needs to compromise to read the root flag. | Difficulty: Easy-MediumThis works better with VirtualBox rather than VMware | 3E0FE097F10240B0BA97406AB4BF21F4 | AAB1166FB5E89FA3663D86D7CC73912C8C7FA07B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: FOG | 14 May 2021 | Vishal Waghmare | hacksudo | 1.3 GB | https://download.vulnhub.com/hacksudo/hacksudo-FOG.zip | This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/7ujQrt393b) | The box was created with Virtualbox. Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the user.txt and root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free . Do publish write ups for this box if you can and email me copy on Box created by vishal Waghmare onlyThis box works better with VIrtualBox rather than VMware | FE8360E56637FE0D278EF2C38F15B969 | 31B1210F45C74D3062A0EDD5677C6BB770EB26AF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: L.P.E. | 16 May 2021 | Vishal Waghmare | hacksudo | 1.3 GB | https://download.vulnhub.com/hacksudo/hacksudoLPE.zip | Box created by hacksudo team members , mahesh pawar And Soham Deshmukh , vishal Waghmare . | This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/tsEQqDJh) This box created for improvement of Linux privileged escalation skill , I hope so you guys enjoy, hacksudo LPE update will upload soon . This is beta version. The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free . Do publish write ups for this box if you can and email me copy on This works better with VirtualBox rather than VMware | D642930E63768B03C480BF257FB8E919 | ED68CBBBDB041B9C2E074BF12F684BEBCFAECE54 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| digitalworld.local: VENGEANCE | 31 May 2021 | Donavan | digitalworld.local | 1.6 GB | https://download.vulnhub.com/digitalworld/VENGEANCE.7z | 2021 brings us the VENGEANCE of digitalworld.local! A box born out of COVID-19. This machine was built whilst the author was mulling over life in infosec whilst doing his PEN-300 course. But the author always has a heart for the OSCP, which explains yet another OSCP-like box, full of enumeration goodness. | If you MUST have hints for this machine (even though they will probably not help you very much until you root the box!): VENGEANCE is (#1): all about users making use of other users, (#2): broken hearts, (#3): broken minds. Note: Always think like a when enumerating target machine. Feel free to contact the author at https://donavan.sg/blog if you would like to drop a comment. | D1E0DD52B05EA481F6C3916C18F53E08 | 2F40B738850AA9711C31B90E2A26330BEC1F1E77 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Coffee Addicts: 1 | 20 May 2021 | BadByte | Coffee Addicts | 1.3 GB | https://download.vulnhub.com/coffeeaddicts/coffeeaddicts.ova | Our coffee shop has been hacked!! can you fix the damage and find who did it? | This works better with VirtualBox rather than VMware | 734F2FFA85B575108FF9C24ED943C550 | 8112CE886E7B927624CCE7EAF34B0DE2DE04332C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Prime (2021): 2 | 9 May 2021 | Suraj | Prime (2021) | 3.7 GB | https://download.vulnhub.com/prime-2021/Prime-2.ova | This vm will give you some real concept that is needfull for a global level certifications. And you are going to enjoy this VM because of there is a good combination of network and web pentesting. For any help contact here https://www.hackerctf.com/contact-us or drop an email to | DE35C252ECC6B3846088B2C977802DB8 | E850F231F89D921A903E1DE25BD71DFF09CA924B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| The Planets: Venus | 3 Jun 2021 | SirFlash | The Planets | 1.5 GB | https://download.vulnhub.com/theplanets/Venus.ova | Difficulty: Medium | Venus is a medium box requiring more knowledge than the previous box, “Mercury”, in this series. There are two flags on the box: a user and root flag which include an md5 hash. This has been tested on VirtualBox so may not work correctly on VMware. Any questions/issues or feedback please email me at: SirFlash at protonmail.com | DA991FD3414BBF8326C7FAB79D9111E2 | C9313BBE4378AA55ACB9C4379F5418D8EEE0AD71 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cereal: 1 | 29 May 2021 | Thomas Williams | Cereal | 1.1 GB | https://download.vulnhub.com/cereal/Cereal.ova | This one is quite different from my normal machines. It’s probably more realistic and less like a CTF. I’m going to stop grading my boxes though because what’s difficult to one person is easy to another and vice versa. If you find this difficult, don’t be put off. This is simply a learning step which everyone at some point crosses. This box is probably hard though – it’s certainly not for beginners. I hope you learn something new. | Take your time. Have patience. And take time to learn about the environment once you pop the initial shell. | 4DC3290F476587297C05D86370C5EF1A | 694E72E4373DB009A4692A41CD9A628B93F0332D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Momentum: 2 | 28 Jun 2021 | AL1ENUM | Momentum | 698 MB | https://download.vulnhub.com/momentum/Momentum2.ova | This works better with VirtualBox rather than VMware | 5E837FD87D809C499911B1CB1A257CD9 | 17FACC18FE6A6979159C4D0A09CC330602E81E68 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Pylington: 1 | 17 Apr 2021 | Peter Ye | Pylington | 1.4 GB | https://download.vulnhub.com/pylington/pylington.ova | The goal of this machine is to get root privileges. | Tested with VirtualBox | 86252041A50650BDC3FE44725FED0B71 | 699C28889F1560B1A953077BE4699243718682EB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HarryPotter: Fawkes | 26 Apr 2021 | Mansoor R | HarryPotter | 837MB | https://download.vulnhub.com/harrypotter/Fawkes.ova | Fawkes is the 3rd VM of 3-box HarryPotter VM series in which you need to find the last 3 horcruxes hidden inside the machine and defeat Voldemort. | Tested on Virtualbox. For any queries/feedback ping me at Twitter: @time4sterThis works better with VirtualBox rather than VMware | DA980F12491274BF7BCE22CE631A3557 | 736E9B88EF4A12F89DAE5CDEAF40A43F7AB5A9A8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Wayne Manor: 1 | 15 Apr 2021 | balkan | Wayne Manor | 4.1 GB | https://download.vulnhub.com/waynemanor/machine.zip | B2R machine created for the MoonFHunters CTF. | This machine was created by user @sec_balkan. IMPORTANT: Add | DF5D212D4ECB85DA3274EE812E7B8FC0 | C358A4D158DE1CAF4B92821BB060C7E59FA8D327 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Midwest: 1.0.1 | 19 Jun 2021 | renmizo | Midwest | 1.8 GB | https://download.vulnhub.com/midwest/midwest-v1.0.1.ova | N/A | Heads up - A bit of brute force is requiredThis works better with VirtualBox rather than VMware## Changelog- 1.0.1 - 2021-06-19- 1.0.0 - 2021-05-03 | E9AD595B9C1D20C28712F703DD72C150 | 0C338B5755E889B95497FA99A1D20A2923898484 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HarryPotter: Aragog (1.0.2) | 10 May 2021 | Mansoor R | HarryPotter | 705MB | https://download.vulnhub.com/harrypotter/Aragog-1.0.2.ova | Aragog is the 1st VM of 3-box HarryPotter VM series in which you need to find 2 horcruxes hidden inside the machine (total 8 horcruxes hidden across 3 VMs of the HarryPotter Series) and ultimately defeat Voldemort. | Tested on Virtualbox. For any queries/feedback ping me at Twitter: @time4sterThis works better with VirtualBox rather than VMware## Changelog2021-05-10 - v1.0.2 - File upload issue2021-05-02 - v1.0.1 - IP issue2021-04-28 - v1.0.0 | 48A8BD22B27945A9A6FBCF6C57150162 | DA8B34EAD85C1F6AB66A907A6BA94F6B8284BCF7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: search | 16 Apr 2021 | Vishal Waghmare | hacksudo | 853 MB | https://download.vulnhub.com/hacksudo/hacksudo-search.zip | This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/7ujQrt393b) | The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the user.txt and root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free . Do publish write ups for this box if you can and email me copy on Box created by vishal Waghmare only This works better with VirtualBox rather than VMware | DA5AF5CA7DE9C5FE77CF351631D262A7 | 28C122BCBD488FFA4B9660123D0A07DAFD065581 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Momentum: 1 | 22 Apr 2021 | AL1ENUM | Momentum | 662 MB | https://download.vulnhub.com/momentum/Momentum.ova | Info: easy / medium | 556BEA96FE2CB1506814D1E79F5C5E19 | 40C918A7EFF2EB3CF1708428A583702A4BFFD96C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Corpvision: 1 | 2 May 2021 | Gaurav Raj | Corpvision | 578 MB | https://download.vulnhub.com/corpvision/corpvision.ova | Corpvision - Vision to your Future | Corpvision is a Company that hired Steven Smith, A Web Developer to create their website and now they hired you to test the security of their website. So Get, Set, and Go 😃 Difficulty: Beginner to Intermediate Tested On: Works well on VirtualBox, haven’t tested on any other platforms. Facing any issue or any suggestions, hit me up on Twitter at twitter/@thehackersbrain.This works better with VirtualBox rather than VMware | 1D1E80DA83A6D54AFA6EF6405E2E8438 | BB3F8F2023F9B1FE84FDB555863DEF84F42F28EB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| shenron: 3 | 16 Apr 2021 | Shubham mandloi | shenron | 1.3 GB | https://download.vulnhub.com/shenron/shenron-3.ova | Welcome to “Shenron-3” | This is the third machine of shenron series… Goal: Get two flags… Difficulty : Beginner Need hints? Twitter @shubhammandloi Works better with VirtualBox rather than VMware Your feedback is really valuable for me! Twitter @shubhammandloi Note :- Every machine of Shenron series will teach something new.This works better with VirtualBox rather than VMware | 2C70DA66904D9820BF065D2EACB08419 | 8FB172649FFB6F44F2C81D8468B3B609D8E37E19 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HarryPotter: Nagini | 29 Apr 2021 | Mansoor R | HarryPotter | 741 MB | https://download.vulnhub.com/harrypotter/Nagini.ova | Nagini is the 2nd VM of 3-box HarryPotter VM series in which you need to find 3 horcruxes hidden inside the machine (total 8 horcruxes hidden across 3 VMs of the HarryPotter Series) and ultimately defeat Voldemort. | Tested on Virtualbox. For any queries/feedback ping me at Twitter: @time4sterThis works better with VirtualBox rather than VMware | B6C8F47BFB2421D1F12B6C1A2C095088 | 5CF128C51A445434E216A8C5F4087D9ECFB96739 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Clover: 1 | 28 Mar 2021 | 0xJin & 0xBushido | Clover | 2.4 GB | https://download.vulnhub.com/clover/Clover.ova | Description: Can you root the clover’s box? If you stuck, please contact me on Twitter: @0xJin or Discord: 0xJin | VulnHub: We had issues when testing this VM, were GNOME would crash in 1/3 of our testing labs (Both with VMware and VirtualBox). | 1C9B2A512CA26B0625CE737F2584273C | C1B1BF03EE851410077DEDEF49CA28C82E529D6B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Worst Western Hotel: 1 | 4 May 2021 | 4ndr34z | Worst Western Hotel | 1.8 GB | https://download.vulnhub.com/worstwesternhotel/HotelWW.ova | Your objective is to pwn a hotel. 😃 | Important: This box probably needs to be run in an isolated environment (Host-Only network), or it might disrupt your internal network. You should of course always run downloaded vm that way. : Foothold is inspired by one of these vulnerabilities: https://www.exploit-db.com/exploits/39171 | 1FC1077FD2758679226D498472D67E45 | 6C9B18FE6775FE67588D398F63B2808A1FC851B7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| blogger: 1 | 4 Apr 2021 | TheHackersBrain | blogger | 762 MB | https://download.vulnhub.com/blogger/blogger.ova | James M Brunner, A Web Developer has recently created a blog website. He hired you to test the Security of his Blog Website. Hack Your Way In Mr. Robot Style 😃 | Add blogger.thm to /etc/hosts file Difficulty: Beginner, EasyThis works better with VirtualBox rather than VMware.Note, you may need to remove the console log in “serial settings” for this to start up (due to vagrant) | 9F69F447D8812E0E01104CA47A9B243B | BB22A3A5577A26DB969B415F84701B143A27D4CC | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Phineas: 1 | 1 Apr 2021 | calfcrusher | Phineas | 2.4 GB | https://download.vulnhub.com/phineas/Phineas.ova | a easy/medium web exploiting machine, with internal pivoting and CVE / RCE | 1B112BB28B4CC5FAF486B4363FF85DC1 | 48FE9BA1A079D632F59740033B0CB0EA410BD60B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| DriftingBlues: 6 | 30 Mar 2021 | tasiyanci | DriftingBlues | 395 MB | https://download.vulnhub.com/driftingblues/driftingblues6_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions. | 1EF3EF660B6E129CCA3D93F8FBA0C94D | 01EDAC6D7FFAD8B6487DD4DCE021CCFFD0250CE8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BlueMoon: 2021 | 7 Apr 2021 | Kirthik | BlueMoon | 598 MB | https://download.vulnhub.com/bluemoon/bluemoon.ova | This works better with VirtualBox rather than VMware | 7DAEC97310A094A0702702EEA744033A | 9DFD571731E461BAE78BA526BD7E767FECCE5C53 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| shenron: 2 | 5 Apr 2021 | Shubham mandloi | shenron | 3.7 GB | https://download.vulnhub.com/shenron/shenron-2.ova | Welcome to “Shenron-2” | This is the second machine of shenron series… Goal: Get two flags… Difficulty : Beginner Need hints? Twitter @shubhammandloi Works better with VirtualBox rather than VMware Your feedback is really valuable for me! Twitter @shubhammandloiThis works better with VirtualBox rather than VMware | 2883845FF2E1E122E1B1E75CF9A4B4E1 | E66BDA7AB264D1FEA2103801BB422731F34F0599 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DriftingBlues: 7 | 12 Apr 2021 | tasiyanci | DriftingBlues | 1.3 GB | https://download.vulnhub.com/driftingblues/driftingblues7_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions. | DB16D916B288F8A6440D17046EE99064 | 39824D3EB1D8DA9118A12463B19503D93903B038 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Bluesmoke: devrandom2 | 6 Apr 2021 | HunriBeats | Bluesmoke | 977 MB | https://download.vulnhub.com/bluesmoke/Bluesmoke.ova | We made a nice backup server , just upload your zip and we’ll do the rest! | goal : 4 flags , become root… Difficulty : medium Hint?: https://twitter.com/HunriBeats or Configuration : there are 2 NICS , you only need one (as long you can connect to the machine)This works better with VirtualBox rather than VMware | 4993193B58247F68535419BDDECD36C1 | 736E4A1CB54DAE507B34F6E99880CFD67365B589 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: 3 | 24 Mar 2021 | Vishal Waghmare | hacksudo | 2.1 GB | https://download.vulnhub.com/hacksudo/hacksudo3.zip | This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/tsEQqDJh) | The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the user.txt and root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free . Do publish write ups for this box if you can and email me copy on . Box created by vishal Waghmare only . This works better with VirtualBox rather than VMware | ED9A8A67006D368D368F4834D9FAAB8F | E85D1814BB6AF04FE4C8F3E5BBF26910B18B99FF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| ColddWorld: Immersion | 18 Mar 2021 | Martin Frias (Aka. C0ldd) | ColddWorld | 861 MB | https://download.vulnhub.com/colddworld/Immersion_Machine.ova | Will you be able to do the dive and take out both flags on this machine? | Please share your feedback: "https://twitter.com/C0ldd__”This works better with VirtualBox rather than VMware. | C43CD00DA40E5CA19073033C4B263B80 | CC09C2FB76E85F5E0EC6772C3A7D1E821F3A4C46 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: aliens | 4 Apr 2021 | Vishal Waghmare | hacksudo | 2.3 GB | https://download.vulnhub.com/hacksudo/HacksudoAliens.zip | This box should be easy . This machine was created for the InfoSec Prep Discord Server (https://discord.gg/tsEQqDJh) | The box was created with Virtualbox ,but it should work with VMWare Player and VMWare workstation Upon booting up use netdiscover tool to find IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the user.txt and root.txt flag submit it to the mybox channel on Discord and get chance to get hacksudo machine hacking course free . Do publish write ups for this box if you can and email me copy on Box created by vishal Waghmare | DEFA809B70DADCC72011AAFBB03D1FF6 | 6E68D6D06692D2C3ACBC1E1C3AEA271A226CD24D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Grotesque: 2 | 30 Mar 2021 | tasiyanci | Grotesque | 824 MB | https://download.vulnhub.com/grotesque/grotesque2_vh.ova | get flags | difficulty: medium about vm: do not touch ram allocation. vm needs 4gb of ram. tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware | 57A2630C846D285B1390789D2D5B1C3D | B6FA719ACA753E479DC5D3425B0C7A4435019C59 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Wireless: 1 | 20 Mar 2021 | PATEL KUNAL | Wireless | 2.6 GB | https://download.vulnhub.com/wireless/Mystiko-Wireless.rar | N/A | 67CE56F6EC7371A5C628BD328C96767F | D33C9F3A8E5E000D101E61DBDF9A66F38700D90C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Book-Shelf: 1 | 13 Mar 2021 | Neha, Sunil, Sam, Pallb, Shubham & Vishal | Book-Shelf | 3.0 GB | https://download.vulnhub.com/bookshelf/Book-shelf.7z | “book shelf” is Built On Debian Distribution Includes various beginner to Intermediate level Challenges Based On Web, Networking, Buffer Overflow such as Stegnography, XSS, OS Command Injection , SSH, ftp , Privilege escalation , Fuzzing. | 545ABE7675F6544E2F34DB29528EBEEE | BOOK-SHELFA31088EC749FE263D1B46BB1C3A2C7B2C41C90E5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| NoobBox: 1 | 10 Mar 2021 | Shadow Phreak | NoobBox | 964 MB | https://download.vulnhub.com/noobbox/NoobBox.zip | Difficulty : Beginner | Flag : 2 (User & Root)This works better with VirtualBox rather than VMware | DA2987BD8B1F07CF20F1041D327C13BF | A92FD485BDF39A18FED4EFE158C8B15084845B6B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DriftingBlues: 5 | 8 Mar 2021 | tasiyanci | DriftingBlues | 715 MB | https://download.vulnhub.com/driftingblues/driftingblues5_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware. | 21E0290277C1523B3E9DEF173EA0FA66 | 371C270F8D2C8F65436F9BD52485E2128FC6365B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Crossroads: 1 | 6 Mar 2021 | tasiyanci | Crossroads | 671 MB | https://download.vulnhub.com/crossroads/crossroads_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware | 628F67674F52A35839A2CB9CAC3E8180 | E0803579F29655F5CD9C57D064009D767D75CE8D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Orasi: 1 | 8 Mar 2021 | AL1ENUM | Orasi | 839 MB | https://download.vulnhub.com/orasi/Orasi.ova | Difficulty : Hard | Hint : just one useless little dot Created and tested on Virtual Box Contact : alienum#1033 (discord) or @AL1ENUM (twitter)This works better with VirtualBox rather than VMware | C9351F8B4870FE2E720DBF8C21118300 | 749B6F342061D368B750DC2A0D1DA1B60A9993B4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Gigachad: 1 | 6 Mar 2021 | tasiyanci | Gigachad | 531 MB | https://download.vulnhub.com/gigachad/gigachad_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware | 94171EEB3ACCA0C8D09243100EA71BF2 | 8B2F13AE85F30001C62FCC9655A135988BBA1BA6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Grotesque: 1.0.1 | 10 Mar 2021 | tasiyanci | Grotesque | 672 MB | https://download.vulnhub.com/grotesque/grotesque_vh-1.0.1.ova | get flags | difficulty: medium about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware.## Changelog2021-03-10: v1.0.12021-03-06: v1.0 | 7E73878BDB1251D1DADC4CC49F5BAD68 | 778CF0A9721E530587C78DD198039297C7BB16AB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: 2 (HackDudo) | 16 Mar 2021 | Vishal Waghmare | hacksudo | 1.8 GB | https://download.vulnhub.com/hacksudo/hackdudo2.rar | N/A | This works better with VirtualBox rather than VMware | 9A5AF75DD69F4270E255E56EAABBE49C | 8EDC6989CDDAD15FD779048E8A30BD37A0B5D21C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DriftingBlues: 3 | 6 Mar 2021 | tasiyanci | DriftingBlues | 483 MB | https://download.vulnhub.com/driftingblues/driftingblues3.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware | 987D997BC77205B54C61A9CDF745A73A | DE17551E53C73792B41A190B1302DF78411A65B1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Code: 1 | 11 Mar 2021 | Entertainment | Code | 4.6 GB | https://download.vulnhub.com/code/Code.rar | This Box is all about enumeration. Basic web app test and linux environment test. If you have basic knowledge about handling tools you will root it in a days | Happy Hacking 😃 | F19FB6DCBED9920DAC1D123A10ED5EE5 | 1846A2E5997B942266C23160770ECB5268B2C1E8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DriftingBlues: 4 | 8 Mar 2021 | tasiyanci | DriftingBlues | 603 MB | https://download.vulnhub.com/driftingblues/driftingblues4_vh.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email for troubleshooting or questions.This works better with VirtualBox rather than VMware. | EEEA3E2332E41CE013245F18C4D4D226 | ED30008E15B83F641B1078DD84CBD747AC2141FF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Amalthee: 1 | 24 Feb 2021 | Nic | Amalthee | 2.0 GB | https://download.vulnhub.com/amalthee/Amalthee.zip | This is made with different challenges type (stega, crypto, reverse,…) to explore hacking techniques through it. | 2FDACC116238DDEF74BB2839B4023F2D | 6C93C5FB33C7E4944F9BEC3212A7FF7BA77F4520 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| MoneyBox: 1 | 27 Feb 2021 | Kirthik_T | MoneyBox | 615 MB | https://download.vulnhub.com/moneybox/MoneyBox.ova | Difficulty : Easy | Goal : 3 flagsThis works better with VirtualBox rather than VMware | 6AED50A7D49905F81D142D411159B514 | 34959DD3B6F9A120056CF11E644E7960C9E728DB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hacksudo: 1.0.1 | 4 Apr 2021 | Vishal Waghmare | hacksudo | 3.7 GB | https://download.vulnhub.com/hacksudo/hacksudo1.1.zip | N/A | This works better with VirtualBox rather than VMware## Changelog2021-04-04 - v1.0.12021-02-22 - v1.0.0 | 359379AF7615BD336A3D32B4969746BF | 2ABDEC98C00B7C51C037BAFEF8F89A6FC229AA20 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| System Failure: 1 | 23 Dec 2020 | 0xJin | System Failure | 584 MB | https://download.vulnhub.com/systemfailure/System-Failure.ova | There are 4 flags, for hint contact me on Vulnhub (Discord) or on Twitter: @ 0xJin. | This works better with VirtualBox rather than VMware | 0A2CDA648B5738C726F17843B43D9701 | E5D06304D00F9E8D627C23364BAE7FAD417C22C0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| KB-VULN: 4 FINAL | 24 Jan 2021 | MachineBoy | KB-VULN | 1.6 GB | https://download.vulnhub.com/kbvuln/KB-VULN-FINAL.ova | This machine is the kind that will measure your level in both research and exploit development. It includes 2 flags:user.txt and root.txt. | This works better with VirtualBox rather than VMware | A4AFC118C66999CC21FC528BEBDA5DD9 | AFE89A1AA8A23F32B8705634874FE58BB54138CD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Dr4g0n b4ll: 1 | 14 Jan 2021 | mr_xmen | Dr4g0n b4ll | 1.1 GB | https://download.vulnhub.com/dr4g0nb4ll/Dr4g0n-b4ll.zip | Difficulty: Easy | THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT) Tested: VMware Workstation 16.x Pro (This works better with VMware rather than VirtualBox) | BE696D59EFAFCA74941C00BDD3CC2DDE | 24A00ABB05C7D275489C67EEE3F1E557EBAE1FBB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Adroit: 1.0.1 | 15 Jan 2021 | AL1ENUM | Adroit | 1.7 GB | https://download.vulnhub.com/adroit/Adroit-v1.0.1.ova | Hint : one 0 is not 0 but O | Created and tested on Virtual Box Suggested tools : jd-gui, eclipse IDE Contact : alienum#1033 (discord) or @AL1ENUM (twitter)This works better with VirtualBox rather than VMware | A62FF7030790CF869E7175C90694F8C4 | B03A4B2AFA3026A3654C951104F1D8B352099DE4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Samsara: 1 | 8 Jan 2021 | Kiran Ghimire | Samsara | 542 MB | https://download.vulnhub.com/samsara/Samsara.ova | Level : Easy | Type: CTF, misconfiguration Flags : User & Root FlagThis works better with VirtualBox rather than VMware.Note, you may need to remove the console log in “serial settings” for this to start up (due to vagrant) | 7EC25E287713BCC27AD2DCDF40EEDEED | 16FB279AC093EB05590F3226E968A1E007C4A971 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| R-temis: 1 | 28 Jan 2021 | RootNik Labs | R-temis | 2.8 GB | https://download.vulnhub.com/rtemis/Rtemis.tar.gz | Description: This is a boot to root machine. There are two flags required. | Hint: Enumeration Feedback: Any feedback regarding the machine will be appreciated. Reach out to us - | 4697506F3386EE02010C04F5A886AABF | 54C99D061D05AC5B2C634EE593DC476561F56F4E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Insomnia: 1 | 11 Jan 2021 | AL1ENUM | Insomnia | 646 MB | https://download.vulnhub.com/insomnia/Insomnia.ova | Difficulty : Easy | There are two very simple ways for privileges escalation (fast & slow) Created and tested in Virtual Box (NAT)This works better with VirtualBox rather than VMware | 1E5C827BA4C1D80CC5846692EC34B5B6 | 605DF2CA0D6B74A1866E6E5E4CE4615E0D5C6418 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| SecureCode: 1 | 23 Feb 2021 | sud0root | SecureCode | 2.0 GB | https://download.vulnhub.com/securecode/SecureCode1.ova | OSWE-like machine | 287F7979FDB3060BDE224182A752ED18 | 2B946F52D915CA74D1C7C84251435F8C8D92F2CB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Finding My Friend: 1 | 13 Jan 2021 | VIEH Group | Finding My Friend | 390 MB | https://download.vulnhub.com/findingmyfriend/FindingMyFriend.ova | Flags - 4 flags | This machine will help you learn about steganography, cryptography and a lot more. Happy Hacking!This works better with VirtualBox rather than VMware.Note, you may need to remove the console log in “serial settings” for this to start up (due to vagrant) | B5037547CC0F7C968A146E5CD0E7C8AB | 004B928A07FF2A57D906B8C090702CBE98B84573 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| bassamCTF: 1 | 16 Dec 2020 | kira_321k | bassamCTF | 663 MB | https://download.vulnhub.com/bassam/bassamctf.rar | boot2root machine | level: easy work on vmware and virtualbox | DB165FC22B9CE569AF415D9DE5779644 | FD70663EA251C97EA352D8FE54C10021A0F2DDF9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Nasef1: Locating Target | 24 Dec 2020 | Muhammad Nasef | Nasef1 | 892 MB | https://download.vulnhub.com/nasef1/nasef1.rar | Commander-in-chief : Hello Agent R, Two hours ago we lost contact with agent (N.A.S.E.F). He was in a secret mission in the enemy state “SOURG”. Your mission is to lead the task-force and bring him to our homeland safely, But first we need to hack into SOURG’s satellites to locate both user and root flag which represents nasef’s coordinates. Good Luck | Difficulty : Easy | B684D16353E63F8E77D0F88C4B27B261 | E01B69AF8D0AE423BC1408D03AE345D5A156EAAD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Black Widow: 1 | 19 Dec 2020 | 0xJin and mindsflee | Black Widow | 662 MB | https://download.vulnhub.com/blackwidow/Black-Widow-final.ova | The Black Widow is one of the most poisonous spiders in the world, will you be able to escape from its large web and become root? | E5E86BFA4DC7556FB0DB37A1366090CD | C7F02505CE1E0145B0E5EB3DA9BBE30816710C96 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| ICMP: 1 | 16 Dec 2020 | foxlox | ICMP | 944 MB | https://download.vulnhub.com/icmp/icmp.ova.gz | Easy box, monitor resources | This works better with VirtualBox rather than VMware | EBA531B1E88BEDE1F00C6A4E2820E862 | 783C2D9FCA08A6750ED84D166522463EEDA7056F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| FinitHicDeo: 1 | 18 Dec 2020 | Muzkkir Husseni and Nachiket Rathod | FinitHicDeo | 517 MB | https://download.vulnhub.com/fhd/FHD_CTF.zip | We have created this CTF for pentester’s who like to research and exploit new vulnerabilities like HTTP Request Smuggling. Also, I have added one task of programming. You will brainstorm your mind while playing and learn a new attack. | D2BE74CE12849C1F14E6D6F0D3D5407B | 307F013354A5459E9D69B419A84505E05A30F593 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| XPTO System: 1 | 17 Dec 2020 | André Henrique | XPTO System | 1.2 GB | https://download.vulnhub.com/xpto/xptosystem.ova | Your goal in this challenge, is to access the target host and perform the exfiltration of a PDF file containing the flag. For security reasons, the file extension has been removed. To avoid raising suspicion, this secret file is located in a hidden directory that can be found in the root user password. Find the root password, access the directory and exfiltrate the file containing the flag. | Difficulty: Beginner Your feedback is appreciated - Twitter: @mrhenrike. Thanks to Pedro Custodio for the idea. | 7D22B0478CA5B2C1BC62F8FBEE111BBF | 6A3B6506D7A65A44E319AB3B46647018BBA9D1D6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| IA: Tornado | 20 Dec 2020 | InfoSec Articles | IA | 1019 MB | https://download.vulnhub.com/ia/tornado.ova | This works better with VirtualBox rather than VMware | 86B49BD71057DB337A85C1EC1BAB1076 | A74D80B7BDE2B4DA63AAF1E6B4714E43D6862409 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| DriftingBlues: 2 | 17 Dec 2020 | tasiyanci | DriftingBlues | 638 MB | https://download.vulnhub.com/driftingblues/driftingblues2.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email (it should be on my profile) for troubleshooting or questions.This works better with VirtualBox rather than VMware | 51E9326E61C922CD7EA3A5C2AEB25C83 | 5444B91703E9B4D9BE48849A7816E369294376BA | Disk Image (.ISO) | Linux | Enabled | Automatically assign |
| Teuchter Twa: 1 | 20 Dec 2020 | knightmare | Teuchter Twa | 1.7 GB | https://download.vulnhub.com/teuchtertwa/TeuchterTwa09.ova | Welcome to another boot2root / CTF this one is called Teuchter Twa. It is a direct sequel to the notorious Teuchter VM I released back in November 2016. | This VM is set to grab a DHCP lease on boot. As with all of my previous VMs, there is a theme. This VM can be a stand alone CTF, but for those who have completed wan, maybe draw up the notes, as if you don’t know me by now, then maybe your name is Mick Hucknell…? More hints for you: This VM is designed to be a bit of a joke/troll so a translator might be useful. The VM isn’t over with root. There’s a troll flag, secret flag and a final flag. Here’s a Brucie bonus for 10: Instead of rushing into things like you are chasing Haggis around Arthur’s seat, take a step back. Things may not always work as they first appear to be. When you locate the VM, maybe a little -Y “dns.flags.response eq 0” may help…? As always, the CTF is chock full of cultural nuances & references, so it pays to act like Shareen Nanjiani: follow the money. Wullie isn’t as daft as he was in Teuchter wan, therefore, there will be improved security, failure to heed this warning will get you sent to Coventry. Thanks to mrb3n, mr_h4sh, m0chan & Felamos for allowing me to torture them mercilessly in the testing phase of this VM. Thanks to Bob Beck’s LibreSSL talk for sources of crontab entropy… Best of luck. Do drop me a message on Twitter / Slack / IRC / etc. if you are struggling, or have completed this CTF. I’m always happy to give a hint, or to hear feedback on these challenges. NB: You may need to set the NIC type to VMXNET3 or E1000, depending on your platform. | 91F0EEE8A9CCFDCF72AF2B92E6C880B0 | 5A7B935C14AFF4B6C6A0D00AFC3D983CD46893EE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Neobank: 1 | 28 Dec 2020 | AL1ENUM | Neobank | 781 MB | https://download.vulnhub.com/neobank/Neobank.ova | Created and tested on Virtual Box | Hints : 1 Contact : alienum#1033 (discord) or @AL1ENUM (twitter)This works better with VirtualBox rather than VMware | C142DAE719D9A61087F092467BA0D94D | 19692E934984809E1AACA65CD5929B68378E9C46 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Ki: 1 | 24 Dec 2020 | Cody Winkler | Ki | 3.3 GB | https://download.vulnhub.com/ki/ki.ova | N/A | This works better with VirtualBox rather than VMware | 7134A8696C0A13C8BBF66D5F24F454B2 | AEC01D5BBFDD124708E1B74F12F6B1959C26F9CB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DOUBLE: 1 | 16 Dec 2020 | foxlox | DOUBLE | 940 MB | https://download.vulnhub.com/double/double.ova.gz | Really entry level Box | This works better with VirtualBox rather than VMware | D0ED1C9A27A108372B269482C5ACE5F0 | 8444EC5CBC373FEF6A4CF4A78AABFC6FBE19AE40 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BlueSky: 1 | 10 Dec 2020 | SunCSR Team | BlueSky | 2.1 GB | https://download.vulnhub.com/bluesky/BlueSky.ova | Difficulty: Easy | Goal: Get the root shell i.e.( :~#) and then obtain flag under /root). Information: Your feedback is appreciated - Email: Tested: VMware Workstation 16.x Pro (This works better with VMware rather than VirtualBox) | E792F6A247890EA7F020F58B7486D6E7 | FFD3029D704AB05E6BFEE554F1D44E39A91637C5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Gaara: 1 | 13 Dec 2020 | 0xJin | Gaara | 799 MB | https://download.vulnhub.com/gaara/Gaara.ova | Can you become the new Kazekage? Look in the root flag! 😃 | This works better with VirtualBox rather than VMware | 453DA44D65D991FC90C0C29E1222FECF | 6ACDAD44550ED058D02999802AC99BD56A033ACB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Jetty: 1 | 9 Dec 2020 | MrSquid | Jetty | 4.1 GB | https://download.vulnhub.com/jetty/Jetty-Vulnhub.7z | The company Aquarium Life S.L. has contacted you to perform a pentest against one of their machines. They suspect that one of their employees has been committing fraud selling fake tickets. They want you to break into his computer, escalate privileges and search for any evidences that proves this behaviour. | ZIP Password: Extra information: The idea of the machine it is not just to gain root privileges but obtaining all the evidences to prove that the user was commiting fraud. Difficulty: I would say the machine is Medium regarding gaining root privileges. If we consider all the steps to obtain the evidences, Hard. | FD760F698F36E3935494A6379C690D36 | A8A5F994A3F4ADC16175C7A75DBC6BE679999216 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| y0usef: 1 | 10 Dec 2020 | y0usef | y0usef | 1.6 GB | https://download.vulnhub.com/y0usef/y0usef.ova | Get two flag | Difficulty : easyThis works better with VirtualBox rather than VMware | 28C5D869B003BE94B2D8AB4B7B54A3B9 | ACA12B3A13E93E84555D36629E03F555124BFCA2 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Shuriken: Node | 13 Dec 2020 | TheCyb3rW0lf | Shuriken | 2.5 GB | https://download.vulnhub.com/shuriken/Shuriken_Node.ova | Difficulty: easy/medium | After the last breach, The Shuriken Company decided to move and rebuild its infrastructure. This time using different technology, and assuring us it’s gonna be secure. Will it be so? It’s up to you to prove otherwise. My main focus is to not make the machines typical CTF like riddles but at least a bit more realistic. Remember it’s a custom machine after all. This machine was tested with VirtualBox. See you in the root. Hint: For the foothold, it’s important to understand the technology behind the web app and how it handles user input.This works better with VirtualBox rather than VMware | 5EEFC9733F218D3EB5E96CA231204BAC | BE48EB2CE8B9FAA6C016BAE4776869F873F6B2B9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DevGuru: 1 | 7 Dec 2020 | Zayotic | DevGuru | 2.9 GB | https://download.vulnhub.com/devguru/devguru.ova.7z | DevGuru is a fictional web development company hiring you for a pentest assessment. You have been tasked with finding vulnerabilities on their corporate website and obtaining root. | OSCP like ~ Real life based Difficulty: Intermediate (Depends on experience) | B5AA5650934CB06E2154F0584E147050 | FFEC903B44C9840FE97B928B6078CD7724F178D9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Odin: 1 | 21 Nov 2020 | Bjorn | Odin | 2.6 GB | https://download.vulnhub.com/odin/odin.ova | Difficulty: Easy | Odin ventured to the Well of Mimir, near Jötunheim, the land of the giants in the guise of a walker named Vegtam. Mímir, who guarded the well, to allow him to drink from it, asked him to sacrifice his left eye, this being a symbol of his will to obtain knowledge Pls, add /etc/hosts -> ip vm + odin example: 192.168.1.1 odin Twitter: @ArmBjorn Work in Virtualbox. Get root permissions | 5187C2F7F098EAD56BAC33373E962697 | FAC1D89C9F98BAA5BF8CAEE73637E5F45148011B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Chill Hack: 1 | 9 Dec 2020 | Anurodh Acharya | Chill Hack | 2.4 GB | https://download.vulnhub.com/chillhack/Chill_Hack.ova | Chill Hack is a simple machine which provides common and real world vulnerabilities (tested on VMware Workstation 15). | Make sure not to give to less resources while running it. Your feedback is really valuable, do let me know so that I can make more interesting challenges. Good Luck…!! | D0D71A8C7D7C47836CB5CBC48370B44C | 0DDDFE8DEE9D210494878B7C96EBD02E9C4BB11E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Who Wants To Be King: 2 | 12 Dec 2020 | Bjorn | Who Wants To Be King | 3.0 GB | https://download.vulnhub.com/whowantstobeking/Who-wants-to-be-king_2.ova | Power is dangerous, attracts the worst, corrupts the best | Do not give up Difficulty: easy to intermediate pls add /etc/hosts ip + armbjorn Twitter: @ArmBjorn Work in Virtualbox. Get root permissions | 2FFFDF03BB6B23181BCDD056B9819A45 | 416BA99010FC5597B8ADE9420BDF571A73814691 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DriftingBlues: 1 | 11 Dec 2020 | tasiyanci | DriftingBlues | 2.7 GB | https://download.vulnhub.com/driftingblues/driftingblues.ova | get flags | difficulty: easy about vm: tested and exported from virtualbox. dhcp and nested vtx/amdv enabled. you can contact me by email (it should be on my profile) for troubleshooting or questions. | EF2FCBFF3647CA3C46529CACADD474C2 | 6CA2A8999AC3881C0186DE534F846D56035C2AE3 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| shenron: 1 | 15 Dec 2020 | Shubham mandloi | shenron | 1.3 GB | https://download.vulnhub.com/shenron/shenron-1.ova | Welcome to “Shenron-1” | This is the first machine of shenron series… Goal: Get two flags… Difficulty : Beginner to Intermediate Need hints? Twitter @shubhammandloi Works better with VirtualBox rather than VMware Your feedback is really valuable for me! Twitter @shubhammandloiThis works better with VirtualBox rather than VMware | 3D9F0F620846BC15F4591E7AC56C04B2 | 4E1D33E2338ADA4CA1C093CD67725850A033BAAD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| The Office: Doomsday Device | 13 Dec 2020 | wampa1 | The Office | 1.9 GB | https://download.vulnhub.com/theoffice/Doomsday_Device.rar | Easy | It’s a very simple, beginner level, “The Office” themed CTF machine. Created and tested with VirtualBox. This box will assign itself an IP address through DHCP. You shouldn’t have to configure anything else. There are 8 flags in total. Collect them all and get root access to defuse the Doomsday Device. Dwight Schrute devised a system (called the Doomsday Device) to find mistakes made by employees in the office. It will forward incriminating emails to Robert California if employees make five mistakes in one day, effectively causing them to lose their jobs. Your goal is to find your way into the system and save everyone’s job by getting root access.This works better with VirtualBox rather than VMware | 7E1DC21F58CD9BD312DB75340867C3C6 | 1C3E7D06D1814A38C7C18214B762834C08669CC2 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Who Wants To Be King: 1 | 1 Dec 2020 | Bjorn | Who Wants To Be King | 2.4 GB | https://download.vulnhub.com/whowantstobeking/whowantstobeking.ova | Google Is Your Friend | Difficulty: Begginer “Remember using ‘strings’” Twitter: @ArmBjorn Work in Virtualbox. Get root permissions | 5B8BDCC5C24A3705C88F969B47A7199B | 0114959A45DB91F699594D1476AB900F610681CA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Ragnar Lothbrok: 1 | 4 Dec 2020 | Bjorn | Ragnar Lothbrok | 3.2 GB | https://download.vulnhub.com/ragnarlothbrok/Ragnar-lothbrok.ova | Google && Wikipedia Is Your Friend | Difficulty: easy “how the little pigs will scream when they know how the boar suffered” Pls, add /etc/hosts -> ip vm + armbjorn Twitter: @ArmBjorn Work in Virtualbox. Get root permissions | BDB87C5BD700AE1CF724069454FAE2FE | 19DC4D882CB6888493CC6AD026671E3B5AC51C0C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Moee: 1 | 22 Nov 2020 | gr4n173 | Moee | 1.2 GB | https://download.vulnhub.com/moee/Moee.tar.gz | Welcome to Moomin’s World, one of the best cartoons from the 90’s in Nepal. In order to solve this box you require knowledge about the linux command, basic penetration testing along with the tools required during pentesting. Side-by knowledge about the linux process or daemon with some OSINT might come handy and the last part will be some basic concept of Binary Exploitation and the tools required to get your things done. Here you will have to find the total of four flags to become root. | It depends upon the skill you have. This is my first vulnerable machine. Your feedback is most welcome and really appreciated. You can contact me via twitter and instagram @gr4n173. | 64BBE9A4B5C61036A5080771390A5053 | 2FBFE0F885571603531099BE385D9BC6990F92DE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hogwarts: Bellatrix | 28 Nov 2020 | BLY | Hogwarts | 4.1 GB | https://download.vulnhub.com/hogwarts/Bellatrix.ova | The evil Bellatrix Lestrange has escaped from the prison of Azkaban, but as … Find out and tell the Minister of Magic | Difficult: Medium This works better in VirtualBox Hints --> Brute force is not necessary, unless it is required. ncat is the key 😉 Social-Media: Twitter --> @BertrandLorent9, Instagram --> @BertrandLorente9 | E6D98D406CDF7641E4A966F16AFAF536 | 8389861C7F2B1626190844E31A2A1A4ADE385E06 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Leeroy: 1 | 2 Dec 2020 | weirdatfirst & jiveturkey | Leeroy | 3.2 GB | https://download.vulnhub.com/leeroy/Leeroy-002.zip | Go deeper than just the typical exploit. | 2AB0B906492BE0202FE563C35AA32CF5 | AB4A772512F2CB02207C8F4DBE42CAA5896632D4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| School: 1 | 4 Dec 2020 | foxlox | School | 1.2 GB | https://download.vulnhub.com/school/school.ova.gz | Machine name: School | Level: Easy flags: user, root Description: This is a Linux box, running a Web Application, and a Windows application in WINE environment to give Access to Wine from Linux. Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089This works better with VirtualBox rather than VMware | 652C43BEFF2B6E414FCF30E08310C816 | 56F7188C929835AE1F0021E6CEB16AC6DF8BD81E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hackme: 2 | 6 Dec 2020 | x4bx54 | hackme | 3.8 GB | https://download.vulnhub.com/hackme/hackme2-DHCP.ova | ‘hackme2’ is a medium difficulty level box. This is the second part of the hackme series where more controls are in place do deter malicious attacks. In addition, you will have to think out of the box to exploit the vulnerabilites. The goal is to gain limited privilege access via web vulnerabilities and subsequently, privilege escalate as a root user. The lab was created to mimic real world web vulnerabilities. | ‘hackme2’ uses DHCP and in the possible event that the mysqld shuts down on its own (very rare cases), attempt to force restart the machine and it should be working fine subsequently. | 3E4450A319DFE8F7F8CAF4196B5A9505 | 6F6EDCBC02E023FAECB622065C6F63515861D19A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cybox: 1.1 | 6 Dec 2020 | Víctor García | Cybox | 916 MB | https://download.vulnhub.com/cybox/cybox-1.1.ova | Will you be able to compromise the internal server of the CYBOX company? | Difficulty: Medium Objective: Get user.txt and root.txt This works better with VirtualBox rather than VMware. Contact: @takito1812## Changelog2020-12-06 - 1.12020-11-21 - 1.0 | 797DA62D4BF4F6F2DD66E773EC2BA73B | 2EF42A6C576A88900EE37AFDE8BD08DB9A578970 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Callme: 1 | 4 Dec 2020 | foxlox | Callme | 2.8 GB | https://download.vulnhub.com/callme/callme.ova.gz | Machine name: Callme | Level: Easy flags: user, root Description: This is a Linux box with a custom remote access Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089 | F92BB29A6D9DDA1DCF054425ACB93EBF | AACA15854E8ACAA70F182A5443D1ACE3AFD46030 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Netstart: 1 | 4 Dec 2020 | foxlox | Netstart | 1.3 GB | https://download.vulnhub.com/netstart/netstart.ova.gz | Machine name: Netstart | Level: Easy flags: user, root Description: This is a Linux box, running a WINE Application vulnerable to Buffer Overflow, escalation is pretty simple Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089This works better with VirtualBox rather than VMware | 17B58A83EB93594402818EBE194E4CF2 | F39DBFABE722BDD481034A4648C905D1C198F9A8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Warzone: 3 (Exogen) | 21 Nov 2020 | AL1ENUM | Warzone | 2.5 GB | https://download.vulnhub.com/warzone/Warzone3.ova | Custom Exploitation, Code Analysis, Crypto, Programming Skills | Mission : Find the alien boss Based on : Java Difficulty : Hard Recommended : Give a try without the walkthrough Info : Created and Tested in Virtual box (NAT network) | 3D82AB48E81BB31EE817EAECD8998747 | 8221A1683E3836903D050BF24E6E6601C72508B0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| LinESC: 1 | 5 Dec 2020 | Muhammad Nasef | LinESC | 1019 MB | https://download.vulnhub.com/linesc/LinESC.rar | LinEsc is a machine built to demonstrate the 7 most common ways of Linux privilege escalation. | Target: get root privileges with 7 different ways. Default credentials : (muhammad:nasef) | 1F372D1A799108941DCBE6F7938F7A46 | 865C14354994D45B8A572B354B4C15AAE0D13D68 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| M87: 1 | 6 Nov 2020 | mindsflee | M87 | 894 MB | https://download.vulnhub.com/m87/m87.zip | m87 is a simple machine, created specifically to be exploited. Don’t get discouraged and always Try Harder! | Just download, extract and load the .vmx file in VMware Workstation (tested on VMware Workstation 15.x.x) The adapter is currently NAT, networking is configured for DHCP and IP will get assigned automatically You can contact me on Hack the box (https://www.hackthebox.eu/profile/232477) or by email ( ) for hints! mindsflee | 80DEDFB50E1B5AD34B2225FBE5C63F3A | 6CB06AA4DD97CEE36749E880DF288F3287F180DE | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Masashi: 1 | 13 Nov 2020 | Sv5 Donald | Masashi | 647 MB | https://download.vulnhub.com/masashi/Masashi-CTF-Sv5.zip | When you open the Virtual Machine in VMware and it says “failed”, Dont be alarmed, just click “try again” | PS. There is no need for you to setup networking for the VM, its on NAT annd DHCP. If you face any challenges, DM on Twitter @lorde_zw Have Fun 😉 😉 | 100E1169E88DFCE04FEFC929370A947B | 3A2746C83FF7C0B04E7FA5F1E61F6E93A738C9F0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Kira: CTF | 4 Nov 2020 | Bassam Assiri | Kira | 3.2 GB | https://download.vulnhub.com/kira/KiraCTF.ova | Difficulty : Piece of Cake | Time to root: probably less than 10 minutes if you know what you are doing This is easy machine with easy privilege escalation it is intended for beginners in Boot2Root Do not use hints unless you are stuck ============================= Hint for shell: LFI Hint For User: is there another directory? Hint For root: what can user do as root? ============================= Any information or hints you can contact me on twitter: @BassamAssiri | 9AB005A4952CB40EF6D36E69682EBB92 | 391F588C0E7E0349EC35E5723C4FC2100A7A1EC0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| INO: 1.0.1 | 6 Dec 2020 | foxlox | INO | 1.2 GB | https://download.vulnhub.com/ino/ino-1.0.1.ova.gz | You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089 | This works better with VirtualBox rather than VMware## Changelog2020-12-06 - v1.0.12020-11-16 - v1.0 | 02CE45198A9365C5CDDE01BE8AD86177 | BFB58FEA829A5CEB4D8EDE13EF34734D298CEE46 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Warzone: 2 | 9 Nov 2020 | AL1ENUM | Warzone | 2.6 GB | https://download.vulnhub.com/warzone/Warzone2.ova | Enumeration, Flask, Port Forwarding, GTFObins | Created and Tested in Virtual box (NAT network) Hint : lowercase letters | FF639B25FB64A049E094FC20F51B732C | E5B5CADF476129CC365EDF58C5855497B97F1AA5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Inferno: 1.1 | 6 Dec 2020 | mindsflee | Inferno | 724MB | https://download.vulnhub.com/inferno/inferno-1.1.ova | Real Life machine vs CTF. | Midway upon the journey of our life I found myself within a forest dark, For the straightforward pathway had been lost. Ah me! how hard a thing it is to say What was this forest savage, rough, and stern, Which in the very thought renews the fear. Just download, extract and load the .ova file in VMware Workstation or Virtual Box. The adapter is currently bridge, networking is configured for DHCP and IP will get assigned automatically You can contact me on Hack the box (https://www.hackthebox.eu/profile/232477) or by email ( ) for hints!This works better with VirtualBox rather than VMware## Changelog2020-12-06 - v1.12020-11-17 - v1.0 | E14D9D42A77761D61B964281DC5CEE6E | 00D22D511031B398CA3BE7ADA1BFBB3B10D10583 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| My School: 1 | 19 Nov 2020 | Sachin Verma | My School | 796 MB | https://download.vulnhub.com/myschool/myschool.ova | Welcome to “My School” | This VM has been designed by Sachin Verma. This boot to root VM is fully a real life based scenario. It has been designed in way to enhance user’s skills while testing a live target in a network. Its a quite forward box but stay aware of rabbit holes. Goal: Get the root flag of the target. Difficulty: Intermediate Need hints? Twitter @sachinverma_in DHCP is enabled Your feedback is really valuable for me! Twitter @sachinverma_in Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!!This works better with VirtualBox rather than VMware | CD34247199E679EC9068B272CE3F1106 | 926AE71E02EE37705675A80D5DF6EF6C22FFA5FD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| MoneyHeist: Catch Us If You Can | 20 Nov 2020 | Anant Chauhan | MoneyHeist | 844 MB | https://download.vulnhub.com/moneyheist-1/Money-Heist-catch-me-if-you-can.ova | Difficulty level: N\A | There is one flag, and you have to stop the heist. It is CTF like VM. Here is a tip from my side:- keep Patience and do the enumeration process in a good manner. Works better with VirtualBox. If you want any hint, ping me anytime, and don’t forget to share your feedback. I’ll be glad :)This works better with VirtualBox rather than VMware. | E538AD74EA6977AC2D008A54DE855574 | 45B4EB604CB16363209278C20F5F9A6965B94704 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Shuriken: 1 | 13 Nov 2020 | TheCyb3rW0lf | Shuriken | 2.7 GB | https://download.vulnhub.com/shuriken/Shuriken-1.ova | Difficulty: easy/medium | That’s the first machine I developed. I tried to make use of more realistic techniques and then include them in a single machine. Keep in mind it’s still just a CTF. It’s meant to be rather easy. Can you take advantage of the misconfigurations made by The Shuriken Company? See you in the root. | 2DB75B09A1DD917FFE1DF20B4450D032 | 602F049006AFE12632A1B6FEB6E4860008C96D32 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Hogwarts: Dobby | 8 Nov 2020 | BLY | Hogwarts | 3.7 GB | https://download.vulnhub.com/hogwarts/dobby.ova | dobby needs to be root to help harry potter, dobby needs to be a free elf | Difficult: Easy This works better in VirtualBox Social-Media: Twitter --> @BertrandLorent9, Instagram --> @BertrandLorente9 This works better with Virtualbox rather than VMware | 11B9FD40B70344A71B432A608EE640AB | 68110B92FD58D6A4C8F0CDBE169E29259AC797A6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Money Heist: 1.0.1 | 20 Nov 2020 | viehgroup & shaileshkumar & shrey_sancheti & manish67367326 | Money Heist | 3.7 GB | https://download.vulnhub.com/moneyheist/Moneyheist-v1.0.1.ova | “The Professor” has a plan to pull off the biggest heist in recorded history – to print billions of Flags . To help him carry out the ambitious plan, he recruits eight people with certain abilities and who have nothing to lose. | Difficulty of VM :- Medium.This works better with Virtualbox rather than VMware.## Changelogv 1.0.1 - 2020-11-20v 1- 2020-10-27 | 3136E3E0B69636EBF714318826104777 | EBA125897A20631FE0B295E02DC9D7A2451164EA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HackathonCTF: 1 | 27 Oct 2020 | somu sen | HackathonCTF | 924 MB | https://download.vulnhub.com/hackathonctf/ctf.zip | N/A | 4FFC7171020962ED5E6B90748F1D2897 | FB53B1F860FD3FE69DA0938EF920624757C0258F | Virtual Machine (VMware) | Linux | Enabled | Automatically assign | |
| Bizarre Adventure: Joestar | 25 Oct 2020 | Joas Antonio | Bizarre Adventure | 924 MB | https://download.vulnhub.com/bizarreadventure/Bizarre-Adventure—Joestar.zip | A machine that simulates a gas tank system - Scada focus. | This works better with VirtualBox rather than VMware | 3EFEF2F8B0D86323710EC14BA968A127 | 485B1EC55DE3193E69D630FB43DC79E5D2687DC5 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| HA: Vedas | 23 Oct 2020 | Hacking Articles | HA | 1.1 GB | https://download.vulnhub.com/ha/vedas.ova | Vedas meaning sacred knowledge or revealed knowledge, are old texts of Hinduism. The level of the lab is intermediate and consists four flags. This lab is based on the four Vedas, the flags are based on the same which are as follow: | Note: It is important to note that, all the flags are connected to each other. To reach the final flag, you have to make sure to capture all the flags. Disclaimer: This machine works on VMWare. There might be IP related issues with Virtual Box. | 1084BCDB570EF40F1F782D219CF4A7A4 | E80A8F427E5375B778FA0BB545AE63CCB8C1251F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| ColddBox: Easy | 23 Oct 2020 | Martin Frias (Aka. C0ldd) | ColddBox | 872 MB | https://download.vulnhub.com/colddbox/ColddBoxEasy_EN.ova | Welcome to ColddBox Easy, it is a Wordpress machine with an easy level of difficulty, highly recommended for beginners in the field, good luck! Please share your feedback: "https://twitter.com/C0ldd__” | This works better with VirtualBox rather than VMware. | 103134F906AA86E16D97128863147AA3 | F1D0EA2407D619254EB4866C7197724E9ECFA065 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| IA: Nemesis (1.0.1) | 25 Oct 2020 | InfoSec Articles | IA | 537 MB | https://download.vulnhub.com/ia/Nemesis-v1.0.1.ova | This works better with VirtualBox rather than VMware.## Changelogv1.0.1 - 2020-10-25v1.0.0 - 2020-10-07 | 1E1B81A4B2AF9A2BAC30ED2B26B779BB | 182F226EBD925575F50F24D04C515DF79424775E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Secarmy Village: Grayhat Conference | 22 Oct 2020 | Secarmy Team | Secarmy Village | 1.7 GB | https://download.vulnhub.com/secarmyvillage/SECARMY-VILLAGE-OSCP-GIVEAWAY.ova | WELCOME TO THE SECARMY OSCP GIVEAWAY MACHINE!, | https://secarmy.org/village/ THIS MACHINE HAS BEEN MADE AS PART OF THE SECARMY VILLAGE EVENT AND IS SPONSORED BY OUR GENEROUS SPONSOR OFFENSIVE SECURITY. YOU ARE REQUIRED TO COMPLETE 10 TASKS IN ORDER TO GET THE ROOT FLAG. MAKE SURE THAT YOU REGISTER ON https://secarmyvillage.ml/ IN ORDER TO SUBMIT THE FLAG AS WELL AS HEAD OVER TO OUR DISCORD SERVER bit.ly/joinsecarmy FOR FURTHER ASSISTANCE REGARDING THE MACHINE Remember: You can submit your flags from 29th of October 12:00 PM IST (UTC +5:30) to 31st of October 11:59 AM IST (UTC +5:30) on https://secarmyvillage.ml/ . Registrations will close on 29th October 11:00 AM IST (UTC +5:30) In case the IP doesn’t shows up you can log into the machine using our test account credentials: cero:svos GOODLUCK! | 0173B942AAF4E67193970BF80BBB6B24 | 243C48B764936BA038CF6BB6131265DE81EE5177 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| FishyMail: 1 | 14 Oct 2020 | n0ps | FishyMail | 2.2 GB | https://download.vulnhub.com/fishymail/FishyMail_boot2root.vdi | This is my first vulnerable virtual machine called fishymail. You can download it here load the .vdi up on VirtualBox and give it a try. Feel free to contact me or leave a comment if you have any questions or need some help troubleshooting. | This works better with VirtualBox rather than VMware | 9A1237C877A14A3E599CFFE4E028A01B | EED40EEB9502756B13FD004F83987AAF289296E4 | Virtual Machine (Virtualbox - VDI) | BSD | Enabled | Automatically assign |
| Cheesey: Cheeseyjack | 2 Oct 2020 | cheese | Cheesey | 3.8 GB | https://download.vulnhub.com/cheesey/cheeseyjack.zip | Cheeseyjack aims to be an easy to medium level real-world-like box. Everything on this box is designed to make sense, and possibly teach you something. Enumeration will be key when attacking this machine. | Hint: A cewl tool can help you get past a login page. | B463292B0850F227E624F9992DC315DD | EC37AC193547F68321BBEBE2FF397420683581F1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| TenderFoot: 1 | 5 Oct 2020 | Anant Chauhan | TenderFoot | 867 MB | https://download.vulnhub.com/tenderfoot/TenderFoot.7z | A very Easy Box for beginners, I recommend this box if you are new here. Your task is to grab all the 3 flags (user1.txt, user2.txt, proof.txt). | I checked it on VirtualBox with “NAT NETWORK”, not on VMware so i don’t know if it is working with VMware too. Please share your feedback: "https://twitter.com/ )This works better with VIrtualBox rather than VMware. | 72252B4A745E6B8FD75BE1C0890504EE | 93EEEF0438B3FC7C83382106B62C951101DD9CF9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HA: Sherlock | 4 Oct 2020 | Hacking Articles | HA | 825 MB | https://download.vulnhub.com/ha/sherlock.ova | HA: Sherlock! This lab is based on the famous investigator’s journey on solving the Curious Case of Harshit’s murder! | This is a Forensic based Capture-the-Flag and is not a Boot-to-Root So, put on your thinking caps and get ready to solve the case by finding the evidences bearing points. There is a total of 100 points scattered over the lab Objective: Find all 100 points (Getting Root is not the objective) Disclaimer: This machine works on VMWare. There might be IP related issues with Virtual Box. | D34F72D4C128AB3044A8475FC96D695A | 6A361A845C2A2921405CCECB0B12AC30FD87DCE0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| KB-VULN: 3 | 3 Oct 2020 | MachineBoy | KB-VULN | 1.2 GB | https://download.vulnhub.com/kbvuln/KB-VULN3.ova | This machine is the kind that will measure your research ability. This VM is running on VirtualBox.It includes 2 flags:user.txt and root.txt. | This works better with VirtualBox rather than VMware. | 4917690C686BC36894327130CD8837EB | ED6EDBC1951C75A0A384EC9786B4BD81FA537D74 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Warzone: 1 | 24 Oct 2020 | AL1ENUM | Warzone | 2.2 GB | https://download.vulnhub.com/warzone/Warzone.ova | 98FC0985C32A2380A0AFBF24222C22D5 | 0FB9DBC8D8516B462C4E1C8735D41B01D57F2B35 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| namespaceS0S: 1 | 14 Oct 2020 | n0ps | namespaceS0S | 3.2 GB | https://download.vulnhub.com/namespaces0s/NameSpaceS0S!.vdi | N/A | 49C670867002E5BC28C7E7036674379D | C9DA87888F0B112F98E7C46B92A5CD264BBD1905 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | |
| aMaze: 1 | 27 Sep 2020 | Swapneil Kumar Dash & Rajat Mittal (HasHeR) | aMaze | 2.1 GB | https://download.vulnhub.com/amaze/aMaze.ova | A fun VM created to test your skills around docker, OSINT, and web application exploitation. It is recommended to run this VM with a network interface connected to the internet, however, it is not necessary in any way to accomplish the final goal. | This works better with VirtualBox rather than VMware | 4135E48F91F1C8B1D8DF88671CFC2F7A | 54CAB0EB028938A37E6D4574180809FB09E94132 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Boverflow: 1 | 27 Sep 2020 | foxlox | Boverflow | 825 MB | https://download.vulnhub.com/boverflow/Boverflow.ova.gz | Level: Easy->Intermediate | flags: user, root Description: This machine require a low skill to get user flag, a little more skill to escalate to root! Warning, don’t go too speedly, someone could be DROP you for one minute. Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089 Machine hint: user=> go slowly. root=> check the right exit address!d be DROP you for one minute. About VM: VirtualBox ready, the adapter is currently Bridged, DHCP activeThis works better with VirtualBox rather than VMware | 930E8338A629DCDAE7A56FD329961D8D | 083BD20658E3135E14D2B2CDCA80CBFE861E0E7F | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| FoxHole: 1.0.1 | 23 Sep 2020 | purpl3f0x | FoxHole | 3.9 GB | https://download.vulnhub.com/foxhole/FoxHole-v1.0.1.ova | The box is meant to be somewhere between easy and intermediate, with a simple initial foothold, but a more complicated priv esc. | ## Changelogv1.0.1 - 2020-09-23v1.0.0 - 2020-09-20 | BF0FAB54CEE55777537FADCAC40CA617 | 28BAF5381F9DE1945A29E9282FD512128C2603D5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HA: Forensics | 24 Sep 2020 | Hacking Articles | HA | 845 MB | https://download.vulnhub.com/ha/forensics.ova | HA: Forensics is an intermediate level of the lab, which gives you a hand on real-life experience in Cyber Forensic Investigation. This lab is completely dedicated to methods and tools of Cyber Forensic Investigation and there is evidence that can be found with various techniques. As it is a Capture-the-Flag, it is very important to note that it is not a root challenge, and comes with a primary motive to find all the flags. | No. of Flags: 4 Objective: Find all 4 flags (Getting Root is NOT the objective) | AB905EFE17FE976C5C435808AC744EF1 | 509D829671B7C9C58BDF4BE34EB07AAC642EF31B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Praying: 1 | 28 Sep 2020 | iamv1nc3nt | Praying | 1.8 GB | https://download.vulnhub.com/praying/Praying.tar.gz | This is an easy->intermediate boot2root with a mix of real world and ctf. Created in Virtualbox. Goal: Get the root flag. Your feedback is appreciated – Twitter: @iamv1nc3nt | This works better with VirtualBox rather than VMware. | BC3020EBDCEBF150E055C69DF244665A | CB6347929BABB658DB6B716436253AC76F664E02 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: EasyEnum | 19 Sep 2020 | 0815R2d2 | Funbox | 1.1 GB | https://download.vulnhub.com/funbox/Funbox7.ova | Boot2root in 6 steps for script-kiddies. | Timeframe to root this box: 20 mins to never ever. It’s on you. Enum without sense, costs you too many time:This works better with VirtualBox rather than VMware | DFCCA462B9C9E97E2C8730E1D59C2FC2 | 5782E747DEC48F9B1C0F1963B60D9BC0AFF9D58B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| FirstBlood: 1 | 19 Sep 2020 | iamv1nc3nt | FirstBlood | 2.1 GB | https://download.vulnhub.com/firstblood/FirstBlood.ova.tar.gz | A VERY beginner friendly box with a LOT of hand holding. | Once the system grabs an IP, head straight to the web port before scanning. You will find your first set of instructions which starts the guided process. Created in Virtualbox. Goal: Get the root flag. Your feedback is appreciated – Twitter: @iamv1nc3nt | CCA03B2B242481163B9CF484054FB0E6 | 65BB1AF48A1A4EEC12F01207AF67FCC8E6330C6D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| dev: 1 | 27 Sep 2020 | F3dai | dev | 2.9 GB | https://download.vulnhub.com/dev/dev.ova | Easy level Linux box. | This box “dev” aims to educate people on common and misconfigurations of a widely used developer tool. Use a good wordlist! Feedback is appreciated - Send me your writeups, and let me know if you want it advertised on my website: www.cybergoat.co.uk | 079E23CA65A5A24AF50922B18EB827E4 | CE946BE55A3ABB62FD56E536DF80D8F149A3D60A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HA: Narak | 23 Sep 2020 | Hacking Articles | HA | 791 MB | https://download.vulnhub.com/ha/narak.ova | Narak is the Hindu equivalent of Hell. You are in the pit with the Lord of Hell himself. Can you use your hacking skills to get out of the Narak? Burning walls and demons are around every corner even your trusty tools will betray you on this quest. Trust no one. Just remember the ultimate mantra to escape Narak “Enumeration”. After getting the root you will indeed agree “Hell ain’t a bad place to be”. | Objective: Find 2 flags (user.txt and root.txt) | C058F595C60923998659C630CEA576E6 | 1340392A00BE6098CD0AEAFA26D2550FC4F2A459 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BBS (cute): 1.0.2 | 24 Sep 2020 | foxlox | BBS (cute) | 675MB | https://download.vulnhub.com/bbs-cute/Cute-v1.0.2.ova.bz2 | Machine name: BBS (Bulletin Board System) | Level: Easy->Intermediate flags: user, root Description: really technical machine, if you are ready for certifications it will be a good tool to test yourself. You will find a very rare final exploit technique, which you have hardly seen before! Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me by email (fox at thebrain dot net) or Discord foxlox#1089 Machine hint: don’t let your eyes confuse you, Try Harder!This works better with VirtualBox rather than VMware## Changelogv1.0.2 - 2020-09-24v1.0.1 - 2020-09-23v1.0.0 - 2020-09-21 | 0371E43610EE8642FB6104D099BE72D8 | 8A9A5EAF32F3A85C235E89F3E51301392E75AA36 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| CengBox: 3 | 28 Sep 2020 | Arslan | CengBox | 925.MB | https://download.vulnhub.com/cengbox/CengBox3.ova | Goal : Get user and root flag | Difficulty : Intermediate / Hard Description : Some of us hold on to poems, songs, movies, books. I guess people can’t hold onto people anymore. – Oguz Atay You know what you have to do. If you get stuck, you can get in touch with me on Twitter. @arslanblcn_ This machine works properly on Virtualbox. Happy hacking :)This works better with VirtualBox rather than VMware. | 113D9EDAE24C540454119BED33D16B66 | 7F01D1BB4274D5DEDA3B2E6B349A0B81DFED46DD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Relevant: 1 | 21 Sep 2020 | iamv1nc3nt | Relevant | 1.4 GB | https://download.vulnhub.com/relevant/Relevant.tar.gz | This is a solid intermediate box. | You get one hint – enumerate the box, then enumerate the box differently. Created in Virtualbox. Goal: Get the root flag. Your feedback is appreciated – Twitter: @iamv1nc3ntThis works better with VirtualBox rather than VMware | 27976F7C7F6AC1A33F3659B79C83CD61 | E796AF66755EAB3A9F24FD90C417AD2CBFF8BD0A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Gamble Hall | 10 Sep 2020 | 0815R2d2 | Funbox | 1.4 GB | https://download.vulnhub.com/funbox/Funbox6.ova | Not a reallife box ! | It’s a very easy box, that makes you crazy. Don’t forget to add: funbox6.box in your /etc/hosts !This works better with VirtualBox rather than VMware | 25785DA1AF9F034317EF153D4AE5D2C5 | DEC6D6415091D99E44EE69A0235CF63DBBDACB5A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Bizarre Adventure: Sticky Fingers | 16 Sep 2020 | Joas Antonio | Bizarre Adventure | 831 MB | https://download.vulnhub.com/bizarreadventure/Bizarre-Adventure.zip | N/A | This works better with VirtualBox rather than VMware | A87D64B5061AD1141A970EBFAFE9BA5C | 27A85C91A2BE76794193C90D6F0D98B2162B5BE0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Durian: 1 | 14 Sep 2020 | SunCSR Team | Durian | 1.5 GB | https://download.vulnhub.com/durian/Durian.ova | 8202F5FC33DD3C5C72B8346C40B6BBC2 | 247B92BA003F028313C1A6269C047919FD2DFFAB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| UnDiscovered: 1.0.1 | 9 Sep 2020 | H0j3n & Ch4rm | UnDiscovered | 1.6 GB | https://download.vulnhub.com/undiscovered/UnDiscovered-1.0.1.ova | Discovery consists not in seeking new landscapes, but in having new eyes… | This works better with VirtualBox rather than VMware## Changelogv1.0.1 - 2020-09-09v1.0.0 - 2020-09-06 | 3466089D60E1D38AACAFC7E0325A4598 | 3D4F806BD8D19F455A2B30229BA8ED08D0D00CF9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cherry: 1 | 14 Sep 2020 | SunCSR Team | Cherry | 2.4 GB | https://download.vulnhub.com/cherry/Cherry.ova | DAEC319FDE021276038CD190ACA0571C | 09C5C0398D627D96D6929D16BA20C0EF16367A37 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| Monitoring: 1 | 14 Sep 2020 | SunCSR Team | Monitoring | 1.8 GB | https://download.vulnhub.com/monitoring/Monitoring.ova | 1FFAA9EF45205C6C5E1A1FC1495237ED | 649825EAD5DAA24999DF0C3DE8232A1FF4A29819 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| Chili: 1 | 14 Sep 2020 | SunCSR Team | Chili | 1.1 GB | https://download.vulnhub.com/chili/Chili.ova | 882FC04B7BF993C289981F4D5AA28E3C | 1AC409DAA2F505073B62FADD08B7F793A8B4CF65 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| KB-VULN: 2 | 17 Sep 2020 | MachineBoy | KB-VULN | 1.4 GB | https://download.vulnhub.com/kbvuln/KB-VULN2.ova | Machine Level : Easy | A machine that measures your attention and require your research. This VM is running on VirtualBox. It includes 2 flags:user.txt and flag.txtThis works better with VirtualBox rather than VMware | 8A9447B62856BA6DDFA203F864636AC7 | 8CA5400943D1FF7DB76538900075BA60E6CC5180 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Tomato: 1 | 14 Sep 2020 | SunCSR Team | Tomato | 778 MB | https://download.vulnhub.com/tomato/Tomato.ova | 2357F4C6BEFF55A2A9357374F8A4949D | 65F979A80DB06A16536659DC6893F62EC7165DAB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| CewlKid: 1 | 16 Sep 2020 | iamv1nc3nt | CewlKid | 1.8 GB | https://download.vulnhub.com/cewlkid/CewlKid.zip | An intermediate boot2root. The name is a hint. The start is CTF but the end is real world and worth the effort. Created in Virtualbox. Goal: Get the root flag. Your feedback is appreciated – Twitter: @iamv1nc3nt | This works better with VirtualBox rather than VMware | CB159E42B6E7DC67E444ECE15F5089D1 | 06F11661AF2684DFCFA06E38AF8454CCEBE75377 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Bizarre Adventure: Mrr3b0t | 17 Sep 2020 | Joas Antonio | Bizarre Adventure | 817 MB | https://download.vulnhub.com/bizarreadventure/Mrr3b0t.zip | A simple challenge conquer your shell and escalate privileges, some research will be necessary, but nothing that is not easily found. | Thanks in advance, if you want to send your opinion just send an email to Any information can contact me!This works better with VirtualBox rather than VMware.Also known as “Simple Wall” | C59F2F0DA2914607D149F755131DF2C9 | 55DE46F8C03AED572BCAC8174491A86728252069 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Potato (SunCSR): 1 | 14 Sep 2020 | SunCSR Team | Potato (SunCSR) | 890 MB | https://download.vulnhub.com/potato-suncsr/potato-suncsr.ova | A6653684A12629F8DCC6C3E915FED6BE | 33D5001B9CD8410D185B08CD3F4C8593A563F863 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| wpwn: 1 | 18 Aug 2020 | 0xatom | wpwn | 887 MB | https://download.vulnhub.com/wpwn/wpwnvm.zip | This is an easy box. | It’s vmware based, i dont know if it works on VB you can test it if you want. There are 2 flags under /home/$user/user.txt & /root/root.txt. No stupid ctfy/guessy stuff. Remember: your goal is to read the root flag, not just to take a root shell. Feel free to DM me on discord for any tip/hint. Happy pwning! 😄 | B3587967C48A148669CD281493D39F72 | 56AAFB1C356B8963E298D7A1F4C7F98A7A1DA645 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| Funbox: Next Level | 5 Sep 2020 | 0815R2d2 | Funbox | 1.3 GB | https://download.vulnhub.com/funbox/Funbox5.ova | Lets separate the script-kids from script-teenies. | Hint: The first impression is not always the right one! If you need hints, call me on twitter: @0815R2d2 Have fun… This works better with VirtualBox rather than VMwareThis works better with VirtualBox rather than VMware. | 7D62686086082C2AB2892AAF2919556C | F9C11313C3B0D041F582A7F29D55655E2A28B740 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Insanity: 1 | 16 Aug 2020 | Thomas Williams | Insanity | 1.3 GB | https://download.vulnhub.com/insanity/Insanity-Hosting.ova | A web hosting provider has asked you to test their security. Can you find the vulnerabilities on their server and gain root access? If anyone wants to submit a written report for this, I’d give it a read and potentially publish it on this blog! | A17E9918EB7724DF4DCF7913F757A130 | 6AD6B4FDBA56772AB113F000841C8BD6D61C5699 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Funbox: CTF | 5 Sep 2020 | 0815R2d2 | Funbox | 969 MB | https://download.vulnhub.com/funbox/Funbox4.ova | Groundhog Day: Boot2Root ! | Initial footstep is a bit flowed, but really not difficult. After getting access to Funbox: CTF, its nessesarry to find, read and understand the (2 and easy to find) hints. Be smart and combine… Hints: Nikto scans “case sensitive” and you need a minimum of 15 mins to get user ! If you need hints, call me on twitter: @0815R2d2 Have fun… This works better with VirtualBox rather than VMwareThis works better with VirtualBox rather than VMware | 0FE456816037715FE74E5593B90267C6 | 71294C45D4608EB20F25A45003861DB82ACD7BB4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| WorldCup: 2020 | 30 Aug 2020 | Pratik Khalane & Shaliesh Kumar& Vaibhav Prakash | WorldCup | 2.2 GB | https://download.vulnhub.com/worldcup/2007.ova | The VM is very interesting as this is made in the remembering of yuvraj singh who hit “6” sixes which turned the table of the game. There are 6 flags and each flag will lead to another flag and in the end it will lead to root access which will end the game. | 973A55A1B6643E471ADE1DD3F731557B | EC69B7FD838690BCEA4A4F983E6DC4EC29683ADA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| KB-VULN: 1 | 29 Aug 2020 | MachineBoy | KB-VULN | 838 MB | https://download.vulnhub.com/kbvuln/KB-VULN.ova | This works better with VirtualBox rather than VMware | F023C88AC8F924E1796BCC56B8A59D41 | FCA02F0A713F2C1B920AA0FD83213814BC51C3D7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Yone: 1 | 26 Aug 2020 | SunCSR Team | Yone | 1.7 GB | https://download.vulnhub.com/yone/Yone.ova | 26CA6A38AC3C13DBD8A8BC6AECFCFAE0 | 8720B61AB6EA0E09CC4CD20415F5FA1BA66EE7CF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| Nully Cybersecurity: 1 | 6 Sep 2020 | laf3r | Nully Cybersecurity | 1.4 GB | https://download.vulnhub.com/nullycybersecurity/NullyCybersecurityCTF.zip | Nully Cybersecurity - this is an easy-intermediate realistic machine. | While working with the machine, you will need to brute force, pivoting (using metasploit, via portfwd), exploitation web app, and using searchsploit. About: Wait 5-8 minutes before starting for the machine to start its services. Also, check the welcome page on port 80. Hints: ‘cat rockyou.txt | grep bobby > wordlist’ for generating wordlist. Story: You are a Professional White Hat. Small company Nully Cybersecurity hired you to conduct a security test of their internal corporate systems. Feedback. https://twitter.com/laf3r_ Difficulty: Easy-intermediate This works better with VirtualBox rather than VMware | D3BCD8381B911602C0FF5E74DBFDC5C5 | 6554BB048BF77DF1EA46B533DDD0C30EB2285073 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| The Planets: Mercury | 4 Sep 2020 | SirFlash | The Planets | 1.6 GB | https://download.vulnhub.com/theplanets/Mercury.ova | Difficulty: Easy | Mercury is an easier box, with no bruteforcing required. There are two flags on the box: a user and root flag which include an md5 hash. This has been tested on VirtualBox so may not work correctly on VMware. Any questions/issues or feedback please email me at: SirFlash at protonmail.com | A25F4235486E2D9AF38EAA0E1CA23D45 | 91B9717448620AFB0ED0FCC106D914BC0D1924BF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DevContainer: 1 | 14 Sep 2020 | Andrés | DevContainer | 885 MB | https://download.vulnhub.com/devcontainer/DevContainer_1.ova | This works better with VirtualBox rather than VMware | E46171BCD53146BC40C9A458FEE95822 | E61CD1C44C2AEB225AC217C0371034D0645F3657 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Legacy: HangTuah | 25 Aug 2020 | H0j3n | Legacy | 1.2 GB | https://download.vulnhub.com/legacy/Legacy-HangTuah.ova | Hang Tuah was a warrior who lived in Malacca during the reign of Sultan Mansur Shah in 15th century. He was supposedly the most powerful of all the laksamana or admirals and is considered by the Malays to be one of history’s greatest silat masters. | This works better with VirtualBox rather than VMware | 4C8D282F0357F7CA808C2454269B3074 | 5CD3D800353B4C45F4BF92CEBD56EA806532E142 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Loly: 1 | 21 Aug 2020 | SunCSR Team | Loly | 915 MB | https://download.vulnhub.com/loly/Loly.ova | E11B4FDB36B8250DE3EBD36BEDA37405 | C04D5CE03423B167211A8CDA53881E65BCF88AE5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| Tiki: 1 | 31 Jul 2020 | Silky | Tiki | 4.3GB | https://download.vulnhub.com/tiki/Tiki.ova | Oh no our webserver got compromised. The attacker used an 0day, so we dont know how he got into the admin panel. Investigate that. | This is an OSCP Prep Box, its based on a CVE I recently found. Its on the OSCP lab machines level. If you need hints contact me on Twitter: S1lky_1337, should work on VirtualBox and Vmware. | 0F0394A8B84158A59BBAB28060F30F5A | 4248A1402F1838FACAA09D440756ECA912F67C67 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cysec: 2 | 9 Aug 2020 | Ismael Al-safadi | Cysec | 3.6 GB | https://download.vulnhub.com/cysec/CySec2.vmdk | level : Easy | flag : in /root (Congrats.txt) Try to hack this machine and get 3 flags Put every flag that you got in a .txt file with name of challenge, (flag in md5 format) The most important flag exists in /root in a file Congrats.txt (it’s not in md5 format) Then send this file to email: This is just the HDD image. You will need to create a new VM | 1ED961102DA336D489F8D2B7DFB57A39 | 981BABA1414F2FF1F66BAA006F72635525DF881B | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| backdoored: 1 | 10 Aug 2020 | 0xatom | backdoored | 783 MB | https://download.vulnhub.com/backdoored/backdooredvm.zip | This is an easy box, to pass your time. | It’s vmware based, i dont know if it works on VB you can test it if you want. There are 2 flags under /home/$user/user.txt & /root/root.txt. No stupid ctfy/guessy stuff, basic enumeration will give you what you want! Tip: You can’t get a root shell, you just have to read the root flag. Happy pwning! 😄 | 73DB8E4FE9985265879FDDAAEC62D3D4 | B79BA6AE6F886B458009F924A81749BD48D025EE | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| pyexp: 1 | 11 Aug 2020 | 0xatom | pyexp | 826MB | https://download.vulnhub.com/pyexp/pyexpvm.zip | This is a medium, based on python functions. | It’s vmware based, i dont know if it works on VB you can test it if you want. There are 2 flags under /home/$user/user.txt & /root/root.txt. No stupid ctfy/guessy stuff. For any help/hint feel free to DM me through discord. Happy pwning! 😄 | 7B0D087A34DB9FC838543626BB6F68AE | 848C4FEE3A2ED9C7B5F8CA31CB795CAB0BB46A16 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| Hacking Messaih: 1 | 1 Aug 2020 | Sanjay Jyoti | Hacking Messaih | 295 MB | https://download.vulnhub.com/hackingmessiah/Hacking-Messiah.ova | This works better with VirtualBox rather than VMware.The MAC address needs to be “fixed” for 08:00:27:4e:aa:43.Using VirtualBox to import, make sure to select: “MAC Address Policy: Install all network adapter MAC addresses” | 8EA15F273AEE8EDAA44F60B14E44F5DA | 7563C42DC23F33661F16E5D1E481324E340DF737 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Nyx: 1 | 15 Aug 2020 | 0xatom | Nyx | 837 MB | https://download.vulnhub.com/nyx/nyxvm.zip | This is an easy box, pretty basic stuff. | It’s vmware based, i dont know if it works on VB you can test it if you want. There are 2 flags under /home/$user/user.txt & /root/root.txt. No stupid ctfy/guessy stuff. For any help/hint feel free to DM me through discord. Happy pwning! 😄 | 47B5EA7749DA521328972353562B4782 | D4E213BD50156E64B83D711B1B7C995265894748 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| Star Wars CTF: 1 | 1 Aug 2020 | Sir Logic | Star Wars CTF | 1.9 GB | https://download.vulnhub.com/starwars/StarWars-Epi1-CTF.ova | Star Wars themed CTF for beginners | This works better with VirtualBox rather than VMware | 06FAD29B8544DFA4BF787BE8185ED886 | F6AE48A2C16C79F070980454021FD49DD51C455E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Potato: 1 | 2 Aug 2020 | Florianges | Potato | 2.8 GB | https://download.vulnhub.com/potato/Potato.ova | This VM has been tested with VirtualBox | 7182F4ECA4D2A546BBE8818A08B439E1 | 0116B47222BEA3FF848646FCD91A979B1DFE1871 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| sunset: noontide | 9 Aug 2020 | whitecr0wz | sunset | 696 MB | https://download.vulnhub.com/sunset/noontide.ova | Difficulty: Very easy, do not overthink it! | It is recommended to run this machine in Virtualbox.This works better with VirtualBox rather than VMware | 5354B50F8BDA68BB72EA8C79E2B552EF | C751D987A987062301578E361A758713945BFB55 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Easy | 31 Jul 2020 | 0815R2d2 | Funbox | 1.7 GB | https://download.vulnhub.com/funbox/Funbox3.ova | Boot2Root ! Easy going, but with this Funbox you have to spend a bit more time. Much more, if you stuck in good traps. But most of the traps have hints, that they are traps. | If you need hints, call me on twitter: @0815R2d2 Have fun… This works better with VirtualBox rather than VMwareThis works better with VirtualBox rather than VMware. | 884E6522AB64DCFD0165699AB1740F68 | 9C4BC2188DAB9B223BCD5440F8496AF6B8C4EBB2 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| sunset: sundown | 4 Aug 2020 | whitecr0wz | sunset | 649 MB | https://download.vulnhub.com/sunset/sundown.7z | Difficulty: Easy/Intermediate | It is recommended to run this machine in Virtualbox.This works better with VirtualBox rather than VMware | D2ACE0474BC9F2EF6B2592638645FF4B | C859B711477EAE75AC6C647E68A4504E786B2EB4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cysec: 1 | 31 Jul 2020 | Ismael Al-safadi | Cysec | 5.3 GB | https://download.vulnhub.com/cysec/Cysec1.vmdk | level : Easy | This is just the HDD image. You will need to create a new VM | B9A95809E9EF42AE404A9FE6123DA676 | 979606620FB1B5B3F96920DEF7F0B9620426BA5E | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign |
| sunset: midnight | 19 Jul 2020 | whitecr0wz | sunset | 807 MB | https://download.vulnhub.com/sunset/midnight.7z | Difficulty: Intermediate | Important!: Before auditing this machine make sure you add the host “sunset-midnight” to your /etc/hosts file, otherwise it may not work as expected. It is recommended to run this machine in Virtualbox.This works better with ViritualBox rather than VMware | 979E832E2B13C9C01E91BEF0FE71444A | 1FE5258E32C3260BDD1B3EB454EA446B57F881A8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| So Simple: 1 | 17 Jul 2020 | roel | So Simple | 1.9 GB | https://download.vulnhub.com/sosimple/So-Simple-1.7z | This is an easy level VM with some rabbitholes. Enumeration is key to find your way in. There are three flags (2 user and 1 root flag). | The VM is tested on Virtualbox. After the startup it shows the IP address. Share your rootflag with me on Twitter: @roelvb79 Good luck and have fun!This works better with VirtualBox rather than VMware | 5C5D89CEFC495E0DA4DCC69216C91001 | 4550D87459DB42EAEC627B927A087425632FB344 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Photographer: 1 | 21 Jul 2020 | v1n1v131r4 | Photographer | 2.7 GB | https://download.vulnhub.com/photographer/Photographer.ova | This machine was developed to prepare for OSCP. It is boot2root, tested on VirtualBox (but works on VMWare) and has two flags: user.txt and proof.txt. | AFCC619FDA308989BAEB1040FF616DD9 | 19DF9FC2BE57F54A46B02F46AE2B31774F9A6257 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| sunset: twilight | 16 Jul 2020 | whitecr0wz | sunset | 1.1 GB | https://download.vulnhub.com/sunset/twilight.7z | Easy/Intermediate (May variate depending on your background) | It is recommended to run this machine in Virtualbox.This works better with VirtualBox rather than VMware | E7B7083750CE5C02D06B56049C7B60E5 | 30CE8E519A3B8889E6FD9364146C8075EC22A18B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Source: 1 | 17 Jul 2020 | darkstar7471 | Source | 1.2 GB | https://download.vulnhub.com/source/Source.7z | An easy CTF box created for use with the AttackerKB room. This is the standalone version for practicing. This box will likely show up in a subsequent room on supply chain attacks as it’s an excellent and recent example of that. | This works better with VMware rather than VirtualBox (Blank screen) | ECD586086C44002A7C24B241B005711A | 381C5D9F0A39B81621B1EDDEBBF945B46739412B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: 1 | 20 Jul 2020 | 0815R2d2 | Funbox | 2.4 GB | https://download.vulnhub.com/funbox/FunBox.ova | Boot2Root ! This is a reallife szenario, but easy going. You have to enumerate and understand the szenario to get the root-flag in round about 20min. | This VM is created/tested with Virtualbox. Maybe it works with vmware. If you need hints, call me on twitter: @0815R2d2 Have fun…This works better with VirtualBox rather than VMware | F77183809FD68F01B87CCD2C3013863D | 2FA7D849A91037765B447745F5050F278FDC9739 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| CyberSploit: 2 | 16 Jul 2020 | CyberSploit | CyberSploit | 1.2 GB | https://download.vulnhub.com/cybersploit/CyberSploit2.ova | Boot to Root | Your target is gain the Root access There is no any flag in this VMs Share root access with me This works better with VirtualBox rather than VMware | 8D95C1FE6D20F1FBF2B6A0B1DF7321FA | 9BCF57492328A71A1C1CE0A8F7ACB801CAF035D8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| UnInvited: 1 | 31 Jul 2020 | Jeevana Chandra | UnInvited | 1.5GB | https://download.vulnhub.com/uninvited/UnInvited.rar | Description: This is a second machine made by me. This machine has 3 flags in total to capture. I would rate the difficulty between intermediate and hard. If you have any problems with the machine, feel free to contact me! | This works better with VirtualBox rather than VMware | 1CF1AA0C5B8439B24E877C3EEF5976D7 | F497FD69911F318814BA70C6146FEC9ACC04D00B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Glasgow Smile: 2 | 17 Jul 2020 | mindsflee | Glasgow Smile | 2.2 GB | https://download.vulnhub.com/glasgowsmile/GlasgowSmile-v2.zip | Are you ready for Glasgow Smile 2? GS2 follows the philosophy of Glasgow Smile. It’s a CTF vs OSCP. | If you are a newbie in Penetration Testing and afraid of OSCP preparation, do not worry. Glasgow Smile2 is supposed to be a kind of gym for OSCP machines. The machine is designed to be a DC tribute but also a kind of real life techniques container. You will find also a bunch of ctf style challanges. You need to have enough information about Linux enumeration, PTES and encryption for privileges escalation. Just download, extract and load the .ova file in VMware Workstation (tested on VMware Workstation 15.x.x) The adapter is currently NAT, networking is configured for DHCP and IP will get assigned automatically You can contact me on Hack the box (https://www.hackthebox.eu/profile/232477) or by email ( ) for hints! P.S If you liked my machines, offer me a coffee, I’ll work on the next one! Thank you! ( https://www.buymeacoffee.com/mindsflee) | E99B829D65027EE2C37355F23C5DF3E7 | BB780E689C054A44A1C5B6A4C39D4C550436EB8E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Healthcare: 1 | 29 Jul 2020 | v1n1v131r4 | Healthcare | 918 MB | https://download.vulnhub.com/healthcare/Healthcare.ova | Level: Intermediate | Description:This machine was developed to train the student to think according to the OSCP methodology. Pay attention to each step, because if you lose something you will not reach the goal: to become root in the system. It is boot2root, tested on VirtualBox (but works on VMWare) and has two flags: user.txt and root.txt. | 3D64CFFCDAADBF683ACDB0E4BF8FBC47 | 7E65804C291C3453F75D83F6A280A4440ADFE104 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Funbox: Rookie | 27 Jul 2020 | 0815R2d2 | Funbox | 1.3 GB | https://download.vulnhub.com/funbox/Funbox2.ova | Boot2Root ! This can be a real life scenario if rockies becomes admins. Easy going in round about 15 mins. Bit more, if you are find and stuck in the rabbit-hole first. | This VM is created/tested with Virtualbox. Maybe it works with vmware. If you need hints, call me on twitter: @0815R2d2 Have fun…This works better with VirtualBox rather than VMware. | 76154A096FEABC44EF86F0C4B38FBA84 | 3740FABD31882AC4ADABFBD0741047C4413972D1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Cheran: 1 | 29 Jul 2020 | Shadow Phreak | Cheran | 1.5 GB | https://download.vulnhub.com/cheran/Cheran.zip | This works better with VirtualBox rather than VMware | 88158596062FE815816DF94A86A9F48B | 09C76BFDC4B87D726BF269C2A1673A5F47B2B257 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| CyberSploit: 1 | 9 Jul 2020 | CyberSploit | CyberSploit | 1.4 GB | https://download.vulnhub.com/cybersploit/cybersploit.ova | THIS IS A MACHINE FOR COMPLETE BEGINNER , THERE ARE THREE FALGS AVAILABLE IN THIS VM. | FROM THIS VMs YOU WILL LEARN ABOUT ENCODER-DECODER & EXPLOIT-DB. | 851C8763B865CA02B4374042E568A835 | 8FF5ADB114809E4B07DE2B28200EDB48E3F4E445 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| eLection: 1 | 2 Jul 2020 | Love | eLection | 4.0 GB | https://download.vulnhub.com/election/election.7z | It is an OSCP-like VM, Medium Level difficulty. | 4612D82D437969635A7ABFD9BD55786C | 466CFE445156CB085440D9E7AB0C78C143703FBA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| InfoSec Prep: OSCP | 11 Jul 2020 | FalconSpy | InfoSec Prep | 2.8 GB | https://download.vulnhub.com/infosecprep/oscp.zip | This box should be easy. This machine was created for the InfoSec Prep Discord Server (https://discord.gg/RRgKaep) as a give way for a 30d voucher to the OSCP Lab, Lab materials, and an exam attempt. | The box was created with VMWare Workstation, but it should work with VMWare Player and Virtualbox. Upon booting up it should display an IP address. This is the target address based on whatever settings you have. You should verify the address just incase. Find the flag.txt in /root/ and submit it to the TryHarder bot on Discord to enter the give away. The command is only available for so long. So if you are just joining the server or doing the box for fun, the command won’t be there any longer at a later time. Please do not publish any write ups for this box until August 7, 2020 as this is probably when the give away will end. After that, fair game! A big thanks to Offensive Security for providing the OSCP voucher. Box created by FalconSpy with the support of the staff at InfoSec Prep Discord ServerThis works better with VirtualBox rather than VMware.## Changelog2020/07/10 - v1.0.1 - Fixed IP issue2020/07/11 - v1.0.0 | B25476F6CE9CB78D573C3B05F4D7F111 | CA3FD5FEE9E9DBADE90332666EF54E359D9CBE8C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Vegeta: 1 | 28 Jun 2020 | Hawks Team | Vegeta | 660 MB | https://download.vulnhub.com/vegeta/Vegeta.ova | THIS IS A MACHINE FOR COMPLETE BEGINNER , GET THE FLAG AND SHARE IN THE TELEGRAM GROUP (GROUP LINK WILL BE IN FLAG.TXT) | This works better with VirtualBox rather than VMware. | 7BC79B1F5CC6D0C372889CAA5A49B27F | F3FC8EF7683C041B9C85F3A46AB39183F0E4CAC0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Panabee: 1 | 30 Jun 2020 | ch4rm | Panabee | 2.8 GB | https://download.vulnhub.com/panabee/Panabee.ova | This is an intermediate VM | CA136298FFAF486D6336C8B140DE462C | 699EF46C441721C6BE68F4D5BF9AC5B7DAB4B9B0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| sunset: solstice | 26 Jun 2020 | whitecr0wz | sunset | 1.7 GB | https://download.vulnhub.com/sunset/solstice.ova | Description:Here is another box in which i have been working for a while now. Hope you enjoy it. | Difficulty:Intermediate It is recommended to run this machine in VirtualBox.This works better with VirtualBox rather than VMware. | 652C15284F9AD3077C1D06752C42662B | 2392306AD17878504F9D35F8A0AF9396A52AF400 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Presidential: 1 | 28 Jun 2020 | Thomas Williams | Presidential | 885 MB | https://download.vulnhub.com/presidential/Presidential.ova | The Presidential Elections within the USA are just around the corner (November 2020). One of the political parties is concerned that the other political party is going to perform electoral fraud by hacking into the registration system, and falsifying the votes. | The state of Ontario has therefore asked you (an independent penetration tester) to test the security of their server in order to alleviate any electoral fraud concerns. Your goal is to see if you can gain root access to the server – the state is still developing their registration website but has asked you to test their server security before the website and registration system are launched. This CTF was created and has been tested with VirtualBox. It should also be compatible with VMWare and is DHCP enabled. Rating: Medium/Hard - Enumeration is your friend | DB2370F1699B5D4A77ED46FE11AF8A42 | 2F86EA3BFEE20AF80E60FFC0DF0D23FA18FAB4F4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BlackRose: 1 | 12 Jul 2020 | BadLamer | BlackRose | 2.5 GB | https://download.vulnhub.com/blackrose/BlackRose.ova | This is my first box. i don’t know level of the box. this will be your choice(easy or hard) | Static IP of: 192.168.1.21 | 47E75559866D50419738151C9BB097DC | 388AB06E26644EF58A4DF6D734C08435D6BD9AFD | Virtual Machine (Virtualbox - OVA) | Linux | Disabled | 192.168.1.21 |
| Pwned: 1 | 10 Jul 2020 | Ajs Walker | Pwned | 802 MB | https://download.vulnhub.com/pwned/Pwned.ova | This works better with VirtualBox rather than VMware | 5A0AF6E9B8172312432F6345E26BE456 | C7AF1E3F7F6004408197EFC3295D6D24C568B4E1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| GreenOptic: 1 | 13 Jul 2020 | Thomas Williams | GreenOptic | 1.2 GB | https://download.vulnhub.com/greenoptic/GreenOptic.ova | GreenOptic is my fourth Capture the Flag box. It is rated as ‘Very Hard’. As with all of my CTFs, please run this in ‘Host Only’ mode – it does not need an internet connection. | Don’t let the difficulty put you off though – the CTF is designed to be realistic, so you won’t come across anything you wouldn’t experience in a real environment. You will need to enumerate this box very well, and likely chain together different bits of information and vulnerabilities in order to gain access. British Internet Service Provider GreenOptic has been subject to a large scale Cyber Attack. Over 5 million of their customer records have been stolen, along with credit card information and bank details. GreenOptic have created an incident response team to analyse the attack and close any security holes. Can you break into their server before they fix their security holes? | 9EEE5E9378CA90C94C1D8E1844C105A2 | 609D73BF9086D10DC28B410CEDCE16B49A3149B9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| sunset: decoy | 7 Jul 2020 | whitecr0wz | sunset | 921 MB | https://download.vulnhub.com/sunset/decoy.ova | Easy/Intermediate (May variate depending on your background) | It is recommended to run this machine in Virtualbox.This works better with VirtualBox rather than VMware | BDA023E525F295FBB2A5E538488D0D26 | C2222AE9F391A52E2841094AA787378E1E1E929D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Investigator: 1 | 4 Jul 2020 | Sivanesh Kumar | Investigator | 908 MB | https://download.vulnhub.com/investigator/Investigator.ova | Be the investigator to finish this machine,Its for only beginners, Share your Screen shot on telegram group, Group link will be in flag. | 6776444EDF3DF2DFE217B78C06D4D904 | 2A4542D70B1B30CC738ACFBBA5D56E47D9822D3E | Virtual Machine (Virtualbox - OVA) | Android | Enabled | Automatically assign | |
| GainPower: 1 | 21 Jun 2020 | Vanshal Gaur | GainPower | 759 MB | https://download.vulnhub.com/gainpower/GainPower-01.ova | Welcome to “GainPower: 01” | This is a Boot2Root challenge. This VM is created and tested with VirtualBox Need hints? Twitter @VanshalG Your feedback is really valuable to me! Twitter @VanshalG Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | 5797A21465AE9564B59EDDEBF746D243 | 6710AB4DADA45C29D5B84ACC45F8E2ED220887B6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HA: Pandavas | 31 May 2020 | Hacking Articles | HA | 1.2 GB | https://download.vulnhub.com/ha/pandavas.zip | Pandavas are the warriors of the most epic tale of Mahabharat. And through this CTF we will go on the ordeal of betrayal and honour with them, to claim their rightful throne of Hastinapur. In this CTF there are five flags named after each Pandava: | IF SOMETHING LOOKS SIMPLE, IT MIGHNT NOT BE THAT SIMPLE! | 1244DB2A953F976B9DDFA81256B09838 | 3A7CB2BB7032A01295B49EA85C2DC0BFB396C71C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Glasgow Smile: 1.1 | 16 Jun 2020 | mindsflee | Glasgow Smile | 741 MB | https://download.vulnhub.com/glasgowsmile/GlasgowSmile-v1.1.zip | Title: Glasgow Smile | If you are a newbie in Penetration Testing and afraid of OSCP preparation, do not worry. Glasgow Smile is supposed to be a kind of gym for OSCP machines. The machine is designed to be as real-life as possible. Anyway, You will find also a bunch of ctf style challanges, it’s important to have some encryption knowledge. You need to have enough information about Linux enumeration and encryption for privileges escalation. Just download, extract and load the .vmx file in VMware Workstation (tested on VMware Workstation 15.x.x) The adapter is currently NAT, networking is configured for DHCP and IP will get assigned automatically You can contact me on Hack the box (https://www.hackthebox.eu/profile/232477) or by email ( ) for hints!## Changelog2020-06-16 - v1.12020-06-15 - v1.0 | CBD6D517A7D3C4641F74696CACFEB140 | ACF4AAE0F8D12DD07FE79C29E6F583E1583BE9DB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| GitRoot: 1 | 3 Jun 2020 | RecursiveNULL | GitRoot | 1.8 GB | https://download.vulnhub.com/gitroot/GitRoot.ova | The theme of this box is git. | The design of this box is HTB-like. I will NOT be giving hints. Like a wise man once said “Try Harder” Goals: Difficulty: Intermediate This box only works on VirtualBox DHCP is enabled All of the users on this box are named after my teachers and mentors, thank you Pablo, Beth, and Jen. Have Fun!This works better with VirtualBox rather than VMware. | 0D7910629AB3B59FBD5C267D7152FD0A | 289887093E2663E300D843303EDB7C0D0E2DADD9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Ganana: 1 | 25 Jun 2020 | Jeevana Chandra | Ganana | 988 MB | https://download.vulnhub.com/ganana/GANANA.ova | This is a fairly simple machine rated easy to intermediate. There is only one flag to capture root.txt. | 16E0BBE2C9C98F5D9C7F0F3833987B97 | 4FE0C565AB2292319A63C6ED652153254CE30DD6 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| My CMSMS: 1 | 25 Jun 2020 | Pankaj Verma | My CMSMS | 843 MB | https://download.vulnhub.com/mycmsms/My-Cmsms.ova | Welcome to “My Cmsms” | This VM has been designed by Pankaj Verma. Like its name, this box contains some interesting things about CMS. It has been designed in way to enhance user’s skills while playing with some preveleges. Its a quite forward box but stay aware of rabbit holes. Goal: Get the root flag of the target. Difficulty: Easy to Intermediate Need hints? Twitter @_p4nk4j DHCP is enabled Your feedback is really valuable for me! Twitter @_p4nk4j Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | 1C58BE4FBE50BB3722245356D85AA009 | D6E45D9C6314FC0F89B655D198298BFEBC08D8A5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| infovore: 1 | 24 Jun 2020 | @theart42 & @4nqr34z | infovore | 625 MB | https://download.vulnhub.com/infovore/infovore_vulnhub.ova | This is an easy to intermediate box that shows you how you can exploit innocent looking php functions and lazy sys admins. | There are 4 flags in total to be found, and you will have to think outside the box and try alternative ways to achieve your goal of capturing all flags. VM has been tested on VirtualBox 6.1.10 and VMWare (Fusion) Enjoy! @theart42 and @4nqr34z | E42F3F6B52F19E16DB3E2E933029ACFF | DF015A64572083ECDA242FABEF6A42A651F6FD2D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| HA: Natraj | 4 Jun 2020 | Hacking Articles | HA | 962 MB | https://download.vulnhub.com/ha/Natraj.zip | Nataraj is a dancing avatar of Hindu God Shiva. His dance is called Tandava and it is only performed when he is most angry. Whoever interrupts his dance dies by Shiva while dancing. This is a Boot2Root challenge. Based on Nataraja. You only have to root the machine and find the root flag! All the best! | A39E8CDB0D0CD5AF52185B4827FF20AA | 23AB09651E4AA667ADBA40E28FB844902AECD64E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Assertion: 1.0.1 | 28 Jun 2020 | Faisal Husaini | Assertion | 2.7GB | https://download.vulnhub.com/assertion/Assertion-1.0.1.rar | N/A | ## Changelogv1.0.1 - 2020-06-28v1.0 - 2020-06-23 | 0FB09B0201E5A798BAD07E1AE86EAA35 | F0718FD57A1FE48D592BD3375EFFFF2B2A7A74A4 | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| BBS: 1 | 22 Jun 2020 | foxlox | BBS | 1.1GB | https://download.vulnhub.com/bbs/bbs.ova.bz2 | Machine name: BBS (Bulletin Board System) | Level: High flags: user, root Description: this machine is a dip in the present and in the past, it requires a transversal competence from today to the mid 80-90s. Skills: developing, networking, GSM Messaging, Linux, X11, some MS-DOS commands Author: foxlox About VM: VirtualBox ready, the adapter is currently Bridged, DHCP active You can contact me on Hack the box (https://www.hackthebox.eu/profile/207673), by email ( ) or Discord foxlox#1089 Machine hint: FUZZ!!!This works better with VirtualBox rather than VMware | 1E7C4F11D567FEBCABC95E2F576EDD5A | C0AD5F75F2EF44F1A6D7435126403A3408004E59 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DefCon: 1 | 12 Jun 2020 | n0w4n | DefCon | 8.1GB | https://download.vulnhub.com/defcon/DefCon.ova | Welcome to the agency! Here we look only for the best of the best. | Do you think you got what it takes? Then step up and show us what you got! This is a Boot2Root challenge. The final goal is to take the flag in /root. This VM is created and tested with VMWare, but Vbox also should work just fine. | AD419DE6AC8EEF25D0AC0AB1118A9745 | A59C4F6D05C32264B7F4BE0769E4C0E27EB7C8F5 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| djinn: 3 | 19 Jun 2020 | 0xmzfr | djinn | 2.2 GB | https://download.vulnhub.com/djinn/djinn3.tar.gz | E38CA4857505EC9477A016135B81ED4C | B5C306F244AA8F567052319A222A3CF20A25561C | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| CengBox: 2 | 26 May 2020 | Arslan | CengBox | 1.1 GB | https://download.vulnhub.com/cengbox/CengBox2.ova | Name : CengBox:2 | Goal : Get the user and the root flag Diffuculty : Intermediate Description : Looks like Ceng Company has site maintenance but there might be something that still working. In this vm you may learn a few new things such as enumeration, CVE, privilege escalation and more. You will need everything that you found. Also you will have to check the differences and guess some things. Tested on Virtualbox. The machine works properly with Virtualbox compared to Vmware. For any feedback or hint feel free to contact me on Twitter @arslanblcn_This works better with VirtualBox rather than VMware. | B07B03050076BD5DACFC6F6D7AC3AF82 | 5C4359F8F364FA683BB29C0EEAFB1919FCE52944 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Seppuku: 1 | 13 May 2020 | SunCSR Team | Seppuku | 748 MB | https://download.vulnhub.com/seppuku/Seppuku.zip | 8F48883B48AD107507E5CBC454C573C4 | DD8A997DC2890484BAAFBF0178C566E771ED8498 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | ||
| Death Star: 1 | 4 May 2020 | André Henrique | Death Star | 926 MB | https://download.vulnhub.com/deathstar/DeathStar_1.7z | 76BBFADEB972C8910508AC3A47D5F757 | 3D3359528A310FB8830A673B031D17912743A205 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | ||
| Katana: 1 | 13 May 2020 | SunCSR Team | Katana | 1.1 GB | https://download.vulnhub.com/katana/katana.zip | 20866B4CD044BEB2CF7F435B514DAFEB | BE17EEE5CB32FC89883DB1269B242CE048C94138 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | ||
| Geisha: 1 | 13 May 2020 | SunCSR Team | Geisha | 1.5 GB | https://download.vulnhub.com/geisha/Geisha.zip | 241F2141AD82F1DCE2CC42707B59C86F | A920A58B8ABC2AF6E6BBF8CF69EBBFD52BA5C883 | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | ||
| CengBox: 1 | 30 Apr 2020 | Arslan | CengBox | 1.5 GB | https://download.vulnhub.com/cengbox/CengBox.ova | Name : CengBox | Goal : Get the user and the root flag Difficulty : beginner/intermediate Description : There is a company which seems unreliable. You must think like a hacker and hack it easily. I think you do not need a hint but here is the nudges for you. For user you should understand how it is work and manipulate it. You might need everything that you’ll find. For root, wait a minute. Your feedback is really important to me and feel free to more hint on Twitter : @arslanblcn_ | C5879CCBFB18C9139C0BCED61136FE2E | 84F30294392CACACB12D79A495ECB6944D550AFD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Zion: 1.2 | 6 Jun 2020 | André Henrique | Zion | 3.7 GB | https://download.vulnhub.com/zion/Zion_1.2.7z | ## Changelogv1.2 - 2020-06-06 - Removed compatibility with Virtualbox + Updated VMware compatibility from version 14.xv1.1 - 2020-05-09 - Issue with VirtualBoxv1.0 - 2020-05-04 | BFE57CB9AE4C1BC1F0DA4F0A363395D7 | 3FFA06F6F0E0AC4A62568A7B5FA4FEB62943C809 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Credit Card Scammers: 1 | 11 May 2020 | Thomas Williams | Credit Card Scammers | 1.4 GB | https://download.vulnhub.com/creditcardscammers/Credit-Card-Scammers.ova | This is my first Capture the Flag exercise and covers a number of different techniques. | The back story: Scammers are taking advantage of people and various fake shopping websites have been setup, but people are finding their orders never arrive. We have identified one scam website which we believe is harvesting credit card details from victims. Your objective is to take down the scam website by gaining root access, and identify the 3 flags on their server. Our intelligence suggests the scammers are actively reviewing all orders to quickly make use of the credit card information. Difficulty is Medium | E0AF2231B6CC0BBA6B78340B79A74885 | 66400ECB78117019144CFD26B63E6D5CAFD05EB7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Sumo: 1 | 13 May 2020 | SunCSR Team | Sumo | 576 MB | https://download.vulnhub.com/sumo/Sumo.zip | 6F76F20B82A7DC3B5193214668936674 | 6678EB93B8E6EBB8DE2378568530C7D3DFCE93EB | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | ||
| PowerGrid: 1.0.1 | 28 May 2020 | Thomas Williams | PowerGrid | 2.2 GB | https://download.vulnhub.com/powergrid/PowerGrid-1.0.1.ova | Cyber criminals have taken over the energy grid across Europe. As a member of the security service, you’re tasked with breaking into their server, gaining root access, and preventing them from launching their malware before it’s too late. | We know from previous intelligence that this group sometimes use weak passwords. We recommend you look at this attack vector first – make sure you configure your tools properly. We do not have time to waste. Unfortunately, the criminals have started a 3 hour clock. Can you get to their server in time before their malware is deployed and they destroy the evidence on their server? This exercise is designed to be completed in one sitting. Shutting down the virtual machine will not pause the timer. . If you are to succeed, I strongly recommend reading these points: SHA-256: 8bc79937082748c21de14c5da3772f7fc750d52b68cf27816922186f6e68d6b7 This is rated as ‘Hard’ (as per the matrix here: https://security.caerdydd.wales/ctf-difficulty-levels/)## Changelogv1.0.1 - 2020-05-28v1 - 2020-05-20 | C8F5C941D598D470313F3F8A3570D70B | 0FAF7F13D1D53CD5696B542DCB5A27B55473B9B8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| My Communication Server: 1 | 30 Apr 2020 | Akanksha Sachin Verma | My Communication Server | 1.1GB | https://download.vulnhub.com/mycommunicationserver/My_Communication_Server-1.ova | Welcome to “My Communication Server” | This VM is quite Difficult but you will enjoy while playing with its services and the privileges. Things to be remembered that there’s no need to brute-forcing any services and also remember not to exploit the kernel of the target if you want to learn something new. Note - Set mac address of your network interface 080027E148F2 Goal: Get the root flag of the target. Difficulty: Hard/Challenging Level Note: Set MAC Address of your network interface 080027E148F2 Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!!Make sure to edit the MAC address BEFORE starting up the VMVMware, you will need to put colon ~ 08:00:27:E1:48:F2 | F9C59D92E640114FCE797365BEC81CA2 | E66E4D8DDADFEE1C64581DEA1613C5AE9FA8B2B4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Tre: 1 | 13 May 2020 | SunCSR Team | Tre | 666MB | https://download.vulnhub.com/tre/Tre.zip | CD62BDFAE627D6E8C2BAB77C286497C1 | CD6017A24591C18988BF3192179DC87BD8D2E99C | Virtual Machine (Virtualbox - VDI) | Linux | Enabled | Automatically assign | ||
| My Web Server: 1 | 13 Apr 2020 | Akanksha Sachin Verma | My Web Server | 1.6 GB | https://download.vulnhub.com/mywebserver/My_Web_Server.ova | Welcome to “My Web Server” | This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerablities of target. Goal: Get the root flag of the target. Difficulty: Medium/Intermediate Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!!This works better with VirtualBox rather than VMware. | 4AA4BDAFF2FC06099806D02A77F30BC9 | 8DF694CD0551DD0EB124DB768B8E115E3CEF9178 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DMV: 2 | 29 Apr 2020 | Jonathan | DMV | 1.8 GB | https://download.vulnhub.com/dmv/DMV2.ova | Your feedback is appreciated - Twitter: @over_jt | This works better with VirtualBox rather than VMware | A80211202D27F69D06EE1BA4E0494A5D | D8503735D8D1111278F1DC4520B4064D786923BA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| CK: 03 | 13 Apr 2020 | Vishal Biswas | CK | 747 MB | https://download.vulnhub.com/ck/MyFileServer_3.zip | This box is upgraded edition of previous (MyFileServer 2) box. | Multiple way to get user and root flags are added. Ping me on twitter @CyberKnight00 if you face any difficulty. Don’t stop after finding 1 way there are more ways.This works better with VirtualBox rather than VMware. | F069995C767FC230E7E4517D8630A303 | 1E9596CEF962F9B3FB1EC15D76DF6A9A69F39962 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Minouche: 1 | 16 Apr 2020 | Frans Gostman | Minouche | 1.1 GB | https://download.vulnhub.com/minouche/Minouche.ova | N/A | This works better with VirtualBox rather than VMware. | 24F5FC4C9A57610D999A7D1021AF6E8E | 157A03BD870971B810EE65ED5D39C4FFF13E45EA | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Broken-2020: 1 | 22 Apr 2020 | EuSecuinfo | Broken-2020 | 556 MB | https://download.vulnhub.com/broken-2020/broken-2020.ova | Level : beginner for user flag and intermediate for root flag. | No exploit, custom exploitation is need. Work on virtualbox.This works better with VirtualBox rather than VMware. | A1353E30B2C62DA9C92720D7D9F5F46B | 42A2B9BA827C3F4649B68B8637952FDD451364F8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| mhz_cxf: c1f | 24 Apr 2020 | mhz_cyber & Zamba | mhz_cxf | 1.2 GB | https://download.vulnhub.com/mhzcxf/mhz_c1f.ova.zip | A piece of cake machine | You will learn a little about enumeration/local enumeration , steganography. This machine tested on Virtualbox , so i’m not sure about it with Vmware If you need any help you can find me on twitter @mhz_cyber , and i will be happy to read your write-ups guy send it on twitter too cya with another machine #mhz_cyberThis works better with VirtualBox rather than VMware | 767F3C7A4FAC59DE59F610506F87F1B2 | 908B2FDEF77B7426D43BC8B96D4975DCF184298D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Victim: 1 | 24 Apr 2020 | iamv1nc3nt | Victim | 2.2 GB | https://download.vulnhub.com/victim/Victim01_042220.ova | An easy to intermediate boot2root. | Enumeration is key and bruteforcing SSH will get you banned. Created in Virtualbox. Goal: Get the root flag. Your feedback is appreciated – Twitter: @iamv1nc3ntThis works better with VirtualBox rather than VMware. | 2CF3CC943C6153B2CD8DD7AABFDCC34A | DF200058EB443CD9435F4CBCF8238F91C43E1E43 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Typo: 1 | 25 Apr 2020 | Akanksha Sachin Verma | Typo | 808 MB | https://download.vulnhub.com/typo/Typo.ova | Welcome to “Typo” | This VM is an intermediate level and you will enjoy while playing with its services and the privileges. There are things which you will learn with this box. Goal: Get the root flag of the target. Difficulty: Medium/Intermediate Level Note: Set Domain Name - typo.local Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!!This works better with VirtualBox rather than VMware | 6C662B82D444E154A377A0679DB418A9 | 4D28A0066D1E8F8F6590432C17F45B326208CFBC | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| 42Challenge: 1 | 14 Apr 2020 | x4v1l0k | 42Challenge | 5.0 GB | https://download.vulnhub.com/42challenge/42Challenge.zip | This box has been designed for the “42” Programming School. | It is designed to be able to practice different techniques within it in different privilege scale methods. If you need hints, write me on twitter @x4v1l0k. I would like to know your feedback on twitter @x4v1l0k.This works better with VirtualBox rather than VMware. | A738B6870EEB061B2754D97DE26F0890 | 6EA22D9A4D4081651EFC93B87B107C27886FD329 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Stripes: 1 | 21 Apr 2020 | K. Jagdmann | Stripes | 1.2 GB | https://download.vulnhub.com/stripes/Stripes.7z | An easy to intermediate, TIGER KING themed boot2root. | Why is this “Tiger King” themed!? Well I decided to put my first CTF together, and needed some ideas for the blog. Lo and behold, Joe Exotic appeared on TV and thus, this CTF was made. Can you help Joe escape from prison? There are no off the shelf exploits here, and bruteforcing will get you nowhere. You will need to perform manual investigation and enumeration. Multiple ways to achieve root, ranging from beginner to medium difficulty.This works better with VirtualBox rather than VMware | 971726C73597B17D214FC167695236D8 | A0A55F593CE9593265F07E98DC98CE981F90A65E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| LemonSqueezy: 1 | 26 Apr 2020 | James Hay | LemonSqueezy | 1.5 GB | https://download.vulnhub.com/lemonsqueezy/LemonSqueezy.7z.torrent | This is a beginner boot2root in a similar style to ones I personally enjoy like Mr Robot, Lazysysadmin and MERCY. | This is a VMware machine. DHCP is enabled, add lemonsqueezy to your hosts. It’s easypeasy! | 6AB04A1BE32E21AEBE38A99AB9E0FF9B | 1704813AA6B172247B73781A8149373942E6FDD1 | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| CryptoBank: 1 | 18 Apr 2020 | emaragkos | CryptoBank | 2.3 GB | https://download.vulnhub.com/cryptobank/CryptoBank.ova | Welcome to CryptoBank, the best Crypto platform to store and trade your crypto assets, join now! Our platform uses advanced technology to protect your assets. Our experienced engineers have taken extra measures to keep our infrastructure secure. | Goal: Hack the CryptoBank in order to reach their cold Bitcoin wallet (root flag) Difficulty: Intermediate -It was implemented in VirtualBox but should work in VMware too -DHCP is enabled Need hints? Tweet @emaragkos Your feedback is really valuable for me! Was there something that you didn’t like about it? Maybe something you have liked more if it was different? Good luck and have fun :)This works better with VirtualBox rather than VMware. | 86CAB5DFBF13A9336A24BCF1EB1A51BB | 45EC25E11FC9A5F64BA94A7D6FD966601FCA5A04 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DMV: 1 | 12 Apr 2020 | Jonathan | DMV | 1.2 GB | https://download.vulnhub.com/dmv/DMV.ova | It is a simple machine that replicates a real scenario that I found. | The goal is to get two flags, one that is in the secret folder and the other that can only be read by the root userThis works better with VirtualBox rather than VMware. | 7E2A0236CCCADE43E69DFC5B061C7B99 | ABC6AFD2F8F1C649B4768FBB7CBC39B4C803E8CF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BoredHackerBlog: Cloud AV | 29 Mar 2020 | BoredHackerBlog | BoredHackerBlog | 1.5 GB | https://download.vulnhub.com/boredhackerblog/easy_cloudantivirus.ova | Cloud Anti-Virus Scanner! is a cloud-based antivirus scanning service. | Currently, it’s in beta mode. You’ve been asked to test the setup and find vulnerabilities and escalate privs. Difficulty: Easy Tasks involved: Virtual Machine: Networking:This works better with VirtualBox rather than VMware. | 6056C0EBA29840828F19A54CC04B1EF3 | 114A2E70F007F47AE2643334A064642A0F54D64B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| symfonos: 6.1 | 7 Apr 2020 | Zayotic | symfonos | 1.5 GB | https://download.vulnhub.com/symfonos/symfonos6v2.7z | Difficulty: intermediate-hard | This VM was designed to search for the attackers “Achilles’ heel”. Please only assign one network adapter to avoid issues. VMware works fine. Virtualbox has issues.## Changelogv6.1 - 2020-04-07v6.0 - 2020-04-05 | AEA436F84A05B6FE3B2984FAB31BE4BA | 55220722444FA2341427E1650EB0876284C6368F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BoredHackerBlog: Social Network | 29 Mar 2020 | BoredHackerBlog | BoredHackerBlog | 982 MB | https://download.vulnhub.com/boredhackerblog/medium_socnet.ova | Leave a message is a new anonymous social networking site where users can post messages for each other. They’ve assigned you to test their set up. They do utilize docker containers. You can conduct attacks against those too. Try to see if you can get root on the host though. | Difficulty: Med Tasks involved: Virtual Machine: Networking:This works better with VirtualBox rather than VMware. | 6525AC91B854ABB6120F780AAE79D4FC | A85121C476001062C520B3F154703490656532F7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| SecKC: 1.1 | 31 Mar 2020 | Eric "geoda" Guillen | SecKC | 1.3 GB | https://download.vulnhub.com/seckc/SecKC-1-1-boot2root.ova | This is the first SecKC boot2root VM! The objective is to gain access and elevate to root! | If you enjoyed this boot2root, please let us know and we will create more! Thanks! Any questions, hints and feedback can be directed to my Twitter: @EricSGuillen This VM is accessible via its static IP of 192.168.9.184 Configure your VirtualBox/VMWare Network settings to something like Host-Only Adapter with an IP of 192.168.9.1/24 , 255.255.255.0 For more details around SecKC, visit https://www.seckc.org/This works better with VirtualBox rather than VMware.## Changelogv1.1 - 2020-02-31v1.0 - 2020-02-28 | 76E03F7672F12FCBF733C6797DF15E2B | 4297C98B6B74859A64C4BD1AE444DE0F9005AED8 | Virtual Machine (Virtualbox - OVA) | Linux | Disabled | 192.168.9.184 |
| BoredHackerBlog: Social Network 2.0 | 29 Mar 2020 | BoredHackerBlog | BoredHackerBlog | 1.2 GB | https://download.vulnhub.com/boredhackerblog/hard_socnet2.ova | You’ve been assigned to test another social networking webapp. | You have been given access to a dev server. The current devs use many custom tools and scripts that you’ll have to review and attack. Difficulty: Hard Tasks involved: Virtual Machine: Networking:This works better with VirtualBox rather than VMware | 9D6BED141A97452FCB8CA2921207C24E | 940ACFB7C794E888BDA410911F98FC7A1F9AA944 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| hackNos: Player v1.1 | 10 Apr 2020 | Rahul Gehlaut | hackNos | 767 MB | https://download.vulnhub.com/hacknos/Player-v1.1.ova | Difficulty: Intermediate | Learning: Web Application | Enumerate | Good Enumeration | Privilege Escalation Overview: Tested: VirtualBox/VMWare Virtual Machine: - Format: Virtual Machine Virtualbox OVA Networking: - DHCP Service: Enabled twitter @rahul_gehlaut## Changelogv1.1 - 2020-04-10v1.0 - 2020-04-07 | 123AFC05A714ED0CCFAA85CDEEBAA1AE | 2B5368C1A83C7D89D3BA2EE193B06BFD67F63DFF | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| TBBT: 2 - FunWithFlags | 10 Apr 2020 | emaragkos | TBBT | 3.2 GB | https://download.vulnhub.com/tbbt/TBBT2.ova | TBBT2: FunWithFlags | Welcome to “Fun with Flags” 2! This boot2root machine is part of the TBBT Fun with Flags series and it is themed after the famous TV show, The Big Bang Theory and has really strong CTF elements. It’s more like solving a set of interesting CTF challenges as a puzzle than facing these in a real life scenario. Goal: Hack Sheldon and get user and root flags Difficulty: Intermediate but if you have never watched the series I would rate it as hard, still solvable though Need hints? Tweet @emaragkos Your feedback is really valuable for me! Was there something that you didn’t like about it? Maybe something you have liked more if it was different? Good luck and have fun :)This works better with VirtualBox rather than VMware | 13DDD563109AC208E8280558303104E7 | 7A68E50B4465AC5CA9A1B9EC2294A021C3DE1763 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Wordpress Host Server: 1 | 28 Mar 2020 | Akanksha Sachin Verma | Wordpress Host Server | 1.8GB | https://download.vulnhub.com/wordpresshostserver/Wordpress_host_server_1.ova | Welcome to “Wordpress Host Server” | This VM consists of a “Wordpress Website” which is specially made for learning and sharpening Wordpress Enumeration and Exploitation skills. The Website contains 40+ vulnerabilities which can compromise the security of the website. Goal: Try to find out as much as vulnerabilities you can exploit. This time our goal is not to get the root but to practice more. Difficulty: Intermediate Level Need hints? Twitter @akankshavermasv DHCP is enabled Note : If you are unable to browse the web page properly then add the hostname of web in /etc/hosts file. Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | EA2ACD9F5E4314636EB3060FDD86746A | 507B43C9E423D4F6A8E6331567E0CF4E701A93A9 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| My Tomcat Host: 1 | 2 Apr 2020 | Akanksha Sachin Verma | My Tomcat Host | 866 MB | https://download.vulnhub.com/mytomcathost/My_Tomcat_Host.ova | Welcome to “My Tomcat Host” | This boot to root VM is designed for testing your basic enumeration skills and concepts. Goal: Get the root flag of the target. Difficulty: Easy/Beginner Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | 392A74DA5A929D10188566DE89FCD8B0 | CEB2CE43C7665FC49D9C1A648C922F7DD0940B88 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| BoredHackerBlog: Moriarty Corp | 29 Mar 2020 | BoredHackerBlog | BoredHackerBlog | 3.0 GB | https://download.vulnhub.com/boredhackerblog/MoriartyCorp.ova | Hello Agent. | You’re here on a special mission. A mission to take down one of the biggest weapons suppliers which is Moriarty Corp. Enter flag{start} into the webapp to get started! Notes: (the story is bad. sorry for the lack of creativity) Difficulty: Med-Hard Tasks involved: Virtual Machine: - Format: Virtual Machine (Virtualbox OVA) - Operating System: Linux Networking: - DHCP Service: Enabled - IP Address Automatically assignThis works better with VirtualBox rather than VMware. | 0DD96FA7FC63B0A32802642F84907F00 | E9874E51A2645C1B61A3AFC771AA5ABDC94BF264 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| It’s October: 1 | 8 Apr 2020 | Akanksha Sachin Verma | It’s October | 558 MB | https://download.vulnhub.com/itsoctober/Its_October.ova | Welcome to “It’s October” | This boot to root VM is designed for testing your pentesting skills and concepts. It consists of some well known things but it encourages you to use the functionalities rather than vulnerabilities of target. Goal: Get the root flag of the target. Difficulty: Easy/Medium Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | 61EB24C5A6CC802DE1D5E995ECCB7E26 | DA5B759D8C96363EA9CDF93A3CA0CE1DEACF5C50 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| My File Server: 2 | 21 Mar 2020 | Akanksha Sachin Verma | My File Server | 745 MB | https://download.vulnhub.com/myfileserver/My_file_server_2.ova | Welcome to “My File Server : 2” | This boot2root machine is the Second Challenge of “My File Server” series. This is a realistic File Server with some intresting loop holes. As its name, you will get many File Sharing Services and their privileges to play. Goal: Get the Root access of the Vulnerable Server. Difficulty: Easy / Beginner Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | 0ADB8170C00DA1E2A06A0F8DD7AE9301 | 7A5F373CB1FCE0ABBC952AFEBE2570A1C77E0992 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| recon: 1 | 14 Mar 2020 | Sagar Shakya | recon | 957 MB | https://download.vulnhub.com/recon/recon.ova | This is my first CTF. This CTF for beginners level based WordPress. | This works better with VirtualBox rather than VMware | 6BA70CBBE8A2A5DD5F98214609C2267A | 9609B460522099FE477C3C848BB45F763CA97728 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| InfoSecWarrior CTF 2020: 01 | 24 Mar 2020 | Vishal Biswas | InfoSecWarrior CTF 2020 | 333 MB | https://download.vulnhub.com/infosecwarrior/Infosec_Warrior1.ova | This VM is given as challenge 1 in InfoSecWarrior CTF 2020. Official website : https://www.infosecwarrior.com/ | Box Designed by: MAALP & CyberKnight00 Difficulty: Easy Feel free to contact MAALP for any Hints Twitter handle of MAALP is @AFREET1225 | D72C7F91804BD80CA65A7B4CB2BF66C3 | 5E04709017912243518307A70D548CE8F10D78FD | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Escalate My Privileges: 1 | 25 Mar 2020 | Akanksha Sachin Verma | Escalate My Privileges | 1.9 GB | https://download.vulnhub.com/escalatemyprivilege/Escalate_my_privilege.ova | Welcome to “Escalate My Privilege” | This VM is made for playing with privileges. As its name, this box is specially made for learning and sharpening Linux Privilege Escalation skills. There are number of ways to playing with the privileges. Goal: First get the User of the Target then Start Playing with Privileges. Difficulty: Easy / Beginner Level Need hints? Twitter @akankshavermasv DHCP is enabled Your feedback is really valuable for me! Twitter @akankshavermasv Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good Luck…!!! | CD6706E44B61C9EA6FAF5369EF1E907F | A71922347B89DB49CAF87F9794406C7E5FEC0B60 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| DevRandom CTF: 1.1 | 27 Mar 2020 | Hunri Beats | DevRandom CTF | 1.1 GB | https://download.vulnhub.com/devrandomctf/devrandomCTF-v1.1.ova | Debian 10 64 bit machine . This is a simple box. No advanced stuff , just some fun… can you find the trail to root? | This works better with VirtualBox rather than VMware.## Changelogv1.1 - 2020-03-27v1.0 - 2020-03-25 | EC4F34B8AF239AD0C6A087F279FD255E | 783BBF07707A1EF5E6A9B007EB2B81C1B4C746FB | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| VulnUni: 1.0.1 | 20 Mar 2020 | emaragkos | VulnUni | 1.4 GB | https://download.vulnhub.com/vulnuni/vulnuni1.0.1.ova | Welcome to “Vuln Uni”! | This boot2root machine is realistic without any CTF elements and pretty straight forward. Goal: Hack your University and get root access to the server. To successfully complete the challenge you need to get user and root flags. Difficulty: Easy / Beginner Level https://emaragkos.gr/vulnhub-writeups/vulnhub-boot2root-machine-vulnuni/ Need hints? Twitter @emaragkos DHCP is enabled Your feedback is really valuable for me! Was there something that you didn’t like about this VM? Please let me know so that I can make more interesting challenges in the future. Good luck and have fun 😃## Changelogv1.0.1 - 2020-03-20v1.0 - 2020/03-19 | 07FC142E745CF08F9D9AE842A6D49C5D | FF3E25A9AB1CCEF5D2CAE1984BF2CD47F1ECC25F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| InfoSecWarrior CTF 2020: 02 | 24 Mar 2020 | Vishal Biswas | InfoSecWarrior CTF 2020 | 3.7 GB | https://download.vulnhub.com/infosecwarrior/Challenge-2.zip | This VM is given as challenge 2 in InfoSecWarrior CTF 2020. | Official website : https://www.infosecwarrior.com/ Enumerate Enumerate and Enumerate is the motto to solve this box. Multiple way to get user flag and Multiple ways to get root flag. Ping me on Twitter @CyberKnight00 if you face any error. | 114258C7961787CC4A7FAA597F94C0F8 | 366FB9EA88E06F5AE01B1DEEEA425C0C3471D38A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| CK: 00 | 23 Mar 2020 | Vishal Biswas | CK | 1.3 GB | https://download.vulnhub.com/ck/CK-00.zip | Vulnerable VM to learn Basics of privilege escalation. | Difficulty : Easy Goal : Your goal will be to get highest privileged user and collect the flag Virtual box is recommended for configuring CK~00 box Feel free to contact me at @CyberKnight00.This works better with VirtualBox rather than VMware | B7C46A1A2AB7FBBD3BA6DCFEA6CEFF2E | D986E26975BF7678E436B9F4D47C61026FDC3D2F | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| maskcrafter: 1.1 | 30 Mar 2020 | evdaez | maskcrafter | 1.7 GB | https://download.vulnhub.com/maskcrafter/maskcrafter-1.1.ova | Runs on vmware workstation as virtualbox dhcp doesn’t work, sorry virtualbox guys 😦 | Target audience: Beginners Tweet your walkthrough @evdaez## Changelogv1.1 - 2020-03-30v1.0 - 2020-03-24 | 560EC420E1A2706035D84B91CA552BFB | E349D646391835AB731B8706BB7E8A2513F9030D | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| InfoSecWarrior CTF 2020: 03 | 25 Mar 2020 | Vishal Biswas | InfoSecWarrior CTF 2020 | 1.4 GB | https://download.vulnhub.com/infosecwarrior/InfosecWarrior03%28CK05%29.zip | This VM is given as challenge 3 in InfoSecWarrior CTF 2020. | Official website : https://www.infosecwarrior.com/ This box is dedicated to my mentors (you will find there names in the box itself) If you face any error or needed help ping me on Twitter CyberKnight00 Or ping them after finding their names. During the CTF event, this box contains a Loot box (zip file) consist of download link of the next Challenge and super_flag.txt. Goal : You have to gain highest privileges and collect only 2 flags (user flag and root flag). loot box is not available in this VM. The WordPress developer configured the machine to work internally. But due to some miss-configuration wordpress is exposed to outside world. Use your skills and get the root flag.This works better with VirtualBox rather than VMware.WordPress is MEANT to be on 127.0.0.1. Can you find away to view it? | 3EE2CCFBEB5E3B6B6E593363A2DA4B05 | 5623686B8E28C7CC659A8C1F74EF8718E6490B4B | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| haclabs: deception1.1 | 19 Mar 2020 | HacLabs | haclabs | 726 MB | https://download.vulnhub.com/haclabs/haclabs_deception1.1.zip | This machine is the next part of Deception machine. This time try harder to get root! | To complete this challenge you need to find 3 flags. flag 2 : Password to unzip the zip file. flag 1 : Present in /home/yash/ flag 0 : Present in /root/ This is a beginner/intermediate level machine. Technical Information : NOTE : you may face connection lost issue , no problem restart the virtual machine and everything will start to work again! I found “646563657074696f6e312e31” this while creating the machine . Contact If you have solved this machine in an unintended way then please let us know, you may get a chance to publish your writeup on our website.This works better with VirtualBox than VMware.Note: This is MEANT to be password protected | E4150B4E1AD2B887033D15CA484C0CF2 | 042326D7B62A6FC1484F610BC8521C8492E5C2C1 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| VulnPire : 1 | 25 Mar 2020 | LinaMika | VulnPire | 2.3 GB | https://download.vulnhub.com/vulnpire/Vulnpire1.0.zip | Vulnpire 1.0 is a tribute to all the Vampire myths & movies of the 20th and 21st Century. | Vulnpire 1.0 has 3 flags that are hidden within: Created by LinaMika during the Covid-19 Lockdown of Year 2020. (Dracula, Bram Stoker)## ChangelogBeta - 2020-03-20v1.0 - 2020-03-25 | B8564C8E051A0646DE566D724119835A | 960BB11CD3EF8F81BE84887D0F757C9DF5A900F6 | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| sunset: dawn3 | 8 Mar 2020 | whitecr0wz | sunset | 1.5 GB | https://download.vulnhub.com/sunset/dawn3.ova | It is recommended to run this machine in VirtualBox. | 40250C5B0EF39CC88DB5BC63BEBE8503 | 8E867F4BCE069FA1FE294ED6B253529DB8FC78C7 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Sar: 1 | 15 Feb 2020 | Love | Sar | 2.7 GB | https://download.vulnhub.com/sar/sar.zip | Sar is an OSCP-Like VM with the intent of gaining experience in the world of penetration testing. | B872E6DE73622EA39C762D6C3E298E73 | 6BEE6AB15F9DE0099DB82D815F5D1D2099054B3A | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| Swimmer: 1.1 | 16 Feb 2020 | CaptBoykin & Multie | Swimmer | 1.5 GB | https://download.vulnhub.com/swimmer/swimmer-v1.1.zip | This is the first in our collaborative series. This machine has 3 flags and requires a combination of traffic analysis, linux priv esc, and some outside the box CTF thinking. | Technical Info:Static IP of: 192.168.1.251## Changelogv1.1 - 2020-03-04v1.0 - 2020-02-16 | BC91A5E41369AC3396E10A817B606DA2 | B753BBCB42006938082D8FCAF75A00E3EB8230B4 | Virtual Machine (Virtualbox - OVA) | Linux | Disabled | 192.168.1.251 |
| haclabs: Deception | 15 Feb 2020 | HacLabs | haclabs | 2.5 GB | https://download.vulnhub.com/haclabs/Deception.ova | This machine is designed by keeping in mind about all the beginners who wants to start their journey in CTF challenges. | This machine doesn’t require any prior knowledge about different web vulnerabilities. Privilege escalation is the Key! This machine has 3 flags. Each flag is present in home directory. You must know some basic linux commands to pawn this machine. Unzip it and then import it into virtualBox If you have solved this machine in an unintended way then please let us know,you may get a chance to publish your writeup on our website. website link : https://www.haclabs.orgThis works better with VirtualBox rather than VMware | 7D32F371FB29CB110D791D507171B560 | 5B2B825BAB6D6785D717900E8176401715FAB281 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Tempus Fugit: 4 | 13 Feb 2020 | 4nqr34z & theart42 | Tempus Fugit | 1009 MB | https://download.vulnhub.com/tempusfugit/Tempus-Fugit-4.ova | Tempus Fugit is a Latin phrase that roughly translated as “time flies”. | This is an hard, real life box, created by @4nqr34z and @theart42. As in the former Tempus Fugits, #4 the idea is still to create something “out of the ordinary”. Need any hints? Feel free to contact us on Twitter: @4nqr34z or @theart42 DHCP-Client. Tested and works both on Virtualbox and vmware After being hacked multiple times, the company decides to do things differently this time. They left Linux and choose another operating system that claimed to be more secure. Realising they could have resources inside the company that are willing to help the relative small IT department (originally only web-designers) and the fact (according to Hugh Janus) there are safety in numbers, they start a internal crowdsourcing project. Allowing internal employees to request access to the new server. | 1D7BB1DB56D106E685FF482D7F4421F2 | BFF7F18F327A15C0E82A91287818AB071C3990D7 | Virtual Machine (Virtualbox - OVA) | BSD | Enabled | Automatically assign |
| oreo: 1 | 7 Mar 2020 | Alexander | oreo | 999 MB | https://download.vulnhub.com/oreo/oreo.tar.gz | : Oreo | : Android-x86 8.1 64-bit : basic enumeration, reverse engineering : medium : KVM, VMware : | 2E2411566E85342F2AD0E176D95E85C3 | ABC6964B2DD44BE904E12B0B79DA19D5CCD905FF | Virtual Machine (Virtualbox - OVA) | Android | Enabled | Automatically assign |
| sunset: dawn2 | 15 Feb 2020 | whitecr0wz | sunset | 1.1 GB | https://download.vulnhub.com/sunset/dawn2.7z | Description: Here is another box, enjoy it! | Difficulty: Intermediate Contact: @whitecr0wzThis works better with VirtualBox rather than VMware. | 07DAAD894B3211E8B7CDF354645049F0 | 37136BB820CA600B2C1B3531F71D84FCD66ABAD2 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| MuzzyBox: 1 | 28 Feb 2020 | Muzzy | MuzzyBox | 1.4 GB | https://download.vulnhub.com/muzzybox/muzzybox.zip | I have created this amazing CTF for pentester. However, This is not like other CTF which has been using common exploits and tools. Instead, you will learn about Real-world website testing methodology, advance injections and more. | This works better with VirtualBox rather than VMware. | 51A7A275EABD1E9FC8ADC974D96395E4 | 01E374193D34A2F22926887F34D8C509E31F6B4E | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| Tempus Fugit: 5.2 | 6 Apr 2020 | 4nqr34z & theart42 | Tempus Fugit | 3.7 GB | https://download.vulnhub.com/tempusfugit/Tempus-Fugit-5v2.ova | Tempus Fugit is a Latin phrase that roughly translated as “time flies”. | This is an hard, probably insane, real life box, created by @4nqr34z and @theart42. As in the former Tempus Fugits, #5 the idea is still to create something “out of the ordinary”. Need any hints? Feel free to contact us on Twitter: @tfhints DHCP-Client. Tested and works both on Virtualbox and vmware May cause loss of hair, severe self doubt and enlarged imposter syndrome Recovered from the security disaster that was Tempus Fugit 4, our friends at Mofo company returned to the warm bosom of Linux. They have developed a sensational Internet application and have protected it with all sorts of fancy tooling. Deploying new technology and cool security features, they are confident that they can now withstand the worst of the worst. But, being hacked so many times, may the real danger be lurking from within?? Hack TF5 and find out for yourself!, @theart42 and @4nqr34z ## Changelogv5.2 - 2020-04-06v5.0 - 2020-02-27 | DEBB98702C039895283E5E3F4290781E | A97D7262AA9391C7F8BB1117DBDCC3041F6BB4EC | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| haclabs: no_name | 15 Feb 2020 | HacLabs | haclabs | 2.2 GB | https://download.vulnhub.com/haclabs/HL.ova | This a beginner level machine , getting a shell is a little bit harder, just think out of the box to get the shell.privilege escalation is easy once you get the shell. | This machine has 3 flags. Each flag is present in the Home directory of particular user. Be ready to test your Linux skills. unzip it and then import it into virtualBox Beginner/intermediate If you have solved this machine in an unintended way then please let us know,you may get a chance to publish your writeup on our website. website link : https://www.haclabs.orgThis works better with VirtualBox rather than VMware | 823F56EC9CDC55AF8701D6127D8DAB29 | D4E618680FBB968113AFC400D9B349BB678640B4 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| TBBT: FunWithFlags | 5 Mar 2020 | emaragkos | TBBT | 913 MB | https://download.vulnhub.com/tbbt/TBBT-Funwithflags.ova | Welcome to “Fun with Flags”! | This boot2root machine is themed after the famous TV show, The Big Bang Theory. To successfully complete the challenge you will need to get all 7 flags, one for each main character and get root access. Difficulty: Easy / Beginner Level Need hints? Twiter @emaragkos -Runs better with VirtualBox -DHCP is disabled - Static IP 192.168.1.105 -If you have problems setting a lab with a specific subnet 192.168.1.0/24 here is my tutorial: https://emaragkos.gr/tutorials/vulnhub-vm-with-static-ip/ Good luck and have fun 😃 | B307D584CF0D105DBA5D054C92177563 | 83D4290ED628E12E0CCB299D01E1C8C095FB4A5F | Virtual Machine (Virtualbox - OVA) | Linux | Disabled | 192.168.1.105 |
| My File Server: 1 | 21 Feb 2020 | Akanksha Sachin Verma | My File Server | 745 MB | https://download.vulnhub.com/myfileserver/My_file_server_1.ova | N/A | BE7A70A11D788895341F9753C85295FD | 1AEFFD252777B29B9290FE62718F0DB34443F3B8 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign | |
| symfonos: 5.2 | 2 Mar 2020 | Zayotic | symfonos | 1.5 GB | https://download.vulnhub.com/symfonos/symfonos5v2.7z | Beginner real life based machine designed to teach people the importance of understanding from the interior. | Tested on VMware and Virtualbox## Changelogv1.2 - 2020-03-02v1.0 - 2020-01-07 | 38FDED47A0B1E1961920D780AA76EE4A | 772839883ED2C9CEEC513692646E230A03D98F7C | Virtual Machine (VMware) | Linux | Enabled | Automatically assign |
| sahu: 1.1 | 4 Mar 2020 | Vivek Gautam | sahu | 3.0 GB | https://download.vulnhub.com/sahu/sahu-v1.1.ova | Sahu is a Virtualbox VM Built on Ubuntu 64 bit , The Goal Of this Machine is to get root And Read the root.txt file with Some Good Enumeration Skills | Difficulty : Beginner Goal : Boot To Root ## Changelog:v1.1 - 2020-03-04v1.0 - 2020-02-01 | 1B434CB49C0078EC05B6070E0B7B6E2C | 6BCA09C78071493F25B1029E6A9E69F7C8531745 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| aqua: 1 | 17 Jan 2020 | yunaranyancat | aqua | 2.5 GB | https://download.vulnhub.com/aqua/Aqua.zip | Difficulty : Intermediate ~ Hard | There is one intended way to get low privilege user and two intended ways to get root shell. Getting root using the easier way : Use anything you have Getting root the harder way : Only use what’s in the /root/ Virtual Machine Networking | 2F49702719F009C6F2DF7CBFB28B4123 | 03CD0228F9A9C18152EC6A8AE967D7A076FD72A0 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
| five86: 1 | 8 Jan 2020 | DCAU | five86 | 865 MB | https://download.vulnhub.com/five86/Five86-1.zip | Five86-1 is another purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. | The ultimate goal of this challenge is to get root and to read the one and only flag. Linux skills and familiarity with the Linux command line are a must, as is some experience with basic penetration testing tools. For beginners, Google can be of great assistance, but you can always tweet me at @DCAU7 for assistance to get you going again. But take note: I won’t give you the answer, instead, I’ll give you an idea about how to move forward. Five86-1 is a VirtualBox VM built on Debian 64 bit, but there shouldn’t be any issues running it on most PCs. Five86-1 has been tested successfully on VMWare Player, but if there are any issues running this VM in VMware, have a read through of . It is currently configured for Bridged Networking, however, this can be changed to suit your requirements. Networking is configured for DHCP. Installation is simple - download it, unzip it, and then import it into VirtualBox or VMWare and away you go. While there should be no problems using this VM, by downloading it, you accept full responsibility for any unintentional damage that this VM may cause. In saying that, there shouldn’t be any problems, but I feel the need to throw this out there just in case. A big thanks goes out to the members of @m0tl3ycr3w. I’m also very interested in hearing how people go about solving these challenges, so if you’re up for writing a walkthrough, please do so and send me a link, or alternatively, follow me on Twitter, and DM me (you can unfollow after you’ve DM’d me if you’d prefer). I can be contacted via Twitter - @Five86_x | C45F1FC52753C347C1F98118C6B685FB | 988EBAA76F15C061ABEC4D6EE46B676E66CACD84 | Virtual Machine (Virtualbox - OVA) | Linux | Enabled | Automatically assign |
0-9 ↩︎
294
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
