F4l13n5n0w

“Pretty much thought of a pretty neat idea I hadn’t seen done before with a VM, and I wanted to turn it into reality! Your job is to escalate to root, and find the flag. Since I’ve gotten a few PM’s, remember: There is a difference between "Port Unreachable” and “Host Unreachable”. DHCP is not broken ;) Gotta give a huge shoutout to c0ne for helping to creating the binary challenge, and rasta_mouse and recrudesce for testing :) Also, gotta thank barrebas who was able to find a way to make things easier… but of course that is fixed with this update! ;)“ – zer0w1re

More information and OVA file download please check here.

“The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :) There are a couple of different ways that you can go with this one. Good luck!” – TopHatSec

“VulnHub note: You may have issues when importing to VMware. If this is the case. extract the HDD from the OVA file (using something like 7zip), and attach to a new VM. Please see the following guide: https://jkad.github.io/blog/2015/04/12/how-to-import-the-top-hat-sec-vms-into-vmware/.” – VulnHub

More information and OVA file download please check here.

“This course details the discovery and the exploitation of PHP include vulnerabilities in a limited environment. Then it introduces the basics of post exploitation: shell, reverse-shell and TCP redirection.” – PentesterLab

More information and ISO download please check here. The official course is highly recommanded to read.

Difficulty: 2 / 5

“This course details the exploitation of an issue in an Axis2 Web service and how using this issue it is possible to retrieve arbitrary files. Then using this, we will see how an attacker can retrieve Tomcat users' file to access the Tomcat Manager and gain commands execution on the server.” – PentesterLab

More information and ISO download please check here. The official course is highly recommanded to read.

Difficulty: 3 / 5

This is probably the last/final version of Kioptrix challenge VM, after played with all of those well designed vulnerable boxes, I would say they are challenging and enjoyable, not only for juniors like me :) but also the Pen tester pros will make fun from them. Cheers to loneferret and haken29a.

So back to Kioptrix 2014, more details can be found in this vulnhub website link, which including VM download links, walkthroughs, bug fixes (highly recommended to read Description when first running the VM) and blah blah blah …

“This course details all you need to know to start doing web penetration testing. PentesterLab tried to put together the basics of web testing and a summary of the most common vulnerabilities with the LiveCD to test them.” – PentesterLab

Due to this is quite a long course, I have to divide the course into several parts and this is the last one will focus on several different types of injection: Commands injection, LDAP injection and XML injection. More information and ISO download please check here. The official course is highly recommanded to read.

Difficulty: 1 / 5

“This course details all you need to know to start doing web penetration testing. PentesterLab tried to put together the basics of web testing and a summary of the most common vulnerabilities with the LiveCD to test them.” – PentesterLab

Due to this is quite a long course, I have to divide the course into several parts and this one is focus on SQL Injection attack. More information and ISO download please check here. The official course is highly recommanded to read.

Difficulty: 1 / 5