Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. The hacker must first discover where the target is on the network. Using the Nmap option -p-, the hacker then discovers that a hidden apache web server is running on port 60001 that contains a list of usernames and passwords stored in plain text. Using the admin’s credentials, the hacker can login to the target machine via SSH.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. The hacker must first discover where the target is on the network. Using nmap, the hacker finds two open ports running SSH and HTTP. Realizing that the machine is a Raspberry Pi, the hacker can successfully guess the default credentials when using SSH.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. The hacker must first discover where the target is on the network. The attacker discovers that FTP, SSH, and Telnet are running on the target’s machine. Using FTP’s anonymous login feature, the attacker can discover a password file. The attacker then can use the credentials to login to the target machine via SSH or Telnet.
Link: View Writeup
Description: This machine provides an introduction to steganography. Steganography is the
technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection. Similar to writing a letter in invisible ink to hide a message, steganographic images have hidden text encoded into the image that is only noticeable to those who are looking for it.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. The hacker must first discover where the target is on the network. The attacker discovers that the target is sharing folders via SMB. The attacker can connect to the target machine via SMB anonymously and access the flags.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an Nmap scan to discover that a web server is running. The hacker then must use Dirb to find a hidden password directory that contains the credentials needed to access the target at the root level via SSH.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an nmap scan to discover that a backdoor is running. The hacker then must use netcat with the correct options to connect to the backdoor which provides root access to the target
machine.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an Nmap scan to discover that a web server is running. The hacker then must use Hashcat to crack the displayed hashed password. Using the displayed username and cracked password, the hacker then can login to the target’s machine using SSH.
Link: View Writeup
Description: This machine is intended for beginners who want to learn the fundamentals of password cracking using Hydra. It is intended to have a straightforward path leading the hacker to use Hydra with the "rockyou.txt" password list over SSH or FTP.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. The hacker must first discover where the target is on the network. The attacker discovers that many services are running on the target’s machine. Using the internet, the attacker can find the company’s leaked password. The attacker then can use the credentials to login to the target machine via SSH.
Link: View Writeup
Description: This machine demonstrates the EternalBlue exploit. EternalBlue is a cyberattack
exploit developed by the U.S. National Security Agency (NSA). It was leaked by the Shadow Brokers hacker group on April 14, 2017, one month after Microsoft released patches for the vulnerability.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an Nmap scan to discover that Webmin is running. The hacker then must use Metasploit with the correct module to open a backdoor which provides root access to the target machine.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an Nmap scan to discover that a web server is running. The hacker then must use Dirb to find a web shell, accessing the "passwd" and "shadow" files. The hacker then must use Unshadow to prep the input file for John The Ripper. The password can then be cracked, and the hacker can access the target machine via SSH as root.
Link: View Writeup
Description: This machine provides an introduction to basic hacking tools and techniques. After
discovering where the target is on the network, the hacker must perform an Nmap scan to discover that SSH and a web server is running. The hacker then must use the provided user credentials to find SUID permissions on bash2 via SSH. This will provide a root shell.
Link: View Writeup
Description: This machine provides more practice for using Metasploit modules, featuring a large collection of running services that are almost all vulnerable.
Software engineer and researcher with a passion for AI and Cyber Security