Stripe hosted another 'Capture the Flag' (CTF) event. They previously did one back in February 2012 which contained 6 flags - however they were back with the 'web edition' going from level 0 to level 8 covering a range of web attacks. This is how I did it.
Please note: The event is now over. If you wish to do this yourself, you will have to download the code and do it offline.
Kioptrix is a "boot-to-root" operating system which has purposely designed weakness(es) built into it. The user's end goal is to interact with system using the highest user privilege they can reach.
There are other vulnerabilities using different techniques to gain access into this box such as breaking through a limited shell as well as backdooring via MySQL injection.
Kioptrix which is a "boot-to-root" operating system which has purposely designed weaknesses built into it. The user's end goal is to interact with system using the highest user privilege they can reach.
There are other vulnerabilities using different techniques to gain access into this box such as breaking through a limited shell as well as local file inclusion using PHP session data.
Another Kioptrix has been released which is a "boot-to-root" operating system that has purposely designed weaknesses built into it. The user's end goal is to interact with the system using the highest user privilege they can reach.
There are other vulnerabilities using different techniques to gain access into this box such backdooring via MySQL injection as well as local file inclusion using PHP session data.
Hackademic is the second challenge in a series of "boot-to-root" operating systems which has purposely designed weakness(es) built into it. The user's end goal is to interact with system using the highest user privilege they can reach.
Hackademic is the first in a collection of "boot-to-root" operating systems which has purposely designed weakness(es) built into it. The user's end goal is to interact with it and get the highest user privilege they can.
VulnImage is an obscure (I can't even find a 'homepage' as such for it!) "boot-to-root" operating system which has purposely crafted weakness(es) inside itself. The user's end goal is to interact with it and get the highest user privilege they can.
The 'manual' tag is due to the way the login system is bypassed as well as privilege escalation (via Linux exploit development, covering fuzzing to metasploit module). Another method is located here.
VulnImage is an obscure (I can't even find a 'homepage' as such for it!) "boot-to-root" operating system which has purposely crafted weakness(es) inside itself. The user's end goal is to interact with it and get the highest user privilege they can.
The 'automated' tag is because of the combination of Burp Proxy & SQLMap to discover the SQL injection vulnerability with very limited user interaction as well as using a kernel exploit to escalate privileges to gain root access. A more advanced method can be found here.
I've been slowly collecting various other 'Vulnerable by Design' programs. Below is a summary of what's new. The updated complete list can be found here: https://blog.g0tmi1k.com/2011/03/vulnerable-by-design/.
As I use backtrack-linux for my attacker's operating system, the OS has gone though some major updates (new tools have been added, some removed and most of them been updated)!
As a result there are a few minor issues with my guides for boot 2 roots. The general process is the same, so I didn't see a "need" to re-do it all - I hope this quick note sums it all up!