As droopy was not really hard and doesn't contain as much web vulnerability as I would hope for, I tried an other VM SecTalks: BNE0x03 - Simple There were also hints on the description of the machine but with my resolution they do not appear when just browsing the main page of vulnhub so I have not spoiled myself with the hints this time.
A few days ago, I installed a new pentesting box based on Arch Linux with Kali
in a virtual machine. In order to test it I select a light vulnbox on vulnhub : Droopy. There were two hints on the description of the machine on the vulnhub download page:
We will see how to use them in a moment :)
Still playing with the vulnhub machines this time it is the turn of FlickII. This one is different from the others as it has an android application associated. It would be a great exercice to play with mobile application, decompile it and see what is in the inside.
I continued to play with the vulnhub virtual machine and started the TopHatSec - Freshly.
"The goal of this challenge is to break into the machine via the web and find the secret hidden in a sensitive file. If you can find the secret, send me an email for verification. :)"
I start the LAMPSecurity CTF4 challenge of vulnhub available here. The goal is to get a root shell on the server.
First of all we need to determine the IP address of the server. Since we launch it in a bridged virtual machine the local router got the IP …