Machine can be download here.Nmap scan ports, 80,139 and 445 are open.Port 80 is a static index.html, with nothing interesting. Gobuster scan port 80, we get robots.txt and note.txt, but nothing useful too.Move to smb. Smbclient with no usernam
Machine can be download here.Nmap scan ports. 21,22,80 three ports open.Ftp login as anonymous, find a mkv file with no use.Scan port 80, find index.html and stream.php.Open index.html, looks like a youtube downloader.Check source code of index.html,
A not so easy machine made by tasiyanci, can be download here.Thanks tasiyanci for the hints.Nmap scan ports, 22 and 80.Open port 80, it's a wordpress site.Wpscan the site, found some usernames, but no vulnerable plugins.wpscan --url ht
Another interesting machine from HackMyVm, can be download here.Nmap scan ports, find 22,80,7080 and 8088.Port 80 is a service named "sar2html".Port 7080 is OpenLiteSpeed Control Panel.Port 8088 is a sample site of OpenLiteSpeed.Search the
Easy one, can be download here.Following is a very simple walkthrough.Scan ports, find 22 and 80. Open Port 80, a chat service.Username has sql injection. So burpsuite capture the post data, and use sqlmap to dump databases.(User temp is regist
Machine can be download here.Nmap scan ports, 4 ports open.Anonymous login ftp, get a file named "url".Download "url", check filetype, a ELF file.Use "strings" cmd to check useful strings, get nothing but a hint.Check th
Happy Chinese New Year for all CTFers!Machines can be download here.Nmap scan ports.Login ftp as anonymous, get a file.Check file type, it's a zip. Unzip it, get a usrname "chad", and an png file.Check the image, a beautiful building.Fo
Very interesting machine from HackMyVm, can be download here.Nmap scan ports.Check source code of index.html.Add ".bak" to the extension and scan files of port 80.Download check.bak and check source code.<?php
// Login part.
Machine can be download here.Nmap scan ports.Scan folders and files at port 80.Check robots.txt.Check php version.Google find CVE exploit.Use pwn code from https://github.com/neex/phuip-fpizdam.Get reverse shell.Check ports.Login mysql as user root&n
Machine can be download here.nmap -p- -sC -sV --open -oN ports.log 192.168.56.57gobuster dir -u http://192.168.56.57 -t 50 -x .php,.html,.txt -w /usr/share/dirbuster/word